By Ganesh Ramamoorthy, Senior Vice President, Onix.
Today’s digital healthcare professionals face unprecedented complexity. The quality and accessibility of clinical data is vital to delivering the best possible patient outcomes. Yet clinicians often struggle to quickly find and retrieve relevant information.
In fact, the sheer volume of data is staggering. A single hospital can produce 137 terabytes of data every day, or roughly 50 petabytes of data per year. This data tsunami is only getting worse, due to rapid expansion of digital health tools, electronic health records and connected devices.
As a result, healthcare administrative costs continue to skyrocket. In fact, administrative spending is estimated to be between 25 %-30% of the nearly $5 trillion spent annually for U.S. healthcare expenditures. More importantly, failure to tame the data dilemma can substantially impact both regulatory compliance as well as patient outcomes.
The healthcare industry is in dire need of transformation, but change happens slowly. How can healthcare providers navigate this massive, complex system to streamline data management in order to reduce costs, grow revenues and increase efficiencies?
Empower Intelligent Insights
To address this issue, a growing number of healthcare leaders are leveraging the latest artificial intelligence (AI) advancements to transform their legacy data systems into a modern, scalable and agile data platform. In this way, healthcare chief information officers (CIOs) are able to take full advantage of augmented intelligence to unlock predictive data analytics and clinical insights, enabling measurable improvements without adding administrative burden.
Indeed, AI-powered data modernization enables organizations to realize substantial clinical and operational benefits, while improving return on investment (ROI). With the help of enterprise-grade agentic AI and generative AI (Gen AI) technologies, healthcare organizations can achieve measurable results such as 10-25 percent reduction in the cost of care, 15%-20% drop in hospital readmissions, and substantial reduction in mortality rates.
Collaborative Compliance
It’s no secret that administrative friction in healthcare is a significant challenge, with nearly 25% of every dollar spent on paperwork. A primary driver of this cost is the prior authorization (PA) process, which typically requires a significant amount of time to conduct manual reviews, send faxes and make phone calls. This burden not only increases costs, but also delays patient care through a “missing information” loop, where simple administrative omissions trigger denials and appeals.
By leveraging the latest agentic and Gen AI, healthcare professionals can transform their workflow from “Reject and Appeal” to “Detect and Clarify” to greatly improve the speed, precision and outcomes of the PA process. The system works by ingesting unstructured clinical notes and matching them against insurance policies, enabling AI agents to perform a real-time gap analysis.
When information is missing, the AI agent flags the issue and drafts a clarification for the provider in less than a minute, ensuring valid claims are approved on the first pass. This not only streamlines billing, it also allows nurses and doctors to focus on patient outcomes rather than paperwork.
Privacy Protections
Of course, when dealing with sensitive patient data, it’s paramount that hospitals and healthcare organizations have access to reliable, secure data they can trust to ensure regulatory and HIPAA compliance. This means that a key aspect of selecting the best AI solution is to ensure it is an enterprise-grade offering that prioritizes a high level of security, data governance and compliance.
In fact, advanced AI capabilities enable additional privacy innovations as well. For example, with the help of GenAI, hospitals can generate millions of records of synthetic data, allowing them to train and test new AI models without exposing sensitive protected health information (PHI). Plus, by compressing processes that otherwise take hours or weeks into minutes, AI agents return valuable time to medical practitioners.
It’s important to note, however, that healthcare CIOs need to implement robust governance policies when taking advantage of AI technology. As the number of AI agents making autonomous decisions increases throughout the healthcare industry, responsible AI practices will become a mandatory business requirement with decisions being driven by trust and transparency.
Healthcare Transformation Success
Today’s healthcare industry is poised for progress, and responsible AI deployments will be an integral part of this transformation – from building a new level of personalized patient experiences, to realizing substantial gains in productivity for improved patient outcomes.
Armed with the right tools, intelligence and insights, healthcare leaders are empowered to realize this transformation and build a brighter future for their patients. The true differentiator for successful healthcare enterprises will not be if they use AI, but rather how they responsibly manage and fully integrate AI into established processes.
By Jason Warrelmann, vice president global services and process industries, UiPath.
FHIR, or Fast Healthcare Interoperability Resources, are quickly being adopted on a massive scale. While only 24% of healthcare companies currently utilize application programming interfaces (APIs) at scale, according to recent data, FHIR APIs will become widespread by 2024.
The data also shows that more than 50% of providers (out of 400 surveyed stakeholders) said they are consuming and producing a large number of APIs. However, some players lag behind, with 43% and 37% saying they consume and build APIs, respectively. That being said, however, 67% of providers and 61% of players expect their respective organizations to utilize APIs at scale as soon as 2023.
But what exactly does FHIR do?
Developed by Health Level 7, or HL7, FHIR has quickly become the standard for representing and exchanging health information. FHIR enables how healthcare information can be exchanged between different computer systems regardless of how it is stored. It allows this information, including clinical and administrative data, to be available securely to those who need access to it and who have the right to do so for the benefit of a patient receiving care. However, FHIR APIs are not easy for businesses to adopt, as it is mostly driven by the need for compliance with interoperability rules today. For healthcare providers, this means several steps of preparation before they can be fully FHIR-ready.
FHIR-enabled automation can help make this adoption easier, leaving the preparation to software robots. Automation software makes sharing data and information between teams more seamless, ensuring everyone is on the same page when it comes to FHIR APIs. FHIR-enabled automation also ensures compliance and streamlines important processes, reducing the cost of FHIR adoption and making it faster and more efficient.
Here are the three ways FHIR-enabled automation can simplify the FHIR adoption process:
Changes in healthcare privacy laws will have significant consequences for medical practices. This summer, the National Institute of Standards and Technology (NIST) released a draft of its HIPAA Security Rule guidance, the first update since the guidance’s original landmark issuance in 2008.
It’s sorely needed.
According to a ClearDATA report on the state of cloud security in healthcare providers in 2022, there is a significant disparity in how healthcare leaders assess their organizations’ cloud-based cybersecurity health. Many healthcare providers mistakenly believe their cloud infrastructure is safe and secure when they actually fall well short of the minimum threshold for proper protection against an increasingly risky landscape.
So it’s unsurprising that 2021 saw healthcare organizations weathering the most data breaches since 2009. But with clear instructions and accountability from technology providers, healthcare organizations can protect themselves against cyberattacks.
The Responsibility of Each Healthcare Organization
Guidelines from the federal government are meaningless without careful compliance from each healthcare organization. It’s critical that you review how noncompliance can negatively affect an organization.
Because healthcare organizations may not be fined or directly punished, the potential fallout of noncompliance is easy to underestimate. But threats are everywhere and the chance of a cyberattack is likely. If you are not proactive, you will eventually leave yourself open to a breach — and that attack can come with dire financial consequences.
Organizations that remain vigilant, proactive, and in line with NIST’s updated HIPAA guidelines can lessen their vulnerability to cyberattacks. It requires an expenditure of resources, sure, but that cost should be seen as a critical investment in your organization’s viability and the privacy of your patient data.
By Deborah Hsieh, chief policy and strategy officer, Ciox Health.
Deborah Hsieh
Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) in 1996. In the 25 years since, healthcare and technology have advanced beyond what any of the original writers of HIPAA could have imagined, creating innovative new tools and mechanisms to share information and to better engage individuals in their healthcare.
Recognizing the challenges in ensuring HIPAA remains relevant for technology, business practices, and patient needs of today, the U.S. Department of Health and Human Services (HHS) released proposed updates to HIPAA’s regulations. The proposed changes include needed flexibilities to promote information sharing, but fail to ensure patient privacy protections remain relevant for the changed context, and, in fact, encourage actions that could expose patients’ healthcare data. Rather than strengthening healthcare privacy protections, the proposal creates a new pathway for non-HIPAA-covered entities to freely access and exploit patients’ healthcare data.
In the proposed rule, HHS seeks to go beyond the existing statute and regulations that ensure patients have a right to direct a covered entity to transmit an electronic copy of their protected health information (PHI) in an electronic health record (EHR) to a designated person or entity of the patient’s choice (also called “patient directive”). HHS now proposes to create a wholly new, unprotected and unauthorized pathway enabling so-called personal health applications — third parties that meet a minimal set of criteria – to gain free access to electronic and paper-based data.
While HHS creates and encourages use of this new pathway for personal health applications, HHS is not able to regulate what these applications do. Because a personal health application “is not acting on behalf of, or at the direction of a covered entity,” it is not subject to HIPAA rules and obligations. Health data that a patient directs to a personal health application is no longer protected by HIPAA and patients are left to fend for themselves.
HHS states personal health applications are managed and controlled by the individual; however, there is no requirement that patients be informed their data is no longer being covered by HIPAA and what that means. Patients will lose their ability to control their access to and the use of their healthcare data and may be fully unaware that third parties may use personal health applications as a backdoor to gain access to millions of patients’ private health information for their own commercial purposes.
By Dipak Prasad, senior product manager, Devbridge.
Dipak Prasad
Communication is one of the most important parts of the healthcare industry, but as it stands it may be the most challenging element as well. To reach the best patient outcomes, it is critical for patients, doctors, hospitals, and facilities to communicate with one another seamlessly, securely, and digitally.
The incredible amount of information that needs to be accurately communicated presents a challenge by itself, but the extensive regulations create an added layer of difficulty. The Health Insurance Portability and Accountability Act (HIPAA) strives to protect the private data of a patient but creates challenges when having to quickly communicate critical information from different parts of the medical team.
Currently, many organizations are decentralized and use multiple digital outlets. There is company-sponsored email, instant message, and portals, plus personal email accounts, mobile and messaging applications—all with the potential to complicate and compromise the quality and security of communication.
Software has the ability to automate certain administrative tasks, enabling medical professionals to focus on patient care and improving patient outcomes. In a notoriously and widely distributed workforce where communication is essential, introducing an effective unified communication tool will increase operational efficiency, decrease infrastructure and maintenance costs.
A unified communication tool needs to connect all personnel across distributed locations, divisions, departments, and functions. A unified system should:
Be flexible and extensible—enabling adaption to future needs
Support multiple communication methods (voice, text, data, video)
Integrate with existing systems. Put the user experience at the forefront rivaling widely-used mobile communication platforms (WhatsApp and Facebook Messenger)
Cater to user requirements by including unique, job-enhancing features based on real scenarios.
Increase operational efficiency while being secure and HIPAA compliant
Tips on how to create an effective communications system:
Diagnose the problem: Run a discovery phase to identify organizational issues and opportunities for improvement through story mapping workshops with stakeholders, interviewing end-users, and conducting surveys. Then, create a service blueprint noting your findings. Ensure all stakeholders are aligned.
Define the minimum viable product (MVP): Prioritize the most significant issues and tackle those first to define the goals for the MVP. Validate your wireframes and prototypes with the original group of individuals who determined the problem space to inform the solution. Allow the test group to try the product early and often, allowing them to guide the solution and feel involved in the process.
Anyone dealing with healthcare IT in the US will come across HIPAA and HITECH and HITRUST — and it’s easy to get them confused. They’re interrelated and they all concern health information and they all impact healthcare IT. But that certainly doesn’t mean they’re all the same.
Briefly, HIPAA is a law and compliance is mandatory. HITECH is another law that was subsequently folded into HIPAA. And HITRUST is a voluntary means to ensure compliance with laws such as HIPAA, including its HITECH provisions and any others that might come along. Here’s how it all breaks down:
HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) covered a lot of healthcare modernization issues, including provisions addressing insurance and taxes. But when we reference HIPAA in the IT world, we’re generally concerned with details in the Act’s Title II.
HIPAA Title II stipulates national standards for digital healthcare information management and movement. Its intent was to establish comprehensive guidance on the way personal health information (PHI) is maintained, exchanged, and protected from unauthorized exposure and theft in healthcare industries. Since the Act was signed into law at the dawn of the dot.com days, it has naturally required amendment over the years.
HITECH
The Health Information Technology for Economic and Clinical Health (HITECH) Act was part of the American Recovery and Reinvestment Act of 2009. HITECH allocated $28B to fund greater adoption of electronic health records (EHRs) through incentives, resulting in a massive digitization of health information. It also outlined additional sets of stipulations for digital standardization and added more privacy and security protections for healthcare data enforced by penalties for compliance failures.
HITECH was consolidated into HIPAA Title II in 2013 with the Final Omnibus Rule, which also expanded security and breach notification details and, notably, extended HIPAA-compliance requirements to business associate agreements. A business associate is any entity that “creates, receives, maintains, or transmits protected health information” for a HIPAA-covered entity. So pretty much anyone handling PHI has to comply with HIPAA — not just hospitals and insurance companies.
By Courtney Tesvich, vice president of regulatory, Nextech.
Courtney Tesvich
Data interoperability is once again poised to take a giant leap forward and there are many factors propelling this evolution. For example, the Office of the National Coordinator’s (ONC) March 2020 introduction of the interoperability rule as part of the 21st Century Cures Act is set to advance interoperability regulations. COVID-19’s spotlight on the need for data transparency and seamless information exchange to enable efficient care delivery across diverse settings is revealing a critical use case.
The rapid onboarding and use of telehealth to virtually deliver safe and secure healthcare underscores the importance of modernizing interoperable solutions. Given all these factors, the time is right for healthcare organizations to evolve their thinking around data sharing.
While larger, multi-setting health systems may have teams of people dedicated to advancing their organization’s interoperability strategy, smaller entities (including specialty physician practices) are often left to figure out the right path forward on their own. This can be overwhelming, and it may be tempting for smaller organizations to delay work on this issue. However, it will only postpone the inevitable.
Over the next two years, the capabilities and requirements to exchange electronic health information will change drastically. The ONC is allowing two years to implement the new interoperability requirements and technology will likely change in that time. So, starting the effort now can make it easier to adapt as solutions evolve. The bottom line? To meet this deadline, practices need to develop their strategies, update compliance efforts, understand upcoming changes and begin to update processes to ensure they are fully prepared for the near future.
But how can an organization get started? Here are a few steps to consider.
Educate yourself on the intent and nuances of the ONC rule. The primary goal of the interoperability rule is to give patients greater access to their health information and allow them to share the data more easily with all providers. As electronic health record (EHR) vendors continue to develop their products to meet the updated requirements, more information than ever before will be available electronically both for patient use and for exchange. Factors that providers should be aware of include:
Future availability of free text notes in the patient portal as well as nearly all lab, radiology and pathology results. As EHR vendors develop and certify to the US Core Data for Interoperability requirements, patients will see additional data beyond the previously available CCDA information in their portal, including visit notes.
Patients will be able to seamlessly select independent apps to aggregate their own health records.
Ensure your practice understands how to handle requests for information in a timely manner. This includes requests by patients for their data as well as data requests by insurance companies, employers and consumer-facing apps. Develop a policy and train staff before the new Information Blocking deadline of April 5, 2021. Ensure you continue to follow HIPAA guidelines as well.
Practices will also need to regularly update clinician information in federal databases.
These suggestions merely scratch the surface of what the new rule requires. Providers should delve deeper and make sure they are moving towards compliance and not inadvertently standing in the way of information exchange.
Since the invention of the stethoscope, technology and innovation have been transforming how the healthcare industry delivers improved standards of care for individuals in every field of medicine. A more recent example of this is the widespread adoption of telehealth capabilities to bring care directly to patients no matter where they are.
This adoption trend has accelerated in response to COVID-19, when the use of telehealth technology skyrocketed with 48% of physicians meeting patients online in April. Since then, telehealth appointments have begun to level off and decline, but over the past year and the foreseeable future, telehealth and the delivery of care through screens and mobile devices will likely play a key role in the future of healthcare.
However, the increased use of telehealth creates additional risks stemming from increased data generation and data sharing such as video recordings, email exchanges between physicians and patients, and broader sharing of protected health information (PHI) between patients, providers and third-party organizations. This level of sharing increases the likelihood that data may become stored in an unsecured location. As for the healthcare providers and all other organizations that handle PHI, the challenge is now to get a better grasp on compliance, protect patient data and mitigate the risk of malicious actors or reputation damaging fines. Here’s how to do it:
Understanding the Rising Risk to Patient Data
The Health Insurance Portability and Accountability Act (HIPAA) was established in 1996 and has since served to give patients power over their health records and hold healthcare organizations and their partners accountable for safeguarding the PHI data of patients.
HIPAA generally applies to PHI in all forms, but the Security Rule applies specifically to electronic PHI (ePHI). And as telehealth becomes a new normal and the administrative workforce continues to work remotely, ePHI’s presence will proliferate making compliance an even more extensive task. Meaning that while telehealth offers many tangible benefits to patients and providers, it is also a double-edged sword that requires heightened attention not just now but at all times. Here are a few things to keep in mind:
