Guest post by Komal Papneja, IT research and marketing expert, Calance.
It’s time for healthcare organization to conduct a routine checkup on their data management and storage capabilities. Wondering why? To put this into perspective, Kaiser Permanente, nation’s largest health plan based out of California alone manages 26 to 44 petabytes of data from its electronic health records only. And if you are wondering how much is that, it would take around 223,000 DVDs (4.7 GB each) to just hold 1 petabyte of data, according to a Delloittestudy. Now couple this issue of data explosion with the HIPAA/HITECH compliance regulations and you see healthcare industry struggling to keep pace with the emerging technologies. Gone are the days when you could manage data with pen and paper…or even in onsite data centers.
Data explosion has become a generic problem with US healthcare organizations, says Gaurav Garg, vice president – healthcare solutions at Calance Corporation. While working with a large US Healthcare provider, team Calanceobserved that their data was growing at the rate of 50TB per month and also that their onsite data centers will soon run out of capacity. Healthcare organizations in general need a secure, future-proof, and compliant solution that can help eliminate data explosion while remaining cost-effective. This is where hybrid cloud solution comes in.
Why hybrid? Because hybrid cloud model allows for tighter security than traditional public cloud while offering more flexibility than a private cloud. Here is a detailed overview of how a hybrid cloud solution can help healthcare industry overcome the biggest IT challenge which is – data explosion.
Get Storage Space Scaled for You
Critical patient data, confidential communications, and medical records, everything is stored digitally. There is always a need for more storage space. And hybrid cloud gives you that storage space without having to spend IT dollars on in-house data center expansion or to pay for under-utilized capacity. This enables maximum elasticity and efficiency. You only pay for the space you use! But that’s with every cloud model, whether private, public, or hybrid. What makes hybrid more suitable for healthcare industry then? Keep reading as we unfold a few reasons.
Guest post by Stephen Cobb, senior security researcher, ESET.
Stephen Cobb
Whatever you thought of President Obama’s penultimate State of the Union address, you have to admit it set some sort of record for the most words devoted to issues of data privacy and security (198 by my count). Furthermore, those words alluded to a raft of statements and announcements on these topics that were published in the days leading up to the speech. In short, it is clear that this President wants to make some changes with respect to cybersecurity and data privacy. What is not yet clear is how those changes will affect healthcare IT and the management of electronic health records. Will breach notification requirements change? Will penalties for breaches be increased?
The answers are not entirely clear at the moment. For a start, the President is a Democrat, but Republicans control the House and Senate. In other words, it is hard to know which of his proposals will be enacted. That said, it is better to look at them now and ask questions, engaging in the debates they are bound to provoke rather than wait and see what new laws finally emerge. For example, the President proposes to erect a single national 30-day data breach notification law in place of the scores of different state data laws that companies currently have to comply with. How will that affect electronic health records?
The answer may be “very little” and that could be good news for electronic health records and health IT. In its current form, the proposed Personal Data Notification & Protection Act does not disrupt existing federal notification requirements related to health data breaches. The draft legislation does not apply to HIPAA covered entities and business associates, nor the FTC covered vendors of personal health records. Here is a boiled down version of the current language which I have put in quotes to show it comes from the bill: “Nothing in this Act shall apply to business entities to the extent that they act as covered entities and business associates subject to the HITECH act (section 17932 of title 42), including the data breach notification requirements and implementing regulations of that act. Nor will it apply to business entities to the extent that they act as vendors of personal health records and third party service providers subject to the HITECH act.”
If the law were to be passed with that language intact, it would leave in place what many of us still think of as the HIPAA 60-day notification deadline, as well as the FTC 30/60-day PHR regime. And when you’re trying to comply with a regulatory regime, a lack of change can be good. Another way of looking at the breach notification issue is that the healthcare sector, while often maligned for leaking data, is actually a pioneer in notification. The HIPAA privacy and security requirements were in play even before California passed the first of the state breach notification laws, which now exist in some form in more than 40 states (creating the patchwork regulatory nightmare that the President’s unified federal law seeks to dissolve).
Guest post by Steven Chau, CTO and co-founder, Doctor Quickly.
Healthcare is one of the last industries to be disrupted by technology. Although unprecedented levels of biomedical knowledge, surgical procedures, and condition management have been amassed, we are not using them to their potential to create the tools to improve healthcare experiences. A balance of privacy and policy regulations with technology is the key to creating a secure yet efficient healthcare system.
The State of Healthcare
A staggering portion of healthcare costs are wasted. According to the Institute of Medicine (IOM), $765 billion or 30 percent of the 2009 total U.S. healthcare spending was wasted. Key areas that were tracked include unnecessary services, services inefficiently delivered, prices that are too high, excess administrative costs, missed prevention opportunities and medical fraud.
Key findings:
Overused services, defensive medicine and higher-cost services total $210 billion in excess cost;
Medical errors, care fragmentation and preventable complications total $130 billion in excess cost;
Duplicative costs to administer insurance and insurances’ administrative inefficiencies drive $190 billion in excess cost;
Product prices beyond competitive levels total $105 billion in excess cost;
Missed prevention opportunities like primary, secondary and tertiary prevention total $55 billion in excess cost;
Fraudulent claims total $75 billion in excess cost.
Additionally, there will not be enough physicians in the next few years to meet the growing demand. The Association of American Medical Colleges (AAMC) projects a shortage of 62,000 physicians by 2015. This shortage is expected to increase to 91,000 by 2020. This physician deficit is due to an aging Boomer Baby population, the insuring millions of new patients through the Affordable Card Act, and the retiring of a large number of doctors in the coming decade.
Technology can curb inefficient health management, increase knowledge sharing, and improve access to a shrinking physician pool. However, proper precautions must be taken to safeguard patient information privacy while empowering healthcare providers to provide more efficient care.
HIPAA
Healthcare technology is largely regulated by the Health Insurance Portability and Accountability Act (HIPAA). It was created in 1996 to protect the privacy of electronic patient data, known as protected health information (PHI) and to restrict access to PHI. Predating the iPhone by 10 years, the HIPAA rules were strengthened in 2013 to increase rigor on de-identifying PHI, to broaden HIPAA’s reach to include all entities that touch PHI directly and indirectly, and to notify affected parties if a PHI breach has occurred.
Guest post by James Bindseil, president and CEO, Globalscape.
Health IT has reached a pivotal crossroad: On one end, consumers’ expectations for more timely care and instant access to health files and records continue to skyrocket; on the other, security and compliance risks are more complex and threatening than ever before.
This leaves health providers in a precarious position: should they prioritize security and compliance, or productivity and care?
In a perfect world, the answer would be all four. Unfortunately, today’s health IT landscape — which is going through a rapid and significant transformation to keep up with evolving compliance mandates, new demands around access to patient files, changing government policies, sophisticated security threats and new technologies — is far from perfect.
One of the most pressing issues lies within the policies and technologies provided by today’s IT teams. In fact, in many instances, the policies and tools implemented by IT to keep patient data safe and secure often end up having the opposite effect: they make it incredibly difficult for providers to deliver fast and efficient care in a secure, compliant manner.
For example, let’s imagine a day-in-the-life of a hospital care provider, who faces immense pressure to deliver top-notch care to as many people, and in as little time, as possible. On day one, an off-duty doctor is called at home to provide his take on the best care plan for a specific patient. How will he review the pertinent information while working remotely? In another scenario, the doctor is running from patient to patient, and is unable to take the necessary time to record his actions. Taking the work home on a USB drive seems like the best option. The next day, the hospital needs to quickly share files with the patients’ previous provider to care for an urgent medical issue.
What must be done before you walk out of the office for the last time before the stroke of midnight Jan. 1, 2015? It’s a simple question with many possible responses. Each healthcare organization, based on its needs and priorities likely has a fix what it needs to do, though, perhaps those things are not necessarily what it wants to do. Like people, the final couple weeks of the year are different for everyone and practices are no different.
So, if you’re making a list and checking it twice, here are a few suggestions that you might want to add to it to be well prepared for the new year, based on your practice’s business needs, of course.
Review the ONC Federal Health IT Strategic Plan
Chris Boone
At Health Data Consortium, we have three must-do items before we close the door to 2014. First, we urge the health IT community to review the recently released ONC Federal Health IT Strategic Plan 2015-2020. Public comments are open until February 6, but don’t let your response get lost in the start of the year flurry. Second, we are preparing for the arrival of the 114th Congress and the opportunity to share Health Data Consortium’s public policy platform for 2015. Our platform will have an emphasis on the key issues that affect data accessibility, data sharing and patient privacy – all critical to improving health outcomes and our healthcare system overall. Finally, on January 1 we’ll be only 150 days from Health Datapalooza 2015. We are kicking off the new year and the countdown to Health Datapalooza with keynote speakers and sessions confirmed on a daily basis. We’re already making the necessary preparations to gather the innovators who are igniting the open health data revolution. As 2014 comes to a close, we look forward to hit the ground running in 2015.
Ideally, turn off not only your lights, but everything — I mean every piece of digital technology and every way digital technology can connect to your organization. That is the only way to assure there are no accidents, glitches, failures or breaches. Here are some other things you can do:
• Fill every open position you can. Have positions and people identified and include backups. The only thing worse than not having a position to fill is having one to fill and leaving it open.
• Address mobility, medical devices and patient engagement, and not just from a security perspective — this is everyone who provides access, information or uses these devices or systems.
• Address the culture and have a plan to include every individual in the organization, if the technology touches them, from BYOD to analytics to privacy to cloud storage.
IT, regardless of the industry, is ultimately about people. In healthcare, it is also about the data itself, which represents your patients. It has to be there, it has to work, it has to be secure.
— David Finn, CISA, CISM, CRISC, is a member of ISACA’s Professional Influence and Advocacy Committee, and the Health Information Technology Officer for Symantec
I remember when the Health Insurance Portability and Accountability Act (HIPAA) passed. I was working for a leading practice management software vendor. Everyone was overwhelmed by what was involved. We developed a huge amount of education and information for our customers. Some people wondered if the healthcare industry could make such a major change.
Today, HIPAA is ubiquitous. Many practices take it for granted. They are not concerned about a breach because they believe they have done everything they need to do. In a recent study by MedData Group of physicians top practice management priorities for 2015, HIPAA didn’t even make the list.
“We instigated HIPPA when it came out, and it is in place and second nature to us,” said Joann Lister, a provider at a family medicine practice in Texas. “We have all worked at the hospital so we had plenty of training on the rules. Our physical space and computers are confidential. Our practice management and EHR software, Kareo, always goes back to login when we are done in a room so the next patient does not see anything. We have limited personnel so it is easier to know that everyone honors the HIPAA rules.”
The question is: Have practices gotten too complacent with HIPAA? With the latest changes to HIPAA in 2014, have they followed through on making changes and updates? The data and experience of industry experts and consultants suggests that there may be a problem with HIPAA compliance.
“The last analysis we did for a practice had 41 pages of regulations that required implementation,” recalled practice management consultant Rochelle Glassman, CEO of United Physician Services. “Most practices do not know what the complete requirements are. They believe that if they have the patients sign the privacy form that is all they need to do. This year there were updates that included the new HITECH Act and the HIPAA Omnibus rule. I can guarantee that many practices have not updated their HIPAA program to include the changes because they do not even know they exist.”
It should come as little surprise to me that no matter the healthcare sector — long-term care, ambulatory or in patient, for example – most of the worries faced are the same or very similar. Many of the same levels of attention is given to many of the highly complex usual suspects – interoperability, health information exchange, accountable care, HIPAA and even mandates like meaningful use. The murmurs of those working here are often similar and there is a fairly deep collective holding of the breath in regard to advancements or developments in these areas regarding the blowing winds of how these and other issues sway constituents throughout the marketplace.
The general sentiment of individuals, those leading large hospitals and multi-location care facilities, who express their opinions and concerns to organizations like HIMSS, to name one, are the same as the concerns voiced by many of the attendees at PointClickCare’s annual user meeting, to name one, in Orlando Nov. 2-5, 2014. These same sentiments also are expressed at variety of other meetings of the minds throughout the US in similar constituent groups or with vendor and other allegiances.
Educational and work sessions held at these gatherings always have the same look and feel; the same as those expressed at PointClickCare’s Summit 2014. Engagement, connection, care; ACOs, HIEs, and managing their relationships; EHRs, interoperability, and managing this relationship and the flow of information (or doing so when the information does begin to flow); and change management strategies that provide guidance and advice for … managing change.
The information exchanged in venues such as these and the sessions themselves are valuable, of course, and needed to fill an enormous information void. Most importantly, these healthcare education sessions draw together folks seeking guidance and those needing insight, as well as provide a dash of leadership at times when much seems to be lacking. Finally, these educational sessions – quick and concise as many of these sessions may be – alleviate fear during a scary and tumultuous time in healthcare.
Health IT pain points seem to be lingering long despite the never ending promises and hope eternal new technology innovation seems to offer. Every sector has its prickles, no doubt, and much is left to overcome in healthcare, but given the complexity and the copious amount of change and development here, it’s of little surprise that pain is being felt.
What may be surprising, though, is that like patient engagement, there seems to be a different type of pain, and severity of pain, depending on who you ask.
With that, for greater clarity, I decided to ask some of health IT industry insiders what they’re pain points were and why. Their responses follow:
Dr. Trishan Panch
Dr. Trishan Panch, chief medical officer, Wellframe
One of the biggest pain points for hospitals is that we’ve come across a health system’s inability to scale care management resources. They are effective in improving outcomes when patients are engaged, but because of limitations around existing models (i.e. human interaction via phone or in-person) only a small proportion of the patient population can be engaged. That’s why organizations are turning to technology solutions to scale care management resources to reach more people.
One of the biggest pain points for physicians today is the lack of interconnectivity between different IT systems. Participation in the meaningful use program has helped create some common standards for communication but, for a variety of reasons, these have not yet lead to widespread, effective clinical data sharing. Few physicians can operate in the ecosystem of a single electronic medical record, since they often work in systems that are different, from practice, various hospitals and other places of care.
Interoperability is a pain point in healthcare IT, particularly when it comes to transitions in senior care. Connecting the care delivery ecosystem to provide safer transitions of care is critical to long-term care. While some individuals may require short-term rehabilitative care, others may need home-based care, assisted living or long-term and hospice care. As seniors move through these different stages or between acute care and post-acute care, these transitions pose challenges for healthcare providers. Ideally, all the information that clinicians need to treat the individual will be available when he arrives at his new destination. However, this is not always the case. Healthcare providers, both long-term and acute, must invest in an infrastructure that supports seamless transitions of care; interoperability plays a vital role. Connecting healthcare providers across the care continuum will allow for better health outcomes, help reduce unnecessary hospital re-admissions, as well as keep healthcare costs down.
There are various statistics about the negative impact paperwork has upon providing healthcare. The AHA has estimated it adds at least 30 minutes to every hour of patient care provided. A main pain point continues to be the ability for IT to implement efficient EHR systems. At the core of any EHR system are its image capture capabilities. It must be simple to use throughout the workflow process. This includes image capture, editing, saving and sharing. The capture, or scanning, must be speedy. Editing features must be clear in how to use. This minimizes learning curves at the start. It also optimizes the speed of processing documents during the life of its use. Easy saving to local or network locations should also enable simple and secure sharing too. When one, some or all of these areas stall, it can cripple the realization of benefits from digital document management.
