The megalithic healthcare conference, HIMSS19, has come and has gone from the vast former swampland of central Florida. While I’m a relative newcomer to the show’s trajectory – I’ve been to four of the annual tradeshows since 2011 – this year’s version was, for me, the most rewarding and complete of them all. This could be for one of several reasons. Perhaps because I no longer represent a vendor so sitting in the exhibit hall in a 30×30 booth with a fake smile wondering when the day’s tedium would end and the night’s socials would begin may impact my rosy outlook.
Or, maybe I was simply content to engage in the totality of the experience, attend some quality sessions, meet with many high-class people and discuss so-called news of the day/week/year. Doing so felt, well, almost like coming home. Or, perhaps my experience at the conference this year was so good because of running into former colleagues and acquaintances that drove me to such a place of contentment while there. No matter the reason, I enjoyed every minute of my time at the event.
Something else felt right. An energy – a vibe – something good, even great, seems/ed about to happen. Something important taking place in Orlando, and I was blessed to be a part of it. Kicking off the week, CMS created news – like it does every year at about this time – with its announcement that it will no longer allow health systems and providers to block patients from their data. This was a shot across the bow of interoperability and the industry’s lack of effort despite its constant gibberish and lip service to the topic.
Another fascinating thing that finally occurred to me: no matter the current buzzword, every vendor has a solution that’s perfect for said buzzword. Be it “patient engagement,” “interoperability,” “artificial intelligence,” “blockchain”; whatever the main talking point, every organization on the exhibit floor has an answer.
But, no one seems to have any real answers.
For example, after nearly a decade, we still don’t have an industry standard for interoperability. Patient engagement was once about getting people to use patient portals for, well, whatever. Then it was apps and device-driven technologies. We’re now somewhere in between all of these things.
AI? Well, hell. It’s either about mankind engineering the damnedest algorithms to automate the hell out of everything in the care setting (an over exaggeration) or that AI/machine learning will lead to the rise of machines, which will help care for and cure people – before ultimately turning on us and killing or enslaving us all (again, I’m overly exaggerating).
Matthew Fisher, attorney at Mirick O’Connell, a Massachusetts-based law firm, spoke to Electronic Health Reporter during HIMSS19, following the release of a new proposed rule by HHS. The proposed rule outlines potential sanctions and penalties placed upon healthcare organizations and physicians that keep information from patients, known as information blocking.
In her explanation of the rule, Administrator Seema Verma took a strong tone in supporting patient access to their health information and ownership of patient data. “One thing that I want to make very clear for the entire healthcare system is that the data belongs to the patient. It’s their data. It doesn’t belong to the provider. It doesn’t belong to the EHR company. It belongs the patient.”
Based on these sentiments and the proposed rule, here Fisher speaks about what it ultimately may define, and its potential impact on providers and healthcare organizations. Listen to our full conversation here:
Health IT’s most pressing issues may be so prevalent that they can’t be contained to a single post, as is obvious here, the second installment in the series detailing some of the biggest IT issues. There are differing opinions as to what the most important issues are, but there are many clear and overwhelming problems for the sector. Data, security, interoperability and compliance are some of the more obvious, according to the following experts, but those are not all, as you likely know and we’ll continue to see.
Here, we continue to offer the perspective of some of healthcare’s insiders who offer their opinions on health IT’s greatest problems and where we should be spending a good deal, if not most, of our focus. If you’d like to read the first installment in the series, go here: Health IT’s Most Pressing Issues. Also, feel free to let us know if you agree with the following, or add what you think are some of the sector’s biggest boondoggles.
Michael Fimin, CEO and co-founder, Netwrix
The largest concern of any healthcare organization is protecting patient personal data. Every year healthcare entities of all sizes become victims of data leaks, fresh examples are both Anthem and Premera Blue Cross, and lose thousands of dollars mainly because of employee misbehave or human error. Being not an easy one to prevent, human factor sets IT pros a number of challenges to cope with:
1. Insider threat. Unfortunately, privilege abuse is a primary root cause for many data breaches. No matter if an employee is breaking bad or his credentials were stolen, sensitive data is put at risk. The only way to prevent insider threats is to have visibility into the IT infrastructure and be able to track any changes made to both security configurations and data. Monitor user activity and establish rigorous control over accounts with extended privileges. Regularly review all access rights to ensure that permissions are granted adequately to employees’ business needs.
2. Security of devices. In 2014 healthcare organizations suffered from physical theft or loss of electronic devices more than any other industry, said the Verizon 2014 DBIR. Without proper identity and authentication management personal data stored on these devices can be easily accessed by adversaries, leading to financial and reputational losses. If your employees’ laptop or tablets end up in the wrong hands, encryption, two-factor authentication and ability to manage the device remotely will protect your data, or at least will make hacker’s job much harder.
3. Employees’ negligence. Deliberate or accidental mistakes pose more danger to data integrity than you might think. A simple email with confidential data sent to the wrong address may lead to a huge data leak. Make sure that your employees are familiar with the company’s security policy and are aware of what they should do to maintain security each person in the company should clearly understand that integrity of information assets is their personal responsibility.
Dr. Barry Chaiken, chief medical information officer, Infor Healthcare providers organizations invested billions of dollars purchasing and implementing electronic medical records with this investment driven by the economic incentives provided by the HITECH Act. Now that these systems are installed an up and running, organizations struggle to obtain real value from these investments. These systems were implemented with speed in mind rather than clinical transformation that improved quality and reduced costs. Now, organizations must embrace clinical transformation and change management to redo workflows and processes to effectively impact care. Organizations cannot justify their investment in EMRs unless they rework their EMR implementations to obtain true value from their deployment.”