Over the past few years, healthcare technology has seen many advances. We’ve achieved mass-market adoption of EHRs, many organizations are making meaningful progress on data aggregation and warehousing information from multiple diverse systems, and wearables and other sensors show much potential to unlock personal information about each patient. The pace of change in healthcare is quickening, with each new technology or initiative sending off a chain of reactions across the entire ecosystem, ultimately improving patient care.
I see three trends driving the industry toward change:
Analytics will help predict population heath management
One of the persistent industry challenges is the “datafication” of healthcare. We’re amassing more and more data now than ever before. And new sources (like wearable devices) and new health factors (like DNA) will contribute even more. This data explosion is putting increased pressure on healthcare organizations to effectively make this data useful by delivering efficiency gains, improve quality of care and reduce overall healthcare costs.
Navigating this digitized healthcare environment will require increasingly sophisticated tools to help handle the influx of data and make the overload of healthcare information useful. In 2016, the industry will begin to take concrete steps to transition to a world where every clinician will see a snapshot of each of their patients to help them synthesize the critical clinical information they need to make a care decision. Moreover, hyper-complex algorithms will allow providers not only to know their patients, but to accurately predict their healthcare trajectories. By giving providers insights into how each patient is trending, clinicians will be able to make better-informed, precise decisions in real-time.
Consolidation leads to new healthcare models, improved outcomes
New models for effective population health management continue to drive change across healthcare systems. These models incentivize stakeholders to optimize costs, identify organizational efficiencies and improve decision-making processes to deliver better care at a lower cost through an emphasis on care coordination and collaboration.
Guest post by Terry Edwards, president and CEO, PerfectServe.
Each day, healthcare professionals need to communicate with colleagues, patients and others outside of their organization. These communications often contain critical information about dosage changes, requests for a consultation and other healthcare information that can have life-or-death consequences for patients.
From email and texting to calls and overhead pages, there are a dozen different ways healthcare professionals can communicate with one another. Many of these modes of communication are fairly new, and clinicians are still continuing to teach each other the rules of the road and associated etiquette.
But as healthcare transforms to be more focused on value-based care, it’s becoming even more important to get this right. To coordinate patient care across the patient’s entire journey within the health system, clinicians need to know how to reach each other in the best way. Although communication is an essential part of the job for clinicians, a recent survey of 955 healthcare professionals1 conducted online by Harris Poll and commissioned by PerfectServe, shows that clinicians aren’t always communicating in the way that they’d prefer.
Find a way to speak in person when possible: For complex or in-depth conversations within their organizations, healthcare professionals say they prefer to speak face-to-face (41 percent for physicians; 37 percent for non-physicians). This preference is particularly strong with nurses, with 55 percent of nurses surveyed saying their preferred method is face-to-face communication for complex or in-depth conversations with physician care team members. Speaking in person allows clinicians to focus on the conversation. Many of the clinicians I work with say taking time to speak in person gives them the opportunity to build a stronger rapport with their colleagues, which can make it easier to foster care coordination.
Think before picking up the phone: Phone calls are by far the most frequent form of communication with care team members outside their organization. More than half (55 percent) of clinicians say they most frequently use a phone call to connect with physician care team members outside of their organizations, and 48 percent most frequently use the phone to communicate with non-physician care team members outside of their organization. But while everyone is picking up the phone, only about a quarter of clinicians actually prefer phone calls for that kind of information sharing (29 percent for brief communications with physician care team members outside of their organization; 25 percent for outside non-physician members). In my work with clinicians, many say that the ring of the phone is an interruption to their work, and more than two-thirds (67 percent) of clinicians reported that they often receive pages or calls that are of low priority, which disrupts patient care.
Health IT’s most pressing issues may be so prevalent that they can’t be contained to a single post, as is obvious here, the third installment in the series detailing some of the biggest IT issues. There are differing opinions as to what the most important issues are, but there are many clear and overwhelming problems for the sector. Data, security, interoperability and compliance are some of the more obvious, according to the following experts, but those are not all, as you likely know and we’ll continue to see.
Here, we continue to offer the perspective of some of healthcare’s insiders who offer their opinions on health IT’s greatest problems and where we should be spending a good deal, if not most, of our focus. If you’d like to read the first installment in the series, go here: Health IT’s Most Pressing Issues and Health IT’s Most Pressing Issues (Part 2). Also, feel free to let us know if you agree with the following, or add what you think are some of the sector’s biggest boondoggles.
The healthcare industry has undoubtedly become a bigger target for security threats and data breaches in recent years and in my opinion that can be attributed in large part to the industry’s movement to virtualization and the cloud. By adopting these agile, effective and cost-effective modern technological trends, it also widens the network’s attack surface area, and in turn, raises the potential risk for security threats.
We actually conducted some research recently that addresses evolving security challenges, including those impacting the healthcare industry, with the introduction of cloud infrastructures. The issue is highlighted by the fact that the growing popularity of cloud adoption has been identified as one of the key reasons IT and security professionals (57 percent) find securing their networks more difficult today than two years ago.
Paul Brient, CEO, PatientKeeper, Inc. No industry on Earth has computerized its operations with a goal to reduce productivity and efficiency. That would be absurd. Yet we see countless articles and complaints by physicians about the fact that computerization of their workflows has made them less productive, less efficient and potentially less effective. An EHR is supposed to “automate and streamline the clinician’s workflow.” But does it really? Unfortunately, no. At least not yet. Impediments to using hospital EHRs demand attention because physicians are by far the most expensive and limited resource in the healthcare system. Hopefully, the next few years will bring about the innovation and new approaches necessary to make EHRs truly work for physicians. Otherwise, the $36 billion and the countless hours hospitals across the country have spent implementing electronic systems will have been squandered.
Email security is one of healthcare’s top IT issues, thanks, in part, to budget constraints. Many healthcare organizations have already allocated the majority of IT dollars to improving systems that manage electronic patient records in order to meet HIPAA compliance. As such, data security may fall to the wayside, leaving sensitive customer information vulnerable to sophisticated cyber-attacks that combine social engineering and spear-phishing to penetrate organizations’ networks and steal critical data. Most of the major data breaches that have occurred over the past year have been initiated by this type of email-based threat. The only defense against this level of attack is a layered approach to security, which has evolved beyond traditional email security solutions that may have been adequate a few years ago, but are no longer a match for highly-targeted spear-phishing attacks.
Dr. Rae Hayward, HCISPP, director of education and training at (ISC)²
Dr. Rae Hayward
According to the 2015 (ISC)² Global Information Security Workforce Study, global healthcare industry professionals identified the following top security threats as the most concerning: malware (77 percent), application vulnerabilities (74 percent), configuration mistakes/oversights (70 percent), mobile devices (69 percent) and faulty network/system configuration (65 percent). Also, customer privacy violations, damage to the organization’s reputation and breach of laws and regulations were ranked equally as top priorities for healthcare IT security professionals.
So what do these professionals believe will help to resolve these issues? Healthcare respondents believe that network monitoring and intelligence (76 percent), along with improved intrusion detection and prevention technologies (73 percent) are security technologies that will provide significant improvements to the security posture of their organizations. Other research shows that having a business continuity management plan involved in remediation efforts will help to reduce the costs associated with a breach. Having a formal incident response plan in place prior to any incident decreases the average cost of the data breach. A strong security posture decreases not only incidents, but also the loss of data when a breach occurs.
Every day, physicians send and receive clinical information to and from patients, nurses, care managers, pharmacy technicians, specialty clinics and other physicians. These communications occur through a wide range of modes—including smart phones, pagers, CPOE, emails, texts and even messaging features within electronic medical records. Patient health information (PHI) is constantly exchanged through these messages, and to avoid a HIPAA violation, which can cost millions of dollars plus a hit to reputation, practices must make sure proper security features are in place.
Especially for physicians in smaller practices who are already strapped for time and resources, a HIPAA violation could leave their practice in a precarious situation. In fact, according to a recent study by the Ponemon Institute, the average cost of HIPPA breaches from 2010 through 2012 was $2.4 million per organization. To meet evolving guidelines around the quality of care, increase efficiency and potentially avoid financial penalties in the years to come, physicians must address communications security holistically.
The final HIPAA ruling requires physicians look at their entire risk management process, and not just specific technologies, which is why “HIPAA-compliant” text messaging isn’t yet possible. While texts are commonly sent between two individuals via their mobile phones, the “communication universe” into which a text enters is actually much bigger. This universe also includes creating electronic PHI (ePHI) and sending messages—in text and voice modalities—from mobile carrier web sites, paging applications, call centers, answering services and hospital switchboards.
The law stipulates that a covered entity – i.e. a physician, medical group practice, hospital or health system – must perform a formal risk assessment; develop and implement and effective risk management strategy based upon the findings in that risk assessment; implement the strategy using sound policies and procedures; and monitor its risk on an ongoing basis. These regulations apply to physicians creating, transmitting and receiving PHI in any electronic form.
While there is no “one-size-fits-all” approach, medical practices can take the following steps to improve the security of their communications: