Given the tremendous and on-going changes currently taking place in health IT, especially the recent delay in ICD-10, and the ever on-going issues surrounding meaningful use, we remain in a turbulent, yet revolutionary time in the industry. As changes continue to come and behaviors, habits, further reform is activated and enforced, there will only be more of a focus on where we are headed from a technology standpoint.
Given the multiple balls health IT leaders are currently juggling and the rapid changes they are facing from new technology and managing tools that were once thought to be saviors of the sector – patient portals come to mind – I and they are left to wonder what’s next for health IT. With that lingering question, I asked a few folks working directly in the space what they think will occupy the minds of health IT leaders for the short term.
The delay in ICD-10 implementation was met with equal parts relief and frustration. As the healthcare IT industry is evolving, government and regulatory authorities have come up with several certifications to enhance the quality of care for patients. For example, meaningful use incentives have created an artificial market for dozens of immature EHR products. Many EHR vendors have been preoccupied with backlogged implementations and have neglected the usability and innovation of their EHR products. Most concerning to current EHR users are unmet pleas for sophisticated interfaces with other practice programs and complex connectivity, pacing with accountable care progresses and the rapid EHR adoption of mobile devices. Many popular “one size fits all” EHR products have failed to meet the needs of several medical specialties.
Divan Dave, CEO, OmniMD
Distracted by the process of certifying their EHR products for Stage 2 of meaningful use, not all software vendors have been able to deliver on their Meaningful Use 2 promises to anxious providers; 40 percent of the practices are replacing their EHR systems, as their current systems are cumbersome to use, not integrated, not able to meet regulatory compliance, outdated, have interoperability challenges, inefficient customer support, lacks specialty specific workflow and are not mobile enabled.
In the US, nearly 3 trillion dollars per year is spent on healthcare, which translates to everyone from physicians and pharmacists to well-organized crime syndicates targeting healthcare, usually through the use of stolen patient records and identities.
Jeff Fisher, vice president of emerging technologies, RES Software
A top concern in healthcare right now is securing patient health records. Although the clinical details themselves contain little financial value, the records contain personal patient details that can easily result in stolen identity or credit card information.
Two of the weakest points in healthcare security are 1) people tending to underestimate security risks, therefore, becoming vulnerable to social engineering, and 2) the fact that endpoints can’t be physically secured in many cases while continuing to provide needed value. Patients need to take a more serious approach in choosing a healthcare organization by making it clear that they “trust” their provider.
Dan Chamberlain, healthcare vertical marketing leader, Motorola Solutions
While Meaningful Use Stage 2 and ICD-10 have been delayed, both will continue to require attention from health IT professionals. On top of those enormous issues, expect improving information security to take center stage in the wake of high-profile HIPAA violations. Organizations are going to be pushed to improve the way they handle their patients’ private information. Patient engagement is the next hot topic on the horizon. IT departments will be expected to support patient engagement with technologies like robust patient portals that are secure and accessible to patients both within facilities and elsewhere.”
Ken Smith, senior solutions architect, K logix
The healthcare industry still needs to get out of the dark ages in terms of its information security and privacy capabilities. Sure there is HIPAA, but most organizations that fall under HIPAA and HITECH focused, very myopically, on doing only what was minimally required to get by. And I think we all know by now that compliance does not mean secure.
I have been involved in quite a few risk analysis projects for hospitals and medical centers. When I recommend a comprehensive security and privacy risk analysis the response was usually, “All I want to do is what is required of HIPAA; nothing more.” That’s like saying, “I am not interested in managing risk, all I want to do is to be able to tell management that we met HIPAA requirements.”
During a vulnerability assessment for one Hospital I noticed that most of the vulnerabilities from the previous years’ assessment still existed. When I inquired I was told that they just don’t have the resources to address most of them. All they wanted was some sort of deliverable showing that they had the tests performed. To make matters worse, a number of the EHR/EMR systems used at some large Health Care institutions do not encrypt sensitive information, such as PHI or PII, at rest. Yes, you read that correctly.
What I think is needed is a concerted effort to zoom out from the laser focus on compliance and instead focus on identifying and properly managing risk.
Mobility and patient interaction — Patients want to bond with their doctors at the point of care. Doctors who use iPad-based platforms designed for touch, not typing, can spend less time documenting and more time with their patients. Most EHR systems are designed for desktop computers, which puts distance between the provider and their patient and increases data entry requirements.
Dr. Michael Sherling, chief medical officer and co-founder, Modernizing Medicine
Data exchange and portability — Meaningful Use Stage 2 included new standards for interoperability that enable doctors who have patients in more than one EHR system to get important medical information, such as their past medical history, medications, allergies and lab results.
Clinical decision support — Having the access to the right kind of data at the right time is critical for improving health outcomes.
Now that the postponement of ICD-10 seems back of mind — top concerns I see are renewed projects to reduce the risks associated with handling ePHI. Healthcare providers are taking note that HIPAA has teeth as the Office of Civil Rights has stepped up enforcement. OCR is handing out penalties for loss of patient data. The big bad wolf – OCR — is finally knocking the brick house down.
Mark Hanson, U.S. director of healthcare, Fortinet
Christina Heide, acting deputy director of health information privacy for OCR, in a press statement recently said, “Our cases against NYP and CU should remind healthcare organizations of the need to make data security central to how they manage their information systems.”
Healthcare leader’s objectives should be to:
- Standardize IT/security across the distributed healthcare enterprise
- “Leverage” a secure infrastructure to deliver innovative solutions
- Improve efficiency and cut costs associated with protecting PHI
How can these objectives be accomplished? Innovative healthcare IT organizations are taking the breather that the delay in ICD-10 affords them to get their networks secure plumbing in place today. High performance OSI Layers one through seven network security is again central in focus. Consolidation projects that reduce diverse IT environments also afford operational efficiencies and reduce the risks of breach. The consolidation actually improves performance and improves the fight to secure ePHI. The good news is that there are organizations that can cut significant costs through consolidating IT environments that will enable innovative solutions to meet the Healthcare delivery IT needs of the future. The great news is that there are solutions that can transform healthcare and deliver on key topics in the front line fight to protect ePHI while delivering the big data analytics, BYOD, cloud computing, compliance and telemedicine initiatives healthcare executives must have today.
Doug Brown, vertical marketing manager, Honeywell Scanning and Mobility
ICD-10 is obviously a major undertaking for EHR software providers and for healthcare system processes and workflows, but with all the financial impacts of reduced reimbursements, hospitals are ever focused on being more efficient and cutting cost. That is pointing hospitals at their biggest labor persona, nursing. They need them, and in fact they need more of them, but they need their nurses to do even more than ever before. They need them to document more than they ever have; they need them to spend more face time with the patients to improve HCAHPS scores; they need them to respond appropriately to the alarms and alerts from the patients rooms. The list goes on, but the point is that nursing workflows and IT are forever connected and is at the forefront of care.
There are four significant trends in nursing workflows that are driving the next big IT spend.
- Care team communication and aging VOIP infrastructure
- Medical device integration – electronically collecting data from the bedside machines
- Alarm and alert fatigue management
- The mobilization of EMR applications – deploying more bedside nursing applications for smartphones including classic barcode applications like medication administration
These four macro trends are driving the hospital CIOs and CNIOs to the “converged device.” The converged device is a nursing smartphone that can be used reliably in an acute care hospital for both communication and software applications. Secure texting is exploding among nurses and doctors and a nursing smartphone is ideal for this. Smartphones are rapidly replacing legacy, one function only, VOIP phones in use in most hospitals today. Pagers are also being replaced by smartphone applications. Most hospitals are requiring all data automatically being collected from bedside devices to be approved by a nurse prior to being entered into the patient’s medical record. Every MDI vendor now offers a smartphone app for this data review and approval. Filtering the alarms and alerts coming from the bedside is being accomplished with highly configurable server applications that use a smartphone as the user interface for the alarms that are most critical for a nurse needs to see. And finally all the EHR software providers are delivering smartphone applications for most of the nursing beside data capture activities.
Combine this with the need for a smartphone that can withstand the continuous disinfecting chemicals and the need to read barcodes in virtually every workflow — and it all points to a purpose-built nursing smartphone.
There are currently two approaches to a true nursing smartphone. The first is a protective sled that encases an iPhone, for example, and adds protection, barcode scanning, and extended battery life for the iPhone. The other approach is a ground up, purpose-built nursing smartphone with all the features and user interface you expect in a consumer smartphone, but with the added benefits of durability, extended battery life, and most importantly barcode scanning ability.
Bringing new nursing smartphone hardware and new mobile applications together is the essence of the converged device and is being deployed at many thought leading hospitals as we speak.