Effective sharing of patient information depends on getting different and often disparate systems to exchange data and, at the highest level, process those data.

This requires sturdy bridges between systems, interpretive and compatible algorithms, and integrated strategies for how different systems will be used and will work together.

CHALLENGE: Securing Systems And Patient Data

Healthcare depends on patient trust -- trust in the physician, in the system, in the privacy they provide.  Security breaches of the IT systems that hold patient data can undermine that trust.  Will patients who do not trust the integrity of health IT spill over to providers, leading some to go to other providers? Will those who remain hesitate or refuse to disclose details that physicians and nurses need to manage their healthcare? 

Early this year, hackers successfully cyberattacked Emory Healthcare, exposing data about at least  79,000 patients. Theirs were among more than 325,000 patient records hacked in just the first two months of this year, according to the U.S. Department of Health and Human Services Office for Civil Rights. 

Stopping cyberattacks is critically important not only for the continuation of provider-patient relationships but to prevent loss of revenue and federal penalties.  Since the Health Insurance Portability and Accountability Act of 1996 was enacted,  the federal government (as of February 28, 2017) has investigated and resolved 24,879 cases that allegedly violated HIPAA rules.  Of these, 47 cases have been settled for a total of $67,210,982. 

Cyberattackers  were responsible for 31% of the major HIPAA data breaches reported in 2016, according to TrapX Security.  Last year 93 major cyberattacks were successfully launched against healthcare organizations, according to TrapX.  Among the most substantial were Banner Health (3.6 million records), 21st Century Oncology (2.2 million), and Valley Anesthesiology Consultants (880,000). 

A leading type involves ransomware -- malware that typically encrypts data, which the attacker promises to decrypt if a ransom is paid.  The Emory assault was a variation. Cybercriminals removed the appointments database and demanded ransom to restore it.   (Emory did not publicly disclose in news articles about the breach whether it paid the ransom.) 

Other types of attacks may pilfer patient data for sale on the black market.  Patient records include loads of valuable information including social security numbers and insurance information. 

 

Keeping these data secure means understanding your IT systems -- how they function and what their patterns of operation look like.  When patterns change, trouble may be afoot. 

 

 

CHALLENGE: Developing An Enterprise Strategy

Many of the multiple and disparate information technologies that now handle patient data in consolidated health systems were initially implemented to serve distinctly different purposes. IHNs/IDNs "stuck" with these systems need a strategy that allows for an integrated but heterogeneous IT landscape, one that promotes patient welfare as it improves short- and long-term clinical performance.   This can be a tall order.  

Recognizing the continuing trend toward consolidation, a thoughtful IT strategy should be considered even if hospitals or other facilities have not been directly impacted by a merger or acquisition.  Healthcare providers might consider choices in IT systems that will minimize disruption if and when they are acquired; make them more attractive as prospective acquisitions; or provide options in a future where joint ventures, affiliations, and collaborations are alternatives to traditional M&A. 

Developing a strategy that pulls the several (or many) different IT tools together depends on dealing with the shortcomings of interoperability. Critically important is reducing complexity and inefficiency.  Not doing so runs the risk of becoming overwhelmed by the integration and management of  myriad systems. This risk is particularly high if IT tools are not well-suited to the tasks that must be performed.   

 

The simplification that comes from integration and consolidation of IT systems can save  money by making processes more efficient and IT systems easier to maintain. It is a transformative process.

 

 

CHALLENGE: Managing Human Factors

Human performance determines how well machines work.  This goes for any industry in which people work closely with machines and particularly advanced technology. In health IT,  a good working relationship between human and technology can translate into improved quality of care, increased efficiency and, ultimately, fewer errors. 

But optimizing the relationship between people and their machines is seldom easy or simple. Relatively small processes, if not compatible with the way people work, can lead to big problems.  For example, entering data on a medication order form in the opposite order as would be written on a paper prescription can lead to errors if the physician defaults to old habits.  

Human activities and the way these are done directly relate to workflow and ultimately translate into efficiency, efficacy, and patient care management.  IT developers must understand how caregivers work and synchronize the design of their technologies to complement these processes.  

 

So much boils down to understanding and resolving workflow problems. Because small problems can become big ones -- often in ways not anticipated – the vendor must communicate regularly and well with the customer’s various stakeholders.