The digital conundrum for healthcare organizations is two-fold: First, they need to constantly evolve to coincide with advancements in technology to best address patient needs and stay competitive. Second, they need to abide by the myriad of regulatory standards established to make sure their digital initiatives and machines stay compliant. So, how does a hospital simultaneously onboard the “latest and greatest” medical technology software and devices while staying compliant, secure, and competitive? Coincidentally, the technology that can create cracks in healthcare IT’s compliance and security is the very technology that can help. Can technology solve these healthcare organization challenges?
Read on to discover how advancements in cloud, interoperability, document management software, AI, and more are addressing six major pain points of healthcare institutions while revolutionizing the way they address patient needs and keep themselves them compliant.
Problem 1: Compliance
Arguably, healthcare IT’s biggest concern is compliance. Aside from the U.S. Food & Drug Administration and the Health Insurance Portability and Accountability Act (HIPAA), regulations abound from Medicare, Medicaid, the Agency for Healthcare Research and Quality (AHRQ), State Children’s Health Insurance Program (SCHIP), Centers for Disease Control and Prevention (CDC) and the Affordable Care Act (ACA). These regulatory bodies and legislation have done their best to catch up with how quickly technology used by the medical field is evolving, in addition to how quickly it’s being adopted. That means that healthcare organizations that started using technology such as mobile devices years prior to the creation of some regulations have had to catch up with newly minted standards issued by the aforementioned bodies.
This game of cat and mouse – with medical technology advancing faster than regulations – is a catch 22 for healthcare because medical institutions need to employ technologies such as mobile devices to keep abreast of modern consumer demands. Yet the FDA constantly plays catch-up. A survey conducted by Spyglass Consulting Group in 2018 found that nine of 10 healthcare systems planned huge investments in smartphones and secure unified communications over the following year and a half. But the FDA didn’t make amendments to the Medical Device User Fee until early 2017 when it launched an incubator unit specifically dedicated to dealing with digital health and telemedicine regulations. Telemedicine and digital health were well underway by then. (The FDA’s unit was also aimed at trying to figure out how to integrate artificial intelligence and other wearable technology tools into healthcare – two technologies that had already made inroads in the medical field before 2017.)
Additionally, the rapid rate at which the medical field has adopted the use of internet-connected devices is indicative of the healthcare field’s need to introduce such technologies. Patients are demanding it. An IQVIA report from late 2017 noted that there were over 318,000 health apps available on the top app stores worldwide – nearly double what was available in 2015. At that time, more than 200 apps were being added each day. And research from 2018 points out that 40% of doctors say that mobile technology can lessen the number of visits to a clinic, while 93% of physicians acknowledge that mobile apps can enhance patients’ health. This rapid adoption has left healthcare institutions scrambling to try to fit mobile device usage into its compliance requirements. The more endpoints (devices) used on a network, the more vulnerabilities, and risk for non-compliance.
If patients are demanding it, but the government is constantly playing catch-up, where does that leave healthcare organizations? Tools including cloud-based technologies, automated processes, and other medical device management control software have emerged as the solutions to the healthcare field’s need to continually keep up with evolving compliance regulations while staying competitive.
Problem 2: Managing Paperwork
Along with the digital conundrum for healthcare organizations is the non-digital one. Many medical offices, hospitals, and healthcare facilities are still using paper and manual processes to file hand-written data, archive confidential material, and retrieve it all. The hang-up for facilities still using paper is related to compliance.
The FDA likes to change document control requirements frequently, and medical offices that maintain either a mixture of digital and paper or just paper have to keep up with the changes in regulation. Healthcare institutions and medical device companies need to abide by the document control compliance requirements of the FDA regardless of their level of paper use or digital documentation.
Human error is also a significant component of the risk involved with paper. If humans – as opposed to machines – are involved at any step of documentation processes, risks increase for non-compliance. In March 2018, a research letter published in JAMA reported that some healthcare institutions risk privacy breaches by disposing of paper-based medical records in garbage and recycling bins. These findings highlight the human risk factor in managing paperwork and the need for document management control.
Significant strides have been made in the adoption of digital health practices and documentation. For example, an April 2015 survey showed the number of U.S. doctors who routinely use digital tools such as secure e-mail for communicating with patients was around 30% versus 13% in 2012.
But with all the paperwork still widely used in the medical field, there is a reason to look to modern, cloud-based technologies for help with consolidating, archiving, tagging, and compiling such documentation. Medical device companies, in particular, have a challenge in maintaining any local files, especially if they have file cabinets full of paper-based data. This is where medical device document control comes in.
Problem 3: Patient Safety
When it comes to patient safety, studies over the last five years have found that when healthcare institutions implement medical technology software and hardware such as electronic healthcare records (EHR) without enough forethought or strategy, the results are detrimental to patients and the organization’s reputation. An October 2017 study found that the use of EHR was listed as a contributing factor to patient injury at increased rates over 10 years, from 2007-2016. As hospitals race to implement digital documentation programs and practices, they are not creating adequate management strategies, resulting in EHR systems that have directly contributed to an increase in the number of malpractice claims over that period of time.
This problem also includes the rapid implementation of medical devices without proper strategy or control software. Patient monitoring devices, diagnostic equipment, surgical robots, and other tools are all at risk for jeopardizing both patient safety and healthcare organizations without thorough training and strategy from the medical facility.
Problem 4: Cyber Security & Data Privacy
Every business across every market is concerned with cybersecurity, but healthcare is at special risk because of the confidential and sensitive nature of patient data. HIPAA requires that protected health information (PHI) is secure and able to be accessed by authorized persons only, but HIPAA does not mandate the use of certain technologies to guarantee that protection. The regulation’s security rule focuses on the creation, use, and maintenance of EHR, and it presents standards for the handling of PHI.
HIPAA also sets forth data privacy rules which limit what information may be used and disclosed to third parties without patient authorization. As the use of mobile devices, digital record-keeping, and Internet-connected medical devices grows, healthcare organizations are increasingly at risk for mismanaging patient data privacy.
The growing severity of ransomware and malware designed to infiltrate networks and gather valuable information has spurred the growth of technologies to combat hackers. And while there are practical steps hospitals can take to mitigate cyber breaches such as educating staff, technologies including remote monitoring, phishing attack simulations, and off-site data backup are among the many solutions healthcare organizations can adopt to prevent breaches.
Problem 5: Data Integrity
The growth of big data is one of the most useful technological advancements of the modern age. Big data refers to the large swaths of data points taken from the plethora of digital devices now used across multiple industries. The medical field is leveraging it to pinpoint and monitor disease outbreaks and create broad pictures of the state of general public health, among many other uses. But creating and using large amounts of data comes with obvious pitfalls – data integrity for one.
Data integrity is when data is complete, consistent, and accurate, and it is especially crucial for healthcare organizations employing medical devices. The sheer amount of data generated by medical devices presents both opportunities and challenges for the healthcare world. A 2012 Ponemon Institute survey found that 30% of the world’s data storage resides in the healthcare industry. Medical devices and apps generate huge amounts of data, presenting not only cybersecurity issues as mentioned above, but challenges in ensuring that data remains intact, accurate, and un-tampered with.
Problem 6: Direct-to-Consumer Digital Health Products
In 2017, the American Medical Association reported findings of physicians’ desire for new technology and its integration. Notably, physicians believe that the adoption of digital health tools will improve their ability to help patients, but they would like to be part of the implementation process for such tools including mobile health (mHealth) apps and telemedicine. The problem here is that consumer demand for mHealth apps and software that improve the patient experience has spurred the development of direct-to-consumer digital health products that have bypassed healthcare organizations themselves.
There is a disconnect between the technology industry and the medical field as Silicon Valley churns out software for the masses that do not address or improve the needs of medical professionals. A Pew Research study found that, in 2015, even though seven out of 10 U.S. adults tracked their health data with software and medical devices, only one in 10 shared that data with a medical professional. Making patient data accessible to healthcare professionals requires a level of interoperability that the medical field is just beginning to address. Digital health platforms and other medical technology software have emerged in recent years to address the disconnect between the digital health devices and programs patients use, and the data they generate for healthcare professionals.
Advancements in software have begun to aid healthcare organizations and address all of the above problems.
Solution 1: Cloud-Based Infrastructure
Cloud computing is defined as the use of remote servers to perform, manage, store, and process data in contrast to using local servers on-site and relying on local computing hardware to run network functions. The advantages of using off-site servers to house healthcare data are many, including improved security, reduced human error risk, streamlined compliance, and lower capital expenditure. As more healthcare institutions move to a cloud-based infrastructure, they can offload the IT burden of managing the infrastructure to third parties and allow staff to become more productive.
Cloud-based infrastructure (or “infrastructure as a service” or “IaaS”) moves healthcare networking to a cloud environment, maintained by a third-party provider. Many providers offer environments tailored to healthcare’s needs such as compliance requirements. IaaS can also blend hosting data on that provider’s site with maintaining it on the organization’s premises – otherwise known as a hybrid infrastructure. The flexibility of the cloud allows medical institutions to decide how much of the data they want to store off-premise and how much they want to keep on-premise. Reports from Black Book Research in 2018 found that 93% of hospital CIOs were “actively acquiring the staff to configure, manage, and support HIPAA-compliant cloud infrastructure.”
A cloud-based infrastructure allows an organization to access user interfaces and application programming interfaces to modify how applications handle and store data. IT can also control what other cloud technologies are added to the infrastructure, and can implement apps, middleware, and operating systems with more flexibility.
Solution 2: Document Management Control Software
Document control is a necessity for healthcare organizations, and many are finding that moving their document management control systems to the cloud can alleviate security and management worries. Medical device companies, in particular, can benefit from cloud-based document management as meeting document control compliance demands from the FDA is a constant challenge.
Document management software remedies the paperwork management problem for healthcare institutions by saving time with automated audits, culling non-compliant devices, improving employee training, and working with IT departments on OQ Validation scripts to streamline document control.
As medical institutions continue to adopt medical devices that generate documentation, document management control software can automate many of the processes that have previously taken IT significant man hours to perform. And with document management software that is designed to meet compliance requirements, medical device companies and healthcare institutions no longer worry about the human error risk.
Solution 3: Information Governance
Information governance is the management of information at an organization and the oversight of its use and security. While information governance is less of a software solution and more of a policy-based tool, it is growingly crucial as part of a healthcare organization’s approach to integrating new technologies. But information governance software can also be implemented to assist in automating procedures. When proper governance is an effective part of a healthcare organization’s structure, challenges such as patient safety, compliance, security, and data integrity are more easily addressed.
As more data is generated in medical settings, medical institutions need more controlled relationships between the devices producing the data, the places it ends up, and how it is monitored in between. Information governance programs provide the ability to understand the relationship between data and performance, and it contributes to risk management, compliance, and cost control.
According to the Information Governance Principles for Healthcare from the American Health Information Management Association (AHIMA), “Information governance establishes policy, prioritizes investments, values and protects information assets, and determines accountabilities for managing information, making it an imperative for healthcare. It also promotes objectivity through robust, repeatable processes insulated from individual, organizational, political, or other biases, and then protects information with suitable controls. By following information governance principles, organizations conduct their operations effectively, while ensuring compliance with legal requirements and other duties and responsibilities.”
AHMIA’s principles include accountability, transparency, integrity, protection, compliance, availability, retention, and disposition. And it notes that the benefits of effective governance include improving the quality of patient, improving patient safety, improving population health, increasing operational efficiency and effectiveness, and reducing costs and risk.
Healthcare IT plays the primary role in implementing information governance, and organizations can take some tangible steps toward performing governance after reviewing AHMIA’s guidelines. Such steps can include data mapping, which asks IT to look deeply into data flow in its organization to see where data elements are moving among systems.
IT can also implement information governance software which can automate certain policies and procedures to ensure compliance. Software can automate the process of auditing and surveilling digital systems, and it can automate searching and report on the location of patient data.
Solution 4: Virtual Desktop
Cloud-based desktop environments are of growing interest to hospitals because the technology enables the storage and operations of personal computing environments to move to the cloud. Often referred to as “desktop as a service,” “DaaS,” or “virtual desktop infrastructure (VDI),” this cloud-based solution alleviates cyber security, compliance, data privacy, and data integrity concerns. A 2017 report by Login VSI showed that the number of IT professionals interested in or already utilizing some kind of DaaS had increased from 18% to 55% over the prior two years, and healthcare was recognized as the top vertical for VDI usage. VDI adoption in healthcare had risen and overtaken finance.
Cloud-based desktop environments provide access and centralized management to users in a more flexible, secure way because users no longer have proprietary computing devices that can be lost or stolen. VDI provides remote application access for users, allowing them to securely access their personal desktop environments from any approved device. When desktop environments and their data are stored in the cloud, endpoint vulnerability is greatly reduced, and IT no longer has to worry about the safety of actual devices themselves.
Solution 5: Blockchain
Blockchain technologies have been gaining significant interest in healthcare. Research published in April 2019 from Market Research Future notes that the “Global Blockchain Technology in Healthcare Market” accounts for $42.06 million and is expected to grow at a compound annual growth rate of 71.8% through 2023.
Blockchain technology is most famously represented by Bitcoin, the cryptocurrency. Blockchain itself is a decentralized, open transaction structure that is not owned by a single entity and consists of time-stamped records of data. Blocks of data are secured together to create a chain, hence “blockchain.”
The reason blockchain is becoming of deeper interest to healthcare organizations is because its decentralized structure allows for streamlined patient records, better supply chain management, and better interoperability – one of the chief challenges of healthcare today as mentioned above. BlockGeeks explains blockchain’s ability to address interoperability obstacles in two ways: by enabling patient identification and resolving information blocking.
With blockchain, patient information can be identified and shared in a marketplace, better enabling universal data about a patient to be stored and securely accessed. Information blocking – the interference with the ability to exchange or use electronic health information where permitted/authorized – is not so easily achieved in a blockchain environment because of blockchain’s transparency. Blockchain also has anti-tampering characteristics as data is connected through blocks chained together. Tampering with data in a blockchain can result in the freezing of that chain.
With information blocking preventable and patient identification accessible and secure, these two major obstacles to interoperability can resolve with blockchain. The technology has yet to be widely adopted by healthcare institutions, but it is top-of-mind with the medical field as its opportunities for improving data privacy are now well known.
Solution 6: Artificial Intelligence
Artificial intelligence (AI) includes technology such as robotics, machine learning, cognitive computing, image recognition, and natural language processing. Healthcare institutions are increasingly looking at how AI can shift burdens such as data privacy and patient safety off the shoulders of humans.
Hospitals are already using forms of robotics – and have for years – for surgical procedures, but other AI technologies present the opportunity to revolutionize medical processes including diagnosis, clinical decision making, treating psychiatric diseases, and more.
The AMA Journal of Ethics reported in a February 2019 article that AI “can help manage and analyze data, make decisions, and conduct conversations” thereby drastically changing clinicians’ roles. And when it comes to addressing internal challenges of security and patient safety, AI presents the opportunity for healthcare IT to mitigate risks with algorithms and analyzing massive data sets.
While the use of AI in the medical world is set to grow (Research and Markets report that the healthcare AI market will grow at a CAGR of 60% through 2022), many warn of using AI before policies and standards can be set. Reports from 2018’s World Medical Innovation Forum noted that while AI can be used to defend organizations, not enough is known about how it can present security risks for it to be deemed a fully reliable security technology just yet.
Healthcare technology is evolving at rapid rates to make both patients’ and healthcare IT’s lives easier. It’s now up to the medical field to strategize how to integrate software and solutions into their operations to improve safety, data management, and to move away from hindering legacy practices including paperwork. The last decade’s strides in healthcare’s implementation of cloud-based technologies to improve compliance and security have been significant. Healthcare will be the top vertical to watch over the next decade as it further integrates technologies such as blockchain and AI to improve everyday health and lives.