The ever-changing world of healthcare

Veritas has given me the honor of sending the first blog to our HIMSS 2018 community and although I’m new to blogging – I am passionate about healthcare.  If you were to know me, you could immediately tell that I’m a face to face type of person, loving to tell stories.  I thought that maybe we could make this first blog more entertaining by talking about the trends in healthcare illustrated by real-world stories from our healthcare customers.  Having spent many years managing technology for hospitals, I always like to talk about healthcare from the perspective of a healthcare provider.  What a better way than to discuss the ever-changing world of healthcare than from the actual people addressing it every day!

 

Embracing the digital era of healthcare

We spend a lot of time tracking the priorities within healthcare to ensure that our solutions address the changing needs.  Working with CHiME and HIMSS, as well as many other sources, we have seen the direction of modern healthcare change drastically.  It’s changed to adapt to the digital world in so many ways.  Moving from fee-based to quality, engaging patients in innovative ways to encourage healthy lifestyles, making PHI accessible to patients and supporting institutions, and even solving regional health concerns by studying population health.  So much is happening within healthcare that a favorite CFO of mine told me “We have so many unfunded mandates that we have little appetite for little else.”  Amidst the ongoing cybersecurity threats, HIPAA requirements, EMR requirements and Meaningful Use (now MACRA) – it’s easy to understand where healthcare has to focus.  No institution has the silver bullet, yet some are finding ways to embrace the digital era of healthcare.  At Veritas, we believe that the true value of healthcare is in the Information. Isn’t this the true intention around the Affordable Care Act?  To drive medicine with quantified information to reduce costs and improve care?  

It’s easy to get lost in the data as it is growing more than 50% per year across all organizations – and within healthcare, going through the digital revolution, the data is growing even faster.  New technologies such as IoT, home medical devices, even Fitbits, create mountains of data.  We also find that unstructured data accounts for 80% of healthcare information and that new clinical protocols leverage as much as 60% unstructured data.  So much for everything we need being contained within the EMR…

So the landscape of healthcare is challenging and ever changing, how do healthcare technologists succeed?  My experience is that the most mature healthcare IT organizations start with the fundamentals and build towards excellence.  Starting with the requirements from HIPAA, you can then move to improve outcomes while increasing reimbursement.

 

Gaining visibility and control

 

HIMSS Blog.pngHIPAA requires that Protected Health Information (hereafter referred to as PHI) is secured at all times, in all forms.  This is requirement one for all Meaningful Use attestations and has been in place since HIPAA was passed in 1996, yet many organizations are still challenged with this.  In healthcare, more data equals more risk.  Healthcare has the added burden to ensure that only authorized individuals (individuals with a medical or business need) have access to the data.  Unlike most industries that can provide access based on a security or management level, healthcare has to restrict data to a patient’s care delivery team.  Most EMR’s have sophisticated access control and tracking mechanisms, but very few controls exist outside of the EMR.  What happens to the reports with PHI once sent outside of the EMR?  Does it live within fileshares or in email, and who has access to it?  A member of CHiME told us “it costs approximately $8/per record to properly protect PHI.”  That can be a very high price if you do NOT know where the PHI resides and have to protect everything.  Our belief is that the problem is with visibility, knowing where your critical information is located, and properly protecting it.  The days of just throwing money at the problem are diminishing resources away from the mission of patient care.  We have helped many healthcare customers implement visibility and control into their environment.  The low hanging fruit is significant cost savings, but that builds to better security and eventually Information Governance.  Imagine a world where IT can tell the organization where the storage costs are going and the value of that information!  We have seen IT evolve to play a critical role in finding important data, identify experts through communications, and contribute to the clinical protocol or quality measures discussion.  What starts as a measure of cost control, turns into a value proposition where IT can find the most important information within the organization.  That’s a win-win for the entire organization!

 

Data protection and a backup plan

HIPAA also requires that we have a Data Backup Plan (HIPAA Security Rule Citation 164.308 (a)(7)(ii)(A)). Although this can be interpreted a number of ways, backup typically consists of digital copy of all data.  We have been an industry leader in Backup and Recovery for more than 15 years. However, backup is evolving and offering much more value than the past.  I often hear from storage or backup administrators that ask two key questions “Why are we backing up this data? (Is it important or is it duplicate?)” and, “is Backup and Restore good enough to meet the needs of Patient Care? (Does it meet the RTO/RPO expectations?)”  Modern backup solutions can take advantage of having access to all of your data and provide you with insights into the value.  There are also solutions that provide you with the flexibility necessary to adapt to your organizations changing needs.  Look for solutions that can protect your information on premise, between-premises, and even to/from the cloud.  Your backup solution should provide protection and be certified by your EMR vendor, but also scale out to protect your environment.  Having multiple backup solutions drains your organizations resources more than it protects you from vendor lock-in nowadays.  Think about the capital, training, staff, and effort it takes to maintain solutions when you calculate the ROI.  

Finally, your data backup is often your last line of defense from Cyber attackers.  A successful CIO in New England asked me what we do about Ransomware and I was happy to tell him that his investment in NBU Appliances afforded him better protection.  He said “you are the first vendor that had a good response to that!”  Ransomware is a real threat that continues today, you want to make sure that your last line of defense is well secured.  Ultimately, make sure your solution can meet your needs when the rubber hits the road, recovery time is paramount when you experience an outage.

 

Enabling “always-on” access to information

Healthcare has also had to adapt to the demands of always-on technology.  Healthcare has always been designated by the government as “critical infrastructure.”  This means in the event a disaster occurs, hospitals are restored to service immediately after Police (for civil control) and Fire (for life and property protection). Healthcare is necessary in most times of emergency, during severe storms, disasters and even terrorist attacks. There was a time when healthcare executives told me “it doesn’t matter if a patient care system is up, if my facility cannot see patients.”  This made sense when healthcare was provided regionally, but that changed drastically with the Affordable Care Act.  Patients have a right to their information by law and healthcare providers have a fiduciary responsibility to make patient information available to other supporting hospitals.  In addition, patient and clinician demand has created the need for always-on systems.  An Emergency Room physician once told me, “sure I can provide basic life support without technology, but quality care can only be provided with the information kept in the EMR today.”  It made me reflect on not just the business aspect of technology failures in healthcare, but also the human cost.  How risky is it to treat a patient without knowing drug allergies, medications or history?  How well can we diagnose with MRI’s, CT’s and diagnostic medicine?  We have come to recognize that healthcare IT systems are critical to quality and safety.  This is driving changes to medical technology and increasing discussions about how long a system can be down without patient care impact.  Healthcare has the opportunity to architect patient care technology for resiliency, providing solutions that failover automatically between systems, sites, or even to the cloud.  It is important to have the conversation with your clinical team to determine the RTO/RPO requirements for the most critical applications.  This can then help IT design the right solution and better justify the cost.  Modern technology can even allow you to promote workloads to higher levels of availability without causing downtime.  Healthcare’s adoption of the cloud is driving better flexibility and cost models for healthcare.  As one CIO told me “If I can trust my critical Cerner EMR application to the cloud, why wouldn’t I trust other patient care applications.”  The cloud is quickly becoming a “killer app” for healthcare for cost savings, resiliency, and flexibility.  Just make sure that you can extend your controls to the cloud to ensure HIPAA compliance with that Business Associate.

As you can see, we are passionate about healthcare and actively work to provide solutions.  Over the next several weeks, our industry and technology experts will provide more detail into these trends and solutions that assist healthcare.  Thank you for the opportunity to talk to you about healthcare and share my stories.  I look forward to seeing you at HIMSS 2018! 

If you’re attending HIMSS, connect with me on LinkedIn and schedule time to meet with us throughout the week at #HIMSS18.