From the rise of EHRs, to a spike in ransomware attacks and big tech taking greater strides into the industry, healthcare CIOs have faced plenty of opportunities and threats in the last 10 years. Becker's compiled 10 of the most notable events and/or trends that have shaped health IT since 2009.
HITECH made EHR adoption
Congress passed the Health Information Technology for Economic and Clinical Health Act in February 2009, which was signed by the Obama administration as part of the American Recovery and Reinvestment Act. The law included several significant provisions about EHRs and the meaningful use of the technology, but is most meaningful to the decade for its role in impelling EHR adoption.
Meaningful use centers around five pillars: improving quality, safety, efficiency and reducing health disparities; engaging patients and families in their health; improving care coordination; improving population and public health; and ensuring adequate privacy and security protection for personal health information.
Following the signature of HITECH, an incentive program was created in 2011 to encourage hospitals to leave their paper records behind, with HHS doling out $25 billion. To be eligible, hospitals had to show their EHRs were HIPAA-compliant and achieved the core objectives set by CMS. Hospitals faced financial penalties — up to $1.5 million — for not meeting standards.
HITECH made interoperable EHR systems a key goal with its meaningful use program, which has evolved in stages. In October 2015, CMS released a final rule to establish stage 3, which took effect in 2017. The stage focused on leveraging certified EHR technology to improve outcomes. The 2015 rule also eliminated previously mandated reporting requirements. Meaningful use was renamed Promoting Interoperability Programs in April 2018
HITECH also altered HIPAA regulations. Business associates, including EHR vendors, are held to the same legal requirements to protect patients' health information, detect breaches and report violations.
Prior to HITECH, that annual increase in EHR adoption among hospitals that would be now considered eligible for an incentive was 3.2 percent, according to a study published in Health Affairs. Between 2011 and 2015, the annual rate of eligible hospitals adopting EHRs increased to 14.2 percent — a fourfold increase. The study authors concluded that EHR adoption can be attributed to HITECH, as today 95 percent of hospitals have adopted an EHR.
EHR rollouts generate big price tags
The 2010s began the race for hospitals and health systems to go digital. These transitions did not come at a low cost, with many hospitals and health systems spending millions if not billions of dollars along the way.
In 2016, Mayo Clinic announced plans to move to an Epic EHR system, which would cost the Rochester, Minn.-based health system more than $1 billion over five years. In May 2018, the Department of Veterans Affairs finalized a $10 billion contract with Cerner to develop an EHR system; the 10-year contract was increased in 2019 to $16 billion, making it the largest EHR deal to date.
As hospitals and health systems powered forward with their EHR implementations, many organizations' finances were pinched by unexpected project costs, ranging from software licensing fees, training, purchasing additional hardware, consulting fees and other operational costs.
For fiscal year 2015, Brigham and Women's Hospital reported a $53 million budget shortfall, its first in more than 15 years, partly due to its Epic EHR transition. The implementation, which was part of a broader Epic rollout across 10 Boston-based Partners HealthCare hospitals, cost Brigham $27 million more than the system's $47 million estimation.
Other health systems that suffered financial blows at the hands of their EHR projects include Sacramento, Calif.-based Sutter Health; its operating income dropped 31 percent in fiscal year 2015. Tewksbury, Mass.-based Covenant Health reported $60.9 million in operating losses after implementing an Epic EHR in 2018.
Coupled with large price tags, schedule delays and the tension of unanticipated costs, it wasn't unusual for EHR implementations to provoke stress among healthcare executives responsible for the projects. More than 64 percent of executives said they worry about the future of their employment during an EHR implementation or transition, according to a December 2018 Black Book survey.
In 2015, New York City Health + Hospitals fired four executives during an investigation into the health system's $1 billion Epic EHR implementation. NYC Health + Hospitals officials pushed the anticipated 2017 go-live for the Epic system to 2018. Denver Health also experienced executive turnover during the course of its Epic rollout; in October 2013, the health system’s former CIO Gregory Veltri resigned because he was concerned about the potential implementation costs associated with the project. In March 2016, amid the $175 million EHR rollout, Denver Health CEO Arthur Gonzalez stepped down from his post.
Domination of Epic, Cerner
While many health IT companies began rolling out EHR products in the 2010s, two vendors dominated the past decade: Epic and Cerner.
Both founded in 1979, Verona, Wis.-based Epic and Kansas City, Mo.-based Cerner have taken distinct approaches to the EHR business.
Founded and led by Judy Faulkner, Epic has remained a private company and shares little information about its financial position. In March, while celebrating its 40th anniversary, the company revealed it generates $2.9 billion in annual revenue.
Cerner has undergone several leadership changes over the latter half of the decade. After the EHR giant's founder and CEO Neal Patterson died in July 2017, Cerner's C-level executive team has undergone nine personnel changes, including the appointment of the company's second-ever CEO Brent Shafer. With Mr. Shafer at the helm, Cerner is transitioning from an EHR-centric model to a platform organization, a move that Mr. Shafer said will boost innovation and third-party development.
Cerner, which went public in December 1986, has experienced exponential revenue growth over the past decade. From 2010 to 2018, the company's annual revenue rose from $1.2 billion to $5.4 billion, an increase of 367 percent, according to Cerner's annual reports.
Compared to other EHR vendors, Epic and Cerner collectively maintain more than half the overall market share. At 28 percent and 26 percent respectively, Epic and Cerner in 2018 held the majority of the EHR market share for acute care hospitals, according to a KLAS Research report. Epic and Cerner provided service to the most 500-bed hospitals in 2018, with Epic serving 163 hospitals and Cerner partnering with 77 hospitals, according to the report.
As the decade comes to a close, Epic has held a strong presence among the country's top hospitals and health systems, according to U.S. News & World Report's hospital rankings. Of the 20 Best Hospitals for 2018-19 named by the publication, all use an Epic EHR system. The same was said for the year prior, with all the 20 top-ranked hospitals for 2017-18 either live on Epic or in midst of transitioning to the vendor's software.
Ransomware attacks
When hospitals are exposed to ransomware, a malicious software, cybercrimes shut down and encrypt hospitals' computer access, demanding a "ransom" payment for decryption codes. Because hospitals and providers cannot operate without recovering patient files, ransomware attacks can cause severe consequences, particularly for smaller healthcare providers that lack sophisticated security tools and don't employ cybersecurity specialists.
Two prominent ransomwares to infect the healthcare industry in the past decade were SamSam and WannaCry. In May 2017, WannaCry made headlines through a targeted worldwide attack on computers running on Microsoft Windows. It is estimated that around 300,000 organizations were affected by WannaCry. Although Microsoft released patches, the ransomware continues to spread in computers using Microsoft operating systems. Then in 2018, SamSam ransomware wreaked havoc on the healthcare industry. One of its most prominent 2018 victims was EHR vendor Allscripts.
These forms of malware can significantly disrupt hospital operations, forcing some to reschedule surgeries and nearly all to turn to paper records. One of the biggest ransomware attacks on a healthcare organization happened in February 2016 when cybercriminals demanded $3.6 million from Hollywood (Calif.) Presbyterian Medical Center. The hospital was locked out of its EHR, leaving staff unable to communicate via email.
When these ransomware attacks happen, the FBI recommends officials do not pay the ransom demands. However, paying the ransom can be less expensive than rebuilding systems. Greenfield, Ind.-based Hancock Regional Hospital was targeted in a ransomware attack in January 2018. After consulting with outside experts and the IT team, Hancock Regional Hospital decided to pay the $55,000 ransom demand. Hospital CEO Steve Long said that there was no other choice because its entire system was encrypted.
Other healthcare providers are forced to cease operations following a ransomware attack. In 2019, Simi Valley, Calif.-based Wood Ranch Medical had to close its doors after a ransomware attack. Smaller providers like Wood Ranch Medical don't often have the money to rebuild the encrypted systems or hire digital forensic experts.
Not only have ransomware attacks plagued hospitals, but they have also jeopardized entire cities. Earlier in May, Baltimore city officials spent weeks unable to access emails, health alerts and other systems because of a ransomware attack. The cybercriminals asked for $100,000 in bitcoin. However, following the FBI's recommendation, city officials refused to pay. Instead, Baltimore is asking the federal government for nearly $18.2 million in damages the cyberattack caused.
Big tech's moves into healthcare
The first instances of the so-called Big Five technology companies' expansion into healthcare came at the end of the last decade, when Google and Microsoft launched their online personal health record services in mid-2009. By 2011, Google Health had shut down due to a lack of widespread adoption, despite high-profile partnerships with Cleveland Clinic, Walgreens, Quest Diagnostics and more, with Microsoft's HealthVault left to pick up the pieces.
These early experiments were merely a hint of things to come: In the span of the next 10 years, Google and Microsoft's big tech peers — Apple, Amazon and Facebook — would not dip their toes into healthcare, but dive in headfirst.
With one attempt at improving patients' engagement with their own healthcare under its belt, Google set its sights on developing other tech-driven ways to do so. Beyond launching its own health-tracking smartwatch and online platform in 2014, the company recently acquired Fitbit for $2.1 billion. Additionally, through subsidiaries such as Verily, Deepmind and Calico, Google's parent company Alphabet led projects such as an algorithm to predict kidney failure before symptoms begin and the genomic data-based Project Baseline population health initiative, and invested in dozens of health-related enterprises, including 23andMe, Oscar Health, Doctor on Demand and more.
In April, after a full decade of operations, Microsoft announced it was discontinuing HealthVault, but the company has plenty more health-focused initiatives to keep it busy. Besides developing high-tech devices and services through its artificial intelligence-centric healthcare division, Microsoft also hosts a multitude of healthcare organizations on its Azure cloud computing service, has formed strategic partnerships with healthcare giants such as Humana, Novartis, Pittsburgh-based UPMC and more, and joins Google in leading the tech pack in digital health investment.
Apple's foray into healthcare began in 2014, with the rollout of the Apple Watch and HealthKit, a health informatics app. Since then, the company has expanded the medical capabilities of the Apple Watch — following a high-profile heart study with Stanford (Calif.) University School of Medicine and American Well — and integrated patient health records into its Health app.
Since the existence of a secret team focused on developing health technology and named 1492 came to light in 2017, Amazon has been much more open about its healthcare strategy, highlights of which include the formation of a joint healthcare venture with JPMorgan and Berkshire Hathaway, the acquisition of PillPack and Health Navigator, the development of an Amazon Care telemedicine app for employees and a host of medical applications for the HIPAA-compliant Alexa voice assistant.
Facebook has perhaps been least prolific in its expansion into healthcare. Barring an ongoing AI-enabled radiology research project with the NYU School of Medicine, the vast majority of Facebook's healthcare moves have centered on improving wellness within its own social media platform: using AI to detect and address suicidal ideation and opioid abuse in users' posts, and connecting users to nearby medical centers for preventive care needs such as flu shots.
Consumerism
Consumerism in healthcare has come to the forefront over the past decade, and big tech companies have made it possible to personalize the patient experience. Online platforms make it easy for patients to book appointments, see their physicians, receive prescriptions, make payments and view medical records all on their smartphones. But tech giants like Google, Amazon and Apple aren't the only ones catering to consumer trends in healthcare; startups across the board now aim to solve some of healthcare's most challenging problems.
A prime example is Uber's foray into healthcare, which began in 2014. The rideshare company began offering on-demand flu shots across the U.S. that year and continues to offer services every fall to increase access to flu vaccinations. In March 2018, the company became serious about disruption in the healthcare space to solve a bigger problem: lack of transportation to medical appointments, especially in underserved areas. Uber launched a platform designed to hail drivers for medical appointments. Hospitals, clinics, rehab centers and physician offices are able to call an Uber for patients, who don't even need a smartphone to receive the services.
In October 2019, Uber teamed up with Cerner to integrate into its EHR. Healthcare providers can now schedule rides to appointments directly through the EHR, which gives the driver the patient's name, phone number and pick-up address.
Uber's rideshare competitor Lyft also entered the healthcare market in 2019, revealing plans for healthcare organizations to schedule rides and use real-time tracking to ensure patients attend appointments. The company has partnerships with providers, including Ascension in St. Louis and Denver Health; payers like Blue Cross Blue Shield; and tech companies such as Allscripts.
Other companies are capitalizing on the consumer trends in healthcare. For example, Exact Sciences developed Cologuard, a stool-based DNA test for colon cancer that is sent directly to the homes. Consumer genetics companies like 23andMe have also become more popular at the decade's close and moved further into the healthcare space. Finally, LabCorp rolled out a direct-to-consumer blood test in July 2019. The company operates testing sites at Walgreens stores and aims to expand over the next two years.
False claims in tech
For as long as inventors have touted the abilities of new technology to transform the field of medicine, so too have many of those exaggerated claims failed to materialize, disappointing clinicians, fellow inventors and the patients the innovations were supposed to help.
Technology-based shams, for lack of a better word, drew intense scrutiny and concern over the past decade as Silicon Valley went after healthcare dollars, bringing with it the motto "move fast and break things." That adage is dangerous in any context, but especially antithetical to the practice of medicine. Undoubtedly the clearest example — though not the first, nor last — is that of Theranos.
In 2013, 10 years after its founding by then-19-year-old Elizabeth Holmes, Theranos exploded into prominence with the announcement of a partnership to place its blood-testing technology — a desktop device that could run hundreds of diagnostic tests on a single drop of blood — in Walgreens stores. By the end of 2014, Theranos was valued at nearly $10 billion.
In 2015, that all came crashing down: Bombshell reports showed the miraculous blood-testing technology did not exist, and that Ms. Holmes had been lying to partners, board members, investors, employees and the public for years.
Despite that cautionary tale, even as Theranos closed its doors in 2018 and Ms. Holmes faces federal criminal fraud charges, startups continue to burn bright before rapidly fizzling out. In 2018 alone, at least six other health tech startups with valuations ranging from $60 million to $194 million were forced to shutter — though none for reasons as scandalous as Theranos. One similarly embattled company, however, is Outcome Health, where then-executives and other employees were reported in 2017 to have inflated pricing and sales information for partners and investors, and are now facing federal fraud charges.
In addition to these specific cases of tech startups gone wrong, entire technology sectors have experienced the consequences of unbridled hype in the last decade, including the rise and fall of the promise of artificial intelligence as a game-changer for healthcare, best represented by the embattled IBM Watson Health. Another example: While the enactment of HITECH in 2009 incentivized healthcare organizations to improve data sharing by implementing EHRs, the law is far from increasing care coordination and efficiency. Ten years later, EHR adoption is now largely tied to the ongoing physician burnout crisis, with many clinicians reporting massive increases in the time they spend on data entry alone.
After a roller-coaster of a decade spent anticipating the rewards of cutting-edge technology, the American health system will likely move into the 2020s with a more restrained approach to health tech, which perhaps should have been the strategy all along in a field not known for being especially receptive to rapid change.
AI's slower-than-expected rollout
IBM launched its Watson Health initiative in 2015 with confident assurance that artificial intelligence would rapidly and completely revolutionize the delivery of healthcare. Within three years, amid heavy layoffs, reports of poor management and other organizational troubles, and both internal documentation and provider feedback demonstrating the inadequacy of flagship product Watson for Oncology, onlookers labeled the initiative a bust.
In the years since IBM Watson Health's launch, optimism in the initiative's potential to improve outcomes, lower costs, reduce burnout and make good on all the other early promises of AI has all but faded.
In April 2019, even as CEO Ginni Rometty continued to claim Watson for Oncology was "doing very well," IBM announced it was halting the development and sale of its Watson for Drug Discovery product. Around this time, reports of AI’s potential for algorithmic bias gained traction: In one op-ed published in The New York Times, Dhruv Khullar, MD, a physician at NewYork-Presbyterian Hospital in New York City, issued a warning against the perpetuation of healthcare's existing biases by training AI algorithms on inherently biased real-world data.
"American healthcare has always struggled with income- and race-based inequities rooted in various forms of bias," Dr. Khullar wrote. "The risk with AI is that these biases become automated and invisible — that we begin to accept the wisdom of machines over the wisdom of our own clinical and moral intuition. It is our duty to ensure that we're using AI as another tool at our disposal — not the other way around."
Indeed, in October 2019, an Optum algorithm widely used by health systems and payers around the country was found to automatically prioritize care for white patients over black patients; the algorithm is currently under investigation by New York's Department of Financial Services.
In light of AI's anticlimax in transforming healthcare as we know it, the industry heads into the next decade with more caution toward the technology. Most AI products that have been implemented into hospital and health system workflows have little to do with care delivery — the most successful are automated scribes to assist in documentation and chatbots to screen patients before passing them along to human clinicians. The vast majority of clinical AI is still in the earliest stages of development and centered in the field of radiology, where humans are still expected to verify the machines' readings of imaging data.
In fact, though the decade opened with the fear that robots and algorithms would soon displace human workers and steal jobs, it closes with Stanford (Calif.) University School of Medicine-backed evidence that automation is best used as a way to augment human intelligence, rather than replace it altogether.
Telehealth shortfalls
Despite initial projections that virtual healthcare delivery would spread rapidly by 2020, telehealth adoption has taken a more gradual approach among hospitals, health systems and consumers, echoing the slow integration of many other technologies that have been similarly touted as the “next big thing” in healthcare.
Relatively few patients accessed healthcare services via video technology in the early 2010s; just 6.6 percent of patients used video consultations in 2013, according to a Health Affairs study. That number increased to 21.6 percent by the end of 2016, as more providers began to offer remote care through emerging technologies, including live video chat, texting and smartphone applications.
By April 2015, nearly two-thirds of Americans owned a smartphone. Of those individuals, 62 percent were using their mobile devices to look up health information, according to Pew Research Center.
The rapid adoption of smartphones and mobile devices paved the way for a burst in telehealth usage, and health systems took advantage. By mid-decade, several large hospitals and health systems, including Cleveland Clinic, Sacramento, Calif.-based Sutter Health and Franklin, Tenn.-based Community Health Systems, began rolling out mobile healthcare applications. The apps offered patients access to video and/or voice call visits with physicians for nonemergency medical conditions.
Telehealth has begun to plateau in outpatient physician practices. In the last two years, only 44 percent of providers said their organizations use telehealth technology and services, according to a Definitive Healthcare report. The number reflects a drop from 2017, when 49 percent of providers said they used telehealth.
Virtual care services have gained more traction in inpatient settings, with a particular emphasis on the growing use of two-way video communication, according to Definitive Healthcare. To round out the decade, 85 percent of healthcare providers used a telehealth solution or service in 2019 compared to 54 percent in 2014.
While the 2010s may not have been the decade in which telehealth became ubiquitous, virtual care is trending in the direction of mainstream as consumerism continues to drive patient decision-making and telehealth continues to gain support from payers and physicians.
Privacy concerns
HIPAA was passed in 1996, and the legislation has not seen many changes over the past two decades.
Throughout the 2010s, potential gaps in HIPAA surfaced as healthcare organizations and tech companies teamed up, and while HIPAA may be in need of an update, the core tenants of HIPAA remain as relevant as ever, including ensuring the confidentiality of e-PHI, identifying anticipated threats and enforcing compliance.
Google and other tech companies are working with health systems to develop solutions that will benefit providers. To do so, they are requesting de-identified patient data. Although de-identified data is becoming commonplace, there are still instances where this data can be re-identified.
This came to fruition in June 2019 when Google and the University of Chicago Medical Center were hit with a lawsuit for violating HIPAA by allegedly sharing thousands of patients' records without hiding date stamps or physicians' notes. One of those patients said he could be identified based on the dates of services. Google and the university have sought to dismiss the case, claiming the data was de-identified.
Similarly, Google made headlines in late 2019 for its collaboration, known as Project Nightingale, with St. Louis-based Ascension. To improve it's EHR, Ascension plans to share the data of 50 million patients with Google. While the project is HIPAA-compliant, concerns have surfaced after a Wall Street Journal report indicated that patients and physicians were not aware of the data sharing. The Office for Civil Rights has since stepped in to evaluate the mass collection of data and ensure HIPAA protections were implemented.
Lawmakers who drafted HIPAA didn't craft the law to account for the expansion of the internet, cybercriminals or IT giants. What was a piece of legislation to control the sharing of paper documents may no longer be enough to protect patients' electronic health data.
More articles on health IT:
Providence CIO: Healthcare must overcome 'technical debt' to expand innovation
How a Colorado hospital's IT department prevented a ransomware attack
20 things to know about Epic, Cerner heading into 2020