Healthcare is always changing. Information technology is always changing. Put them together in today's acute care setting, and you have a prescription for change on an extraordinary level. Listed below are the top 10 healthcare IT game changers that affect all stakeholders — patients, clinicians and hospital IT departments. They represent both opportunity and challenges, depending on your point of view. Dealing with these concepts — indeed embracing these concepts — is not just a good idea, it is an absolute necessity.
1. HIPAA Security. The HIPAA Security Rule, which governs electronic patient records, became effective in 2005. It was significantly beefed up in 2009 under ARRA/HITECH and then again in the HIPAA Omnibus Rule in early 2013. In spite of increased attention and increased fines, plus the availability of industry-standard tools and IT best practices to easily prevent HIPAA Security breaches, the episodes continue, and in fact appear to be increasing in frequency and severity. Most reported breaches are not even a function of technology at all; they are a function of user error and carelessness.
A recent reported episode involved the theft of a physician laptop from his condo in Hawaii. The largest breach reported so far involves a smash-and-grab theft of a computer workstation containing patient records from a hospital foundation office in California. In that case, the mounting lawsuits already total over several billion dollars. These episodes show that policies and procedures are not sufficient, and that the technology has to be designed to not rely on user behavior for compliance. The Omnibus Rule is over 500 pages, or nearly 10 times the original "final" rule from 2007, so all medical facilities need to thoroughly review their HIPAA policies and intensify their efforts relative to HIPAA compliance. Being compliant with the HIPAA Security Rule actually represents best industry practices from an IT standpoint. The lessons learned from the reported breaches and the impact on healthcare IT is simple: It is not sufficient to rely on user behavior and written policies to prevent breaches. And increasing security through more password protection and other security measures cause even more conflicts with users, especially clinicians. Therefore IT managers must develop and implement integrated technology solutions that handle increased security while enabling better clinical workflows.
2. BYOD – Bring Your Own Device. In the old days (up until about five years ago), the way to make hospital IT departments secure and functional was for the CIO to determine a system-wide standard for all user devices, and determine user device functionality based on job level. This included determining the make/model for desktops, laptops and operating system versions. Generally speaking, the higher up you were in an organization, the better your IT "toys." Worker-bees got plain-vanilla desktops, clinical areas got compact mini-systems or slick all-in-one units, and managers and directors got laptops. They were purchased, deployed and supported centrally by the corporate IT team. Then along came the iPad, followed closely by other low-priced but feature-rich tablets, and suddenly IT departments were confronted with a flood of requests to make those devices work on the hospital network. These devices had little in the way of corporate security standards, but what they did have was crowd-pleasing features. Today's successful hospital IT departments need to not only support BYOD, they need to embrace it. And they need to be able to secure these personal devices when they travel offsite.
3. Advance Directive/DNR (Do Not Resuscitate) – Windows XP and Server 2003. If you ask most people how long Windows XP has been around, they would probably say 4-5 years. Wrong. Windows XP was released in 2001. That's over a decade ago. In "technology years," that's more than two lifetimes of typical IT upgrade cycles. XP stopped being sold retail in 2008. Microsoft ended upgrades of XP as of 2009, and is ending support in early 2014, and yet there are hundreds of millions of laptops and workstations still running Windows XP. The genealogy of Server 2003 is easier. It obviously came out in 2003, and yet it is still running on millions of servers. Mainstream support for Server 2003 ended in 2010, and extended support ends in less than two years. All of this infrastructure will all have to be replaced with other technologies in the coming months, so it's high time to consider many of the other technology solutions mentioned in this article.
4. Virtual desktop infrastructure, thin client and "zero client" machines. Several factors are converging to force this initiative to the top of the priority list. Physical space is always at a premium in healthcare settings, especially in clinical areas. The death of Windows XP and the seemingly constant issue of supporting and replacing workstations every few years, creates increasing demands on IT staffs, who can't ever seem to get out of the mode of tactical support and move to strategic initiatives. It also increases frustration with users, who battle aging and brittle IT infrastructure. So it has become virtually impossible for IT departments to standardize desktop configurations and control the technology environment, while delivering an acceptable user experience. Newer technologies like virtual desktops that involve moving most of the computing functionality from local devices to the data center allow IT departments to provide a better user experience with better device independence. And possibly even more important, it provides increased HIPAA compliance.
5. Medical-grade cloud services. The "cloud" is probably one of the most over-hyped and mis-understood technologies ever devised. Actually it really isn't even a new invention. In the earliest days of computers, large companies offered "time-share" services, where all you needed was a dumb terminal and a network connection and you could rent computer time and storage space on large mainframes where a high priesthood of system administrators took care of operations and data backups. With the help of increased network bandwidth, server virtualization and the exploding size of data storage systems, cloud services have now come of age for healthcare. But just because a hospital is using cloud services does not necessarily make it an optimal or strategic technology direction. In many cases the shift to cloud services also just shifts technical or operational problems from one place to another. True medical-grade cloud services — meaning those that are designed and purpose-built with healthcare applications in mind — can be effectively integrated into an overall strategic hospital IT vision. By outsourcing more of the physical IT infrastructure and related basic core services, hospitals can utilize their limited technical resources on strategic initiatives that create more value to the organization.
6. Patient impatience – the rise of the healthcare consumer. Patients are showing an increased frustration with the mountains of paperwork involved in healthcare, and in particular the ubiquitous — but archaic — medical history clipboard. Consumers can go online and track a $20 package across the country or order pizza or get an open table at a restaurant, but in most cases they are stuck with having to communicate in real-time with their provider, usually in person. Why can't we interact with the healthcare system in much the same way that we now interact with other providers in many other aspects of our lives? Many so-called healthcare experts claim it's a problem with HIPAA, or it's too costly, or that patients just don't want it that much. All three are false. A recent study by Harris Interactive showed patients have an extremely high interest in using online tools for healthcare. When asked about such simple things as scheduling appointments, getting test results or even just asking their provider a question, a vast majority said they would like to interact with their provider online, but only about 10-15 percent of patients reported being able to do so. The high use of patient portals (where they are available) and the rapid adoption of consumer-focused applications, like iTriage and WebMD, also prove that consumers need and want this type of service. The information can be delivered in a HIPAA-secure way, and eliminating the mountains of paperwork and duplication represented in manual, paper-based systems has been shown to not only lower costs but to reduce preventable medical errors as well.
7. Technology obsolescence – Moore's Law, 50 years later. In the mid-60s, Intel co-founder Gordon Moore noticed that the number of transistors on a computer chip was doubling every two years or so. He predicted that trend would continue for several years, and his "law" (really just an opinion) was that computing horsepower would roughly double every two years for the same physical size and cost. Even the most wildly optimistic prognosticators of that era could not have guessed it would hold true for nearly 50 years. Today we hold more technology in our hand than all of NASA combined had when they landed Armstrong on the moon. This almost unfathomable exponential trend has also manifest itself not only in computing horsepower but increased capabilities in data storage, network bandwidth, high-definition image displays and a host of other IT areas. This is enabling such game-changing advances as computer-aided 3D imaging, surgical robotics, wearable biomedical devices, network-aware patient monitoring systems and telemedicine on an unprecedented scale (indeed, the new ICD-10 code set has a set of codes for space injuries). Hospital IT departments must stay abreast of these trends, and incorporate them into their technology services stack, not just to keep up with the Joneses, but to continue to provide the tools necessary to deliver world-class healthcare.
8. Mobility. Mobile devices and mobile networks have continued to evolve and increase in acceptance, both by patients and by clinicians. In acute-care settings, there is an endlessly growing tangle of cords, cables and connectors at nurse's stations and unit desks. At the bedside, these technology connection points compete with various additional devices, connections and hoses, including IVs, patient monitoring systems, medical equipment device controls and the like. Plus as both patients and providers are frequently mobile within the acute care facility, it is even more necessary to provide high-bandwidth services — along with functional user devices — over secure and encrypted network connections. Computers-on-wheels, or COWs, were intended to provide high computing functionality at the patient bedside, but in most cases we see then parked semi-permanently in the hallway because they are not convenient to use. Some of that inconvenience is because of their bulk, but much of it has to do with how long it takes to log in and otherwise "fire up" the device to actually use its incredible computing horsepower.
9. Interoperability. In many of our healthcare technology assessments, we see considerable duplication of effort and lack of interoperability between and among different systems. Many hospital departments select best-of-breed applications to support what they feel to be the uniquely critical functionality of their particular area, not realizing the end result is a patchwork quilt of ineffective use of technology that negatively impacts not only efficiency but patient care. Many times the output of one program is printed and scanned in to another program, rendering the data and the underlying intelligence essentially useless. Recent advances on the software front, including the formation of the CommonWell Health Alliance, aim to improve things in this area, but hospitals need to have a conscious and concentrated effort to reduce the number of independent systems.
10. Workflow-enabling technology solutions. This is the most important issue, and ties all the others together. In what might seem to be an ironic twist, as technology capabilities have increased dramatically, user dissatisfaction has also increased. Traditionally, technology solutions have been created to address technology requirements. "User requirements" consisted primarily of the IT department assessing the requirements for a software application, and then building the infrastructure to support it. For example, a radiology program might require a number of reading workstations for radiologists, a different configuration and number of user devices for other users, and a ton of network bandwidth and data storage to transmit and store all the images. And the whole thing had to be secured for HIPAA, so that was layered on top. Then a pharmacy or ED or med/surg application would typically have completely different requirements, with different storage, computing and user device needs, plus it also needed the HIPAA security fence. Other solutions would come along and be evaluated and implemented in much the same way. The solutions looked elegant and sound on paper, but they were a burden on users. Rarely was there a holistic, system-wide view of technology nor particularly user-friendly solutions for user device and security.
Today's healthcare IT leaders must work with their executive teams, as well as clinical and business stakeholders, to address these problems in a way that takes all the above issues into account. In fact, in today's healthcare environment, clinician workflow is the one area that ties everything together and could well represent the most critical gamechanger for healthcare IT.
Fortunately there are end-to-end technology solutions now available that embody and address virtually all of the issues above: aging hardware and software infrastructure, HIPAA Security, BYOD, medical-grade cloud services, mobility, desktop virtualization, patient access tools and interoperability. But it requires a different mind set and a different set of skills, both from internal IT departments and outside partners.
Addressing these issues in a holistic way and enabling clinician and business office workflow will allow the tremendous investment in healthcare IT to actually be realized, and make the long-anticipated impact towards the achievement of the Institute for Healthcare Improvement’s "Triple Aim" – better care, healthier populations, lower costs.
1. HIPAA Security. The HIPAA Security Rule, which governs electronic patient records, became effective in 2005. It was significantly beefed up in 2009 under ARRA/HITECH and then again in the HIPAA Omnibus Rule in early 2013. In spite of increased attention and increased fines, plus the availability of industry-standard tools and IT best practices to easily prevent HIPAA Security breaches, the episodes continue, and in fact appear to be increasing in frequency and severity. Most reported breaches are not even a function of technology at all; they are a function of user error and carelessness.
A recent reported episode involved the theft of a physician laptop from his condo in Hawaii. The largest breach reported so far involves a smash-and-grab theft of a computer workstation containing patient records from a hospital foundation office in California. In that case, the mounting lawsuits already total over several billion dollars. These episodes show that policies and procedures are not sufficient, and that the technology has to be designed to not rely on user behavior for compliance. The Omnibus Rule is over 500 pages, or nearly 10 times the original "final" rule from 2007, so all medical facilities need to thoroughly review their HIPAA policies and intensify their efforts relative to HIPAA compliance. Being compliant with the HIPAA Security Rule actually represents best industry practices from an IT standpoint. The lessons learned from the reported breaches and the impact on healthcare IT is simple: It is not sufficient to rely on user behavior and written policies to prevent breaches. And increasing security through more password protection and other security measures cause even more conflicts with users, especially clinicians. Therefore IT managers must develop and implement integrated technology solutions that handle increased security while enabling better clinical workflows.
2. BYOD – Bring Your Own Device. In the old days (up until about five years ago), the way to make hospital IT departments secure and functional was for the CIO to determine a system-wide standard for all user devices, and determine user device functionality based on job level. This included determining the make/model for desktops, laptops and operating system versions. Generally speaking, the higher up you were in an organization, the better your IT "toys." Worker-bees got plain-vanilla desktops, clinical areas got compact mini-systems or slick all-in-one units, and managers and directors got laptops. They were purchased, deployed and supported centrally by the corporate IT team. Then along came the iPad, followed closely by other low-priced but feature-rich tablets, and suddenly IT departments were confronted with a flood of requests to make those devices work on the hospital network. These devices had little in the way of corporate security standards, but what they did have was crowd-pleasing features. Today's successful hospital IT departments need to not only support BYOD, they need to embrace it. And they need to be able to secure these personal devices when they travel offsite.
3. Advance Directive/DNR (Do Not Resuscitate) – Windows XP and Server 2003. If you ask most people how long Windows XP has been around, they would probably say 4-5 years. Wrong. Windows XP was released in 2001. That's over a decade ago. In "technology years," that's more than two lifetimes of typical IT upgrade cycles. XP stopped being sold retail in 2008. Microsoft ended upgrades of XP as of 2009, and is ending support in early 2014, and yet there are hundreds of millions of laptops and workstations still running Windows XP. The genealogy of Server 2003 is easier. It obviously came out in 2003, and yet it is still running on millions of servers. Mainstream support for Server 2003 ended in 2010, and extended support ends in less than two years. All of this infrastructure will all have to be replaced with other technologies in the coming months, so it's high time to consider many of the other technology solutions mentioned in this article.
4. Virtual desktop infrastructure, thin client and "zero client" machines. Several factors are converging to force this initiative to the top of the priority list. Physical space is always at a premium in healthcare settings, especially in clinical areas. The death of Windows XP and the seemingly constant issue of supporting and replacing workstations every few years, creates increasing demands on IT staffs, who can't ever seem to get out of the mode of tactical support and move to strategic initiatives. It also increases frustration with users, who battle aging and brittle IT infrastructure. So it has become virtually impossible for IT departments to standardize desktop configurations and control the technology environment, while delivering an acceptable user experience. Newer technologies like virtual desktops that involve moving most of the computing functionality from local devices to the data center allow IT departments to provide a better user experience with better device independence. And possibly even more important, it provides increased HIPAA compliance.
5. Medical-grade cloud services. The "cloud" is probably one of the most over-hyped and mis-understood technologies ever devised. Actually it really isn't even a new invention. In the earliest days of computers, large companies offered "time-share" services, where all you needed was a dumb terminal and a network connection and you could rent computer time and storage space on large mainframes where a high priesthood of system administrators took care of operations and data backups. With the help of increased network bandwidth, server virtualization and the exploding size of data storage systems, cloud services have now come of age for healthcare. But just because a hospital is using cloud services does not necessarily make it an optimal or strategic technology direction. In many cases the shift to cloud services also just shifts technical or operational problems from one place to another. True medical-grade cloud services — meaning those that are designed and purpose-built with healthcare applications in mind — can be effectively integrated into an overall strategic hospital IT vision. By outsourcing more of the physical IT infrastructure and related basic core services, hospitals can utilize their limited technical resources on strategic initiatives that create more value to the organization.
6. Patient impatience – the rise of the healthcare consumer. Patients are showing an increased frustration with the mountains of paperwork involved in healthcare, and in particular the ubiquitous — but archaic — medical history clipboard. Consumers can go online and track a $20 package across the country or order pizza or get an open table at a restaurant, but in most cases they are stuck with having to communicate in real-time with their provider, usually in person. Why can't we interact with the healthcare system in much the same way that we now interact with other providers in many other aspects of our lives? Many so-called healthcare experts claim it's a problem with HIPAA, or it's too costly, or that patients just don't want it that much. All three are false. A recent study by Harris Interactive showed patients have an extremely high interest in using online tools for healthcare. When asked about such simple things as scheduling appointments, getting test results or even just asking their provider a question, a vast majority said they would like to interact with their provider online, but only about 10-15 percent of patients reported being able to do so. The high use of patient portals (where they are available) and the rapid adoption of consumer-focused applications, like iTriage and WebMD, also prove that consumers need and want this type of service. The information can be delivered in a HIPAA-secure way, and eliminating the mountains of paperwork and duplication represented in manual, paper-based systems has been shown to not only lower costs but to reduce preventable medical errors as well.
7. Technology obsolescence – Moore's Law, 50 years later. In the mid-60s, Intel co-founder Gordon Moore noticed that the number of transistors on a computer chip was doubling every two years or so. He predicted that trend would continue for several years, and his "law" (really just an opinion) was that computing horsepower would roughly double every two years for the same physical size and cost. Even the most wildly optimistic prognosticators of that era could not have guessed it would hold true for nearly 50 years. Today we hold more technology in our hand than all of NASA combined had when they landed Armstrong on the moon. This almost unfathomable exponential trend has also manifest itself not only in computing horsepower but increased capabilities in data storage, network bandwidth, high-definition image displays and a host of other IT areas. This is enabling such game-changing advances as computer-aided 3D imaging, surgical robotics, wearable biomedical devices, network-aware patient monitoring systems and telemedicine on an unprecedented scale (indeed, the new ICD-10 code set has a set of codes for space injuries). Hospital IT departments must stay abreast of these trends, and incorporate them into their technology services stack, not just to keep up with the Joneses, but to continue to provide the tools necessary to deliver world-class healthcare.
8. Mobility. Mobile devices and mobile networks have continued to evolve and increase in acceptance, both by patients and by clinicians. In acute-care settings, there is an endlessly growing tangle of cords, cables and connectors at nurse's stations and unit desks. At the bedside, these technology connection points compete with various additional devices, connections and hoses, including IVs, patient monitoring systems, medical equipment device controls and the like. Plus as both patients and providers are frequently mobile within the acute care facility, it is even more necessary to provide high-bandwidth services — along with functional user devices — over secure and encrypted network connections. Computers-on-wheels, or COWs, were intended to provide high computing functionality at the patient bedside, but in most cases we see then parked semi-permanently in the hallway because they are not convenient to use. Some of that inconvenience is because of their bulk, but much of it has to do with how long it takes to log in and otherwise "fire up" the device to actually use its incredible computing horsepower.
9. Interoperability. In many of our healthcare technology assessments, we see considerable duplication of effort and lack of interoperability between and among different systems. Many hospital departments select best-of-breed applications to support what they feel to be the uniquely critical functionality of their particular area, not realizing the end result is a patchwork quilt of ineffective use of technology that negatively impacts not only efficiency but patient care. Many times the output of one program is printed and scanned in to another program, rendering the data and the underlying intelligence essentially useless. Recent advances on the software front, including the formation of the CommonWell Health Alliance, aim to improve things in this area, but hospitals need to have a conscious and concentrated effort to reduce the number of independent systems.
10. Workflow-enabling technology solutions. This is the most important issue, and ties all the others together. In what might seem to be an ironic twist, as technology capabilities have increased dramatically, user dissatisfaction has also increased. Traditionally, technology solutions have been created to address technology requirements. "User requirements" consisted primarily of the IT department assessing the requirements for a software application, and then building the infrastructure to support it. For example, a radiology program might require a number of reading workstations for radiologists, a different configuration and number of user devices for other users, and a ton of network bandwidth and data storage to transmit and store all the images. And the whole thing had to be secured for HIPAA, so that was layered on top. Then a pharmacy or ED or med/surg application would typically have completely different requirements, with different storage, computing and user device needs, plus it also needed the HIPAA security fence. Other solutions would come along and be evaluated and implemented in much the same way. The solutions looked elegant and sound on paper, but they were a burden on users. Rarely was there a holistic, system-wide view of technology nor particularly user-friendly solutions for user device and security.
Today's healthcare IT leaders must work with their executive teams, as well as clinical and business stakeholders, to address these problems in a way that takes all the above issues into account. In fact, in today's healthcare environment, clinician workflow is the one area that ties everything together and could well represent the most critical gamechanger for healthcare IT.
Fortunately there are end-to-end technology solutions now available that embody and address virtually all of the issues above: aging hardware and software infrastructure, HIPAA Security, BYOD, medical-grade cloud services, mobility, desktop virtualization, patient access tools and interoperability. But it requires a different mind set and a different set of skills, both from internal IT departments and outside partners.
Addressing these issues in a holistic way and enabling clinician and business office workflow will allow the tremendous investment in healthcare IT to actually be realized, and make the long-anticipated impact towards the achievement of the Institute for Healthcare Improvement’s "Triple Aim" – better care, healthier populations, lower costs.
More Articles on Healthcare IT:
5 Steps Vendors, Providers Should Take for Successful EHR Implementation
CommonWell Health Alliance Brings Health IT One Step Closer to Interoperability
Upgrade From Windows XP to Remain HIPAA-Compliant