Healthcare is undergoing a fundamental change in reimbursement, in care delivery models, in the technology required to make these changes. Technology and information are no longer adjuncts to the business of healthcare they are strategic imperatives.
This information, however, is among the most regulated and protected information under the law. The data must be shared more widely with more people and organizations all the while with stricter security and privacy controls and with increased enforcement and penalties for violation.
Information is the currency of the 21st century enterprise. But in healthcare, information is much more than just the currency - - it is your principal asset, too. It represents your patient and it connects patient, provider, clinician, payer and the entire continuum of care. Information is what healthcare runs on today. As such, effectively securing information is critical.
While data may flow at “Internet speed” today, healthcare information flows at the speed of trust. It is imperative that providers create and maintain trust in and value from information and information systems.
While historically, this job has fallen to the information technology group, in the age of Meaningful Use and the Affordable Care Act, it is no longer just an IT issue. The information, appropriate access to it, its availability and protection are strategic to the clinical and business operations of the organization. Indeed, with Affordable Care Organizations (ACOs), Health Information Exchanges (HIEs) and Patient Engagement (a Meaningful Use requirement for Stage 2), information and the technology used to collect, store, maintain, share and protect information are the operations.
The Patient-Centered Digital Home: The patient must be in the center of what healthcare organizations are being faced with today. We categorize them as: 1) Opportunities, 2) Operations and 3) Value-based Outcomes. For the patient, for the provider, for the payer.
Opportunities represent the foundational changes that are impacting providers today. Changes in relationships with primary care and other community physicians - - how do they connect to the hospital? How are patients impacted by your physician network? Home health is an expanding point of care for many providers. Remote monitoring of patients weight, vital signs, glucose levels - - how do the patients connect? How does the data get into your EMR? Are you part of an HIE? Is it in state? Multi-state? National? Are you part of an Affordable Care Organization? Do you know how other members are protecting your patient’s data? Do your physicians ‘trust’ the data they are getting from the patient? The HIE? The ACO? Do your patients ‘trust’ it?
As CEOs, COOs and CFOs look at the opportunities they are still faced with continuing and on-going Operations. Today hospitals are being asked to provide more data to more Business Associates, partners, other Covered Entities and the Government than ever before. And they have to do it more securely than ever before. Additionally, other regulations and requirements are coming like ICD-10 and Medical Banking. These all require adjustments and changes to current technology or additional technical capabilities.
Finally, and frankly, the reason we are doing all these other things is Outcomes. Outcomes are ultimately about value - - but it is all about collecting an astounding amount of data, organizing it into useful information which allows your business and clinical users to turn it into insights, improvements, better care and better clinical and financial outcomes.
Traditional methods or protecting data in legacy models is not enough anymore. Data has to be understood in a new working environment and with an ever-increasing need to manage risk on an on going, near real-time basis. This understanding extends beyond IT in today’s world to all the operational users of patient information - - from med techs to clinical engineers to billing clerks and coders and even to the patient.
Just as information is a business tool, the protection of that data must extend beyond IT to the people who use, view, access the data from physicians to Business Associates. Given the rapid changes in the healthcare delivery model, the delivery of information will have to expand to meet those needs - - physical, virtual, cloud, mobile and whatever may come next.
Finally, as the need for the data goes to round the clock the need for services and systems that are “never down” becomes an increasing demand.
The Care Setting Today and Tomorrow:
Providers today must understand their data across the entire continuum of care - - the new working environment for providers and clinicians - - office to hospital to lab to home and every where in between. Those discussions cannot center on IT but must meet tomorrow’s needs:
- The need to describe information privacy, security and compliance in an enterprise context, including all aspects that lead to effective governance and management of information security, such as organizational structures, policies and culture.
- An ever-increasing need for the enterprise to maintain information risk at an acceptable - - and regulatorily compliant - - level and to protect information against unauthorized disclosure, unauthorized or inadvertent modifications, and possible intrusions - all while containing the cost of IT services and technology protection.
- The need for non-IT personnel and leadership to understand the complexity of managing and securing data in a highly regulated environment (HIPAA/HITECH, breach notification) in an extremely complex technical environment (increasing cyber-threats, medical devices, mobility/consumerization, cloud and virtual environments).
- The ability to talk about information security in a strategic sense at the highest levels of IT and outside of IT and be able to translate strategy down to the technical level within IT; and to allow IT staff to explain or demonstrate needs and concerns from the technical level up to the strategic impacts of implementing or not implementing specific tools or tactics.