Editor’s Note: Jason McDonald is the President, U.S. of Contino, a global transformational technical consultancy which specializes in DevOps and cloud computing,
According to Forrester data, the healthcare industry is estimated to spend up to $66 billion in technology budgets in 2017. In fact, healthcare systems are expected to see the most growth in business technology application spending as the remit for software in the industry expands. While the prospect of increased investment in health IT is exciting, data also show that 70% of digital transformation projects are expected to fail by 2018. With such a high risk for failure, how can health IT safely and reliably update technology systems? And when sensitive patient data is at risk, what is the best approach?
The healthcare industry is under enormous pressure to improve efficiencies and increase revenue, all while remaining compliant and keeping sensitive data safe and secure. With government regulations requiring value-based models of care and the adoption of electronic health records, and patients demanding improved control over and access to their personal data, the rapid adoption of technology has created complex challenges for healthcare professionals and institutions. Factors like data overload, difficulties communicating patient health information between institutions, and tracking payments cause more problems for doctors and takes them away from what really matters – treating their patients.
Innovation and Protecting Patient Data
At the center of healthcare’s digital transformation challenge is the issue of protecting patient data while making it seamlessly available. With each transfer of information, there is an inherent risk for a security breach or for incompatible or outdated systems to miss important data. These kinds of mistakes can have profound consequences, including stolen personal information, treatment errors, delays in treatment, or duplicative or incorrect lab requests.
The health industry traditionally has been slow to adopt modern technology platforms, but initiatives like the FDA’s Digital Health Innovation Action Plan look to increase opportunities for developers and technology companies to quickly introduce new innovations for healthcare. However, that doesn’t solve a key issue in some major institutions – legacy operating environments are often primitive even by “legacy” standards, which makes technology adoption such as the move to cloud and agile operations nearly impossible without a costly overhaul of IT systems.
The DevSecOps Approach
One approach that can address this issue is DevSecOps, a software development methodology that is rooted in cultural change. DevSecOps enables enterprises to accelerate digital development and ultimately reduce cost by embedding security and compliance into the development and engineering teams. This allows enterprises to integrate security processes earlier in the development lifecycle and apply practices to improve security at the source, such as automation and increased collaboration. It also addresses some of the potential threats that standard DevOps and cloud adoption implementations might not be built to address, including data breaches, software vulnerabilities or data loss.
Healthcare enterprises need to consider disruptive improvements in their technology optimization efforts if they want to implement DevSecOps in healthcare. Business and IT leaders must be willing to make bold moves to simultaneously address the rising tide of compliance requirements and manage the mounting pressure to deliver innovative digital solutions for doctors and patients.
If you are considering implementing DevSecOps in healthcare, here are some best practices to consider:
1. Empower Your Workforce – Organizations with a DevSecOps mindset favor limited hierarchy, team bonding, and work on a solid foundation of trust. They structure their teams in such a way that they own their products from ideation to deployment and are responsible for delivering value all the way through the system. Enterprises must make sure to foster DevSecOps skills, mindset, and interest among employees, and tailor their recruitment practices to attract and retain similarly-minded individuals. The hardest part of a meaningful and sustainable shift to DevSecOps is helping people to buy into the change and to ensure that everyone plays a role in the transformation.
2. Establish Standards and Frameworks – Ensure your teams establish standards that focus on the core areas of artifacts and traceability management, compliance, and security incident management. Keeping these factors in mind will allow teams to track changes made in code, build applications with a high degree of attention to security standards and encryption, and accelerate the implementation of security patches for attempted hacks.
3. Risk Management – As DevSecOps thinking takes root in engineering teams, there will be a natural shift towards more consistent, smaller production releases. It is when this occurs that leaders see the single greatest benefit of the new mindset – true system risk management. The smaller, faster, and more contained a change to production is, the easier and less fear-driven the thought of rollback or wider release becomes. Teams will enjoy unprecedented system confidence and the ability to experiment and innovate, while business teams will be empowered with better user feedback and data.
1. Forrester Research, Inc. (2016). 2017 US Tech Budgets: The Outlook For Tech Spending Overall And By Industry. Cambridge, MA: Bartels, Guarini, Klehm, McPherson
2. Forrester Research, Inc. (2017). US Tech Market Outlook For 2017 And 2018: Mostly Sunny, With Clouds And Chance Of Rain. Cambridge, MA: Bartels, Guarini, Valdovinos.
3. International Data Corporation. (2015). IDC FutureScape: Worldwide CIO Agenda 2016 Predictions. Framingham, MA: Ng, Martin, Pucciarelli, Rosen, Findling.