Editor’s Note: Gus Malezis is the President and Chief Executive Officer of Imprivata, a healthcare information technology security company that enables healthcare to access, communicate, and transact patient information, securely and conveniently.
Several notable trends from 2017 will continue to impact the health information technology (HIT) industry in the new year. Ransomware tops the list, particularly after this May’s WannaCry worldwide cyberattack, followed closely by increased awareness of electronic prescribing of controlled substances (EPCS) as an “upstream solution” to battling the nation’s mounting opioid abuse crisis.
Beyond the ongoing development of these two leading trends, HIT experts are also asking two key questions as we close out the year: how do we get to interoperability in healthcare?; and, how do we improve the patient experience?
As we round the corner to the new year, it’s worth looking at these and other 2017 highlights to see what we should expect in 2018.
1. Ransomware: a new breed of healthcare hack
Healthcare fell victim to more than 330 data breaches this year – nearly one per day. Large-scale ransomware attacks like WannaCry, which hit 112 countries, struck the industry with a scary new reality: hackers will find a way in and – regardless of safeguards taken — hospitals will get hit.
Most hospitals have finally recognized what has been universally acknowledged; while they can educate staff and reduce the incidence rate, there’s ultimately little they can do to completely eliminate all the risk and prevent user error and susceptibility to phishing attacks. Indeed, smart hospitals now anticipate that their systems will get compromised at some point.
The well-prepared hospitals build resiliency around their users and core and critical systems, and focus beyond keeping the bad guys out. Instead of just patching, they devote priority resources to keeping their systems operational, or rapidly restoring after an outage.
It’s unlikely that we’ll see fewer cyberattacks in 2018, so the only way we can beat the hackers at their own game is to remain focused on resilience and rapid recovery. The quicker hospitals can get back up and running, the less impact hackers can have.
It’s worth noting that, on this latter point of resiliency, the technology currently exists to support this design. In fact, the same technology offers multiple incremental benefits to healthcare informatics, providing improved ROI. Virtual desktop infrastructure (VDI), for example, is virtualization technology that runs the desktop system (OS and applications) on a centralized server in a data center. This design is well proven and broadly supported by various vendors. Moreover, it delivers reduced operational complexity and cost, and has the added benefit of resilience with rapid restoration of services. This is a win-win-win.
2. Technology as a champion in the battle against opioid abuse
The opioid epidemic grew in 2017, killing an estimated 90 people per day in the U.S. The rest of the world faces the same issue, with varying degrees of social impact. Also growing is the understanding that technology can play a key role in combatting the opioid epidemic. Indeed, both regulators and providers embraced EPCS as a central tool in the fight against opioid abuse.
We saw an increasing awareness that DEA regulations for EPCS in present form need revision. Perhaps most notably, The Commission on Combating Drug Addiction and the Opioid Crisis provided formal EPCS recommendations to President Trump in November, giving EPCS regulatory momentum that is matched by state and federal legislation to enact EPCS mandates.
At the end of 2017, EPCS has been mandated through legislation in six states – New York, Maine, Connecticut, Rhode Island, Virginia, and North Carolina – and several additional states are considering similar laws. This legislative momentum will continue into 2018, as EPCS appears in bills already introduced in New Jersey, Massachusetts, Texas, Pennsylvania, and North Carolina – and more states are expected to follow.
In addition, 2017 was the year that the U.S. Congress introduced federal legislation mandating the use of EPCS nationally for the Medicare Part D program. We’re likely to see more such movement in the coming year, and technology has a key role to play in this battle.
This is because technology now enables the delivery of prescriptions in a trusted, secure, compliant, and truly efficient manner. Efficiency is not to be under-estimated, as the intersection of all preceding factors is crucial to broad adoption. If technology only solved the compliance and security aspects while ignoring provider workflow and efficiency, for example, we would see increased frustration on the added workload, and potentially lower adoption.
3. The long road to interoperability
We have a long…long…way to go before achieving interoperability in healthcare, but 2017 was a good year for foundation-building in this critical area. One of the challenges is that, under our current HIT regime, we embark on building technology for our customers the same way we embark on home improvement projects at your local building supplies store or outlet.
That is, we think up a rough design, polish it up, and then proceed to purchase a bunch of materials. We finalize by going home and building the final product on the location where it will reside.
This model ignores the need for precision integration and interoperability, exposing multiple weaknesses and points of failure. It’s analogous to our networking industry in the 1980s and 90s, where customers would buy products from small and large vendors and expect things to work together.
Instead, of course, customers regularly encountered troublesome and unpredictable issues, with elevated costs, extended time requirements, and reduced reliability. To address that disconnect, IEEE and other interoperability standards were established to ensure precise definitions of layers 1 and 2 of the ISO model at the network layer.
This push also included formation of interoperability labs and forums, like Interop, so vendors could test, validate, and resolve problems before shipping to the customer. This allowed vendors to ship products and components that, when plugged in, would reliably work together. By the late 1990s it was rare to encounter interoperability issues at layers 1 and 2, and the industry moved on to focusing on layers 3 and above.
We don’t have that yet for HIT systems – but 2017 showed good progress in getting closer. Indeed, both HIMSS and CHIME took substantive steps recently to advance the successful exchange and re-use of health information. These bodies, along with leading organizations like CommonWell Health Alliance, as well as the leading EHR vendors (Epic, Cerner, Meditech, and others) will be indispensable parts of the interoperability solutions in 2018 and going forward.
We are on our way to a truly connected healthcare delivery system in which mobile patients and their records go back and forth from one care setting to another. Perhaps by the end of 2018 we’ll outgrow the “Home Depot effect” and at least operate more like Ikea, where all of the pieces our customers need are packaged together in one box.
4. The patient as a consumer
The line between patients and consumers became very blurred in 2017. Healthcare has historically viewed people as patients, but today’s patients are more knowledgeable and outspoken about how they want their healthcare experience delivered.
Millennials, for example, are tech-savvy – but we’re asking them to register and schedule healthcare appointments through analog methods and processes. We’re basically providing them service that was outdated in the 1990s. Moving into 2018, the healthcare industry must pivot – similar to the way airlines did to change their customer experience. Instead of asking people to stand in line to check-in with an agent, airlines gave customers easy-to-use kiosks in front of service desks. Perhaps a question we need to answer in the coming year is: how do we give patients an “airline check-in” experience?
In 2017, healthcare organizations also struggled with getting patients to adopt the use of patient portals. While portals should simplify the patient experience (by centralizing access to medical records, online bill pay, and appointment scheduling), in reality the lack of interoperability between EHRs actually makes it impossible for patients to access all of the necessary information in one place. Instead, patients must access one portal for medical records and another to pay their bills – without one portal actually linking to the patient’s insurance information.
This experience is so clunky (and rarely mobile-friendly) that patients abandon it altogether. In 2018, we have to figure out how to give patients central access to everything they need. High-quality digital Identity, along with Single-Sign On, may be the key to centralizing patient data, or employer-driven portals, which some start-ups are developing, that can link employee benefit information to billing and patient medical records.
As an industry, we need to value our patients’ insight as consumers so we can deliver a better experience, and indeed many institutions have recognized and are acting on this dimension.
These are the key trends that drove the HIT industry in 2017, and that we can expect to continue as we head into 2018. Not all of these important trends will reach their optimal conclusion in 2018 – some might enjoy continued progress without fully being realized. But we can reliably look to these as substantive areas to watch as we start 2018.