Once a long-shot, the idea of universal healthcare in the U.S. is inching closer to reality, particularly as many 2020 candidates promise an expedient implementation of a national federally-run program (or some version of it). Nearly half of doctors support a “Medicare for all” model, and while this won’t change the practice of medicine, it will greatly affect how those providers use technology to run their businesses.
This is particularly true for small- and medium-sized providers; large organizations like Kaiser have the employees and the budget to overhaul their IT infrastructure in accordance with a federal mandate–the rest will have a harder time being compliant and functional at the same time.
Providers already use software to run their business, custom-built or off the shelf. The ability to safely, reliably, and quickly make changes to these software systems is a key competitive advantage that most healthcare organizations are lacking. Given the uncertainty of how our healthcare system will change, starting to improve how providers manage software change is an investment that will pay off. Even if “Medicare for All” never happens, investing in modern IT processes like DevOps and agile will help in three areas: patient experience, billing, and cybersecurity.
Getting a clearer idea of what work lies ahead, here are three low-cost ways to start thinking about redesigning your software and IT workflows for a universal healthcare system:
1. Patient experience
Today, if a patient needs a CT scan or labs, he or she will go wherever takes their insurance. While providers have always taken patient experience into consideration it’s been a backburner item because the average patient has little choice in where they go. Medicare for all would change that entirely. In a system where everyone is covered, patients will start going to the providers that best suit their needs–not just in terms of expertise, but in terms of their overall care experience. Long wait times, scheduling errors and poor follow-up are just a few of the negative aspects that can haunt providers and their level of patient satisfaction. In short, under a universal healthcare model, providers will need to compete largely on experience.
That’s why now is the time for IT teams to ensure that they have the ability to safely deploy and update the software systems that patients interact with; if you can’t change your patient intake software, how can you add a way to have patients fill out forms prior to showing up to their appointment? What about a short questionnaire sent automatically after the visit to understand what could have gone better and what patients care about? Changes like these should be relatively easy if your ability to change your software systems is sound.
Billing and financials are the most tension-filled areas of a healthcare organization when it comes to technology. These backend systems can be expensive and complicated to change, and Medicare for All would almost certainly require significant changes to them.
It doesn’t have to be the nightmare most providers imagine it to be. Currently, providers treat the billing system like a black box in which codes are entered and bills come out. For medium-sized providers, it’s not uncommon to outsource this to a third-party service provider. That leaves in-house knowledge pretty low, and reliance high–and as a result, way too many providers are working on outdated versions of a system that is becoming increasingly difficult to service and maintain. Deferring maintenance costs for these systems can feel like a risk-reducing move; after all, if every time you touch the billing system it crashes, you learn pretty quickly to stop touching the billing system. Unfortunately, avoiding system updates and maintenance slowly accumulates risk over time, until eventually, the system fails.
Start with an audit of your current billing system and test the ability to safely change it. Nothing may seem overtly broken, but an audit will make invisible problems appear. Providers should look at the last time they tried to make changes. How long did it take? Did it work, or did it fail and it was simply rolled back? How often is the billing software updated? What is the current process for implementing changes? Which tasks are automated and which consist of 55 steps? Answers to these questions can reveal critical issues and should be used to inform a change plan.
After the audit, the challenge will be getting executive buy-in, as leadership’s worst nightmare is having billing (read: revenue) come to a screeching halt. Providers that want to move the needle in making strong investments in a scalable, efficient billing system need to show that these risks are real and inevitable–that means pitching board members, the VP of Operations, the CEO, etc. and be able to answer the “why now.” A pre-healthcare overhaul is a time to do this because you have a credible risk and enough time to move. This work becomes a lot harder later when you’re on a federally mandated deadline.
Perhaps nothing will be more tempting to a hacker than the upheaval healthcare organizations will go through if universal healthcare is enacted. While healthcare is already a rewarding target for criminals, in part because of the valuable and data-heavy nature of the business, HIPAA regulations do keep providers focused on securing this data.
While healthcare giants have the resources to build stone walls, and smaller providers have less of a data trove, medium-sized providers could be the most desirable target. In the midst of large scale system change on a hard deadline (and training teams to use them), security work can get deferred or overlooked.
Traditionally, healthcare organizations want to upgrade the computers that their doctors are using as little as possible. “If we don’t fix it, it can’t break” won’t serve providers well when faced with increasing digital threats due to the churn of implementing universal healthcare. Switching from a large, slow change model to a small, faster model is accepted as state of the art for large, always-on technology companies, and needs to become state of the art for healthcare organizations as well.
Most organizations don’t even handle the basics of ensuring that they are applying patches in a timely fashion and keeping their fleet of computers on current operating systems. Without these basics, very little else of what they do in terms of cybersecurity will help them. While there is also risk in updating aggressively, that risk is mitigated by getting good at managing software change. Set a goal; if 99% of computers in an organization can be patched within a week (which is an aggressive schedule for some), think of all the computers, data, and systems the provider won’t lose when that one employee downloads ransomware.
After that, look at where other security-related investments will pay off. Highly effective but often overlooked, providers should consider incorporating security tokens, password managers and updated authentication processes–as well as sufficient training for staff in the new practices.
Don’t be distracted by the allure of “low-lift” software. AI scanners, VPN providers and other cybersecurity solutions on the market love to tout the “install and forget about it” model–it’s the “just add water” for business. Those solutions don’t effectively address several of the fundamental problems healthcare organizations face (like doctors accessing records and sending emails from various devices, and in various locations).
The baseline for these three areas shared: if a provider is unable to quickly and safely make changes to the computers that run the business, then they can’t adapt quickly. Why make these changes now, when nobody is sure of what will change, and when? Because even in the absence of a policy shift, these types of mindset switches and investments will ultimately improve business operation–in a cheaper and safer way than if an organization waits for Washington. It’s not just better for business, it will also improve patient outcomes.
About Mark Ferlatte
Mark Ferlatte is CTO of Truss, a firm that builds software and infrastructure to help companies scale and modernize digital services. Mark was one of the specialists called in to clean up Healthcare.gov and has worked with healthcare organizations in both the private and public sectors.