As healthcare-related data breaches increase, chief information officers (CIOs) at healthcare facilities around the country are faced with a significant challenge â€“ ensuring that patients and physicians have access to the data they need while at the same time protecting that data from falling into the wrong hands.
The rate of healthcare-related data breaches is on the rise, according to recent reports, resulting in millions of patient records becoming compromised. The increase in breaches comes at a time when federal regulations are requiring new changes to how patient data is stored and protected, while pushing for more open access to healthcare records for customers.
As a result of these changing regulations and requirements, chief information officers (CIOs) at healthcare facilities around the country are faced with a significant challenge — ensuring that patients and physicians have access to the data they need while at the same time protecting that data from falling into the wrong hands. By taking a series of proactive steps, such as looking to the best practices of other industries, CIOs can position their organizations to maintain strict security measures and provide consumer-friendly services.
Making the Move Toward Accessibility
Safeguards regarding patient security as outlined by the Health Insurance Portability and Accountability Act (HIPAA) of 1996 led many healthcare CIOs to take considerable measures to keep patient data in-house, without the use of wireless networks. Software vendors supported this approach by providing healthcare facilities with electronic medical record (EMR) solutions. Additional amendments in 2010 that incentivized compliance and provided payments to providers for implementing certain security measures further cemented the CIO’s position to maintain patient records inside company firewalls.
Now, however, new ACA regulations require CIOs to evolve their approach to patient data security. According to the guidelines outlined by the ACA, by 2016, healthcare organizations must move patient data online to ensure customers have easy access to their healthcare information. For facilities that treat Medicare patients, failure to comply with the new regulations can result in penalties on reimbursement rates. CIOs must move quickly and securely to update their processes and ensure they have the right technology in place.
It isn’t just the need to comply with federal rules that are leading this charge toward data accessibility, though. Changing expectations from consumers, who have become accustomed to accessing everything from banking to online shopping, also are driving healthcare organizations to give patients more control over their healthcare data. Many patients, especially the younger millennial generation, want online access to their medical records and may even switch providers if easy access to health data is not granted. Healthcare technology leaders must be able to recognize and address the trends in customer expectations, as well as maintain compliance with federal regulations, in order to remain profitable.
Establishing a Strong Business Case
To address the growing list of stakeholder, regulatory, and privacy concerns, CIOs must be able to make a solid business case for moving toward integrated information technology systems. Healthcare organizations can learn a great deal by exploring the path that other customer-focused industries have taken to address similar challenges.
The banking industry in particular provides an excellent example for healthcare organizations, since financial institutions strive to provide a customer-friendly experience while maintaining the security of individual financial data. Through the use of PINs, password protections, atypical transaction alerts, and other safeguards, banks have implemented numerous safety measures to protect consumer information. At the same time, banking customers have easy access through their mobile phones to carry out numerous banking transactions, such as checking their balance, depositing money, and scheduling payments.
Unfortunately, many healthcare organizations do not yet have the infrastructure in place to support this level of service, requiring CIOs to garner executive-level support to invest in the technology necessary to address the rapidly evolving landscape of healthcare IT. An effective business case must clearly outline the technology capabilities required while also explaining the costs and benefits of various options that will achieve an organization’s specific objectives. CIOs may find it useful to reveal the cost of security breaches to companies — between $625,000 and $2-3 million – which includes factors such as remediation, fines, penalties and communications with affected constituents. Of course, damage to an organization’s reputation can be even more widespread and costly.
When making the business case, it also behooves CIOs to demonstrate how the IT plan will adapt to emerging events in digital technology and data security as well. Any plan must not only provide for a process for meeting the immediate needs of the organization, but also outline a road map for adjusting to the future requirements of a fast-changing, tech-enabled world.
CIO Best Practices for a Customer-Centric Healthcare Model
When it comes to healthcare technology solutions, advanced security is not just a nice-to-have option; it is a requirement, along with easy access to data for patients and physicians. In order to guide their organizations to success, CIOs must take a leadership role in implementing practices and technologies that address this two-pronged challenge.
The following best practices will help CIOs equip their organizations with the right solutions for this new era of security and accessibility:
1. Look to other industries for ideas: Numerous parallels can be drawn between the security concerns and consumer expectations between the banking industry and the healthcare industry. Many financial institutions have already figured out how to deliver more customer-centric services, while still protecting data, so the industry provides a good example of how healthcare technology leaders can implement effective change.
2. Perform due diligence: It is critical that CIOs identify the risks and exposures that must be addressed through proper control and regular testing of the security measures in place. Prioritizing these risks at the executive and board levels will ensure that the right model is employed to support forward momentum while mitigating risk.
3. Understand the importance of getting it right: The costs of a security breach extend beyond financial considerations and can affect the reputation of the healthcare organization as well. By taking the time to consider a range of software solutions, CIOs can ensure the best organizational fit that will protect patient data while integrating seamlessly with systems to ensure an optimal user experience for staff and patients alike.
4. Leverage the right technology: CIOs must assemble a best-of-breed approach to deliver a seamless solution that can prevent potential breaches. From selecting data centers that offer the proper physical and technical security measures to adopting the most stringent security protocols and web-based portals, CIOs must take the lead in identifying the technology that can deliver on patient expectations, while protecting the organization’s interests.
5. Build a better business case: The price tag for delivering a secure yet consumer-friendly solution adds significant cost to the typical expenditure of an electronic health record solution. It is the CIO’s responsibility to secure executive and board approval for recommended strategic and mandatory technology changes that will provide the flexibility to respond to emerging events.
As the model for delivering healthcare continues to evolve, CIOs must ensure their organizations are positioned to keep up with changing requirements and patient expectations. Healthcare technology leaders must rise to the occasion to lead the change and identify, implement and maintain the technology, tools and techniques required to deliver the secure, yet customer-centric, experience today’s patients demand.
Editor's Note: Watch our video interview with Nick Christiano below. Click here for the first story in Christiano's series.
Nick Christiano is responsible for the overall execution of the National Healthcare Practice for Tatum, a Randstad company. The Healthcare Practice provides executive leadership solutions to healthcare provider organizations, heath plans, private-equity backed bio-tech firms and affiliated organizations where subject matter expertise is critical to a successful client engagement. Christiano is recognized as a driven leader, tireless in the pursuit of optimum patient care, productivity, efficiencies, cost management and navigating the new challenges in the healthcare field. He has an MBA in MIS/Finance from the John Hagan School of Business — Iona College and a BS with a dual major in Computer Science/Electrical Engineering from NYIT. He can be reached by email at Nicholas.Christiano@Tatum-US.com