This is a guest post provided by Mike Maksymow, CIO of Beebe Healthcare. Huntzinger periodically invites its clients and partners to contribute to The Huntzinger Blog.
By Mike Maksymow, MBA/TM, CHCIO, FCHIME, FHIMSS, CPHIMS
Beebe Healthcare, Lewes, Del.
Time in Healthcare
About 20 years. I started as a part-time computer operator printing green-bar reports.
Time as a CIO
A little over four years
Time in Current Role
A little over four years
What is the Greatest Current Challenge Facing Healthcare IT?
I love the word frenetic. It really describes the world of health IT over the last two decades. There are numerous challenges that we face. To narrow it down to one is difficult. In my opinion, there is a tie for the greatest challenge: IT security and regulatory changes.
IT security, or cyber security, has been a healthcare concern for quite some time. However, there has been a significant rise in the sheer number of events as well as their severity. The latest cyberattack, WannaCry, seems to have evoked much interest from the healthcare community, but this is nothing new, nor are the vulnerabilities that we are scrambling to remediate. The healthcare industry is really facing a perfect storm:
- Lack of IT Budgets – Historically, we implemented systems over time with few IT resources and budgets, let alone having resources or budgets specifically for IT security. Many of these systems were “set it and forget it” with some modest security configured over a basic, flat and unsegmented network. IT security is/was merely a bullet in one’s job description (most likely under the catchall “all duties as assigned!”). Due to the high costs associated with implementing systems, many healthcare organizations push their investments well past their life expectancy (software applications, hardware, medical devices/systems, etc.).
- Regulatory Changes – These include the passing of ARRA in 2009 and the inception of meaningful use to incentivize healthcare providers to implement EMRs and move from paper charts to easily accessible electronic medical documentation. As an industry, we just took millions and millions of charts protected in the bowels of hospital archives with physical security and made this information easily accessible and portable.
- Rise in Identity Theft – At one time, a criminal could get someone’s credit card information, run up the charges to the maximum balance, or open loans and credit cards in someone’s stolen identity. However, the finance industry’s security has matured and become very proactive. These paydays are not as lucrative anymore, so thieves are looking to cast a wider net to find easier targets, such as the healthcare industry. Research shows that a stolen valid credit card is worth pennies, whereas a full medical chart on one patient can be worth hundreds of dollars. At a time when identity theft is on a significant rise, healthcare just poured kerosene on the fire with the implementation of EMRs, aging legacy systems, and lack of IT controls. Cyber criminals are exploiting healthcare’s electronic treasure troves and reaping handsome bounties.
All of these factors are compounded by increasing regulatory complexity, increases in the speed and frequency of regulatory changes, and declining reimbursements.
Again, healthcare is experiencing a perfect storm (lack of budgets/resources, regulatory changes, rise in identity theft) and we are “all-of-a-sudden” (tongue in cheek) concerned about security. Further compounding matters, there are a limited number of experienced IT security professionals looking for gainful employment and they are commanding strong compensation.
As far as regulatory concerns, healthcare has experienced a frenetic transformation over the past 10 to 15 years. We are such a complex industry and we’ve seen that hospital providers have been inundated with regulatory and legislative mandates changes such as: HIPAA, HITECH Act (ARRA), 4010-5010 transaction sets, ICD-10, MU, MACRA, MIPS, and more. And, we’re faced with a whole host of emerging technologies to address much of these changes (SMART, FHIR, CommonWell, CareEquality, etc.).
We continue to wait and see what is next for health IT as our legislators slog through the replacement of the Affordable Care Act. Whatever the outcome, we health IT leaders and our teams will be up for the challenge and position our organizations for success.
Although the cybersecurity outlook is ominous and uncertainty lies ahead on the regulatory landscape, we can help shape these outcomes by getting involved and speaking up. CHIME, HIMSS and other industry associations have good industry thought leaders, as well as public policy and advocacy groups. My involvement in these groups has benefitted me tremendously.
I’m fortunate to be a part of an organization that understands the importance of continuously investing in new technologies and a strong cybersecurity program. Beebe Healthcare is committed to the safety of our patients and team members and we are on a journey to High-Reliability Health Care, therefore security is of paramount importance.
What will be the Next Major Impact Area of IT on Healthcare?
There are several visionaries that tout the internet of things (IoT) and artificial intelligence (AI) as the next disruptors in our industry. Engaging patients (and/or their families) in their own health is key. As we’re getting more “connected and consumerized,” I think it’s a natural progression for the consumer/patient to use health tools and at-home medical devices for treatment or wellness programs. Ultimately, we need to tie these data points to patient portals and integrate these data points into useful information for the patient’s care team (rather than drinking from a fire hose!).
Since implementing EMRs, organizations are collecting more data than ever. IDC published that in 2013 there was 4.4 zettabytes (ZB) of stored digital data, and that volume is forecasted to reach 44ZB by 2020. Each ZB represents a trillion gigabytes. As such, AI will be the likely tool needed for basic data management (collecting, storing, normalizing and mapping the source of the data), as well as mining the data for useful and actionable information. We are now hearing more about the great possibilities of designing treatment plans for oncology patients by using the patient’s chart information with the latest research data. Taking the design of treatment plans even further, there is continuous research in precision medicine where treatments are based on genetics, lifestyle, and environment. Although this is not a new concept, the advances in AI are likely to speed precision medicine into mainstream patient care for many diseases.
There is no doubt in my mind that these may be the next industry disruptors, but we should proceed with some caution. So much of the industry has been in implementation mode trying to maintain compliance with meaningful use and other regulatory and legislative initiatives, that we need to take a cleansing breath. We need to spend some time optimizing our solutions and strengthening our system foundation before slamming in more emerging technologies, or we’ll end up with a patchwork of underutilized technology investments.
We’ve been capturing a great amount of data and spinning this data into actionable information. Many of us are doing this to varying degrees, such as clinical decision support, ACOs, bundled payments, etc. Yet, while we’re chasing the next new big thing, we cannot lose sight of so many opportunities to create better workflow efficiencies for our care providers.
What is the Biggest Challenge of Being a Healthcare CIO?
Over the past several years there has been a mindset change among CIOs from focusing on technology, to focusing on the patient. We are now charged with advancing patient care and providing value to our organizations. As such, we are employing different technologies to transform how we deliver patient care, patient safety and quality outcomes.
Technology is expensive, and implementation is even more expensive. We must keep the patient in mind as we adopt technology to ensure that the technology delivers the most value and helps the organization achieve its goals.