For Citrix Chief Security Strategist Kurt Roemer’s HIMSS16 lunch-and-learn session, it was crucial to corral a collection of experts from diverse–yet connected–corners of the healthcare universe.
What we found was a doctor, a lawyer and (wait for it…) a self-proclaimed nerdy nurse.
The point of amassing this team for “Beyond the Letter of the Law: Healthcare IT Security Strategies,” was to delve into the topic of data security in mobile healthcare environments and explore the concept of balancing user experience and privacy.
Many technology companies–including Citrix–have safeguards in place to protect patient information. However, it is also equally important for healthcare IT leaders to make informed strategic design choices as to what types of solutions they implement, the workflows they support and the ways in which they ensure secure compliant mobility.
We knew that in 45 minutes, we wouldn’t solve the world’s problems. The idea was to highlight key points, spur curiosity and encourage future action.
During the dialogue, Kurt lived dangerously, opening up a number of provocative topics to his lively panel. The group didn’t disappoint – and the conversation ultimately led to six key points and many future topics for consideration:
While we are making strides toward interoperability in healthcare, we have not yet achieved it.
Not only is Interoperability about exchanging data, but also, it involves users being able to correctly interpret data once it is shared. Our panel stretched the concept of interoperability a step further, noting that it actually goes beyond the data and its interpretation, extending into the world of workflows.
Roemer asked if the concept of interoperability in healthcare really is tangible. Nurse Brittney dove right in to that question, referring to interoperability as an elusive magical unicorn. “Can I touch it yet – or pet it?” she joked, eliciting ripples of laughter from the audience. Her answer was that interoperability has not yet been achieved in the healthcare industry.
Wilson also gave a caregiver’s perspective on workflows, noting that they vary greatly from one work shift to another. Most shift workers, if asked to describe a process or a workflow, cannot enumerate in detail the chronological steps required to complete the process.
Admitting a patient into the hospital is a prime example. Different shifts execute on this in different ways. This disparity impacts the interoperability of the data received at the patient intake stage.
Panelist Dr. John shared another point that makes achieving interoperability even more difficult. Patients often present with their own data from their devices and assume that it should be integrated into their health records. However, patient-provided data poses problems. Namely, is that information really accurate?
Food for thought:
- Physical deployments often don’t fully take into account the need for interoperability.
- The Healthcare Industry must look at the bigger picture of interoperability and then define the component parts – workflows, patient data, standardization of data formats, cooperation between unrelated entities and more.
- Standardizing workflows and efficiently structuring them will help us move toward better data sharing.
The healthcare industry is more complex than many vertical industries in which interoperability is alive and well.
People underestimate the complexity of achieving interoperability in healthcare. Many try to equate healthcare to other industries, most commonly, banking and financial services.
Dr. John explained that the banking industry has mastered interoperability because of the relatively small number of variables that must be managed: credits, debits, identity, minutes, seconds, dollars and cents. Healthcare is more complicated because there are so many variables to juggle: the number of institutions with which a patient may interact, as well as specifics on charted information such as medications, family history, allergies, injuries, surgeries, existing conditions and more.
Panelist Attorney Brian noted how this impacts the legal side of healthcare. There is nothing legally wrong with moving the control of data sharing to patients in a consent-based system. Patient portals fall outside of the jurisdiction of HIPAA because patients must give contractual consent for information sharing. (He also noted that on the flip side–in the case of medical malpractice cases, information sharing is still spurred by the letter of the law. He noted the buzzwords such as “subpoena” and “evidence” that drive data dissemination in lawsuits).
Food for thought:
- Until patient records are consistently designed and maintained from institution to institution, complete interoperability cannot be achieved.
- Integrating open-source health information exchanges (HIEs) into the healthcare ecosystem may enable patients to manage their own data and give the industry another way to address the interoperability problem.
- Enabling patients to control their own records via a secure distributed ledger – a blockchain-type ledger like that used in the financial industry – is another idea worth investigating.
- If steps are made to incorporate this sort of ledger in the healthcare industry, then it needs to be determined who (or what entity) will pay for this kind of initiative and who will manage this kind of initiative?
- Bringing uniformity to different consent models will help ensure data accuracy and data integrity. The panelists agreed that what we should strive for is to drive to a standard that works for everyone. In designing that standard, data integrity must be ensured. Attorney Brian noted that The Substance Abuse and Mental Health Services Administration (SAMHSA) is investigating standardized consent models to implement; however, many states still have mental health and HIV controls in place that cover – and limit — the dissemination of information.
- The push toward uniformity plays an especially large role in delivering high-quality emergency care. That begs the question, “In emergency situations, should medical institutions and ER Departments record health data if it originates from patient devices?”
- Reliability and reproduction of data is very “uneven.” There is not yet a mature platform for managing the data and making it actionable so that clinicians can interpret it and make logical care determinations.
Medical professionals need to be able to gauge the accuracy of patient-provided data. That actionable data can then be used to each patient’s advantage.
Thanks to the Internet of Things (IoT), patients now are arriving at healthcare entities “pre-instrumented” with their own devices. Many are armed with data from these devices and they wish to contribute it to their own health records. This data needs to be validated before it can be deemed accurate.
Food for thought:
- How can we design a mature platform for managing and disseminating patient-provided data? What would it look like?
The Healthcare Industry must make strides towards limiting the symptoms and conditions that get escalated to physicians.
Dr. John stated that the industry’s ultimate goal should be to release patients’ dependence upon clinicians to interpret all of their data. What that means is that patients need to have the ability to analyze their own data. They also need to have the right kinds of interfaces to help them determine what actions to take based on the analysis of the data. This will alleviate many escalations to physicians.
Food for thought:
- Educating patients is the first step.
- Arming them with easy-to-use interfaces that enable them drive their own care based on actionable data is the second step.
- Analytics, machine learning and visualization tools can make it clear to a patient (or a clinician) what the timing of an intervention should be.
- Actionable data should be accessible to the person who carries a device.
Those who provide direct patient care typically do not have conversations with patients about data security and de-identifying data. Maybe they should…
The stress of having one’s identity compromised certainly puts undue stress on a patient’s health. This, in turn, affects quality of life. Caregivers get into the medical profession because they are concerned with the patient’s “whole being.” Nurses, doctors and healthcare professionals are insistent on restoring good quality of life to those they serve.
Food for thought:
- Nurses and other caregivers need to know how to educate patients about the tie between data security and good health.
There you have it, three quarters of an hour of artfully-moderated twists and turns encapsulated into several minutes.
It was a conversation that literally could have gone on for days. We covered lots of ground and saw imaginary unicorns, yet we didn’t manage to find elephants in the room.
Now let’s summarize with the one constant in all of it: Citrix is committed to breaking though barriers, solving industry problems and empowering those on the front lines who care for patients. Our ultimate goal is to enable clinicians to work anywhere, on any device via any network so patients can have better healthcare experiences.
Learn More About The Panelists
An advocate for empowering patients and nurses with the use of technology, Brittney Wilson, BSN, RN, (known during the panel as Nurse Brittney or The Nerdy Nurse) also is Product Director for HealthStream and author of the blog known as TheNerdyNurse.com. Her blog focuses on and empowering nurses and care givers through the use of technology.
Dr. John Mattison, MD, (also known as Dr. John) is Assistant Medical Director, Chief Medical Information Officer at Kaiser Permanente SCAL. He is a physician and author with a longstanding interest in security issues.
Brian R. Balow, (also known as Attorney Brian), is Attorney at Law & Member, Dawda, Mann, Mulcahy & Sadler, PLC. He has a decade of expertise working in the healthcare and privacy field, focusing on patients’ rights and the safety of patients.
HIMSS is a global, cause-based, not-for-profit organization focused on better health through information technology (IT).
Follow Citrix Healthcare on Twitter: Follow @CitrixHealth
Follow Kathy Holoman on Twitter: Follow @techiewahoo