Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

Taming the Healthcare Compliance and Data Security Monster: How Well Are We Doing?

Posted on October 18, 2018 I Written By

The following is a guest blog post by Lance Pilkington, Vice President of Global Compliance at Liaison Technologies.

Do data breach nightmares keep you up at night?

For 229 healthcare organizations, the nightmare became a reality in 2018. As of late August, more than 6.1 million individuals were affected by 229 healthcare-related breaches, according to the Department of Health and Human Services’ HIPAA Breach Reporting Tool website – commonly call the HIPAA “wall of shame.”

Although security and privacy requirements for healthcare data have been in place for many years, the reality is that many healthcare organizations are still at risk for non-compliance with regulations and for breaches.

In fact, only 65 percent of 112 hospitals and hospital groups recently surveyed by Aberdeen, an industry analyst firm, reported compliance with 11 common regulations and frameworks for data security. According to the healthcare-specific brief – Enterprise Data in 2018: The State of Privacy and Security Compliance in Healthcare – protected health information has the highest percentage of compliance, with 85 percent of participants reporting full compliance, and the lowest compliance rates were reported for ISO 27001 and the General Data Protection Regulation at 63 percent and 48 percent respectively.

An index developed by Aberdeen to measure the maturity of an organization’s compliance efforts shows that although the healthcare organizations surveyed were mature in their data management efforts, they were far less developed in their compliance efforts when they stored and protected data, syndicated data between two applications, ingested data into a central repository or integrated data from multiple, disparate sources.

The immaturity of compliance efforts has real-world consequences for healthcare entities. Four out of five (81 percent) study participants reported at least one data privacy and non-compliance issue in the past year, and two out of three (66 percent) reported at least one data breach in the past year.

It isn’t surprising to find that healthcare organizations struggle with data security. The complexity and number of types of data and data-related processes in healthcare is daunting. In addition to PHI, hospitals and their affiliates handle financial transactions, personally identifiable information, employee records, and confidential or intellectual property records. Adding to the challenge of protecting this information is the ever-increasing use of mobile devices in clinical and business areas of the healthcare organization.

In addition to the complexities of data management and integration, there are budgetary considerations. As healthcare organizations face increasing financial challenges, investment in new technology and the IT personnel to manage it can be formidable. However, healthcare participants in the Aberdeen study reported a median of 37 percent of the overall IT budget dedicated to investment in compliance activities. Study participants from life sciences and other industries included in Aberdeen’s total study reported lower budget commitments to compliance.

This raises the question: If healthcare organizations are investing in compliance activities, why do we still see significant data breaches, fines for non-compliance and difficulty reaching full compliance?

While there are practical steps that every privacy and security officer should take to ensure the organization is compliant with HIPAA, there are also technology options that enhance a healthcare entity’s ability to better manage data integration from multiple sources and address compliance requirements.

An upcoming webinar, The State of Privacy and Security Compliance for Enterprise Data: “Why Are We Doing This Ourselves?” discusses the Aberdeen survey results and presents advice on how healthcare IT leaders can evaluate their compliance-readiness and identify potential solutions can provide some thought-provoking guidance.

One of the solutions is the use of third-party providers who can provide the data integration and management needs of the healthcare organization to ensure compliance with data security requirements. This strategy can also address a myriad of challenges faced by hospitals. Not only can the expertise and specialty knowledge of the third-party take a burden off in-house IT staff but choosing a managed services strategy that eliminates the need for a significant upfront investment enables moving the expense from the IT capital budget to the operating budget with predictable recurring costs.

Freeing capital dollars to invest in other digital transformation strategies and enabling IT staff to focus on mission-critical activities in the healthcare organization are benefits of exploring outsource opportunities with the right partner.

More importantly, moving toward a higher level of compliance with data security requirements will improve the likelihood of a good night’s sleep!

About Lance Pilkington
Lance Pilkington is the Vice President of Global Compliance at Liaison Technologies, a position he has held since joining the company in September 2012. Lance is responsible for establishing and leading strategic initiatives under Liaison’s Trust program to ensure the company is consistently delivering on its compliance commitments. Liaison Technologies is a proud sponsor of Healthcare Scene.

Connecting the Data: Three Steps to Meet Digital Transformation Goals

Posted on July 16, 2018 I Written By

The following is a guest blog post by Gary Palgon, VP Healthcare and Life Sciences Solutions at Liaison Technologies.

A white paper published by the World Economic Forum in 2016 begins with the statement, “Few industries have the potential to be changed so profoundly by digital technology as healthcare, but the challenges facing innovators – from regulatory barriers to difficulties in digitalizing patient data – should not be underestimated.”

That was two years ago, and many of the same challenges still exist as the digital transformation of healthcare continues.

In a recent HIMSS focus group sponsored by Liaison, participants identified their major digital transformation and interoperability goals for the near future as:

  • EMR rollout and integration
  • Population health monitoring and analytics
  • Remote clinical encounters
  • Mobile clinical applications

These goals are not surprising. Although EMRs have been in place in many healthcare organizations for years, the growth of health systems as they add physicians, clinics, hospitals and diagnostic centers represents a growing need to integrate disparate systems. The continual increase in the number of mobile applications and medical devices that can be used to gather information to feed into EMR systems further exacerbates the challenge.

What is surprising is the low percentage of health systems that believe that they are very or somewhat well-prepared to handle these challenges – only 35 percent of the HIMSS/Liaison focus group members identified themselves as well-prepared.

“Chaos” was a word used by focus group participants to describe what happens in a health system when numerous players, overlapping projects, lack of a single coordinator and a tendency to find niche solutions that focus on one need rather than overall organizational needs drive digital transformation projects.

It’s easy to understand the frustration. Too few IT resources and too many needs in the pipeline lead to multiple groups of people working on projects that overlap in goals – sometimes duplicating each other’s efforts – and tax limited staff, budget and infrastructure resources. It was also interesting to see that focus group participants noted that new technologies and changing regulatory requirements keep derailing efforts over multi-year projects.

Throughout all the challenges identified by healthcare organizations, the issue of data integrity is paramount. The addition of new technologies, including mobile and AI-driven analytics, and new sources of information, increases the need to ensure that data is in a format that is accessible to all users and all applications. Otherwise, the full benefits of digital transformation will not be realized.

The lack of universal standards to enable interoperability are being addressed, but until those standards are available, healthcare organizations must evaluate other ways to integrate and harmonize data to make it available to the myriad of users and applications that can benefit from insights provided by the information. Unlocking access to previously unseen data takes resources that many health organizations have in short supply. And the truth is, we’ll never have the perfect standards as they will always continue to change, so there’s no reason to wait.

Infrastructure, however, was not the number one resource identified in the HIMSS focus group as lacking in participants’ interoperability journey. In fact, only 15 percent saw infrastructure as the missing piece, while 30 percent identified IT staffing resources and 45 percent identified the right level of expertise as the most critical needs for their organization.

As all industries focus on digital transformation, competition for expert staff to handle interoperability challenges makes it difficult for healthcare organizations to attract the talent needed. For this reason, 45 percent of healthcare organizations outsource IT data integration and management to address staffing challenges.

Health systems are also evaluating the use of managed services strategies. A managed services solution takes over the day-to-day integration and data management with the right expertise and the manpower to take on complex work and fluctuating project levels. That way in-house staff resources can focus on the innovation and efficiencies that support patient care and operations, while the operating budget covers data management fees – leaving capital dollars available for critical patient care needs.

Removing day-to-day integration responsibilities from in-house staff also provides time to look strategically at the organization’s overall interoperability needs – coordinating efforts in a holistic manner. The ability to implement solutions for current needs with an eye toward future needs future-proofs an organization’s digital investment and helps avoid the “app-trap” – a reliance on narrowly focused applications with bounded data that cannot be accessed by disparate users.

There is no one answer to healthcare’s digital transformation questions, but taking the following three steps can move an organization closer to the goal of meaningful interoperability:

  • Don’t wait for interoperability standards to be developed – find a data integration and management platform that will integrate and harmonize data from disparate sources to make the information available to all users the way they need it and when they needed.
  • Turn to a data management and integration partner who can provide the expertise required to remain up-to-date on all interoperability, security and regulatory compliance requirements and other mandatory capabilities.
  • Approach digital transformation holistically with a coordinated strategy that considers each new application or capability as data gathered for the benefit of the entire organization rather than siloed for use by a narrowly-focused group of users.

The digital transformation of healthcare and the interoperability challenges that must be overcome are not minor issues, nor are they insurmountable. It is only through the sharing of ideas, information about new technologies and best practices that healthcare organizations can maximize the insights provided by data shared across the enterprise.

About Gary Palgon
Gary Palgon is vice president of healthcare and life sciences solutions at Liaison Technologies, a proud sponsor of Healthcare Scene. In this role, Gary leverages more than two decades of product management, sales, and marketing experience to develop and expand Liaison’s data-inspired solutions for the healthcare and life sciences verticals. Gary’s unique blend of expertise bridges the gap between the technical and business aspects of healthcare, data security, and electronic commerce. As a respected thought leader in the healthcare IT industry, Gary has had numerous articles published, is a frequent speaker at conferences, and often serves as a knowledgeable resource for analysts and journalists. Gary holds a Bachelor of Science degree in Computer and Information Sciences from the University of Florida.