Harnessing technology to the yoke of specific user circumstance carries complexity that can inhibit adoption. In healthcare, for example, the application of IT is delivering impressive results in many institutions and for many individuals, but broader, system-wide implementation has been hampered by challenges that are specific to that sector. Issues around data privacy, government policy, administrative coordination, and practitioner/patient buy in continue to dog IT implementation in healthcare, despite its apparent benefits. But who better to address these issues and opportunities in digital medicine than a healthcare professional?
At its “Knowledge and Inspiration 2013“, the Ontario Association of Community Care Access Centres (OACCAC) answered this question by featuring a talk by Dell’s chief medical officer, Dr. Andrew Litt at the June meeting. OACCAC represents 14 Community Care Access Centres that are tasked with the assessment, planning, coordination and quality monitoring of publically-funded home care for over 600,000 Ontarians on an annual basis. OACCAC is committed to the integration of care from across provincial institutions and agencies, and to “providing people with the care they need when they need it“ – care and cost efficiency goals that a spectrum of technologies, including mobility, cloud and collaborative solutions, can contribute to.
In addition to his current work as chief medical officer at Dell, Dr. Litt has a wealth of medical, healthcare administration and entrepreneurial experience with digital solutions that he was able to draw on in his presentation to the community care audience. The former head of Litt Healthcare Ventures consultancy, Dr. Litt also served as EVP and vice dean/chief of staff of New York University Langone Medical Center, where he was responsible for the strategy and activities of the NYU School of Medicine and the NYU Hospitals Center. A board certified neuroradiologist, he was a founding member and continues to serve on the board of CareCore National, an organization that provides utilization and quality management programs for U.S. managed care companies, well as founding board member of Imaging on Call, a provider of emergency “off-hours” radiology interpretations for hospitals and radiology practices via the Internet.
In his presentation, Dr. Litt focused on “information driven healthcare,” an evolved state of healthcare delivery in which all healthcare data is electronic, allowing real time transfer of data to the practitioner so that information is available where and when the patient needs it. According to Dr. Litt, we are only at the beginning stage of a three part journey: in phase one, technology is used to capture data; in phase two, systems help us exchange data, and in phase three, information is applied to groups through data aggregation and analysis to solve real health issues, such as chronic disease management, or the reduction of patient readmission to hospital. In some cases, he added, socioeconomic data may be added to the healthcare mix to offer additional insight, such as the identification of high risk patients who would benefit from more intensive home therapy, or the pinpoint of gaps in healthcare delivery – outcomes that are of special interest to community care professionals.
But if the benefits of data exchange and analytics are so clear, what’s the holdup? While the need for greater interoperability between data and systems is one precondition, the biggest issue in Dr. Litt’s view is data security and privacy. “It’s all about trust,” he explained, and citing a study of students at the University of California at Berkeley, he added that “it’s not just a generational concern.” The Berkeley survey data produced some compelling findings about young consumers’ requirements for embracing electronic healthcare: 100 percent of the Berkeley respondent population do in fact care about data security and privacy (especially data about mental health and STDs); 54 percent of respondents said that if they didn’t trust data security, they would not provide health information; 38 percent would postpone care and 37 percent would travel to where they felt data security was adequate; 73 percent would experience reduced confidence in care if security was in question. And a very large share would hold the healthcare executive personally responsible for a privacy or security breach. In other words, concern for privacy is not the exclusive preserve of older cohorts: the younger generation views security and privacy of personal information as a prerequisite for participation in information driven healthcare, and expects accountability from the organizations and individuals involved in its delivery.
How real is the threat? Based on SecureWorks monitoring, Dell has found that 96 percent of healthcare providers experienced at least one breach over the past two years. According to Dr. Litt, healthcare is the sector that is most attacked and least well secured of all industries. It is a prime target for cyber attack because healthcare data is valuable, and because it serves as a ”doorway” into other systems, such as government. Attackers also use healthcare as a “test bed,” he claimed, refining hacking techniques in less well protected healthcare systems and then migrating a better ‘product’ to banking and other systems.
For the organizations involved, loss of data can be an expensive proposition that harms reputation as well as budgets. The requirement to provide security consulting after a breach can extend to many individuals, and in Canada, Dr. Litt noted, legislation provides for criminal proceedings. In response to a number of high profile breaches in 2012, for example, Newfoundland’s Privacy Commissioner Ed Ring called for stricter enforcement of penalties for unlawful “snooping” on healthcare information, which can include a six month jail term.
Mobile technologies were treated in Dr. Litt’s presentation as a double edged sword. Mobility spending in healthcare is definitely on the rise, he explained, and mobile device usage can deliver significant benefits, such as increased practitioner efficiency when with the patient; real time visibility into the patient’s condition; remote monitoring for chronic care management; increased patient participation and better personalization of care; integration with EMR; and reduced capital cost. At the same time, however, the BYOD trend is exacerbating security/privacy risks. According to Dr. Litt, while 63 percent of U.S. physicians now use a personal device for mobile health solutions, 30 million phones are lost or stolen each year. Other mobile device challenges include unreliable access to patient data, encryption/authorization oversight, and a lack of endpoint encryption.
Weighing the value of IT implementation in healthcare against potential risks, Dr. Litt fell clearly on the side of technology: in his view, mobile access to electronic data stored in a cloud environment offers the most direct path to moving information to the point of patient care. And while there are many challenges, there are several technology solutions available to resolve problems – VDI, for example, offers secure device management, and Dell’s most recent tablet has a fingerprint reader and a smartcard slot two factor authentication.
The real issue, he argued, lies with processes rather than technology, and much of the real value in Dr. Litt’s presentation turned on this point. While process, as well as political, funding and cultural barriers to technology adoption may continue to impede progress, the right policy may help an organization move in the right direction. Security risk associated with mobility, for example, may be mitigated by policy which ensures that as little data as possible is stored on the device since data at rest, rather than data in transit, is most vulnerable. Ultimately, he offered the audience an approach to security process – conduct a risk analysis, implement security measures, including infrastructure and monitoring/test programs, and “then do it again.” Other Dell reps were on hand at the event to provide more detail.