6 things keeping CIOs up at night
Last month, LexisNexis brought together 30 high-level executives, most of whom were CIOs from hospitals, nursing homes and health plans of all sizes from across the county to find out what data-related issues are weighing on them most as we get further into 2018. Ed Domansky, LexisNexis manager of media and analyst relations, and Erin Benson, Director of market planning, said six major themes emerged from their responses.
It seems merger and acquisition activity sent waves through the information security sector as well, adding complexity in several areas. Also, innovation continues to be a multifaceted undertaking in that while it can yield clinical and operational gains it also means adding another dimension of risk, especially where security is concerned.
Here are six areas CIOs said they are focused on in 2018.
Described by many of the participants as a “daily challenge,” interoperability affects their ability to exchange data, such as patient EMRs, and be able to use that data across clinician, lab, hospital, pharmacy and patient. It gets to the heart of their health information systems working together within and across organizational boundaries. Yet the executives in the focus groups struggled to even come up with a unified definition of what interoperability is. For some it was about sharing records for provider referrals and different settings of care. For others it meant surfacing relevant medical history data to the right specialist and not just passing on a record and helping those specialists filter through the data to get to what’s most important. “It was interesting to see the full spectrum of how they were defining interoperability and I think that’s why it came up as a priority because of how broadly it was defined,” Benson said.
The more devices that are added increased the amount of security needed, while more records are being digitized and hackers are becoming more sophisticated and hospitals are always looking for ways to upgrade security and make sure their data isn’t breached. Incident response plans and updating policies and standards especially around newer products and services, staff education. They talked a lot about digital platforms like portals, telehealth and how to make those more secure. The balance between being asked to make data more readily available to patients but at the same time putting security in place to keep data protected is a constant focus. Finding that balance is a challenge.
“What’s making this unique is all the new ways the data is being offered like telehealth and putting patient records online through portals. It’s making this more complicated than it used to be,” Benson said.
3. Identity Authentication
CIOs know that providers aren’t necessarily seeing the patients in person anymore. They’re logging on and doing more self-service activities online, even checking lab results online. So how do you verify they are who they say they are before you provide them with medical care and advice and access to their records. So remote authentication is top of mind. “Balancing strong authentication with easy access poses new hurdles,” Benson said.
4. National Patient Identifier
If there was one issue on which all the participants seemed in full agreement it was regarding national patient identifiers (NPI). “We need it” was the overwhelming consensus and there was surprise that hasn’t been more federal money spent on establishing one considering the widespread acknowledgment that it is necessary and important. Would help with interoperability, especially in light of M&A activity where systems are having to merge disparate systems. They also talked about an increasing focus on the continuum of care and being able to link records of patients before they come into the health system through the efficient passing of records for follow-up care. “An NPI would help with this because today each system uses its own algorithm and their own identifiers so it may work within that system but when they try to move information outside the system it starts to add complexity into the process.”
5. Patient Record Linking
Errors in patient identification pose a threat to patient safety and are therefore an unending concern. Mismatching patients and records can lead to missed diagnoses and incorrect treatments. Here again, M&A activity and the reality of various systems needing to combine under a new system “umbrella” fueled the concern, along with the ongoing digitization of health records which means the volume of data is swelling and this issue will only get bigger. “It really comes down to how do you bring different data from different providers and organizations together knowing they all use different vendors and algorithms and get it into a single repository where you’re really able to have a holistic view of your patient.”
6. Provider Directory
For these healthcare executives, keeping their provider directories current is an ongoing issue. They know that provider data is continually changing and most admit they have limited resources assigned to handling updates. Domansky said this is a hassle for both providers and payers. The information is constantly changing, with 50 percent of information in directories becoming out of date after 18 months. On the provider side, just one practitioner’s office might contract with several different carriers and associated plans and they have to go through and update that info by email or fax to each one as frequently as every month. Those updates can happen at different times so for an office staff it can be a daunting task.
Healthcare Security Forum
The forum in San Francisco to focus on business-critical information healthcare security pros need June 11-12, 2018.