The migration to electronic medical records offers patients, providers and the overall healthcare system a variety of compelling benefits and cost reductions — but we shouldn’t underestimate the challenges that stand between the idea of an e-health ecosystem and it becoming a reality.
Specifically, there’s a significant amount of work to be done around privacy, information security, compliance, and identity and payment fraud.
While each sector presents its own unique requirements and characteristics, the common thread for each is that we must able to:
• Trust in the reliability of the information;
• Access, analyze and share the right information with the right people at the right time;
• Minimize and mitigate potential risks introduced via cyber-borne threats by using the most advanced privacy and security protection strategies.
As more and more organizations seek to accelerate a conversion, or at least lay the groundwork, for an evolution to electronic medical records, there is no shortage of providers individuals hanging up a shingle in the health information technology (HIT) space.
[Q&A: Between the lines of NEJM's EHR report, 'trust trumps tech'.]
Sorting out the details — let alone the merits — of one offering from another can be a challenge in itself. At a minimum, organizations seeking to expand their HIT operations should seek providers who can deliver:
• Trust Services: An ability to evaluate the people, policy, procedures, and products used to identify, authenticate, and authorize information systems users and to monitor and manage access to data and resources; including identity management, assurance, and National Strategy for Trusted Identities in Cyberspace (NSTIC) compliance.
• Trusted Infrastructures: An ability to update operating processes and platforms to ensure confidentiality, integrity, and availability of protected health information Workforce Assurance: Focusing on human capital, learning and development, change management, continuous awareness, and strategic communications.
• Strategic Risk Management: An ability to Identify, prioritize, and mitigate security and privacy risks throughout the enterprise; including enterprise governance and oversight, planning agendas supporting out years, and performance metrics.
• Reliable Healthcare Analytics: Enhancing healthcare for individuals and communities via data-driven methodologies; includes risk and fraud analytics and comparative effectiveness intelligence and research.
• Supply Chain Assurance: An ability to analyze supply chain vulnerabilities and to develop and implement monitoring techniques and mitigation strategies.
• Data Privacy: An ability to protect critical information assets with a focus on compliance and privacy integration in systems, along with a focus on privacy incident response.
Whether cyber health is helping to improve care delivery; ensure on-demand implementation; expedite clinical trials; or identify, mitigate, and eliminate fraudulent activities, it touches practically every health transformation initiative.
The promise is significant, but so are the challenges tied to it. Organizations that take a practical, pragmatic view of both will be best served.
Ilene Yarnoff is a lead assurance and resilience principal for Booz Allen Hamilton’s healthcare clients. She has proven expertise in providing solutions and programs for effective health information security and privacy management.
