Transforming the Devices that Are Transforming Healthcare
By George Gray, chief technology officer and vice president of Research & Development, Ivenix, Inc.; a HIMSS Platinum Corporate Member and National Health IT Week Partner
During National Health IT Week, champions from across the industry are uniting to share their voices on how health IT is catalyzing change in U.S. healthcare. The following post from a National Health IT Week Partner is one of the many perspectives of how information and technology is transforming health in America.
Data is one of the major forces transforming the healthcare system today – no one would argue the point. Increasingly this data drives patient care, quality reporting, reimbursements, hospital process and procedures and much more. Given that, the value of healthcare data is rapidly increasing and the ability to communicate that data across the healthcare enterprise must become a high priority. So too, protecting data against breaches and loss also has truly become mission critical.
Hospitals are increasingly coming to understand that failure to capture and share certain data across systems can have significant consequences with major financial implications – for example, the inability to capture the accurate time of a billable treatment with an infusion pump can result in potential loss of reimbursement. Additionally, protecting data from cyberattacks also is quickly rising in importance. Today, budgeting to do both is not just an option. It’s essential for the economic viability of the health system.
Data is now ubiquitous throughout the hospital – stored in or transmitted through the electronic medical record (EMR) as well between numerous IT systems and medical devices. But when focusing on data capture and security, unfortunately many hospitals often fail to look beyond the EMR.
Safeguards at Every Level of Healthcare
Infusion pumps and data surrounding IV drug delivery offer a particularly good example of the need to safeguard information. Infusion pumps are ubiquitous throughout the healthcare enterprise. Patients often receive a range of infusions, from simple hydration to critical or high-risk medications through IV delivery. A record of the infusion process is important not only for ongoing patient care but often for reimbursement, which may be dependent on accurate, detailed infusion documentation. However, this demands that data must be captured and transmitted to the EMR and possibly other systems for viewing and archiving – as is increasingly the case.
Given this situation, data must be safeguarded on multiple levels. First, using the infusion pump as an example, data contained in the device must be secured against potential cyber threats to ensure the appropriate delivery of infusion therapy is not compromised, putting the patient at risk. Additionally, because pumps are connected to the hospital network, a non-secure infusion pump can become an entry point into that network and every device and system attached to it. Clearly this is a major consideration. Finally, data must be encrypted throughout the network at every point as it makes its way – often wirelessly – from the infusion pump to the patient record.
The Costs vs. Benefits of Safeguarding
That’s a tall order – and one with a high price tag. But, studies show that ignoring these needs can be far more costly. For example, a 2018 Cost of Data Breach Study developed by the Ponemon Institute, found that the per capita data breach cost ($408 per lost or stolen record) in the healthcare industry is the highest of any industry. The second highest cost is in the financial industry, amounting to only about half that figure.
A significant part of the solution to enhancing data security involves building in better security features and creating hospital policies that take advantage of them.
These include ensuring support for:
- Multi-level user access and permissions
- Streamlined patching and restoration to the device’s original state
- Multi-factor authentication
- Virtual rather than physical communication ports
- Firewalls and other methods to block unnecessary network traffic
- Cyberattack detection and technologies to respond to them
Also playing a role are network management issues, such as securing the hospital network, understanding devices’ vulnerabilities and protecting weak areas and creating a process for detecting and responding immediately to a compromised device.
The Ponemon study also looked at other organizational factors that lower per capita costs of breaches. These included implementation of an incident response team, extensive use of encryption, business continuity management, employee training and participation in threat sharing. Hospitals should consider implementing these as standard policy.
Today cyberattacks are frequently in the news, serving as a reminder of the need to improve security measures and the consequences of breaches. This point is illustrated by a recent security breach at an Omaha-based hospital ranked as the largest such incident ever at a pediatric facility. Investigation revealed that personal and medical information of more than 100,000 patients and employees could have been accessed. This information included names, birthdates, social security numbers, treatment information, health insurance and financial data. The potential damage to both the hospital and its patients and staff is staggering. No hospital wants to live under the cloud of that type of incident.
Clearly, it’s time hospitals start thinking beyond the EMR and make safeguarding medical device and patient data as it is transmitted through the network a priority. It’s time we transform the technologies that are transforming healthcare.
The views and opinions expressed in this blog or by commenters are those of the author and do not necessarily reflect the official policy or position of HIMSS or its affiliates.
National Health IT Week | October 8-12
Healthcare Transformation | Access to Care | Economic Opportunity | Healthy Communities
Share your story, provide insights and help develop healthcare policy during NHIT Week – focused on catalyzing actionable change within the U.S. health system through the effective use of health IT.
View this year’s calendar of events
Explore this guide on supporting #NHITWeek through social media
Submit an #IHeartHIT Story
Participate in the Virtual March
Explore 10 ways to celebrate in your hometown
See the 2018 NHIT Week partners list, and sign up today