Hospital Cybersecurity & Healthcare
Why is it like this? Why has it come down to this point? Security in Information Technology is the next big thing.
Source: Duluth News Tribune
In what I want to become a short series of blogs, this will be a segment in my initial look at healthcare information technology, and primarily a focus on the security that is behind the entire health care system and industry today. Though I would love to comment and write a comparative and longitudinal study of a variety of countries, I simply don’t have the time and resources to conduct that sort of research as of now. In the meantime, I will discuss a bit about my initial thoughts and what knowledge I have learned since. Hospitals are a very curious thing, a “haven” of security and patient-physician privacy, is marred by the vulnerable technologies that erupt from this system though. It’s a very interesting case that in what we regard as a refuge of safety and heaven of healthiness, actually is one of the most vulnerable to cyber attacks. Danika Brinda, an assistant professor in the Department of Health Informatics and Information Management at the College of St. Scholastica who specializes in privacy and security, said, “I think I can say health care providers out of all the industries out there probably are the weakest when it comes to security protection.”
“I think I can say health care providers out of all the industries out there probably are the weakest when it comes to security protection.”
Source: Hacking Healthcare – Fred Trotter and David Uhlman
Healthcare delivery advances have allowed the general population to live longer and healthier lives than before. Sure, global and public health have done leaps and bounds in a broad manner, but specific healthcare delivery services have not only helped to increase life expectancy, but it allows a greater versatility in healthcare nationwide. It is working towards providing medical records anywhere and at anytime, it is helping to prevent medical logging hours, and most of all, it’s helping the nurses when they have to read the prescription and drug orders requested by the docs. Electronic Heath Records and Health IT have begun to transform what this patient-doctor relationship into a threeway, a glorious threeway where EVERYBODY has a fighting chance to die another day. However, costs are out of control, resources will run low, and physicians and healthcare providers are in for a long fight as the elderly population only increases at a rate faster than providers can be trained.
Consider this, how many automobile accidents do you think there are each year? Think about how common they are… that’s about the same number of people that die from medical errors a year. Unbelievable right? I wish I could say I made that statistic up, cause then it could fit in the 73.6% of all statistics that are made up. Stroke and lung diseases are responsible for about 100,000 deaths a year, and similarly, that number could be said the same for medical errors. You’re probably thinking, “What the… how could there be so many errors?” Unfortunately, it’s a commonplace thing… although it’s in the past now, there are SO many news articles that could be found if you just search for them, many of them, which are related to medical error have lead to many cases of drug overdoses. In fact, preventable medical errors are one of the top killers in the U.S. – behind only to heart disease and cancer. In fact, just to quantify this statistic, preventable medical errors terribly claim the lives of close to 400,000 people each year. The problem is that medical errors can be difficult to track, so there isn’t really a good way to determine if deaths from cancer or heart disease could also be attributable to medical errors. Health IT not just a career, but also a mission or vocation, often times pursued in response to emotional attachments or an emotional connection to health IT, be it losing a loved one due to medical error or the opposite. In the end, people pursue Health IT and professions in the healthcare industry because they want to make a dent in the human condition.
Unfortunately though, people are still asking for these quick responses and advances in medical technology, similarly to the development and widespread adoption of antiseptics and antibiotics. But like most knowledgeable pursuits, advancement in technology and science is similar to a logarithmic curve.
The advances and individual insights had helped medical science leap forward in its initial stages, and as we become more and more advanced, we have to learn to expect fewer and fewer of these HUGE game-changing insights. Though there have been great developments these past few years, it hasn’t been something that has revolutionized our lives and altered the way we live. Sure, we have CRISPR for gene recombinant work and we have developed telescoping surgical technology, great, but only an improvement on current practices. Instead, the medical community will make hundreds of thousands of these small adjustments and changes which can help add up to incremental advances as a result.
Now that I’ve covered some initial background and context information, I guess I should really get into the meat of the information and the purpose of this post today. With these small improvements and changes, there had to be a way to coordinate the contributions for and from multidisciplinary teams, to maintain the rate of improvement between providers, researchers and patients. In this technological age, there has to be a way to gather and parse data and information about each patient, and there must be something that can aggregate the raw data and compile it into a usable document or format. Technology is the hope for the new age, and it is technology that can improve every aspect of healthcare. Health IT was created to help turn medicine into a higher art and an even higher science it is today by integration of multiple disciplines of study, not just the sciences. There have been debates and conversations on how to do this though. How to implement. How to develop. How to improve. How to maintain. But in today’s society, one thing is for certain though, information technology is falling short in healthcare.
Medicine today invests heavily in information technology, yet the promised improvement in patient safety and productivity frankly have not been realized
Health IT had always been a “small” and niche industry in the early 2000’s, but with President Obama and his insistent push for Obama Care – it also pushed along the American Recovery and Reinvestment Act (ARRA) in 2009, which also included HITECH (Health Information Technology for Economic and Clinical Health). HITECH/ARRA defined that a substantial portion of the money set aside for the stimulus package to go to doctors and hospitals who “meaningfully use” clinical software. However, “meaningful use” was never clearly defined which has led to countless variations of EHR, and even more confusing because there was no clear definition of what this class of software was supposed to achieve. The created software has meant very different things, to the users it would include the features that they wanted, to the developers it had the set of features that they had developed. For years people wanted “i WANT AN EHR”… but with the ambiguity of what an EHR was, these vendors would respond… “Find, but what do you mean by EHR”.
Soon enough, Meaningful Use was dictated and the certification requirements were announced, but at what cost? The most important factors were left out, such as interoperability, creating a standard and framework, and instead it was just a glorified word processor, spreadsheet and database engine, all slapped together by “EHR”. This was a situation where quantity was key, the faster you could push it out, the faster it was adopted, and the faster the vendor would receive payments. Because of this, low quality and poorly thought out software was pushed out into the open and the mass market, branding itself as a new age technology meant to revolutionize healthcare, but unsurprisingly what was actually released was quickly hated due to its lack of forethought and design.
Along with this new push for health information technology, came for the increased response in security, both for standards and frameworks. However, a good question that was asked is: “Why did the US healthcare industry need to be paid to computerize?” In most other countries and industries, computerization held an intrinsic advantage. Market forces and demand shifted towards computerization, and companies that refused or resisted the move were squeezed out of business and declared bankruptcy. But in healthcare, that did not happen solely because of one purpose… the all too memorable PAPER CHART. The most central information was written, and it was a tradition to have terribly scrawled writing, for the rounding doctors to flip through the clipboard chart and discuss the vitals and notes from the day before. The patient chart stayed true and strong to the profession, it was a trademark. It was cultural. It was expected.
But on to the actual reasons, healthcare is orders of magnitude more complex than most other industries. This is due to the complexity of extensive clinical specialization which can have various health IT workflow. Looking at EHR today, it’s not a “one size fits all”… if you look at the services provided by the large companies such as Epic and Cerner, you can see ALL of the different types of software for different specialties. Each specialty would have its own diagnostic category, terminology, and procedures. Having to create a computerized system for all of that was a giant that was not worth the time. However, another reason is the time. Although it was touted to help save time, in our current physician pool, many have had years under paper charting and although there is a select portion that is tech savvy, EHR was thought to slow doctors down, and especially for doctors that were contracted from private practice, their income was based on numbers, numbers of patients seen. So if doctors had to take the time to play with a software instead of actually seeing patients, that meant they would be paid less for the same work. Even with HITECH, there was a belief that the EHR would help complete a checklist of tasks that could improve the quality of healthcare, but the study actually showed that less than 10% of all hospitals had installed software that could accomplish even a few of these “vital tasks”. The deployment was mainly to fulfill the “Yes, we have an EHR” as opposed to really thinking about the usability of workflow. Information Technology and EHR was underperforming.