8 CIO concerns for 2016
CIOs arguably have some of the hardest jobs in healthcare today. These men and women face interoperability barriers, IT decisions that require significant financial investments and protecting hospital networks and patient records from aggressive hackers and vulnerabilities.
That's a tall order as it is, but recent analyses and surveys suggest many CIOs also wrestle with small budgets, meager staff buy-in and federal regulations — some looming and unimplemented.
Here are eight key events, themes and challenges for CIOs to focus on in the upcoming year.
Cybersecurity spend. Considering the value and breadth of data contained in patient health records, healthcare is arguably the industry that stands to lose the most from a weak cybersecurity infrastructure. But a 2014 industry benchmarking report from BitSight ranked healthcare's cybersecurity preparedness behind that of the finance, retail and energy industries.
The cost of a cyberattack for the average hospital is $3.5 million, but according to a HIMSS survey, 46 percent of hospitals spend less than $500,000 annually on cybersecurity. A PwC analysis put these numbers in a more micro perspective: While a data breach can cost a hospital $200 per health record, about $8 is spent protecting that same record.
Moody's has likened cyberattacks to natural disasters within healthcare organizations, and concluded that the threat of such attacks could begin to play a role in an institution's credit ratings. In the first half of 2015, over 42 percent of cyberattacks were healthcare-related, affecting tens of millions of patients. Clearly, allotting a significant chunk of hospital and health system expenditure to cybersecurity measures is not only a wise investment, but a necessary one. While 88 percent of CIOs and CISOs have reported increased cybersecurity budgets in recent years, according to a Southern Methodist University survey, an October Trustwave report found cybersecurity still accounts for less than 10 percent of budgets for most healthcare organizations.
In light of a Logicalis U.S. Global CIO Survey that reported 31 percent of CIOs are bypassed when it comes to IT purchasing decisions within their own systems, come 2016 it will be incumbent on CIOs to demonstrate their expertise and the need for adequate defense funding. The single biggest driving factor for cybersecurity investment is perceived risk reduction, according to a Dallas-based Southern Methodist University survey, and as cyberattacks are expected to become only more common, CIOs must demonstrate the enormous risks that stem from an underfunded cybersecurity program.
Optimization of IT systems. With hospitals and health systems having spent millions on EHRs, CIOs must ensure they are getting all the value they can from those investments. In a recent survey of CHIME members conducted by healthcare consulting firm Impact Advisors, most respondents said their top IT priority is getting more value out of their EHR investment.
"Call it performance, call it tech-based enabled improvement, call it optimization. Call it whatever the buzzword is, but [we're] trying to get more capability out of the investment we've made in the past few years in EHRs," says Todd Hollowell, COO of Impact Advisors.
EHRs aren't just electronic versions of medical records anymore, and to maximize the IT systems' value, healthcare organizations are capitalizing on EHRs' capabilities to offer multiple services to various end-users, including clinicians, patients, other health systems and even internal systems. For example, developers are creating enhanced clinical decision support systems for providers, and providers are bolstering patient engagement by encouraging patients to access and use portals. Internally, hospitals are starting to link their EHR data directly to administrative and billings functions to streamline and automate the revenue cycle.
All these functions directly impact a hospital's bottom line, and as reimbursement is increasingly tied to value and outcomes, using EHRs and IT systems to their absolute capabilities will become critical to maximize ROI.
21st Century Cures. The 21st Century Cures Act is journeying through the legislative branch of the government. Rep. Fred Upton (R-Mich.), chairman of the House Committee on Energy and Commerce, introduced the bill, and the House passed the bill In July with a vote of 344-77. At the time of publication, the bill was in the hands of the Senate.
The crux of the bill seeks to quicken the pace of healthcare innovation by allowing patient experience data to be considered in FDA risk-benefit assessments of devices and drugs.
Supporters of the bill claim it will help expedite innovation and bring new cures to market at a quicker rate. Opponents say an expedited review process won't allow for a full risk analysis of products, especially since the proposed amendments would allow device approval based on anecdotal evidence, such as patient stories, rather than scientific studies.
Wrapped into the 21st Century Cures Act bill are provisions related to health IT, including interoperability and telehealth. The bill requires IT to be interoperable and satisfy the following three requirements: 1) allow for secure transfer to and from any and all health information technology; 2) allow for complete access, exchange and use of all electronically accessible health information; and 3) do not allow any information blocking. The bill also calls for further research and studies related to telemedicine, though the American Telemedicine Association expressed disappointment in this, saying a call for a study is just a "snooze button" for CMS to delay action.
The bill will likely be even more health IT-heavy when it comes out of the Senate for a vote. According to Politico, the Senate Committee on Health, Education, Labor and Pensions plans to include a medical innovation bill in its companion to the 21st Century Cures Act. Also expected to be in this packaged legislation is the Transparent Ratings on Usability and Security to Transform Information Technology from Sens. Bill Cassidy, MD, (R-La.) and Sheldon Whitehouse (D-R.I.) which would establish a rating system for users to compare certified health IT products.
Managing the data deluge. Healthcare is inundated with mountains of data. But large quantities of data are only as meaningful as the insights they yield, and the barriers to getting those actionable insights are many.
A Stoltenberg Consulting poll found 51 percent of healthcare IT leaders believe the most significant barrier to hospital data analytics is not knowing what data to collect or how much of it. The next largest barrier was a lack of organizational clarity on what to do with data and what to look for when analyzing it. Smaller but still significant percentages of respondents said the tools required to properly analyze data aren't available yet and analyzing big data is too intimidating.
As overwhelming as it may seem to design and implement data management and analytics strategies, experts expect the effort to yield big payoffs. Efficient data analytics are linked to significantly reduced costs, increased business intelligence and improved clinical outcomes. Some of the biggest drivers for hospitals and health systems adopting analytics are the increasing costs of care and the transition to pay-for-performance, according to a CDW poll.
Putting viable analytics tactics into place is complicated by a lack of common standards and common infrastructure, interoperability challenges and the difficulty of combining data from disparate sources. As in many other cases, healthcare holds its own set of challenges, such as HIPAA regulations and privacy concerns when it comes to analytics innovation, that make it a less forgiving sector than others. But as vendors increasingly offer big data collection and analytics components in software and the industry continues to acclimate to outcomes-driven incentives, turning the buzzword into results may become less intimidating and abstract.
Mergers and acquisitions. The effects of mergers and acquisitions ripple far beyond integrating leadership and aligning operational efficiencies — hospitals and health systems have to integrate their EHRs and information systems as well, which can often be a painful process.
First, eliminating redundancies in IT often means scrapping one organization's IT system for the better performing one — a bitter pill to swallow for an organization or CIO who has invested millions of dollars into selection and implementation.
Secondly, Mr. Hollowell says CIOs also have to develop long-term roadmaps to reach an ideal merged technological environment, which can become jolted and disconfigured when another organization comes into the mix. "You're either going to be an acquirer or be acquired," Mr. Hollowell says. "How do [you] integrate those systems so [you] don't have too much redundancy or fragmentation?"
Not only do CIOs have to form this vision, but they have to anticipate pushback and frustrations from other leaders when certain systems or apps have to be eliminated.
In a previous interview with Becker's Hospital Review, Paul Cioni, chief technology officer of private cloud application hosting company Velocity Technology Solutions, said the key is addressing technology integration during a merger before organizational changes like leadership structures and personnel. Focusing on technology first prioritizes finding efficiencies in operational processes, which then translates across the rest of the organization. "It forces the business process owners to embrace the best practices of each entity and to rationalize business processes for economies of scale. After all, that's why these acquisitions are being done — to gain scale," Mr. Cioni said.
Talent gap. Healthcare continues to digitize, but IT talent hasn't kept pace. And with growing and emerging demands, IT leaders are strapped to find employees with the right skills and know-how.
Nearly 70 percent of providers said the lack of qualified talent was the biggest challenge to achieving a fully staffed department and 30 percent said they scaled back or put an IT project on hold due to a shortage in staffing, according to the 2014 HIMSS Workforce Survey released in 2015.
The most desirable skills in IT departments are shifting. Once sought-after skills are now outdated. Instead IT needs experts in data science, analytics, cybersecurity and consumer engagement. In an interview with Becker's Hospital Review in early 2015, Bill Russell, CIO of Orange, Calif.-based St. Joseph Health, said, "You don't need as many people to run a cloud environment as you did in your traditional IT shop in the data center. You don't need to explain technology at workstations because we're designing [models] in such a way that we can run them without a device. You don't need as many feet running around, fixing TVs."
Apps, mHealth and BYOD. Many of today's healthcare app designers started their careers in other digital sectors, designing easy-to-use apps for consumers. That experience stuck when they moved into healthcare, as they now bring that easy-to-use mentality to healthcare-specific challenges. However, tomorrow's physicians will be more tech-savvy, and they will have higher expectations for mHealth and device integration in care settings. According to research by HIMSS, 69 percent of clinicians are already using mobile technology and devices to view lab results and other patient information. In 2016, pressure from patients and physicians to have their devices sync to records, enable portal access and share information securely will intensify.
Hospitals and health systems already feel increased pressure from consumers, physicians and other care team members to accommodate the use of third-party applications and devices, which requires revised privacy policies and safeguards. By 2018, 50 percent of the more than 3.4 billion smartphone and tablet users will have downloaded mobile health applications, according to a Research 2 Guidance report.
An April HIMSS survey found that 90 percent of provider respondents had downloaded apps to engage with patients. Thirty-one percent of organizations had designed apps specifically for patients and another 30 percent had plans to develop such mHealth apps. This growing prevalence of mHealth devices could lead to significant population health insights as systems manage care for patients in a wider radius. A great deal stands to be gained from a patient engagement perspective too: 72 percent of respondents said they believe apps encourage patients to take more responsibility for their health, according to a Research Now physician survey. Vendors have to do their part in developing API infrastructures that allow for healthcare applications to connect to their software, but CIOs will have to take their own steps to meet the intensifying demand. These changes might take some time to manifest, but meeting them head on requires strategic planning now.
Embracing the care continuum. As reimbursement is linked to value, clinical outcomes data are more entwined with the revenue cycle. Providing a connected care outlook in which an organization's policies and IT infrastructure reflect information sharing and all points of the care continuum largely falls on CIOs and the purchasing and data exchange choices they make.
"If you don't realize a lab test was administered because it was given to the patient off-site, and you don't have that connectivity, that's going to be a problem for your quality scores," says Stephen Kahane, MD, president of client organization for athenahealth. Dr. Kahane says CIOs have to be more vigilant with vendors and demand systems that enable greater connectivity with other companies' software and HIEs. "When you can integrate more stops along the care continuum into your data, you're going to be able to better measure quality," he says.
Enabling better connections with other providers will help the medical staff make informed decisions about care and reinforce the patient experience, as well. As patients become more engaged with their own health and have increased access to their data, they will expect their providers to be up to date on the care they've received, regardless of where they receive it.
"You're going to have to look for that openness in your software," Dr. Kahane says. "You've got to let others plug in."
More articles on health IT:
© Copyright ASC COMMUNICATIONS 2016. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.