The Healthcare Information Transformation, or HIT ‘12, conference was held in Jacksonville, Florida last week with 2 days packed with case studies, panel presentation, and a great variety of topics and presenters from across the country. The theme was Leveraging IT to Improve Healthcare Delivery.
The first morning kicked off with a panel discussion of the Consumerization of IT: Mobile Infrastructure, Support, and Security. Chris Seper, CEO of MedCity Media, started us off with a 30,000 foot view of the healthcare IT landscape of tablets, smartphones, and BYOD being used to access applications daily. The great news is the PHI is readily at hand. The challenge is managing the security and privacy that mobile devices add to the responsibility of providers and vendors in the industry to protect us.
Dr. Marie-Michelle Strah of Applied Information Sciences emphasized the need for enterprise information management as the key framework for managing security. Securing the device is not the point. There’s no technical silver bullet for security, and being able to step back and see the forest is critical. Every mobile device adds another endpoint that needs to be addressed: the more endpoints, the greater the risk.
Kirk Larson, VP & COP of Children’s Hospital Central California shared his successful implementation of a BYOD policy leveraging VMware’s VDI to ensure no PHI is stored on devices.
Larson takes a pragmatic approach to BYOD in the healthcare space by recognizing that relinquishing a sense of control in what types of devices are used in the hospital is realistic for the digital world, but he still manages to secure PHI with the VDI paradigm with relative ease since there is only a single image security profile to manage despite the wide variety of devices used in the hospital.
His big eye-opener during various device implementations? Most care providers returned their iPads within 24-48 hours of receiving one. Turns out they are great for reading static content, but if you actually want to use it to interact and input information, something with a separate keyboard is widely preferred.
After a lunch for the morning workshop participants, conference chair Tom Gomez welcomed attendees back for the keynote panel, Prioritizing HIT Issues and Challenges in 2012 and Beyond with:
The panel discussed what keeps CIOs up at night and how to reduce stress while innovating and still meeting compliance. All easier said than done!
Tushar Hazra from EpitomeOne discussed interoperability and the key criteria for big data to help make decisions before the afternoon break.
Rick Moore, CIO & CISO of the National Committee for Quality Assurance; Terrel Herzig, UAB Health System; Deborah Lafky Center for Strategic Health Innovation; and Chad Peterson Sinaiko of Altegra Health discussed Security Integration into Each IT Business Decision. The critical need for a risk assessment as the fundamental cornerstone of healthcare IT security was emphasized, as well as leveraging existing security models and standards as a good starting point (i.e. NIST). Deborah Lafky pointed out efforts by the ONC Tiger Team to get a preliminary sense of the degree of overlap between the HITECH standards and citations that make up the HIPAA Security Rule and other standards, such as NIST, and found a roughly 66% overlap.
Next, Shahid Shah, a.k.a. the Healthcare IT Guy and blogger of www.healthcareguy.com, moderated a panel with Ron Cowan, VP Information Management & CIO of Lewistown Hospital; Edith Dees, VP & CIO of the Holy Spirit Health System; and myself as we discussed PHI in the Cloud. We discussed the importance of contract elements, policy documentation, audit standards, and other key aspects to consider when thinking of putting PHI in the cloud. Ron and Edith pointed out how the cloud allows them to implement the same technologies and standards as the largest hospitals, even without the benefit of local HIT resources. They shared lessons learned the hard way in vendor selection. I illuminated some of the lesser known variations of data center audits and key questions to ask business associates in the cloud space.
Bob Havasy rounded out the afternoon with a compelling presentation about the quantifiable self as it relates to motivating and tracking healthcare outside the walls of the hospitals with the ubiquitous mobile devices every person seems personally attached to. He shared examples of how leveraging these technologies can have a powerful impact on a person’s health awareness and success in making healthy lifestyle changes, as well as the importance of being agile and failing quickly in the development of new technologies.