The Bittersweet Reality of Digital Transformation

Healthcare’s digital transformation journey has been paved by advances in technology, policy initiatives and incentives. Yet the road to transformation has also been littered with potholes, which slows and prevents adoption. The zeitgeist of the health IT industry is the that next solution will be revolutionary. Yet, to date, it has been less of the start of a “revolution” and more like Waiting for Godot. Unfortunately, when our proverbial Godot came, it was in the form of Covid-19.

Almost 20 years ago, Crossing the Quality Chasm outlined six essentials areas – patient safety, care effectiveness, patient-centeredness, timeliness, care efficiency, and equity – for improving the quality of care, reducing preventable errors, and driving population health management.  The overarching recommendation was that the utilization of information technology (IT) would be a game changer for clinical coordination. This seminal piece of work became a springboard for electronic health record (EHR) proliferation and mHealth adoption.

As health IT became more ubiquitous, there were unintended consequences of IT and mobile adoption. For example:

• The annual number of electronic protected health information (ePHI) breaches increased from 18 in 2009 to more than 365 in 2018.
• From 2013 to 2018, the average cost of a data breach to healthcare organizations rose to $3.92 million.
• Globally over 41 million patient records were breached in 2019, with a single hacking incident affecting close to 21 million records.
• Unauthorized access and disclosure incidents were the second largest cause of data breaches, representing nearly (29%) of incidents involving more than 11% of all records breached.

There is no doubt that EHRs are the gold standard for facilitating better patient care, but the  introduction of the master patient index (MPI) – a database of sharing patient information across all the departments of a healthcare organization – became a strategic differentiator for patient care. From the 1980s to the late 1990s, as healthcare clinicians and researchers embraced data sharing, identity management was single sign-on (SSO) until health systems started to realize they needed more than basic access management and light-weight provisioning to maintain compliance in the new world of ever-changing data privacy and security laws.

Beginning in the early 2000s, the need for interoperability lead many organizations to embrace cloud-based, open-secure, integrated mobile health solutions. As EHRs became the norm, providers were able to improve outcomes and reduce preventable medical errors by improving the accuracy and clarity of medical records.   With increased data sharing, identity management security was seen as less of a nice to have and more of a foundational requirement for a good compliance program, specifically to ensure the privacy and security of ePHI across the continuum of care.

Letting Identity Management Shine…

The amount of ePHI data being generated in healthcare has been a catalyst for significant investments in cloud storage and security solutions, but there is more to security than just access and storage.  The 3Vs — volume (the amount of data), variety (the number of types of data), and velocity (the rate at which data flows into an organization) — of healthcare data has been accelerated by the proliferation of the Internet of Medical Things (IoMT) and global initiatives to adopt digital health.

The rapid growth of BYOD devices coupled with diverse technology ecosystems have transformed healthcare into interconnected mobile communities. During Covid-19, the power of IT in driving data sharing in near real-time was essential for clinical coordination and improving patient outcomes.

Moreover, the desire for data sharing within and outside the 4 walls of the hospital, have matured beyond single sign-on. The next generation of identity management solutions need to demonstrate data privacy compliance to auditors with detailed audit-trails and reporting and capturing any access that has been granted outside of policy and provide documentation as to who requested access to what, if access was approved and when.

As we move towards a more digital integrated approach to clinical workflows, health systems looking to find innovative ways to improve patient outcomes, drive transparency, and improve population health are looking at identity management with new urgency. During the time of Covid-19, many health systems needed to provision new employees and give existing employees access to remote tools with abbreviated turnaround times. There is anecdotal evidence that health systems that had invested in identity management solutions pre-Covid-19, were able to immediately provision clinicians seamless without creating additional burdens on IT resources, which meant clinicians could do what they do best – treat patients.

This post was originally published on The Journal of mHealth.