New treatments such as targeted cancer therapies and bionic limbs are trademark of medical improvements. This rapid innovation has seen corresponding advancement in healthcare delivery. Antiquated techniques for record keeping, data tracking, and patient-doctor interactions have all been revolutionized by technology. Although Electronic Health Record (EHR) driven coordinated care models, telehealth, and big data analytics all utilize technology to enhance healthcare delivery, they also present new and unforeseen policy questions for healthcare stakeholders.
Electronic Health Records
Digitization has entered every sector of society. Consumers cash checks via pictures and school children take notes on tablets. The medical community is grappling with this reality as well. The government has embraced this transformation through a program known as “EHR meaningful use requirements.” This program was designed to create incentives for doctors and clinicians to use electronic health records to enhance clinical data. Policy makers and physicians hope that a set of standardized electronic data across practitioners will foster better communication between providers, allowing more efficient and accurate care.
According to the Government Accountability Office, about 90% of physicians use some form of an EHR system. While use has caught on with professionals, patients are far less likely to use portals that make this data available to them. The same report found that just 30% of patients accessed their available health information. Though the Meaningful Use program has been successful in getting physician’s to use EHRs, it has not done enough to promote meaningful patient use.
The shift to EHRs has met criticism from clinicians. Some complain that the data reporting requirements are onerous and time consuming, forcing them to spend time on administrative tasks instead of treating patients. Others say they are becoming tied to their computer, diminishing the quality of their patient interaction. Health professionals who have yet to adopt EHRs cite the expense of the products coupled with their failure to be interoperable across products and platforms.
EHRs enable patient information to be stored in new ways, which create new types of privacy and security concerns. The Health Insurance Portability and Accountability ACT (HIPAA), which was passed in 1996, set federal standards surrounding the privacy and security of patient information. HIPAA was passed before the development of many modern technologies and the rise of wide-spread internet use. The generational gap between legislation and EHR technology leaves patients and providers exposed.
The frequency of high profile cyber-attacks have underscored the need to address cybersecurity in the public and private sectors. The Health and Human Services (HHS) Cybersecurity Task Force recently published their report on cybersecurity in the healthcare industry. The report called on healthcare stakeholders to give greater attention to critical cybersecurity needs through company policy updates and more focus on the issue. The unique makeup of the American healthcare system though, can make coordination across states, the federal government, and the private sector difficult, resulting in disjointed security plans and policy. According to the task force, two main culprits for the vulnerability of the healthcare industry are a lack of resources available to providers to address threats, and a workforce shortage. Additionally, outdated software, hardware, and computing methods leave groups exposed with no easy way to phase out old technology for new systems.
According to the Identity Theft Resource Center, in 2016 there were 376 healthcare data breaches resulting in the exposure of nearly 16 million patient records. For consumers, the susceptibility of their personal information is concerning. For companies, these breaches pose large financial and resource burdens. Anthem, the victim of a 2015 data breach that compromised the personal information of 78.8 million employees and members, settled their lawsuits for $115 million. The May ransomware attack that crippled computer systems in over 150 countries illustrated the consequences that healthcare security holds. The British National Health Service (NHS) was a victim of the attack which left doctors locked out of patient files, causing ambulances to be diverted and services to be cancelled or delayed.
These shortcomings indicate that the healthcare industry must update their security paradigm. Executives should imbed more effective cybersecurity infrastructure into the business strategy of their organizations. The government can support these efforts by updating HIPAA privacy and security rules to better reflect modern-day threats.
Telehealth and Virtual Medicine
Another area of digital medicine that government policy is beginning to embrace is telehealth. Telehealth, sometimes referred to as telemedicine, refers to everything from patient consultations to education programs administered through telehealth mediums like videoconferencing or pre-recorded videos.
Research published by the American Diabetes Association investigated the effectiveness of telehealth in diabetes management at a federally qualified health center (FQHC) in rural South Carolina. The results showed that, when compared to a group that received “usual care,” the group receiving telehealth services and support had significantly greater improvements in health markers related to diabetes. The research suggests that strategies such as remote videoconferencing can benefit patients in rural or medically underserved areas in managing illness.
Telehealth is an exciting advancement for a rural population that is, on average, older, sicker, and lower-income, than urban counterparts. Telemedicine can be a suitable alternative to in-person visits with medical professionals. For those who have difficulty physically accessing the healthcare system, videoconferencing can be a low-cost and feasible alternative. It can also be a complement to regular doctor visits to reinforce and support behavior.
Similar to telehealth, so-called “digital medicine” is an emerging industry. Apps for smart devices are designed to empower patients to better manage chronic conditions. These apps combine behavior modification with self-monitoring. This technology presents an industry-changing opportunity to dramatically reduce costs.
Digitized medicine gives doctors unparalleled access to patients and their behavior at a very low cost. For instance, someone managing diabetes can use a Bluetooth connected blood glucose monitoring device that uploads data to their physician. Smart phone apps or text alerts can provide reminders to patients to take prescriptions. Rather than being forced to schedule appointments and regularly check in with doctors, care can be managed daily from home.
App-connected medical devices give patients important feedback on their behavior and biological indicators. This type of software enables both healthcare providers and patients to access a trove of data that can be translated into better care.
With proper use, this software can control the progression of chronic illness. However, the adoption of these new treatment methods raises similar cybersecurity and HIPAA concerns as EHRs. The aggregation of sensitive patient information on “secure” servers may leave millions of patients’ data vulnerable to breaches. Apps, mobile phones, and internet connected devices that communicate information to and from providers also pose security issues.
Some of these devices, like phones and tablets, are vulnerable to theft. They often lack user authentication security, which would allow anyone to access their information. For most people, data on these devices is not encrypted, leaving them susceptible to data breaches. In addition, most new health-related apps are unsecure and often rely on third party servers. This jeopardizes patient information and puts providers at risk of inadvertent HIPAA violations. However, proactive policy could preempt data-related catastrophes. Lawmakers can create up-to-date standards for providers who interact with patients via applications. This is a challenge because technological innovation typically precedes regulation. Many of the prevention policy standards that need to be put in place are up to healthcare entities. They must identify vulnerabilities in how they handle patient information and correct them.
With the digitization of healthcare, data is being amassed at unprecedented levels. “Big Data” refers to large datasets that are beyond the scope of traditional software tools. This type of data is analyzed for trends, relationships, and predictions, and is increasingly useful in healthcare.
According to McKinsey & Company, improved statistical methods can streamline research and development. Big data would allow for disease patterns to be quickly recognized and targeted by public health workers. Data analytics can enable claims data to be rapidly analyzed to identify waste and fraud. It can also find the most effective and efficient courses of treatment. They found that big data may drastically cut costs. They estimate that through big data utilization, in the next ten years there could be a $200 billion reduction in national health expenditure.
Like EHR technology and telehealth, big data comes with its own set of concerns regarding privacy and security. Most consumers know that online activity is being constantly monitored by advertisers and websites; something many seem to tolerate. But, when this constant tracking comes to personal health information, addresses, and insurance information, consumers become more leery.
A potential negative consequence of increased patient data tracking is the possibility that it may be used to discriminate against patients. It is conceivable that insurance companies and other providers could create financial penalties for enrollees based on certain data like caloric intake, body fat percentage, prescription adherence, or blood pressure. Although the Patient Protection and Affordable Care Act (ACA) protects patients with pre-existing conditions, the potential uses for expanded patient data are murkier. Some fear that healthcare may become inextricably linked to tracking certain behaviors.
An interesting new form of data are individuals’ genetic information. Genotyping DNA has grown in popularity; allowing patients to “predict” their likelihood for certain diseases. In 2008, the Genetic Information Nondiscrimination Act (GINA) was passed to protect Americans from discrimination by insurance agencies and employers based on their genetic information. However, as genotyping one’s DNA becomes more mainstream, it remains unclear if this largely untested law is comprehensive enough to protect consumers and patients. Data collection in healthcare is entering uncharted territory, and government policy must remain nimble enough to be proactive in advancing public health while protecting personal privacy. It is critical that policymakers continue to reevaluate and update policies like HIPAA and GINA to address new uses of big data.
Innovation in healthcare delivery will continue to accelerate with technological and medical advances. The issues they create for government and business are of equal importance to the problems they help solve. Clinicians will be able to engage with patients in novel ways through home monitoring software and telehealth. Healthcare stakeholders can use big data to track diseases in a population with unmatched accuracy. Policy makers are tasked with creating a regulatory framework that manages patient security without stifling innovation or the effective use of technology. The future of healthcare is here, and it’s imperative that government be ready.