In his “Automating Compliance in the Cloud” session during the CTO Roundtable at Liberation 2019, Gerry Miller, the founder and CEO of Cloudticity, discussed the inherent benefits and challenges of digitizing medical data and automating compliance in the Cloud.
It’s the duty of all healthcare providers to protect and care for patients. However, with sophisticated advancements in health information technology (HIT), the scope of what it means to champion patient health and safety has dramatically evolved in recent years. Now extending beyond a hospital or health system’s four walls, patient care is further complicated by the industrywide move toward digitization and automation, specifically moving electronic health records (EHRs) and provider data to the Cloud for enhanced storage, management and accessibility.
The implications of the transition to the Cloud were recently discussed at Medecision’s 2019 Liberation event—an exclusive three-day gathering of healthcare leaders designed to explore how innovation and disruption come together to solve the biggest challenges in healthcare—in Dallas, Texas.
The subject was the focus of a session titled “Automating Compliance in the Cloud” during Liberation 2019’s CTO Roundtable. Gerry Miller, the founder & CEO of Cloudticity, discussed the inherent benefits and challenges of digitizing medical data and moving to the Cloud.
Moving On Up
During his CTO Roundtable session, Miller spoke at length about the transformational advantages of HIT, chief among them being the ability to improve patient outcomes and drive much-needed innovation throughout the industry.
“The healthcare industry is our economy’s sixth largest driver of gross domestic product (GDP), but it’s not great at its job of making people well,” Miller said. He cited the alarming rate of patient deaths due to medical error specifically.
A recent Johns Hopkins study found that more than 250,000 people die in the U.S. every year as a result of medical error. This squarely places preventable medical error as the third leading cause of death after heart disease and cancer.
“When a statistic is that bad, there is tremendous opportunity to move the needle and be better,” Miller said. “What makes the improvement possible is the digitization of medical data.”
So what are the strategic benefits of HIT and the Cloud? For starters, healthcare organizations now have access to and are using more data than ever before. Similarly, the consistent push toward interoperability is driving demand for storage options. The Cloud can not only help providers offload these massive amounts of data, but it can also keep it safer in secure environments that can be remotely accessed.
However, Miller underscored, as more hospitals and healthcare systems look to optimize internal processes and workflows by moving to the Cloud, they must not underestimate the importance of continuous compliance and cybersecurity. Data breaches and cybersecurity attacks could not only cripple your hospital—both financially and by reputation—but also put confidential patient records at risk.
Another issue of concern is that hospitals are targeted by ransomware attacks more often than any other type of business. In fact, 88% of all ransomware attacks are directed at hospitals, according to Solutionary, an NTT Group security company.
Why? Personal health information is extremely valuable on the black market, earning hackers or other bad actors more than 10 times the value of credit card information. A 2018 Ponemon Cost of a Data Breach Report found that the cost of a data breach for healthcare facilities is about $408 per patient record.
What’s worse is that most hospitals are fairly easy targets, providing multiple entries via medical devices, employee email directories or other outdated legacy electronic systems. According to a 2017 report from the U.S. Department of Health and Human Services, the number of healthcare data breaches of more than 500 records between 2009 and 2016 increased from 18 to 329, marking a stunning 1,728% increase. Additionally, between April and June 2018 alone, the Protenus Breach Barometer reported that more than 3.14 million healthcare records were exposed by data breaches at just 142 hospitals.
The fallout from a hospital data breach can be significant, totaling damaging financial and legal repercussions, patient safety concerns, operational expenses, and reputation damage. Following an attack, patient retention is also a concern. A survey from TransUnion Healthcare found that more than half of hospital patients would switch providers following a data breach.
“Cybersecurity takes constant vigilance because we are a constant target,” Miller said during his talk. “Real people can get hurt. That’s why compliance is not a point-in-time event—it’s a continuous process to ensure compliance today, tomorrow and as regulations change.”
Frameworks for Compliance
Despite the risks in moving to the Cloud, Miller says that an automated infrastructure opens up worlds of possibility for continuous improvement and success. Sophisticated software and HIT via the Cloud can allow providers to automate end-to-end, while properly aligning with compliance requirements.
Though there is a lack of governance throughout the healthcare industry, including little to no HIPAA standards or set of measures, providers can take concrete steps to protect their patients and their organization at large.
Miller says that hospitals and healthcare providers must constantly question their cybersecurity effectiveness in order to manage compliance, including implementing ongoing, rigorous internal assessments. Devising a set of measurable controls—while also leveraging outside expert resources from the National Institute of Standards and Technology and the Health Information Trust Alliance—will add strength and flexibility to your cloud storage and management. Above all, Miller advises constant vigilance when it comes to gaining insight into tackling cybersecurity and compliance threats.
Though challenging, Miller firmly believes that the benefits of moving to the Cloud outweigh the risks; however, hospitals and health systems must adjust and scale their operations to protect patients from outside risks. The mantra Miller often gives his employees is simple but effective: “Don’t solve customer’s problems; write software that solves it.”