Pursue Interoperability Without Compromising Compliance
The American healthcare industry has always been a complicated marketplace with a massive ensemble of professionals. On the one hand, you have providers administering care to patients, payers and public entities that fund treatment, and pharmaceutical companies who develop life-saving medicines.
On the other hand, you have patients continuously seeking the best available medical care while looking for the most affordable and convenient experience. Underpinning this complex marketplace is the healthcare IT industry, providing valuable technology and services to optimize the entire ecosystem.
Connecting The Pieces
In short, there are countless moving parts – all of which have struggled with interoperability, just now approaching effective and secure communication methods. This long-needed, long-pursued interoperability introduces new challenges to the industry’s cybersecurity infrastructure. This article focuses on why the healthcare industry must focus on achieving interoperability with an unblinking focus on security and compliance – and how to do so.
This is an industry in which the whole is greater than the sum of its parts. Ultimately, as each component of the healthcare system begins to function as part of an ecosystem, patient outcomes will improve. As healthcare professionals dedicated to modernizing the system, we constantly strive to align these disparate components.
Here, I borrow the HIMSS definition of interoperability: “the ability of different information systems, devices and applications to access, exchange, integrate and cooperatively use data in a coordinated manner, within and across organizational, regional and national boundaries, to provide timely and seamless portability of information and optimize the health of individuals and populations globally.”
In essence, this boils down to making sure all of the players in the healthcare system are rowing in the same direction, even when different organizations and regions have their unique styles. Achieving effective interoperability is a lofty goal in and of itself. And we have made significant progress towards attaining interoperability recently. New initiatives like the Trusted Exchange Framework and the Common Agreement are a testament to the healthcare industry’s commitment to partnering together to provide superior patient care.
Trusted Exchange Framework and Common Agreement
Under the Trusted Exchange Framework and the Common Agreement, users across different networks will work within common infrastructure models and approaches to share basic clinical information securely. These common frameworks are critical to establishing clear expectations across the industry. And even though these principles are non-binding, I still believe they are a step in the right direction to helping the healthcare industry operate with similar guidelines and values.
Nevertheless, we should never lose sight of one of our most critical responsibilities. We must always treat patient data with the utmost care and seek to protect patient privacy whenever possible. I believe we ought to treat patient data with such great care because of the highly sensitive, highly valuable nature of this data. It is a well-known fact across the industry that malicious cyber incidents target patient health information, or PHI, in ransomware attacks because PHI often contains incredibly private and intimate information about a patient’s life.
Balancing Privacy With Speed and Efficiency
Protecting sensitive patient data while transmitting it across multiple organizations and ensuring it is accessible to healthcare professionals is a tall order. After all, how can we ensure PHI is accessible to other healthcare professionals who need the information to treat patients while ensuring the data remains shielded from individuals who may not need to know this PHI?
A significant first step is for healthcare organizations and HCIT vendors across the industry to subscribe to the interoperability guidelines laid out in the Trusted Exchange Framework and the Common Agreement. Across the industry, we have to buy into a common set of values and guidelines that can act as guardrails for the industry to develop as a whole. Although these principles are constantly evolving and the goalposts may feel like they are always moving, we are still better off agreeing on a common set of practices as the industry develops.
And secondly, the healthcare industry should develop infrastructure and processes that prioritize compliance and security while balancing the need for speed and accessibility. We have prioritized compliance and security because ultimately, any gains achieved from faster or more accessible technologies could be wiped away if regulators believe the developments are illegal or if malicious actors can exploit the nascent interoperable systems. Rather than take one step forward and two steps back by developing interoperable systems that do not pass muster from a compliance or security perspective, we should diligently build interoperable systems without taking shortcuts to get to market first.
Moving Towards Increased Interoperability
Healthcare interoperability will help drive greater patient outcomes and a more holistic model of care. And as we build these interoperable systems, let us always treat PHI as sacrosanct so we can help patients become healthier without exposing their data to any vulnerabilities along the way.