More than blind faith: A guide for CIOs at HIMSS 2016

2016 02 28 16 18 58 556 Las Vegas Sign 200

Back in 1969, four gifted musical artists got together to create a band called Blind Faith. The band only lasted one year, but the four musicians -- Eric Clapton, Steve Winwood, Ginger Baker, and Ric Grech -- had previously defined rock and roll in other bands with names like Cream, Traffic, and Derek and the Dominos.

While the members of Blind Faith made incredible music, hospital chief information officers (CIOs) need to make decisions based on much more than just blind faith. They need to see something real, not a concept. They need to speak to someone who understands the bigger picture, rather than viewing things at the department level.

PACS consultant Michael J. Cannavo.PACS consultant Michael J. Cannavo.

Most of all, CIOs need answers, not more questions, when it comes to healthcare and radiology IT. This week's Healthcare Information and Management Systems Society (HIMSS) annual meeting provides all of that and more, but CIOs will need more than just blind faith to find their way home.

It's big

There's no question that HIMSS is a big meeting and still growing (unlike more radiology-centric trade shows). It's an IT-centric show compared to RSNA, which explains why attendees are five times more likely to look at vendor-neutral archives (VNAs) than PACS. When going to HIMSS, CIOs need to look at a totally different set of areas compared to RSNA and in a lot more depth as well. Some of the biggest topics are described below.

Security

In light of the recent ransomware attack that forced a California hospital to pay $17,000 to regain control of its computer systems after being held hostage for 10 days, discussions of security will be paramount at HIMSS 2016.

This is especially important in light of the fact that many PACS have proactive monitoring systems. While many use virtual private networks (VPNs) or other safe connections, all it takes is one person who accesses the system outside the VPN, and the hackers with their malware are in.

How can this happen?

Simply put, human nature. This can be something as simple as an unsuspecting PACS or network administrator working from home who can't deal with a slow VPN connection or other situation. You also need to factor in the potential for a system to be breached by someone inside the facility as well, whether innocently or nefariously.

I ran into this situation several years ago when working with a radiology group that had their IT folks develop basic RIS functionality for the group. Asking "who owns the source code?" to the RIS opened up Pandora's box.

Not only did the developers feel they owned the code (the group obviously felt otherwise), but they had also built Trojan horses into the code in the event either of the two developers were let go. Obviously, this was not a good situation, but it was one in which the developers had the upper hand. We got through it, but it wasn't easy or pretty.

The reality of the security situation is encapsulated in a HIMSS 2016 session on March 1 titled "You WILL be breached -- but will you be prepared?" While the $50 per record for hacked healthcare records may not seem like much, it adds up pretty quickly when you consider that 42.5% of healthcare enterprises admit to being digitally compromised last year alone. The real number is probably significantly higher. Add to that penalties related to HIPAA breaches and the $17,000 paid was a bargain.

Rest assured, the next healthcare organization that is breached will not get off nearly as cheaply or easily. Given the hefty fines, negative publicity, and potential for huge financial losses, it also would not be surprising for CIOs to start looking more closely at vendors' business associate agreements (BAAs) and incorporate a clause that holds vendors responsible in the event a breach is due to something that was under their control.

The cloud

If 2016 resembles past HIMSS meetings, the cloud will continue to play a huge role in many company presentations, especially those in the radiology IT marketplace. Several major vendors had cloud initiatives at RSNA 2015 and will promote these as well at HIMSS 2016.

Interestingly, in a brief a survey I took of more than a dozen vendors at RSNA 2015, most are using the cloud not as much as a data storage repository but rather for replacing onsite hardware with virtual servers and other hardware. The reality is that CIOs and others remain reticent to store images at a place where they cannot be responsible for the safety and security of the data. Until the cloud proves itself further as a safe and secure repository, it will be relegated primarily, but not exclusively, to offline disaster recovery or virtual machine applications.

Vendor-neutral archives

A recent survey found that VNAs generate five times the interest of PACS at HIMSS. That is to be expected, given that HIMSS is primarily an IT show.

The VNA market is also one that remains in flux. In the past few weeks alone, one major PACS vendor announced a partnership with a VNA provider, while another VNA provider that primarily competed in the enterprise content management (ECM) market announced it was making an offer for one of the leaders in the VNA market.

If we go back a few months further, there have also been several PACS vendors and others entering the VNA market. A few companies were sold, and the promotion of VNAs -- not just for enterprise imaging solutions but as central data repositories (CDRs) for all data enterprise-wide -- has begun to evolve.

CIOs typically have not yet fully embraced the central data repository concept, but this may change as the market matures and more sites have been installed. And of course, not to be outdone, one company isn't content to call a VNA a VNA and instead calls it an application independent clinical archive (AICA).

Meaningful use

Like it or not, CIOs are still tasked with helping their facilities reach stage 3 meaningful use (MU). As of 2015, 95% of all eligible and critical access hospitals and 93% of all critical access and small rural hospitals registered have demonstrated meaningful use of certified health IT through participation in the U.S. Centers for Medicare and Medicaid Services (CMS) electronic health record (EHR) incentive programs.

Sadly, the lion's share of these had only met stage 1. Getting through stage 2 (advancing the clinical systems), which was due in 2014, and stage 3 (improved outcomes), due in 2016, is a challenge to all except the largest facilities, despite significant financial incentives. By the end of 2014, when most hospitals should have reached stage 2 by meeting the 17 core measures, just a small percentage did. In addition, less than half of the eligible professionals who can participate in the MU program have registered, including about one in four radiologists, for whom MU has little relevance.

Adopting an electronic medical record (EMR) is much easier than meeting the CMS requirement for implementing an electronic health record. As background, EMRs are digital versions of paper charts and are designed to work within a hospital or practice. EHRs focus on the total health of the patient and are designed to reach beyond the health organization that originally collects and compiles the information.

An EHR shares information with other healthcare providers, such as laboratories and specialists, and contains information from all of the clinicians involved in the patient's care. The information moves with the patient and is designed to be accessed by all people involved in the patient's care -- including the patients themselves. Part of the confusion comes from understanding what the government is doing, and what HIMSS is doing.

While MU has three stages, HIMSS has developed an Electronic Medical Record Adoption Model (EMRAM) that has seven stages and addresses the convergence of interoperability, information exchange, care coordination, patient engagement, and analytics with the ultimate goal of holistic individual and population health management.

To date, just over 4% of the more than 5,300 healthcare organizations participating have achieved stage 7 -- achieving what HIMSS calls "knowledge-driven engagement for a dynamic, multivendor, multiorganizational interconnected healthcare delivery model." The lion's share (36%) of participating organizations have achieved stage 5 ("community-wide patient record using applied information with patient engagement focus"), while 27% have achieved stage 6 ("closed-loop care coordination across care team members").

EMRs are coming to fruition much more quickly than EHRs, but both are important.

Interoperability

HIMSS is all about interoperability. The Interoperability Showcase at HIMSS 2016, developed in collaboration with the Integrating the Healthcare Enterprise (IHE) project, is designed to demonstrate the power and availability of standards-based health IT solutions and allows attendees to create a patient record and watch it move from system to system across a continuum of care. The showcase has more than 40 sessions this week in Las Vegas that discuss the topic at length.

The biggest discussion points at the showcase will be how the enterprise imaging systems can connect with the EMR vendors to allow for the creation of the EHR. Only one of the big three EMR vendors -- who between them control close to 75% of the EMR market -- offers a PACS, and its PACS is typically not promoted outside of the company's customer base.

That means that EMR connectivity is key. You cannot assume that an HL-7 interface already exists between the PACS and the EMR, and that the data you want interfaced will transfer smoothly between systems. Seeing it in action is the only way to be sure you'll get what your facility needs.

Networks

A variety of hardware- and software-based load balancers will be available for review. Mobile communication and security related to it will also be a focal point.

RIS

For years, RIS has suffered a long, slow decline. Now, with VNAs coming to the forefront, prestaging of images is key. While VNAs can retrieve images much faster than in years past, any delay in image retrieval is too much. By prestaging studies to the local server from the archive before they are needed, both prior and current studies show up at the same time, significantly improving radiologists' productivity.

Some RIS applications also provide features such as billing and dictation without having to add on third-party modules. This is especially important for smaller hospitals that have neither the budget nor the need for more complex systems, or that don't have a high-end EMR that provides RIS functionality.

Telehealth

Like RIS, telehealth has made a resurgence. Over a decade ago, telehealth was actively promoted, but the costs and technological barriers limited wider acceptance. Now, neither of these are issues.

In addition, it is much easier to integrate telehealth systems with clinical workflow, so the justification for these systems is easier to achieve. With larger facilities acquiring additional sites on a regular basis and mergers happening more frequently than ever, more facilities are looking at telehealth as an option for providing higher-quality patient care at a lower cost.

Page 1 of 775
Next Page