HIMSS15 had a strong start this year, breaking previous attendance records and clearing 40,000 attendees from all over the globe. Taking place this week in the beautiful windy city, McCormick Place was buzzing with exhibitors, conference attendees, educational session, keynotes and many more. Being my first time at the HIMSS conference, it was a bit of culture shock to say the least! I sat in as many educational sessions as possible to bring to light the promising future of where technology in healthcare is taking us. I will be doing daily recaps and key takeaways through my eyes – a first-time HIMSS attendee! As some of you may know, a single day of HIMSS is enough walking and information to last for a week, so this will be a quick overview of the key messaging I heard from around the event. There will be more blogs to come that dive deeper into each area, so be sure to stay tuned and check those out as well. As for day one, this recap includes thought leadership around the transformation of care through digital technology, business risk associated with connected care, the impact of the Internet of Things (IoT) in healthcare, and what the network means to healthcare and hospitals.
I attended an educational session that looked into the progress to date of delivering digital interoperable records to enable patients to interact and access care conducted by the Director of Digital Technology at NHS England Beverley Bryant. Beverley dove into how the UK and US are working together to support the digital revolution for patients. She led strong by stating, “If we really want to transform healthcare in England, then it is time to embrace the 21st century and give our citizens an experience and level of care that is up there with the best in the world.” The current struggle is that a large portion of the general practitioners in the UK are not fully embracing the digital transformation that healthcare is taking on. For instance, NHS is allowing patients to reorder prescriptions online, but only 40% of general practitioners support the process. Beverley voiced her frustration with the archaic style in which some processes are done in healthcare today by saying, “My dream is that we will have a burning bonfire of the fax machines. That allows us to finally achieve interoperability in healthcare.” In order to get there, she outlined three steps:
- Go 100% digitized and get completely away from paper
- Enforce the standards around the initiative
- Measure progress through benchmarking
The end goal is to make healthcare as seamless as possible for the patients who will use these digitized systems. This ranges from virtual prescription refills, scheduling, access to their patient records, and many more use cases. By March 2016, if under 60% of general practitioners are leveraging digital technology, there will be a plan of action to ensure that goal is reached.
This session delved into the new ISO/IEC 80001 standard, which is a standard for managing connected care risk. It provides a framework for applying proven risk management principles to networked medical technology deployment and use. Paneled by Todd Cooper, EVP Interoperability Trust Center for Medical Interoperability and Phil Raymond, Architect for Wireless Connectivity and Sr. Global Product Manager of Networking at Philips Healthcare and Informatics, this was an interesting topic of discussion. Todd started by breaking down the key questions to ask yourself when looking at devices in a hospital setting:
- How do you know your networked medical technology will perform as you expected, safely and securely?
- How do you reduce the incidence of “unintended consequences” that results from integration of many types of networked technology?
- How do you break down the silos in hospitals and coordinate technology management activities across organizational departments?
He also cautioned to identify the major hazards that may be threatening your organization through implementations like loss of data, incorrect data, incorrect timing on the data, degraded function of the devices, and unauthorized access to the data. Phil Raymond then transitioned into the idea that over the last five years, the challenge has grown exponentially with medical devices in hospitals. A hospital’s IT network is really healthcare Internet service providers. The network is no longer a “nice to have” and guest access is critical. The hospital owns the responsibility of ensuring the infrastructure meets the needs of connected devices, ranging from IV infusion pumps to a patients iPhone. How do you ensure compliance, security and authorization of all the devices connecting to the hospitals network?
I attended a session on the Internet of (Insecure) Things paneled by Scott Erven, CISSP, Associate Director of Medical Device and Healthcare Security at Protiviti alongside Beau Woods, Founder of Stratigos Security. Based on a three-year research effort, there was a main distinction made between patient safety versus patient privacy. Initially, they looked at the devices themselves ranging from radiology systems to back-end PACS, implantables, linear accelerators, anesthesia carts, etc. They got to the end and realized these devices have very basic security. The service credentials are either hard coded or defaulted. Unencrypted data transmissions and service authorization were large culprits of security risk. Often times what they saw was that data transmission is not encrypted. By not using encryption, we are now connecting devices that traditionally weren’t connected to the network. Hackers who sit in the middle of that data flow can hack it fairly easily. Their research concluded that there is poor security hygiene among device providers and manufacturers, many misconceptions currently exist around these devices and their connectivity, and there are generally poor security decisions, but those issues are solvable. Before you can fix the issues, the underlying problem must be identified. There is a communication gap between the isolated silos (IT, IT Security, Biomedical, etc.) that are expected to own responsibility of these devices. For treatment of these issues, it falls on everyone involved; “patient safety is not a spectator sport”.
What the Network Means to Healthcare and Hospitals: Network Powered Analytics
This session, hosted by Extreme Networks’ own Director of Healthcare Solutions Bob Zemke, discussed just how vital the network infrastructure is the healthcare and hospitals through network powered analytics. As of now, we look at the network as a commonality. Every device is running on some sort of IP network. The technology velocity in healthcare is staggering. We keep moving towards a faster rate of adoption as consumer technologies are pushing towards handheld video conferencing in healthcare. The true challenge in IT operations is how to support this growth, provide security and resiliency, handheld compliance, and keep it all together as more devices are run on the network. In terms of mobility, Wi-Fi is taking over the wired network with the growth of wireless devices. This translated directly into the patient experience. It doesn’t matter if you saved the patients life: if the food was cold or the Wi-Fi didn’t work, your hospital will be getting a bad review. Compliance is a major issue with these devices and applications because no hospital knows of all the applications running everywhere on their network. Bob had a great analogy, saying, “A lot of the time, hospitals are like the Tower of Pisa where all the focus is spent on the marble and accessories, but we don’t focus on the foundation of it all – the network.” The reality is, applications require intelligence. More bandwidth doesn’t solve the problem; you need to evaluate the flows of data and develop policy-based application delivery. By understanding where the information is going you can determine any bottlenecks. With solutions like Extreme Networks network management, network access control, and application analytics through Purview, these determinations can be made efficiently and effectively regarding time and costs.