Increased effectiveness of care delivery while controlling costs has become the critical goal for all healthcare organizations. Continued price increases aren’t sustainable with the U.S. exhibiting the most expensive healthcare in the world. At the same time, outcomes and health statistics show the country far behind other countries.
The United States doesn’t have the single payer type of system that allows many other nations to negotiate prices and control escalating costs. As a result, healthcare executives must find other ways to keep expenses within bounds and deliver improved results. One of the popular mechanisms is to involve patients in their own treatment and preventative activities. However, there’s a problem that might come as a surprise even to people with an MBA in health administration: HIPAA.
The Healthcare Insurance Portability and Accountability Act is one of the main regulatory statutes that affect the industry. Among other things HIPAA focuses on consumer privacy and the protection of health information. The goal absolutely makes sense, but there are some unintended consequences, as experts mentioned at the MIT Digital Summit last month:
HIPAA regulations — created to make health data private so preexisting conditions can’t be used against patients — are hobbling efforts to use information collected from countless new mobile endpoints, however. “I had a venture capitalist at a medical meeting say that HIPAA stands in the way of more of his medical start-ups than anything else, and I think it needs to be revisited,” [physician David Albert, founder of AliveCor, which makes smartphone-mounted heart monitors,] said.
The basic problem is that the introduction of mobile technology, smartphone and tablet apps, third-party data services, and other technology takes advantage of an interconnected network of devices, information sources, and people. Unfortunately, that makes securing information and compliance with regulations challenging.
A quick look at the number of apps and online services that are broken into, with data stolen, should make the potential problem obvious. The issue becomes even thornier in the light of authentication and ensuring that people are who they claim. According to a recent report, identity management and unauthorized data access by employees has reached the top of security and privacy concerns among healthcare providers. The source of problems is not only outside criminals, but those inside the company, or even employees who aren’t acting out of malice, but who are careless.
Security and privacy are too often considered strictly information technology issues. But when shortcomings affect operations and innovation of the company as a whole, the topics should gain the attention of healthcare executives and managers. You needn’t become an expert in security technology, but you do need to be aware of the issues and ensure that from technology to process, your organization is ready to embrace an ever more complicated world.