Share This Article:

Between government stimulus funds for electronic recordkeeping and regulatory requirements for data security, health care is the hot market for technology vendors and solution providers. Compliance is often seen as the means for compelling security adoption amongst health care providers, but in talking with solution providers about this gold rush opportunity, Channelnomics has discovered compliance – and its effectiveness as a selling tool – is in the eyes of the beholder.

The Obama administration made modernization of health care recordkeeping a top priority, and has allocated billions of stimulus dollars to offset the cost of electronic healthcare records systems adoption. Those funds are just now becoming available and will be soaked up mostly by small physician practices and regional hospital and clinics. As more records become digitized, so too does the security risks increase.

The Health Insurance Portability and Accountability Act of 1996 imposed requirements for the safeguarding of patient information. The more recent HITECH Act actually put teeth into the law by outlining penalties for none compliance and security failures.

Before I go any further, let me stop here and say that I believe compliance is the new FUD – fear, uncertainty and doubt. Security vendors have always used FUD as means for motivating sales of their widgets; risking the wrath of regulators is just another means of spreading FUD. That said, the threat posed to data – particularly sensitive health care data – is real, as is the penalties for noncompliance.

Many people presume the threat of having to disclose a security breach – as required by several state and federal laws – would be enough to compel security investments. As it turns out, preventing embarrassing disclosures and closing remediations isn’t enough.

Health care practices are under tremendous fiscal and operational performance pressure. Many cannot afford the cost of their own operations, much less investment in new systems. Health care providers across the country can’t find qualified talent to fill jobs, and physicians and care providers are under constant pressure to increase output while keeping care-giving errors low. In that context, security is a secondary concern.

What several solution providers targeting the heath care market have discovered is they must appeal to the wallets of their customers to gain sales.

First, many small and regional health care providers can weather a breach disclosure just fine. Their patients are far more forgiving of a security lapse than they are the national hospital chains and big insurance companies. What they can’t afford is the catastrophic damage of regulatory sanctions and fines. Just cooperating with investigating authorities can run up huge legal fees and drain financial resources. Regulatory fines – many of which run into the six-figures – can bankrupt a small health care provider.

Second, the health care regulations punish individuals for failure to properly safeguard records. If an individual – medical practice owner or IT manager – is found in “gross negligence” for failure to protect data, they could be fined up to $1.5 million and face jail time. As one solution provider said, “When it comes down to a choice between their big house and fancy car or paying for compliance, the doctors always make the right decision.”

Finally, productivity matters. Solution providers selling systems to health care providers must take into account how the systems are used and ensure they don’t impede productivity. Here’s the big misnomer: EHR doesn’t improve productivity; it actually impedes it. Doctors must fill out more fields on digital records, which slows them down and keeps them from seeing as many patients. Quality of care and error rates improve, which is a benefit. But health care providers cannot afford to take any further hits on productivity. Solution providers should map technologies to workflows, ensure systems enhance processes and procedures, and ensure productivity impact is at least neutral if not improved.

Digital health care is the future. Solution providers who truly understand the needs and motivations of health care providers will capitalize on this emerging tech marketplace.

* * *

Lawrence M. Walsh is CEO and president of The 2112 Group, a technology business advisory service that specializes in optimizing indirect channels and partner relationships. He’s also the executive director of the Channel Vanguard Council. He is the former publisher of Channel Insider and editor of VARBusiness Magazine. You can reach him at lmwalsh@the2112group.com.

One Response to “Rethinking IT Prescription for Digital Health Care”