SlideShare une entreprise Scribd logo

Healthcare - Customer-Centric Healthcare Best Practices for CIO and CISOs

Nicholas Christiano Jr.
Nicholas Christiano Jr.
1  sur  5
Télécharger pour lire hors ligne
Customer-Centric Healthcare: Best Practices for CIOs and CISOs Changing healthcare regulations, and the increasing number of security breaches, have healthcare technology leaders in a quandary as to how to proceed with providing readily accessible, yet secure patient information. Special report Healthcare
Unfortunately, many healthcare organizations take a minimalist approach to information security given the high number of competing projects requiring capital expenditures – that is until there is a security breach. With the U.S. government pushing new regulations regarding how patient data is stored, protected and made accessible to both patients and physicians – and with which organizations must comply by 2016 – it is imperative that healthcare CIOs and CISOs understand that advanced security solutions are not an option, but an integral component of every implementation. The result is that healthcare security leaders face a dilemma. They are required to provide open access to far more constituents than ever before, and on more diverse technology platforms, while having to maintain stricter security standards than most other industries. And they must make this transition in an acutely short timeframe. For an industry that has long been charged with keeping patient information locked away, rather than accessible, today’s healthcare CIOs and CISOs must learn the best practices for handling customer data – and they can learn a great deal by looking toward other customer-focused industries. The right approach should be one similar to the banking industry. Banking customers can get their balance, make transactions, schedule deposits and more all through their mobile phones, giving them easier access than ever. At the same time, the banking industry has numerous safeguards in place to protect customers, such as calling them if a card is used outside the normal zip code or in case of any other atypical transaction. Healthcare organizations must be able to provide a similar consumer experience, giving patients the freedom to access their own personal data, while simultaneously ensuring this information is protected against falling into the wrong hands. Today’s dilemma – the scope and cost of necessary change The drive to make healthcare data more open started as recently as 2010, with new guidelines surrounding healthcare patient security outlined by the Health Insurance Portability and Accountability Act (HIPAA). Established in 1996, this act provides federal protections of individually identifiable health information held by covered entities, giving patients a wide array of rights with respect to that information.1 The amendments introduced in 2010 developed additional guidelines, such as meaningful use rules set up at the federal level, incentivize compliance and give payments to providers The model for delivering healthcare is changing. Factors, such as growing patient demands and new regulations for how patient care is delivered, have brought a new era to the industry, one in which healthcare providers must strive to deliver a more customer- centric approach. The onus of meeting these new requirements falls heavily on the healthcare facility’s chief information officer (CIO) or chief information security officer (CISO). These leaders must play a key role in delivering a customer-centric healthcare experience, as it is their duty to ensure that patient data is both accessible to the patients and physicians who need it, while ensuring it is well protected from those who don’t. Healthcare | visit us online at www.tatum-us.com
for implementing such safeguards.2 In addition, the act establishes rules introducing significant fines and successive penalties for every breach of healthcare data. As a result, the majority of CIOs were pushed to have all of their data in house, without wireless networks, due to the perceived greater risk of security breaches. This approach was also supported by most software vendors providing electronic medical record (EMR) solutions in this space. However, with the new regulations requiring healthcare facilities to give patients easy access to their information by 2016, CIOs and CISOs are tasked with making enormous changes essentially overnight. Changing patient demands and expectations means healthcare organizations must further evolve at an ever increasing pace. As the new regulations require all patient data to be online, thus enabling patients to gain easy access, healthcare organizations that fail to do so will be penalized in terms of their reimbursement rates. These penalties can amount to an annual 1-2 percent of their Medicare reimbursement, further driving the need for security officers to update their processes and ensure they have the right technology in place. With a complete 180-degree change in how data is treated, CIOs and CISOs must implement the strategies similar to those used by banks, such as PIN numbers, password protection, secure portals and more. However, the infrastructure at many healthcare organizations is not entirely able to support this today, often requiring that CIOs and CISOs make significant changes to be able to comply with the new regulations. Security breaches can cost between $625,000 to $2-3 million, including factors such as remediation, fines, penalties, new solutions to address the problem, outreach efforts to notify constituents and more. While the impact of any security breach can be expensive, it’s not just about the monetary cost; damage to an organization’s reputation can be far worse and longer lasting. They can also end the career of the CIO or CISO. Such positions have an extraordinarily high dropout rate, as such individuals would rather pursue other career opportunities than go through the situation of an unexpected breach. In addition to the risks and repercussions, healthcare organizations that do not provide a sufficient level of accessibility will fail to meet the needs of today’s patients and, therefore, struggle to remain profitable. As patients have more control and choice over the care they receive, many will simply not return to an organization that doesn’t give them a high level of service. This isn’t limited just to the care they receive, but also other factors like their ability to access their own data. As features like self-service and access to information 24/7 continue to become the norm in many industries, healthcare organizations must be able to keep up and deliver more customer-centric healthcare. Healthcare technology leaders must build, communicate and gain support for integrated information technology systems that address myriad stakeholder, regulatory and privacy concerns. This is neither an easy or linear activity – the concerns are rapidly evolving, as is the technology to address them; the investment costs associated with change can be considerable. Most importantly, the CIO needs to build executive and board level understanding of technology investments needed to accomplish the organization’s objectives. The business case for change must clearly explain the technology capabilities required and clearly articulate the costs and benefits of various options to achieve objectives, while providing optionality. The reality is that in today’s healthcare environment, any IT plan must provide flexibility to adjust for emerging events in digital technology and data security. This means the CIO must not only present the rational and analytical basis for the path forward, but also establish a process for frequent and transparent communications with fellow executives and the board. All parties must be fully prepared to embark on and participate in the journey, as well as in fine-tuning or adjusting the road map when warranted. 1 U.S. Department of Health & Human Services, “Understanding Health Information Privacy.” (http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html) 2 U.S. Department of Health & Human Services, “Key Features of the Affordable Care Act by Year.” (http://www.hhs.gov/healthcare/facts/timeline/timeline-text.html#2010)
5 Must-do’s for healthcare CIOs and CISOs Look at other industries: There are numerous parallels between the security concerns and consumer expectations within the banking and healthcare industries. As financial institutions have already figured out how to deliver a more customer-friendly approach, while still protecting data, the industry provides a good example of how healthcare security leaders can implement effective change. Perform due diligence: Ensuring data is well protected may be expensive, but so are the costs (financial and reputational) of a security breach. Consider a range of software solutions that best meet organizational needs, while integrating seamlessly with systems to ensure an optimal user experience for hospital staff and patients alike. Understand the importance of getting it right: Failure to comply with the new standards can be equal to 1-2 percent on Medicare reimbursements, while the costs associated with a security breach can be astronomical. In either situation, the costs to the organization’s reputation can be far worse than monetary loss. Leverage the right technology: From working with the right data centers, to adopting the most stringent security protocols and secure portals, CIOs and CISOs must take the lead in identifying the technology that can deliver on patient expectations, while protecting the organization’s interests. Build a better business case: Get the right people fully on-board for the journey. Secure board approval of a case for change that clearly defines the costs and benefits of recommended strategic and mandatory technology capabilities, while providing flexibility to respond to emerging events. Healthcare | visit us online at www.tatum-us.com 5 Protecting against security risks Given how disruptive a security breach can be, CIOs and CISOs should take the lead in adopting the practices and technologies that can protect their organizations against such occurrences, while delivering the ease of access to data patients increasingly expect. Fortunately there are several best practices that can be used to address this two-pronged challenge to guide their organizations to success. At the foundational level are the practices, procedures and technologies that protect the physical environment of the healthcare organization and the technical infrastructure. The first line of defense should be data centers offering the proper physical security and clearly defined procedures by which technical personnel should abide. Just as important is having standard security protocols to protect both live and archived data using encryption and password or PIN protection, as well as new smart card technology, to ensure only those authorized to do so can access it. The final piece is to leverage secure, web-based portals that utilize the latest in personal recognition and verification technology. Each of these layers are typically provided by different vendors; as such, the CIO or CISO must assemble a best-of-breed approach to deliver a seamless solution to prevent potential breaches. But, there is another concern to take into account – the cost of providing the sufficient level of security. The price tag for delivering a secure yet consumer-friendly solution adds significant cost to the typical expenditure of an electronic health record solution, sometimes adding another 40 percent to that overall number. In addition, many states now offer information exchanges for health systems to safely communicate information and provide a small grant to offset the cost. However, this offset unfortunately represents a small percentage of the cost outlay to participate in these networks. In any case, this is where the industry is going – providing an affordable approach to ensure secure access to patient data.
Ensuring a compliant, secure approach As the healthcare environment and its associated processes and regulations continue to evolve, CIOs and CISOs must evolve as well in order to keep up with changing requirements and patient expectations. With patients now demanding an easy, consumer-like experience for accessing their data and managing their health, it is imperative that healthcare security leaders rise to the occasion to make this happen. But the challenge isn’t just in facilitating easier access – they must do so in a way that minimizes the risk of security breaches. Given the disastrous impact a security breach can have, in terms of cost and reputational damage, CIOs and CISOs must act now to ensure they can meet the requirements to move all patient data online. Doing so requires that they understand the risks they currently face and adopt the solutions that can mitigate those dangers and ensure a compliant strategy. Still, there is another piece of the puzzle essential for success; that is to maintain continuous testing and monitoring. As in any defensive situation, the need to be ever diligent becomes more than a nice-to-have and instead a need-to-have mindset. Proper change control and regular testing of the security measures put in place will enable the CIO or CISO to identify the risks and exposures that must be addressed. These can be prioritized with others at the executive and board levels, designed into an approach that supports forward momentum with reasonable risk mitigation. To be effective in today’s rapidly changing healthcare landscape, the role of the CIO or CISO must move more toward the strategic aspects of facilitating the objectives of the organization and to the needs of their patients. This must be done in an environment that is simultaneously productive and protected. In order to get to this state, CIOs and CISOs must take the lead in identifying, implementing and maintaining the technology, tools and techniques to meet the challenges of today and deliver the consumer-centric, and secure, experience their patients demand. About Tatum, a Randstad company Tatum is a leading professional and interim services firm offering hands-on strategic, financial and technology solutions that measurably improve business performance. Tatum’s executive leaders and consultants help companies navigate critical points in the business lifecycle and execute their strategic initiatives. Our deep management and operational expertise, keen strategic consultancy and a focus on follow-through enable our teams to deliver solutions that drive sustainable impact. With a national footprint of offices in key markets, our firm is ready to mobilize locally anywhere in the country. Tatum is an operating company of Randstad US. To learn more about Tatum, visit www.tatum-us.com. Leveraging outside help to achieve compliance The sheer depth of change healthcare organizations are expected to make in such a short period of time can be overwhelming for even the most experienced CIO or CISO. This is especially true given the magnitude of the new regulations. After striving to keep medical records privately tucked away for so long, they must make this information available to the relevant parties, while avoiding any possibility of a breach. To ensure a smooth transition – and avoid the disastrous effects of non-compliance – healthcare organizations may seek to work with a partner that can provide the executive-level talent to help guide them through this period of significant and unprecedented change. The right partner will offer access to resources who understand the healthcare industry, and these new technology requirements, and know the best path forward. Such individuals can provide the expertise to help manage the technology transition required of healthcare organizations today, with an eye toward compliance and bottom-line improvements. As a result, healthcare organizations can be confident that they’re not only meeting the technology requirements required of them, but also delivering an enhanced experience for their patients.

Recommandé

Industry and Firm Analysis
Industry and Firm AnalysisIndustry and Firm Analysis
Industry and Firm AnalysisAshley Leonzio
 
Duff-Phelps Healthcare IT Insights
Duff-Phelps Healthcare IT InsightsDuff-Phelps Healthcare IT Insights
Duff-Phelps Healthcare IT Insightseynonglyn
 
Data-driven Healthcare for Payers
Data-driven Healthcare for PayersData-driven Healthcare for Payers
Data-driven Healthcare for PayersLindaWatson19
 
Value-Based Care and Healthcare Consumerism: Opportunities for Health IT and ...
Value-Based Care and Healthcare Consumerism: Opportunities for Health IT and ...Value-Based Care and Healthcare Consumerism: Opportunities for Health IT and ...
Value-Based Care and Healthcare Consumerism: Opportunities for Health IT and ...Cognizant
 
White Paper - Building Your ACO and Healthcare IT’s Role
White Paper - Building Your ACO and Healthcare IT’s RoleWhite Paper - Building Your ACO and Healthcare IT’s Role
White Paper - Building Your ACO and Healthcare IT’s RoleNextGen Healthcare
 
Practical guide on private funding for EU eHealth SMEs
Practical guide on private funding for EU eHealth SMEsPractical guide on private funding for EU eHealth SMEs
Practical guide on private funding for EU eHealth SMEsgetslidesdeck
 
4 Digital Health Trends Affecting Your Revenue Cycle
4 Digital Health Trends Affecting Your Revenue Cycle4 Digital Health Trends Affecting Your Revenue Cycle
4 Digital Health Trends Affecting Your Revenue CycleMeduit
 
Effective Population Health Management Means Being Able to Predict the Future
Effective Population Health Management Means Being Able to Predict the FutureEffective Population Health Management Means Being Able to Predict the Future
Effective Population Health Management Means Being Able to Predict the FutureCitiusTech
 

Recommandé

Industry and Firm Analysis
Industry and Firm AnalysisIndustry and Firm Analysis
Industry and Firm AnalysisAshley Leonzio
 
Duff-Phelps Healthcare IT Insights
Duff-Phelps Healthcare IT InsightsDuff-Phelps Healthcare IT Insights
Duff-Phelps Healthcare IT Insightseynonglyn
 
Data-driven Healthcare for Payers
Data-driven Healthcare for PayersData-driven Healthcare for Payers
Data-driven Healthcare for PayersLindaWatson19
 
Value-Based Care and Healthcare Consumerism: Opportunities for Health IT and ...
Value-Based Care and Healthcare Consumerism: Opportunities for Health IT and ...Value-Based Care and Healthcare Consumerism: Opportunities for Health IT and ...
Value-Based Care and Healthcare Consumerism: Opportunities for Health IT and ...Cognizant
 
White Paper - Building Your ACO and Healthcare IT’s Role
White Paper - Building Your ACO and Healthcare IT’s RoleWhite Paper - Building Your ACO and Healthcare IT’s Role
White Paper - Building Your ACO and Healthcare IT’s RoleNextGen Healthcare
 
Practical guide on private funding for EU eHealth SMEs
Practical guide on private funding for EU eHealth SMEsPractical guide on private funding for EU eHealth SMEs
Practical guide on private funding for EU eHealth SMEsgetslidesdeck
 
4 Digital Health Trends Affecting Your Revenue Cycle
4 Digital Health Trends Affecting Your Revenue Cycle4 Digital Health Trends Affecting Your Revenue Cycle
4 Digital Health Trends Affecting Your Revenue CycleMeduit
 
Effective Population Health Management Means Being Able to Predict the Future
Effective Population Health Management Means Being Able to Predict the FutureEffective Population Health Management Means Being Able to Predict the Future
Effective Population Health Management Means Being Able to Predict the FutureCitiusTech
 
Health information technology (Health IT)
Health information technology (Health IT)Health information technology (Health IT)
Health information technology (Health IT)Mohammad Yeakub
 
Industry and Firm Analysis
Industry and Firm AnalysisIndustry and Firm Analysis
Industry and Firm AnalysisAshley Leonzio
 
The business side of healthcare
The business side of healthcareThe business side of healthcare
The business side of healthcareLatagia Copeland-Tyronce, MSW (Policy), BS(Hons.)
 
Governance healthcare financial lever
Governance healthcare financial lever Governance healthcare financial lever
Governance healthcare financial lever ACCESS Health Digital
 
Healthcare IT Trends
Healthcare IT TrendsHealthcare IT Trends
Healthcare IT TrendsDavid Edgerton, Jr.
 
lauren_rosen_compliance_article
lauren_rosen_compliance_articlelauren_rosen_compliance_article
lauren_rosen_compliance_articleLauren Rosen
 
Top Healthcare and Revenue Cycle Trends to watch for in 2019
Top Healthcare and Revenue Cycle Trends to watch for in 2019Top Healthcare and Revenue Cycle Trends to watch for in 2019
Top Healthcare and Revenue Cycle Trends to watch for in 2019Manish Jain
 
Healthcare-Patient Care & Technology
Healthcare-Patient Care & TechnologyHealthcare-Patient Care & Technology
Healthcare-Patient Care & TechnologyRobert Gordon
 
The Biggest Healthcare Trends of 2019 and What's to Come in 2020
The Biggest Healthcare Trends of 2019 and What's to Come in 2020The Biggest Healthcare Trends of 2019 and What's to Come in 2020
The Biggest Healthcare Trends of 2019 and What's to Come in 2020Health Catalyst
 
The mHealth + Telehealth World 2014
The mHealth + Telehealth World 2014The mHealth + Telehealth World 2014
The mHealth + Telehealth World 2014WorldCongress
 
Implementation of Consent in Health Information Exchange (HIE)
Implementation of Consent in Health Information Exchange (HIE)Implementation of Consent in Health Information Exchange (HIE)
Implementation of Consent in Health Information Exchange (HIE)CitiusTech
 
arcsight_scmag_hcspecial
arcsight_scmag_hcspecialarcsight_scmag_hcspecial
arcsight_scmag_hcspecialPaul Brian Contino
 
eBusinessinHealthcare_Final
eBusinessinHealthcare_FinaleBusinessinHealthcare_Final
eBusinessinHealthcare_FinalHeather Tomlin
 
Healthcare Technology: Markets To 2020
Healthcare Technology: Markets To 2020Healthcare Technology: Markets To 2020
Healthcare Technology: Markets To 2020Tyler Soliday
 
oracle-healthcare-deloitte-wp-1840027
oracle-healthcare-deloitte-wp-1840027oracle-healthcare-deloitte-wp-1840027
oracle-healthcare-deloitte-wp-1840027Edwin van Leeuwen
 
Safeguarding_Innovations
Safeguarding_InnovationsSafeguarding_Innovations
Safeguarding_InnovationsPJ Fitzpatrick
 
Global healthcare 2017 outlook
Global healthcare 2017 outlookGlobal healthcare 2017 outlook
Global healthcare 2017 outlookBloomberg LP
 
HM311 Ab103417 ch06
HM311 Ab103417 ch06HM311 Ab103417 ch06
HM311 Ab103417 ch06BealCollegeOnline
 
New Global Healthcare Another Chapter In Healthcare Marketing Brand Management
New Global Healthcare Another Chapter In Healthcare Marketing Brand ManagementNew Global Healthcare Another Chapter In Healthcare Marketing Brand Management
New Global Healthcare Another Chapter In Healthcare Marketing Brand ManagementJGB1
 
Transforming patient care with the power of ai in healthcare
Transforming patient care with the power of ai in healthcareTransforming patient care with the power of ai in healthcare
Transforming patient care with the power of ai in healthcareEnterprise Bot
 
Cisco Certified Network Assciate R&S
Cisco Certified Network Assciate R&SCisco Certified Network Assciate R&S
Cisco Certified Network Assciate R&SBruce Kwok
 
PMUS - Documento 3 - Proposta da Rede de Transportes
PMUS - Documento 3 - Proposta da Rede de TransportesPMUS - Documento 3 - Proposta da Rede de Transportes
PMUS - Documento 3 - Proposta da Rede de TransportesPedro Geaquinto
 

Contenu connexe

Tendances

Health information technology (Health IT)
Health information technology (Health IT)Health information technology (Health IT)
Health information technology (Health IT)Mohammad Yeakub
 
Industry and Firm Analysis
Industry and Firm AnalysisIndustry and Firm Analysis
Industry and Firm AnalysisAshley Leonzio
 
Governance healthcare financial lever
Governance healthcare financial lever Governance healthcare financial lever
Governance healthcare financial lever ACCESS Health Digital
 
lauren_rosen_compliance_article
lauren_rosen_compliance_articlelauren_rosen_compliance_article
lauren_rosen_compliance_articleLauren Rosen
 
Top Healthcare and Revenue Cycle Trends to watch for in 2019
Top Healthcare and Revenue Cycle Trends to watch for in 2019Top Healthcare and Revenue Cycle Trends to watch for in 2019
Top Healthcare and Revenue Cycle Trends to watch for in 2019Manish Jain
 
Healthcare-Patient Care & Technology
Healthcare-Patient Care & TechnologyHealthcare-Patient Care & Technology
Healthcare-Patient Care & TechnologyRobert Gordon
 
The Biggest Healthcare Trends of 2019 and What's to Come in 2020
The Biggest Healthcare Trends of 2019 and What's to Come in 2020The Biggest Healthcare Trends of 2019 and What's to Come in 2020
The Biggest Healthcare Trends of 2019 and What's to Come in 2020Health Catalyst
 
The mHealth + Telehealth World 2014
The mHealth + Telehealth World 2014The mHealth + Telehealth World 2014
The mHealth + Telehealth World 2014WorldCongress
 
Implementation of Consent in Health Information Exchange (HIE)
Implementation of Consent in Health Information Exchange (HIE)Implementation of Consent in Health Information Exchange (HIE)
Implementation of Consent in Health Information Exchange (HIE)CitiusTech
 
eBusinessinHealthcare_Final
eBusinessinHealthcare_FinaleBusinessinHealthcare_Final
eBusinessinHealthcare_FinalHeather Tomlin
 
Healthcare Technology: Markets To 2020
Healthcare Technology: Markets To 2020Healthcare Technology: Markets To 2020
Healthcare Technology: Markets To 2020Tyler Soliday
 
oracle-healthcare-deloitte-wp-1840027
oracle-healthcare-deloitte-wp-1840027oracle-healthcare-deloitte-wp-1840027
oracle-healthcare-deloitte-wp-1840027Edwin van Leeuwen
 
Safeguarding_Innovations
Safeguarding_InnovationsSafeguarding_Innovations
Safeguarding_InnovationsPJ Fitzpatrick
 
Global healthcare 2017 outlook
Global healthcare 2017 outlookGlobal healthcare 2017 outlook
Global healthcare 2017 outlookBloomberg LP
 
New Global Healthcare Another Chapter In Healthcare Marketing Brand Management
New Global Healthcare Another Chapter In Healthcare Marketing Brand ManagementNew Global Healthcare Another Chapter In Healthcare Marketing Brand Management
New Global Healthcare Another Chapter In Healthcare Marketing Brand ManagementJGB1
 
Transforming patient care with the power of ai in healthcare
Transforming patient care with the power of ai in healthcareTransforming patient care with the power of ai in healthcare
Transforming patient care with the power of ai in healthcareEnterprise Bot
 

Tendances (20)

Health information technology (Health IT)
Health information technology (Health IT)Health information technology (Health IT)
Health information technology (Health IT)
 
Industry and Firm Analysis
Industry and Firm AnalysisIndustry and Firm Analysis
Industry and Firm Analysis
 
The business side of healthcare
The business side of healthcareThe business side of healthcare
The business side of healthcare
 
Governance healthcare financial lever
Governance healthcare financial lever Governance healthcare financial lever
Governance healthcare financial lever
 
Healthcare IT Trends
Healthcare IT TrendsHealthcare IT Trends
Healthcare IT Trends
 
lauren_rosen_compliance_article
lauren_rosen_compliance_articlelauren_rosen_compliance_article
lauren_rosen_compliance_article
 
Top Healthcare and Revenue Cycle Trends to watch for in 2019
Top Healthcare and Revenue Cycle Trends to watch for in 2019Top Healthcare and Revenue Cycle Trends to watch for in 2019
Top Healthcare and Revenue Cycle Trends to watch for in 2019
 
Healthcare-Patient Care & Technology
Healthcare-Patient Care & TechnologyHealthcare-Patient Care & Technology
Healthcare-Patient Care & Technology
 
The Biggest Healthcare Trends of 2019 and What's to Come in 2020
The Biggest Healthcare Trends of 2019 and What's to Come in 2020The Biggest Healthcare Trends of 2019 and What's to Come in 2020
The Biggest Healthcare Trends of 2019 and What's to Come in 2020
 
The mHealth + Telehealth World 2014
The mHealth + Telehealth World 2014The mHealth + Telehealth World 2014
The mHealth + Telehealth World 2014
 
Implementation of Consent in Health Information Exchange (HIE)
Implementation of Consent in Health Information Exchange (HIE)Implementation of Consent in Health Information Exchange (HIE)
Implementation of Consent in Health Information Exchange (HIE)
 
arcsight_scmag_hcspecial
arcsight_scmag_hcspecialarcsight_scmag_hcspecial
arcsight_scmag_hcspecial
 
eBusinessinHealthcare_Final
eBusinessinHealthcare_FinaleBusinessinHealthcare_Final
eBusinessinHealthcare_Final
 
Healthcare Technology: Markets To 2020
Healthcare Technology: Markets To 2020Healthcare Technology: Markets To 2020
Healthcare Technology: Markets To 2020
 
oracle-healthcare-deloitte-wp-1840027
oracle-healthcare-deloitte-wp-1840027oracle-healthcare-deloitte-wp-1840027
oracle-healthcare-deloitte-wp-1840027
 
Safeguarding_Innovations
Safeguarding_InnovationsSafeguarding_Innovations
Safeguarding_Innovations
 
Global healthcare 2017 outlook
Global healthcare 2017 outlookGlobal healthcare 2017 outlook
Global healthcare 2017 outlook
 
HM311 Ab103417 ch06
HM311 Ab103417 ch06HM311 Ab103417 ch06
HM311 Ab103417 ch06
 
New Global Healthcare Another Chapter In Healthcare Marketing Brand Management
New Global Healthcare Another Chapter In Healthcare Marketing Brand ManagementNew Global Healthcare Another Chapter In Healthcare Marketing Brand Management
New Global Healthcare Another Chapter In Healthcare Marketing Brand Management
 
Transforming patient care with the power of ai in healthcare
Transforming patient care with the power of ai in healthcareTransforming patient care with the power of ai in healthcare
Transforming patient care with the power of ai in healthcare
 

En vedette

Cisco Certified Network Assciate R&S
Cisco Certified Network Assciate R&SCisco Certified Network Assciate R&S
Cisco Certified Network Assciate R&SBruce Kwok
 
PMUS - Documento 3 - Proposta da Rede de Transportes
PMUS - Documento 3 - Proposta da Rede de TransportesPMUS - Documento 3 - Proposta da Rede de Transportes
PMUS - Documento 3 - Proposta da Rede de TransportesPedro Geaquinto
 
A table driven search approach for revelation and anticipation of sinkhole at...
A table driven search approach for revelation and anticipation of sinkhole at...A table driven search approach for revelation and anticipation of sinkhole at...
A table driven search approach for revelation and anticipation of sinkhole at...eSAT Journals
 
TDC2016SP - O Smart Grid: A Rede Elétrica nas Smart Cities - Estudo de Caso d...
TDC2016SP - O Smart Grid: A Rede Elétrica nas Smart Cities - Estudo de Caso d...TDC2016SP - O Smart Grid: A Rede Elétrica nas Smart Cities - Estudo de Caso d...
TDC2016SP - O Smart Grid: A Rede Elétrica nas Smart Cities - Estudo de Caso d...tdc-globalcode
 
11. Social 2.0 The Next Generation Of Social Media Forum In Hong Kong Joe...
11. Social 2.0 The Next Generation Of Social Media Forum In Hong Kong Joe...11. Social 2.0 The Next Generation Of Social Media Forum In Hong Kong Joe...
11. Social 2.0 The Next Generation Of Social Media Forum In Hong Kong Joe...HKAIM
 

En vedette (8)

Cisco Certified Network Assciate R&S
Cisco Certified Network Assciate R&SCisco Certified Network Assciate R&S
Cisco Certified Network Assciate R&S
 
PMUS - Documento 3 - Proposta da Rede de Transportes
PMUS - Documento 3 - Proposta da Rede de TransportesPMUS - Documento 3 - Proposta da Rede de Transportes
PMUS - Documento 3 - Proposta da Rede de Transportes
 
Cumple de papi
Cumple de papiCumple de papi
Cumple de papi
 
Claves
ClavesClaves
Claves
 
A table driven search approach for revelation and anticipation of sinkhole at...
A table driven search approach for revelation and anticipation of sinkhole at...A table driven search approach for revelation and anticipation of sinkhole at...
A table driven search approach for revelation and anticipation of sinkhole at...
 
Cidades inteligentes
Cidades inteligentesCidades inteligentes
Cidades inteligentes
 
TDC2016SP - O Smart Grid: A Rede Elétrica nas Smart Cities - Estudo de Caso d...
TDC2016SP - O Smart Grid: A Rede Elétrica nas Smart Cities - Estudo de Caso d...TDC2016SP - O Smart Grid: A Rede Elétrica nas Smart Cities - Estudo de Caso d...
TDC2016SP - O Smart Grid: A Rede Elétrica nas Smart Cities - Estudo de Caso d...
 
11. Social 2.0 The Next Generation Of Social Media Forum In Hong Kong Joe...
11. Social 2.0 The Next Generation Of Social Media Forum In Hong Kong Joe...11. Social 2.0 The Next Generation Of Social Media Forum In Hong Kong Joe...
11. Social 2.0 The Next Generation Of Social Media Forum In Hong Kong Joe...
 

Similaire à Healthcare - Customer-Centric Healthcare Best Practices for CIO and CISOs

Data-driven Healthcare for Providers
Data-driven Healthcare for ProvidersData-driven Healthcare for Providers
Data-driven Healthcare for ProvidersLindaWatson19
 
Data driven Healthcare for Providers
Data driven Healthcare for ProvidersData driven Healthcare for Providers
Data driven Healthcare for ProvidersAmit Mishra
 
Obamacare is real
Obamacare is realObamacare is real
Obamacare is realBukmarker
 
Greater Interoperability in Healthcare 2022: Data & Technology
Greater Interoperability in Healthcare 2022: Data & TechnologyGreater Interoperability in Healthcare 2022: Data & Technology
Greater Interoperability in Healthcare 2022: Data & TechnologyInferscience
 
A revolution called_interoperability_and_integration_in_healthcare
A revolution called_interoperability_and_integration_in_healthcareA revolution called_interoperability_and_integration_in_healthcare
A revolution called_interoperability_and_integration_in_healthcarehealthitech
 
Questions On The Healthcare System
Questions On The Healthcare SystemQuestions On The Healthcare System
Questions On The Healthcare SystemAmanda Gray
 
2016 IBM Interconnect - medical devices transformation
2016 IBM Interconnect - medical devices transformation2016 IBM Interconnect - medical devices transformation
2016 IBM Interconnect - medical devices transformationElizabeth Koumpan
 
Duff-Phelps Healthcare IT Insights
Duff-Phelps Healthcare IT InsightsDuff-Phelps Healthcare IT Insights
Duff-Phelps Healthcare IT Insightseynonglyn
 
Chapter 4 Information Systems to Support Population Health Managem.docx
Chapter 4 Information Systems to Support Population Health Managem.docxChapter 4 Information Systems to Support Population Health Managem.docx
Chapter 4 Information Systems to Support Population Health Managem.docxketurahhazelhurst
 
The below stated are the Challenges and business requirements faced .pdf
The below stated are the Challenges and business requirements faced .pdfThe below stated are the Challenges and business requirements faced .pdf
The below stated are the Challenges and business requirements faced .pdfapleather
 
Health insurance-pmo
Health insurance-pmoHealth insurance-pmo
Health insurance-pmoHal Amens
 
Assignment 1 Legal Aspects of U.S. Health Care System Administrat.docx
Assignment 1 Legal Aspects of U.S. Health Care System Administrat.docxAssignment 1 Legal Aspects of U.S. Health Care System Administrat.docx
Assignment 1 Legal Aspects of U.S. Health Care System Administrat.docxbraycarissa250
 
Placing Customer Centricity at the Heart of Healthcare
Placing Customer Centricity at the Heart of HealthcarePlacing Customer Centricity at the Heart of Healthcare
Placing Customer Centricity at the Heart of Healthcare1to1 Media
 
Health e-world (healthy world)
Health e-world (healthy world)Health e-world (healthy world)
Health e-world (healthy world)Bukmarker
 
Tips for transitioning to electronic health records
Tips for transitioning to electronic health recordsTips for transitioning to electronic health records
Tips for transitioning to electronic health recordsACROSEAS Global Solutions
 
IDC White Paper - Integrated Patient Record - Empowering Patient Centric Care...
IDC White Paper - Integrated Patient Record - Empowering Patient Centric Care...IDC White Paper - Integrated Patient Record - Empowering Patient Centric Care...
IDC White Paper - Integrated Patient Record - Empowering Patient Centric Care...buntib
 
U.S. Healthcare - Converting Vision to Reality
U.S. Healthcare - Converting Vision to RealityU.S. Healthcare - Converting Vision to Reality
U.S. Healthcare - Converting Vision to RealityCognizant
 

Similaire à Healthcare - Customer-Centric Healthcare Best Practices for CIO and CISOs (20)

Data-driven Healthcare for Providers
Data-driven Healthcare for ProvidersData-driven Healthcare for Providers
Data-driven Healthcare for Providers
 
Data driven Healthcare for Providers
Data driven Healthcare for ProvidersData driven Healthcare for Providers
Data driven Healthcare for Providers
 
Obamacare is real
Obamacare is realObamacare is real
Obamacare is real
 
Greater Interoperability in Healthcare 2022: Data & Technology
Greater Interoperability in Healthcare 2022: Data & TechnologyGreater Interoperability in Healthcare 2022: Data & Technology
Greater Interoperability in Healthcare 2022: Data & Technology
 
A revolution called_interoperability_and_integration_in_healthcare
A revolution called_interoperability_and_integration_in_healthcareA revolution called_interoperability_and_integration_in_healthcare
A revolution called_interoperability_and_integration_in_healthcare
 
Questions On The Healthcare System
Questions On The Healthcare SystemQuestions On The Healthcare System
Questions On The Healthcare System
 
2016 IBM Interconnect - medical devices transformation
2016 IBM Interconnect - medical devices transformation2016 IBM Interconnect - medical devices transformation
2016 IBM Interconnect - medical devices transformation
 
Duff-Phelps Healthcare IT Insights
Duff-Phelps Healthcare IT InsightsDuff-Phelps Healthcare IT Insights
Duff-Phelps Healthcare IT Insights
 
Chapter 4 Information Systems to Support Population Health Managem.docx
Chapter 4 Information Systems to Support Population Health Managem.docxChapter 4 Information Systems to Support Population Health Managem.docx
Chapter 4 Information Systems to Support Population Health Managem.docx
 
CSC_HealthcareJourney
CSC_HealthcareJourneyCSC_HealthcareJourney
CSC_HealthcareJourney
 
The below stated are the Challenges and business requirements faced .pdf
The below stated are the Challenges and business requirements faced .pdfThe below stated are the Challenges and business requirements faced .pdf
The below stated are the Challenges and business requirements faced .pdf
 
ACO faq 111611
ACO faq 111611ACO faq 111611
ACO faq 111611
 
Health insurance-pmo
Health insurance-pmoHealth insurance-pmo
Health insurance-pmo
 
Assignment 1 Legal Aspects of U.S. Health Care System Administrat.docx
Assignment 1 Legal Aspects of U.S. Health Care System Administrat.docxAssignment 1 Legal Aspects of U.S. Health Care System Administrat.docx
Assignment 1 Legal Aspects of U.S. Health Care System Administrat.docx
 
Placing Customer Centricity at the Heart of Healthcare
Placing Customer Centricity at the Heart of HealthcarePlacing Customer Centricity at the Heart of Healthcare
Placing Customer Centricity at the Heart of Healthcare
 
Health e-world (healthy world)
Health e-world (healthy world)Health e-world (healthy world)
Health e-world (healthy world)
 
Tips for transitioning to electronic health records
Tips for transitioning to electronic health recordsTips for transitioning to electronic health records
Tips for transitioning to electronic health records
 
IDC White Paper - Integrated Patient Record - Empowering Patient Centric Care...
IDC White Paper - Integrated Patient Record - Empowering Patient Centric Care...IDC White Paper - Integrated Patient Record - Empowering Patient Centric Care...
IDC White Paper - Integrated Patient Record - Empowering Patient Centric Care...
 
U.S. Healthcare - Converting Vision to Reality
U.S. Healthcare - Converting Vision to RealityU.S. Healthcare - Converting Vision to Reality
U.S. Healthcare - Converting Vision to Reality
 
industry-in-focus
industry-in-focusindustry-in-focus
industry-in-focus
 

Healthcare - Customer-Centric Healthcare Best Practices for CIO and CISOs

  • 1. Customer-Centric Healthcare: Best Practices for CIOs and CISOs Changing healthcare regulations, and the increasing number of security breaches, have healthcare technology leaders in a quandary as to how to proceed with providing readily accessible, yet secure patient information. Special report Healthcare
  • 2. Unfortunately, many healthcare organizations take a minimalist approach to information security given the high number of competing projects requiring capital expenditures – that is until there is a security breach. With the U.S. government pushing new regulations regarding how patient data is stored, protected and made accessible to both patients and physicians – and with which organizations must comply by 2016 – it is imperative that healthcare CIOs and CISOs understand that advanced security solutions are not an option, but an integral component of every implementation. The result is that healthcare security leaders face a dilemma. They are required to provide open access to far more constituents than ever before, and on more diverse technology platforms, while having to maintain stricter security standards than most other industries. And they must make this transition in an acutely short timeframe. For an industry that has long been charged with keeping patient information locked away, rather than accessible, today’s healthcare CIOs and CISOs must learn the best practices for handling customer data – and they can learn a great deal by looking toward other customer-focused industries. The right approach should be one similar to the banking industry. Banking customers can get their balance, make transactions, schedule deposits and more all through their mobile phones, giving them easier access than ever. At the same time, the banking industry has numerous safeguards in place to protect customers, such as calling them if a card is used outside the normal zip code or in case of any other atypical transaction. Healthcare organizations must be able to provide a similar consumer experience, giving patients the freedom to access their own personal data, while simultaneously ensuring this information is protected against falling into the wrong hands. Today’s dilemma – the scope and cost of necessary change The drive to make healthcare data more open started as recently as 2010, with new guidelines surrounding healthcare patient security outlined by the Health Insurance Portability and Accountability Act (HIPAA). Established in 1996, this act provides federal protections of individually identifiable health information held by covered entities, giving patients a wide array of rights with respect to that information.1 The amendments introduced in 2010 developed additional guidelines, such as meaningful use rules set up at the federal level, incentivize compliance and give payments to providers The model for delivering healthcare is changing. Factors, such as growing patient demands and new regulations for how patient care is delivered, have brought a new era to the industry, one in which healthcare providers must strive to deliver a more customer- centric approach. The onus of meeting these new requirements falls heavily on the healthcare facility’s chief information officer (CIO) or chief information security officer (CISO). These leaders must play a key role in delivering a customer-centric healthcare experience, as it is their duty to ensure that patient data is both accessible to the patients and physicians who need it, while ensuring it is well protected from those who don’t. Healthcare | visit us online at www.tatum-us.com
  • 3. for implementing such safeguards.2 In addition, the act establishes rules introducing significant fines and successive penalties for every breach of healthcare data. As a result, the majority of CIOs were pushed to have all of their data in house, without wireless networks, due to the perceived greater risk of security breaches. This approach was also supported by most software vendors providing electronic medical record (EMR) solutions in this space. However, with the new regulations requiring healthcare facilities to give patients easy access to their information by 2016, CIOs and CISOs are tasked with making enormous changes essentially overnight. Changing patient demands and expectations means healthcare organizations must further evolve at an ever increasing pace. As the new regulations require all patient data to be online, thus enabling patients to gain easy access, healthcare organizations that fail to do so will be penalized in terms of their reimbursement rates. These penalties can amount to an annual 1-2 percent of their Medicare reimbursement, further driving the need for security officers to update their processes and ensure they have the right technology in place. With a complete 180-degree change in how data is treated, CIOs and CISOs must implement the strategies similar to those used by banks, such as PIN numbers, password protection, secure portals and more. However, the infrastructure at many healthcare organizations is not entirely able to support this today, often requiring that CIOs and CISOs make significant changes to be able to comply with the new regulations. Security breaches can cost between $625,000 to $2-3 million, including factors such as remediation, fines, penalties, new solutions to address the problem, outreach efforts to notify constituents and more. While the impact of any security breach can be expensive, it’s not just about the monetary cost; damage to an organization’s reputation can be far worse and longer lasting. They can also end the career of the CIO or CISO. Such positions have an extraordinarily high dropout rate, as such individuals would rather pursue other career opportunities than go through the situation of an unexpected breach. In addition to the risks and repercussions, healthcare organizations that do not provide a sufficient level of accessibility will fail to meet the needs of today’s patients and, therefore, struggle to remain profitable. As patients have more control and choice over the care they receive, many will simply not return to an organization that doesn’t give them a high level of service. This isn’t limited just to the care they receive, but also other factors like their ability to access their own data. As features like self-service and access to information 24/7 continue to become the norm in many industries, healthcare organizations must be able to keep up and deliver more customer-centric healthcare. Healthcare technology leaders must build, communicate and gain support for integrated information technology systems that address myriad stakeholder, regulatory and privacy concerns. This is neither an easy or linear activity – the concerns are rapidly evolving, as is the technology to address them; the investment costs associated with change can be considerable. Most importantly, the CIO needs to build executive and board level understanding of technology investments needed to accomplish the organization’s objectives. The business case for change must clearly explain the technology capabilities required and clearly articulate the costs and benefits of various options to achieve objectives, while providing optionality. The reality is that in today’s healthcare environment, any IT plan must provide flexibility to adjust for emerging events in digital technology and data security. This means the CIO must not only present the rational and analytical basis for the path forward, but also establish a process for frequent and transparent communications with fellow executives and the board. All parties must be fully prepared to embark on and participate in the journey, as well as in fine-tuning or adjusting the road map when warranted. 1 U.S. Department of Health & Human Services, “Understanding Health Information Privacy.” (http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html) 2 U.S. Department of Health & Human Services, “Key Features of the Affordable Care Act by Year.” (http://www.hhs.gov/healthcare/facts/timeline/timeline-text.html#2010)
  • 4. 5 Must-do’s for healthcare CIOs and CISOs Look at other industries: There are numerous parallels between the security concerns and consumer expectations within the banking and healthcare industries. As financial institutions have already figured out how to deliver a more customer-friendly approach, while still protecting data, the industry provides a good example of how healthcare security leaders can implement effective change. Perform due diligence: Ensuring data is well protected may be expensive, but so are the costs (financial and reputational) of a security breach. Consider a range of software solutions that best meet organizational needs, while integrating seamlessly with systems to ensure an optimal user experience for hospital staff and patients alike. Understand the importance of getting it right: Failure to comply with the new standards can be equal to 1-2 percent on Medicare reimbursements, while the costs associated with a security breach can be astronomical. In either situation, the costs to the organization’s reputation can be far worse than monetary loss. Leverage the right technology: From working with the right data centers, to adopting the most stringent security protocols and secure portals, CIOs and CISOs must take the lead in identifying the technology that can deliver on patient expectations, while protecting the organization’s interests. Build a better business case: Get the right people fully on-board for the journey. Secure board approval of a case for change that clearly defines the costs and benefits of recommended strategic and mandatory technology capabilities, while providing flexibility to respond to emerging events. Healthcare | visit us online at www.tatum-us.com 5 Protecting against security risks Given how disruptive a security breach can be, CIOs and CISOs should take the lead in adopting the practices and technologies that can protect their organizations against such occurrences, while delivering the ease of access to data patients increasingly expect. Fortunately there are several best practices that can be used to address this two-pronged challenge to guide their organizations to success. At the foundational level are the practices, procedures and technologies that protect the physical environment of the healthcare organization and the technical infrastructure. The first line of defense should be data centers offering the proper physical security and clearly defined procedures by which technical personnel should abide. Just as important is having standard security protocols to protect both live and archived data using encryption and password or PIN protection, as well as new smart card technology, to ensure only those authorized to do so can access it. The final piece is to leverage secure, web-based portals that utilize the latest in personal recognition and verification technology. Each of these layers are typically provided by different vendors; as such, the CIO or CISO must assemble a best-of-breed approach to deliver a seamless solution to prevent potential breaches. But, there is another concern to take into account – the cost of providing the sufficient level of security. The price tag for delivering a secure yet consumer-friendly solution adds significant cost to the typical expenditure of an electronic health record solution, sometimes adding another 40 percent to that overall number. In addition, many states now offer information exchanges for health systems to safely communicate information and provide a small grant to offset the cost. However, this offset unfortunately represents a small percentage of the cost outlay to participate in these networks. In any case, this is where the industry is going – providing an affordable approach to ensure secure access to patient data.
  • 5. Ensuring a compliant, secure approach As the healthcare environment and its associated processes and regulations continue to evolve, CIOs and CISOs must evolve as well in order to keep up with changing requirements and patient expectations. With patients now demanding an easy, consumer-like experience for accessing their data and managing their health, it is imperative that healthcare security leaders rise to the occasion to make this happen. But the challenge isn’t just in facilitating easier access – they must do so in a way that minimizes the risk of security breaches. Given the disastrous impact a security breach can have, in terms of cost and reputational damage, CIOs and CISOs must act now to ensure they can meet the requirements to move all patient data online. Doing so requires that they understand the risks they currently face and adopt the solutions that can mitigate those dangers and ensure a compliant strategy. Still, there is another piece of the puzzle essential for success; that is to maintain continuous testing and monitoring. As in any defensive situation, the need to be ever diligent becomes more than a nice-to-have and instead a need-to-have mindset. Proper change control and regular testing of the security measures put in place will enable the CIO or CISO to identify the risks and exposures that must be addressed. These can be prioritized with others at the executive and board levels, designed into an approach that supports forward momentum with reasonable risk mitigation. To be effective in today’s rapidly changing healthcare landscape, the role of the CIO or CISO must move more toward the strategic aspects of facilitating the objectives of the organization and to the needs of their patients. This must be done in an environment that is simultaneously productive and protected. In order to get to this state, CIOs and CISOs must take the lead in identifying, implementing and maintaining the technology, tools and techniques to meet the challenges of today and deliver the consumer-centric, and secure, experience their patients demand. About Tatum, a Randstad company Tatum is a leading professional and interim services firm offering hands-on strategic, financial and technology solutions that measurably improve business performance. Tatum’s executive leaders and consultants help companies navigate critical points in the business lifecycle and execute their strategic initiatives. Our deep management and operational expertise, keen strategic consultancy and a focus on follow-through enable our teams to deliver solutions that drive sustainable impact. With a national footprint of offices in key markets, our firm is ready to mobilize locally anywhere in the country. Tatum is an operating company of Randstad US. To learn more about Tatum, visit www.tatum-us.com. Leveraging outside help to achieve compliance The sheer depth of change healthcare organizations are expected to make in such a short period of time can be overwhelming for even the most experienced CIO or CISO. This is especially true given the magnitude of the new regulations. After striving to keep medical records privately tucked away for so long, they must make this information available to the relevant parties, while avoiding any possibility of a breach. To ensure a smooth transition – and avoid the disastrous effects of non-compliance – healthcare organizations may seek to work with a partner that can provide the executive-level talent to help guide them through this period of significant and unprecedented change. The right partner will offer access to resources who understand the healthcare industry, and these new technology requirements, and know the best path forward. Such individuals can provide the expertise to help manage the technology transition required of healthcare organizations today, with an eye toward compliance and bottom-line improvements. As a result, healthcare organizations can be confident that they’re not only meeting the technology requirements required of them, but also delivering an enhanced experience for their patients.