In Part One of this article, we explored the growing development of mobile technology and the myriad of ways in which it can be deployed, both within and outside the health arena.
We noted the efforts to develop shared standards for privacy and security but we also came to appreciate the lack of systematic and systemic implementation of these critical initiatives. Absent privacy and security, as well as interoperability, the full benefits of mobile devices (broadly defined) will never be fully realized. It is this issue that Part Two of this article seeks to solve – or if not solve completely, at least to ameliorate.
Perhaps it goes without saying but without knowledge about privacy and security risks, especially by the direct users, it is hard to move the needle on implementation. And, to be sure, these two important goals need to be balanced with the value of mobile technology in preserving lives and improving communication across the medical field.
One of the best sources of information is housed in a government publication issues by the U.S. National Institutes for Standards and Technology and titled “Guidelines for Managing the Security of Mobile Devices in the Enterprise.” Surely most individuals have never heard of this document; to be fair, many non-governmental software developers are not deeply familiar with these guidelines either.
It is also worth recognizing the growing political push toward greater security and privacy view of the increasing competition in the marketplace for healthcare providers and insurers who are using technology that benefits patients wellbeing while preserving their privacy and insuring the absence of data leaks or data misuse by hackers or other nefarious organizations or individuals.
For instance, as evidenced by the rise of Medicare Advantage plans that provide seniors with choices through Medicare health plans offered by a private company that contracts with Medicare, there is increased competition among healthcare providers. In an ideal world, this will lower costs to consumers and improved health outcomes. As reported in the Wall Street Journal in March 2018, specialized companies have sprung up to help avoid medication conflicts, manage specialty care, or prevent health avoidable complications. But, that proverbial but, none of these advances will get traction if there is not assurance of patient confidentiality and data security. All the new devices will also need to be interoperable between government and private providers, making the need for privacy and data protection all the more important.
We also know that there are many benefits to data aggregation in healthcare. Big data can measure existing and future patient risks and outcomes. Yes, we can look at the success of a particular procedure but we can do much more than that. So, while consumers sense that they are getting real time information about their own conditions through mobile devices and serious new benefits in terms of their health outcomes in real time, these same consumers are at considerable risk that their data will be aggregated, even if atomized, and those large databases, absent blockchain or some other technology, are subject to hacking and unknowing use.
This is a new problem to be sure. In the past, mobile applications focused primarily on tasks at the point-of-care and did not require a sophisticated data transfer infrastructure back to the organization’s main computer system. Using these mobile applications in conjunction with wireless technologies, the following benefits have been realized within the healthcare setting: easier, timely and accurate patient data; reduction in medical errors; improved workflow; and decreased costs. Wait times for patients should also be reduced. With multiple mobile programs at work, assuming interoperability, there will be decentralized decision-making (we can debate whether that is always a plus); more timely decision-making because information on a patient will be readily available on a myriad of devices; and decreased medical errors as information will be complete and accurate (in theory).
Now, with these just described benefits, there are some sizable hurdles. There are questions of access and availability of mobile technology and user capability to understand and use the devices in their possession; surely we do not want better health outcomes for some patients and not others. We don’t want health benefits to be used only by those who are wealthy or tech savvy. And, in some cultures, personal patient-doctor contact remains a deeply valued tradition and value. There is also pressure within the larger arena of healthcare research for increased and improved data that will benefit not just individuals but populations and enable deeper exploration of both diseases and delivery systems.
Mergers among providers present another challenge. Some do technological developments that challenge interoperability on an ongoing basis. And, there are the challenges that occur in the event of a disaster that disrupts access to technology while increasing the need for healthcare for an affected population.
We also know that with increased access to technology and data, how healthcare is delivered will change and we will be re-engineering hospitals and doctors offices and clinics. High-speed Internet and portal technologies will dramatically transform healthcare delivery as the portals will be accessed ubiquitously via computers, wireless devices, and telephone (using voice recognition and speech synthesis applications). Patients and providers will have the capability to collaborate in real time, search, publish/subscribe, or even obtain personal information. Portal infrastructures will also enable an environment that promotes customer service.
With the rush for better outcomes, improved costs, Big Data and business growth, we cannot forget the need for system integrity. During implementation and deployment of all mobile technology, wheresoever located and whomever uses it, security and privacy concerns must be paramount and visible. Every choice of technology and its deployment must address how it will affect the security and integrity of the enterprise.
To these ends, here are seven basic recommendations to guide decision making in terms of recognizing and using mobile devices and the capacities they enable, recognizing that as technology advances, the need to added protections will likely be a reality. These recommendations are (not in order of importance) the need to:
(1) Standardize wireless devices and application solutions whenever possible ( By way of example, picture the era in which we had tapes and VCRs and Betamax and CDs, leading to incompatible devices, a lack of interoperability and increased costs and inevitable obsolescence);
(2) Develop and then maintain a comprehensive security protocol that is transparent and readily accessible for users to see and understand;
(3) Ensure that there is access to devices and connectivity to the Intranet, a serious challenge in some remote locations and there need to be mechanism for moving legacy systems into security and privacy compliance, otherwise we will reify inequalities;
(4) Develop and then deploy wireless systems management tools from the outset, tools that are usable and practical by trained personnel;
(5) Develop and ramp up education programs for all users, including building key skills that enable implementation and use of products, some of which could be tested through pilot programs particularly in low income and rural locations;
(6) Create and identify locations where software and devices can be tested and approved before use in the larger marketplace, something we do now with appliances among other objects for sale, perhaps with seals of approval or other indicators to demonstrate that standards are met; and
(7) Provide mechanisms for providing assistance to all users in real time if there are systems failures or glitches, including a 24/7 help desk as failure to cure can lead to devastating and debilitating health outcomes.
All healthcare organizations need to do a resource analysis prior to undertaking any major project to implement wireless solutions. They must determine realistically what resources they will need to aggressively pursue wireless communication opportunities and protections (as described in Parts One and Two of this article. Moreover, they will need to understand how to redeploy existing resources to get up and running quickly with wireless tactics.
To be fair and realistic, wireless technology will complement wired computing in enterprise environments in the near term. Even as new buildings incorporate wireless networks with greater bandwidth to allow for future applications that may be beyond the capability of today’s wireless systems, this is not a quick conversion process. The complexity of mobile and wireless applications, combined with a lack of standards, will continue to make mobile and wireless an area of overdue innovation. We thought the innovation was in the creation of the technology. How wrong we were. The real innovations will be making the technology come alive for all users with needed protections in place/ The real question about the future of the wireless enterprise network is not whether it is here to stay, but rather the extent to which we have the foresight to Implement it fully, while preserving the privacy and security of the individual’s health information.
We know indubitably that wireless computing can potentially provide enticing dividends; we also know its full value cannot be recognized without proper planning and extensive forethought on the wireless enterprise design and protections. For a broad description of possible approaches, please see: https://www.atarc.org/wp-content/uploads/2018/03/2017-10-ATARC-Federal-Mobile-Technology-Summit-White-Paper-1.pdf.
In the meanwhile, consider these strategic next steps:
(1) Understanding clearly the organization’s business objectives and business processes, recognizing the organization wide re-engineering that will be part and parcel of this progress;
(2) Establish enterprise wireless working groups to develop a long-range strategy and plans, especially ones that can be shared with other organizations to move the proverbial needle despite business competition;
(3) Conduct a realistic enterprise technology assessment, including readiness for sustained implementation of interoperable wireless devices, being careful to select what “fits” for a particular entities needs now and into the foreseeable future;
(4) Identify the type of data that will be able to be transmitted, including whether it is text intensive and/or graphics-intensive so there is the requisite bandwidth and readability, something key in sending healthcare scans and other similar visual technology;
(5) Determine the physical parameters of the proposed installations as wireless networks are limited in range and can be incapacitated by disasters, as we have seen recently in way too many locations;
(6) Conduct detailed on-site analyses of critical physical and clinical problems at healthcare facilities to determine if wireless computing offers the right answers or just more technology for technology’s sake, keeping the need to be patient centered front and center;
(7) Compare and contrast product vendors, including those who are new on the scene, making sure the selected vendors are financially and leadership stable and technologically advancing with new products and upgrades already in the pipeline;
(8) Develop and regularly update an education program that provides training and support for the organization and its personnel and the end-users for whom knowledge is key to successful deployment;
(9) Remain dedicated and focused on data security and the implications of (and remedies for) data breaches, including systems for storing data, processing data and transmitting data including in times of disaster or satellite shutdown, among other calamities; and,
(10) Reflect on mobile interoperable devices not in silos butt as part of an enterprise wide approach with needed infrastructure and buy-in to both the technology and the needed privacy and security strategies.
We know technology is part of the future, including most particularly for our purposes here in healthcare. But, there is a vast chasm between creating technology and implementing it in ways that improve and protect the users of that technology. Nothing is worse than technology that just sits and gathers dust, where an article from a decade ago reflects our absence of forward movement. Well, there is something worse actually: using the technology in ways that do more harm than good. In short, embrace technology but with caution and wisdom and planning. Otherwise, we will all be damaged.
Marc serves within U.S. government, advising senior officials on advanced and emerging health technologies. He is a recognized health systems and health information technology expert with more than thirty years of experience in the federal and private sectors, is highly focused on Health IT strategy and solutions, health care policy, planning and program management. He is known for building extensive relationships among the federal Health IT Community including wide recognition as an innovative problem solver. Today, Marc is collaborating on medical cybersecurity, precision medicine, and advanced and emerging health IT solutions for empowering the nation’s Veterans including IT digital infrastructure and Learning Health Systems. Marc served within PwC, PricewaterhouseCoopers, in the position of Director Washington Federal Practice, Health IT. He focused on developing business strategies and solutions for health informatics and business process change. Marc served within Northrop Grumman Health Systems Management as Senior Adviser, Federal Health IT; there Marc provided leadership in the collaboration and delivery of the nation’s initial mobile Health Applications, Blue Button for MyHealtheVet, for the first time for Veterans to receive their personal health records on smart phones. While in government, Marc worked on federal health IT sharing; served within U.S. Department of Defense, Telemedicine and Advanced Technology Research Center (TATRC) as well as the U.S. Department of Health and Human Services, Health Resources and Services Administration. He also led hospital systems planning for Greater Boston. Marc served as adjunct professor in Health Informatics within The George Washington University and is the author of many articles and co-authored the book, “Medical Informatics 20/20: Quality and Electronic Health Records through Collaboration, Open Solutions and Innovation.” Marc completed his healthcare background at Harvard University, Brandeis University and the George Washington University.