More Is Possible for Health Interoperability
The shift to an electronic medical records system from a paper-based one was just the tip of the iceberg for healthcare’s journey toward modernization. Advancements in cloud computing, automation, wearable technologies, mobility, network connectivity and more have promoted previously infeasible interventions.
With more advanced possibilities, the industry envisioned a range of critical digital health interventions, such as better chronic disease management, increased patient engagement in care, improved independent living outcomes for older adults and proactive population health monitoring.
Interoperability remains a major challenge in healthcare. According to a 2020 Pew Charitable Trusts survey, 81 percent of adults support increased access to health information for providers and patients. However, the necessary standards for interoperability are still lacking, and the lack of adoption of existing standards remains a barrier. Moreover, data misrepresentations, missing information, and data errors lead to poor data quality, hindering interoperability.
Another issue is that digital interventions depend on the reliable functioning of all technology components. For example, a network failure may result in device errors, and a security vulnerability can cause access failures. Since such possible errors are beyond the realm of medical accountability, such liability may also extend beyond a hospital or clinic. The challenge is in defining a realm that also accounts for nonmedical and nonclinical liability.
While there is no holistic remedy yet, establishing independent business associate agreements with each vendor that provides technology services as part of digital health solutions, with reinforced liability and indemnification in case of outages, security breaches and disasters, would be a good starting point.
Security Remains a Focus in Healthcare
Cybersecurity is a critical area of concern for healthcare systems. Cyberattacks can specifically target sensitive, and oftentimes highly valuable, personal health information. Malicious attacks can lead to a disruption of care, resulting in patient harm and adverse medical events. And high-impact threats are hard to predict. For example, the probability of a ransomware attack on a hospital database through a patient-connected device may be low just because the database is within a private network. But such an attack can tremendously damage the hospital’s reputation and breach patient privacy. Such challenges need constant monitoring and counter-remedies.
Privacy is deeply interconnected with cybersecurity concerns. With the use of multiple devices and applications in digital interventions, too many loopholes could compromise personal identifiable information and protected health information. The loss of a patient’s PHI may lead to serious consequences such as reputation loss, discrimination, fraud and other harms.
Most digital health solutions retain PII and PHI locally on the devices or in central repositories. Any breach or inadvertent access of such information would jeopardize privacy.
While there is no silver bullet, several measures are recommended to constantly revamp the security posture around digital solutions as attack surface broadens and new threat vectors emerge.