Topics
More on Risk Management

6 focus areas CIOs are prioritizing in 2018

CIOs are acutely aware of the security complications medical devices and telehealth bring.

Beth Jones Sanborn, Managing Editor

Last month, LexisNexis brought together 30 high-level executives, most of whom were CIOs from hospitals, nursing homes and health plans of all sizes from across the county to find out what data-related issues are weighing on them most as we get further into 2018. Ed Domansky, LexisNexis manager of media and analyst relations, and Erin Benson, director of market planning, said six major themes emerged from their responses.

It seems merger and acquisition activity sent waves through the information security sector as well, adding complexity in several areas. Also, innovation continues to be a multifaceted undertaking in that while it can yield clinical and operational gains it also means adding another dimension of risk, especially where security is concerned.

Here are six areas CIOs said they are focused on in 2018.

1. Interoperability--Described by many of the participants as a "daily challenge," interoperability affects their ability to exchange data, such as patient EMRs, and be able to use that data across clinician, lab, hospital, pharmacy and patient. It gets to the heart of their health information systems working together within and across organizational boundaries. Yet the executives in the focus groups struggled to even come up with a unified definition of what interoperability is. For some it was about sharing records for provider referrals and different settings of care. For others, it meant surfacing relevant medical history data to the right specialist, not just passing on a record, and helping those specialists filter through the data to get to what's most important. "It was interesting to see the full spectrum of how they were defining interoperability and I think that's why it came up as a priority because of how broadly it was defined," Benson said.

2. Security-- The more devices that are added, the greater the amount and caliber of security that is needed. There are more records being digitized and hackers are becoming more sophisticated. Execs are always looking for ways to upgrade their security and make sure their hospital isn't breached. Incident response plans and updating policies and standards, especially around newer products and services, and staff education were also priorities. They talked a lot about digital platforms like portals, telehealth and how to make those more secure. The balance between being asked to make data more readily available to patients but at the same time putting security in place to keep data protected is a constant focus. Finding that balance is a challenge. 

3. Identity Authentication--CIOs know that providers aren't necessarily seeing the patients in person anymore. They're logging on and doing more self-service activities online, even checking lab results. So how do you verify they are who they say they are before you provide them with medical care and advice and access to their records? Remote authentication is top of mind. "Balancing strong authentication with easy access poses new hurdles," Benson said.

4. National Patient Identifier--If there was one issue on which all the participants seemed in full agreement it was regarding national patient identifiers. "We need it" was the overwhelming consensus and there was some surprise that there hasn't been more federal money spent on establishing one considering the widespread acknowledgment that it is necessary and important. It would help with interoperability, especially in light of M&A activity where providers are having to merge disparate systems. They also talked about an increasing focus on the continuum of care and being able to link records of patients before they come into the health system through the efficient passing of records for follow-up care. "An NPI would help with this because today each system uses its own algorithm and their own identifiers so it may work within that system but when they try to move information outside the system it starts to add complexity into the process." 

5. Patient Record Linking--Errors in patient identification pose a threat to patient safety and are therefore an unending concern. Mismatching patients and records can lead to missed diagnoses and incorrect treatments. Here again, M&A activity and the reality of various systems needing to combine under a new system "umbrella" fueled the concern, along with the ongoing digitization of health records which means the volume of data is swelling and this issue will only get bigger. "It really comes down to how do you bring different data from different providers and organizations together knowing they all use different vendors and algorithms and get it into a single repository where you're really able to have a holistic view of your patient."

6. Provider Directory--For these healthcare executives, keeping their provider directories current is a daunting challenge. They know that provider data is continually changing and most admit they have limited resources assigned to handling updates. Demansky said this is a hassle for both providers and payers. The information is constantly changing, with 50 percent of the information in directories becoming out of data within 18 months It's a telling statistic, he said. On the provider side, just one practitioner's office might contract with several different carriers and associated plans. They have to go through and update that info by email or fax to each one as frequently as every month. Those updates can happen at different times so for an office staff it can be an ongoing issue.