The push for telemedicine and opioid response tech in public policy has the potential to simplify documentation for physicians — but it could also complicate security for healthcare IT specialists.
Earlier this summer, the Centers for Medicare & Medicaid Services (CMS) announced major adjustments to its policies on the Physician Fee Schedule and Quality Payment Program. The changes represent a major development for which both doctors and healthcare IT specialists must prepare.
Specifically, the policy incentivizes the use of and access to virtual care and telehealth, easing the reporting burden on physicians and improving information sharing between different healthcare providers. As the University of California San Francisco Department of Medicine Chair Bob Wachter Tweeted in response to the announced changes, “If this pans out, [it] could be awesome.”
However, while the new policy is being received with great enthusiasm by doctors who, to use Wachter’s term, are tired of “soul-sapping” documentation, healthcare specialists should recognize that the increased emphasis on telemedicine and data sharing will introduce myriad new security risks.
What’s New in the Updated CMS Policy
Not long ago, it would have been unimaginable for a patient to receive a diagnosis by sending their doctor a picture or video via text or email, but with the updated CMS policy, billable digital communication between patients and physicians is a very real possibility. While that exact scenario is still under review, the policy updates clearly attempt to establish telemedicine as a means of improving healthcare accessibility. Soon, clinicians can be paid for virtual check-ins, which comes as especially big news for elderly and disabled populations and the doctors who serve them.
The updates also emphasize “promoting interoperability” by rewarding providers who allow patients to easily access their health information and streamlining the process of sharing information between healthcare facilities. These changes would lead to “significantly less documentation burden for clinicians treating Medicare beneficiaries” and “more efficient, effective use of electronic health records in clinicians’ offices,” according to a press release from the Office of the National Coordinator for Health Information Technology.
Additionally, the agency’s policy defines opioids as “high priority” in the Merit-based Incentive Payment System formula and incentivize the integration of prescription drug monitoring programs into electronic health records. These policy modifications have the potential to ease the documentation responsibilities placed on doctors whose time is better spent tending to patients. Nevertheless, the increased prioritization on digital recording and sharing also represent an increased security risk.
What’s at Risk
Private enterprises have known for a long time that as soon as data goes mobile, it becomes significantly more difficult to secure. When this mobility meets the highly-sensitive information that doctors and nurses handle each and every day, the risk factor skyrockets.
Hospitals aren’t safe from cybercrime — if anything, they’re especially vulnerable to it. The medical records that hospitals must protect, which contain home addresses, dates of birth, social security numbers, and confidential health information, are often more valuable to cybercriminals than financial information.
That’s why it’s so concerning that, according to one study, 20% of healthcare IT professionals are still running Windows XP, an operating system that hasn’t been supported since early 2014, on their networks — meaning that it hasn’t had a security update in at least that long. Perhaps unsurprisingly, research indicates that 90% of healthcare organizations suffered some sort of security breach between 2015 and 2016, amounting to an estimated $6.2 billion in damages.
Security isn’t the only issue at play as healthcare providers ratchet up their reliance on computing technology. When their network is facilitating communication with patients and the quick transfer of medical records, a healthy network means an increased ability to keep patients healthy, too.
The Right Partner in Healthcare IT
With new policy developments on the horizon, end-to-end network security and functionality has never been more crucial to healthcare providers. As an increasing number of medical records and doctor-patient communications make their way into a healthcare organization’s network system, it’s vital that they have a strong network security partner like Turn-key Technologies (TTI).
Our decades of experience optimizing healthcare networks have enabled us to assess any healthcare provider’s infrastructure.
In an era of increasing dependence on devices, a patient’s health shouldn’t be contingent on a network’s health. TTI’s network and security expertise frees up doctors to continue doing what they do best, unencumbered by connectivity problems or cybersecurity challenges.