We are excited to continue our NaviNet 2012 Expert Interview series this week with Shahid Shah, enterprise software and healthcare IT analyst, consultant, and entrepreneur. Shahid is the founder and CEO of Netspective Communications LLC, which helps clients build health IT software for next-generation patient-centered approaches such as patient-centered medical homes (PCMHs), accountable care organizations (ACOs), remote care, and other disruptively innovative business models. In addition to producing his own healthcare IT healthcare IT blog, Shahid is frequently published on federalarchitect.com.
What are the biggest security challenges that hospitals and healthcare facilities will face in 2012?
The rules are getting tighter and tighter, but the relationships among care providers are expanding further and deeper. PCMHs and ACOs create new complex business relationships and care models that pose significant challenges for security professionals. It’s not reasonable to think you can make business models more complex and at the same time have more security. Something’s going to give--and it’s likely to be a little less privacy and some more security breaches as we understand the new world of social health records.
You recently recommended that organizations expand their focus from HIPAA when constructing their healthcare security policies and model their documents off of NIST (National Institute of Standards and Technology) and other resources. What standards do these resources have that HIPAA does not?
HIPAA is not really a security standard–it’s a privacy compliance framework and provides general guidance. NIST actually provides detailed measures, security controls, risk frameworks, and actual standards that can be followed. If you follow general NIST guidelines and have really secure systems based on NIST-style controls and a good risk management framework, then meeting HIPAA regulations is a piece of cake. However, many organizations try to meet HIPAA rules without first tackling practical security threats, so they end up with breaches and fines because being HIPAA-compliant is not the same thing as being hack-resistant.
What do you predict as the biggest developments in Health IT for 2012?
The big shift to mHealth will mean that smaller and more nimble “apps” (both web-based and mobile) will start to shoulder more of the burdens created by new business models. The common wisdom is that there will be fewer electronic health records (EHRs) as consolidation occurs, but that’s not going to happen anytime soon. Interfacing, interoperability, and real service-based platforms will be created that can handle the next level of more sophisticated requirements. We’ll move from basic record keeping and document management to more refined patient management, patient engagement, and collaboration-driven software.
What developments do you foresee in coordinated care in 2012?
I’m not sold on coordinated care “writ large” yet. The problem is that the government and vendors are making it sound as if this is the first time care has been coordinated. Care has always been generally coordinated; it just hasn’t been electronic until recently. The level of coordination between different legal entities and the number of measurements to determine quality are tough to define, implement, and secure. The good news is that we’re all in agreement that we need to coordinate care; the bad news is that we don’t really know what that means, but we’re seeing vendors say they have systems that support it. Care coordination is about automated, patient-centered, clinical coordination as opposed to simple record sharing; we have a long way to go to really implement seamless coordination even though we have the basic technologies available to do so now (the basic technologies are social media, e-mail, and the web).
What will be the role of health plans in setting technology solution standards in ACO development?
The role will be significant and consequential; in fact, without the health plans driving the train, nothing will really happen. Now that Medicare has taken the lead, the big health plans will be right behind. The initial biggest beneficiaries of ACOs likely will be health plans, not just patients.
What are the big HIT-related and healthcare changes that physicians should prepare for in 2012?
HIPAA 5010, ICD-10, and meaningful use Phase 2 will keep everyone busy. Physicians should start to worry about converting all of their vendors into HIPAA business associates and having access to experts in data integration and multiple software system connectivity.
Where should doctors place their focus to increase productivity?
Doctors should focus on IT tools for their supporting staff first. Productivity loss and workflow disruptions are commonplace as our industry gets on the meaningful use bandwagon and is starting to adopt EHR systems at a slightly more rapid pace than in previous years. The reason we have productivity loss is that we focus changing the behaviors of our most expensive resources too early in our automation journeys–we go after doctors first. In my experience, if you want physicians to be more productive, you first make sure their supporting staff has the tools they need to reduce the physicians’ burdens. Only after you’ve optimized those around physicians do you go after improving the physicians’ productivity.
Thank you again to Shahid for taking the time to connect with us at NaviNet. What do you think about his predictions? Is your organization prepared for the healthcare IT changes on the horizon? Comment below or on join the discussion on Twitter, Facebook, LinkedIn., and by subscribing to our blog. Learn more about what other industry thought leaders are thinking about for 2012 including John Lynn, John Moore, and David Williams.
Senior Director, Corporate Marketing