The Covid-19 pandemic shows how the healthcare world can turn on a dime — and its technology needs to be up to the task.
Telehealth services are a case in point. In early March, for example, the Cleveland Clinic reported “a fifteenfold increase in telehealth visits” over the course of just one week. They weren’t alone.
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
According to Medicare claims data, “nearly 1.3 million members received telehealth services in the week ending April 18, compared to 11,000 in the week ending March 7.” No one expects another market disruption of this magnitude any time soon — but nobody expected Covid-19, either.
Even before the pandemic, healthcare industry technology was in flux driven by cybersecurity and compliance variables, which increase:
- Organizational Risk. Cybersecurity issues such as ransomware and other emerging cyberthreats are on the rise. To take one example, “Colorado-based Parkview Medical Center’s technology infrastructure was hit with a ransomware attack on April 21, 2020, which caused a number of IT network outages” – right in the middle of treating Covid-19 infections. While patient care was not affected, the organization is likely to incur substantial remediation costs and brand damage as a result of the attack. In May, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency and the U.K. National Cyber Security Centre issued a joint alert warning of advanced persistent threat (APT) groups exploiting the Covid-19 pandemic to target healthcare organizations.
- Organizational Burden. The accelerating pace of regulatory changes has increased compliance workload, further burdening IT staff who manage the information infrastructure needed for reporting. For example, the trend to value-based care is running up against laws designed in a fee-for-service era. In response, the Department of Health and Human Services (HHS) has proposed “changes to modernize” the Physician Self-Referral Law (Stark Law) and the federal Anti-Kickback Statute (AKS). Managing such changes will ripple down to risk and compliance departments.
Faced with these and other technological pressures, healthcare organizations increasingly turn to managed service providers (MSPs) to provide IT infrastructure resources and offload the increased burdens of cybersecurity and compliance.
A Personalized Approach to Medication Nonadherence
At the Abarca Forward conference earlier this year, George Van Antwerp, managing director at Deloitte, discussed how social determinants of health and a personalized member experience can improve medication adherence and health outcomes.
And MSPs are seizing the day: a recent survey found that over a third of MSPs specifically target the healthcare industry, more than any other business vertical.
All of this is driven by the cloud. The rise of public clouds has transformed the healthcare industry, as well as the MSPs that serve them. Technology giants Alibaba, Amazon, Google, Microsoft, and Oracle are all cloud service providers (CSPs) dominating the public cloud market, competing for customers with aggressive pricing and continual releases of new features. Virtually every MSP is using public cloud services to deliver value to their healthcare customers.
By now, everyone is familiar with the benefits of cloud computing, including reduced capital investment, easy access to information, baseline security, service-level agreements, and (perhaps most importantly) radical scalability.
However, the cloud service provider business model poses particular challenges for companies in the healthcare industry in three areas: control and visibility, availability, and data security.
- Control and Visibility: Compared to an on-premises data center, a public cloud deployment is a black box. It delivers the services needed when usage suddenly surges (as with telehealth recently), but there’s no access to internal function. This is generally a CSP feature, not a bug: Someone else worries about the infrastructure so you can concentrate on your business. But in a highly regulated industry such as healthcare, the buck stops with the organization, not the CSP. The opacity of cloud environments can be problematic for compliance and troubleshooting.
- Availability: In terms of uptime, what seems sufficiently reliable in one industry can be completely unacceptable in another. For example, 99.99% availability means that the system is down more than four minutes a month. That might be acceptable for retail transactions — but it’s an eternity in a healthcare emergency.
- Data Security: CSPs provide baseline security for the data that resides in their environment. But just as in the case of reliability, healthcare marches to a different security drum than other industries thanks to an alphabet soup of regulations and legislation such as HIPAA, HITECH, HITRUST, and GDPR. For that reason, the baseline security provided by the CSP simply isn’t enough to ensure the security of protected health information (PHI).
To achieve the technological agility required to function in the modern world, healthcare organizations are wise to pursue managed services and utilize CSP power.
But it’s important to understand that these services aren’t designed to accommodate the unique circumstances of the healthcare industry. No matter how cost-effective or attractive the service, odds are that additional requirements for control, availability, and security need to be considered for healthcare application. There’s simply no way around it.
Photo: mathisworks, Getty Images
I am the Founder and CEO of Cloudticity. I spend my days thinking about how to help the healthcare industry best leverage cloud technology to enable them to help people live healthier lives. I have spent the last 30 years navigating the technology industry. Prior to Cloudticity, I was brought in as the chief operating officer at ePrize; I turned around a failing company that was eventually sold for a fourfold return on the initial private equity investment. Before ePrize, I spent eight years at Microsoft, first as chief technology officer for the US central region, then running the global business unit that oversaw General Motors (Microsoft’s second-largest customer), growing that account from $20MM to over $100MM in three years. Prior to Microsoft, I spent nearly a decade in the technology consulting and startup industry. I hold all the core five AWS certifications.
