How Privacy and Security Can Overcome Interoperability Challenges in Healthcare
Patient privacy is key to providing quality healthcare – but so is data-sharing. Interoperability is quickly becoming a buzzword in healthcare, but one with backbone, as providers seek new ways to improve the ways they share information. But when you need to share ePHI among providers (or with entities like Social Security), how can you ensure it’s handled safely and effectively? To help you build best practices and policies around interoperability and combat interoperability challenges in healthcare, the webinar “The Healthcare Interoperability Journey: Challenges and Opportunities” featured the insights and expertise of both Geisinger Health Chief Privacy Officer John Signorino and Loma Linda University Health (LLUH) Chief Information Security Architect Rick Duvall.
What is interoperability?
To put it simply, interoperability the process of exchanging healthcare information. At its core, interoperability ensures that patients receive the highest quality and most effective care while respecting the privacy of their most sensitive data. It also allows clinicians to access the information they need in the right format.
There are many benefits to enjoy from interoperability, including:
- Improving patient care and security
- Promoting healthcare efficiency
- Reducing waste and costs while adding revenue
- Streamlining care coordination
- Providing support for health and value-based care initiatives
- Increasing provider satisfaction while reducing frustration
- Facilitating research while enhancing quality analytics
The cost savings and reduction of waste is especially important today, as healthcare is expensive. According to the Centers for Medicare and Medicaid Services, it takes up about 17 percent of United States gross domestic product, much more than in other developed countries. Furthermore, the Institute of Medicine reports that 20 to 30 percent of money spent on healthcare is wasted. Interoperability also aids with value-based care, which is a model that pays providers based on patient outcomes, rather than fee-per-services. In this model, interoperability provides information that can help lead to positive.
At Geisinger, Signorino says he appreciates the more cohesive view of patient data that interoperability provides. This especially helps patients who struggle to communicate – when data is shared between providers, clinicians can more quickly access patient information, allowing them to provide the best possible care.
“The participants in the Keystone Health Information Exchange do appreciate the ability to view a more cohesive picture of the patient regardless of whether they were treated in the facility,” Geisinger said.
For Duvall, interoperability has helped LLUH combat the opioid epidemic: Interoperability enables a database that shows previous medications, giving care providers transparency into whether a patient may have an issue with medication or addiction.
Privacy and security challenges of interoperability
Along with the advantages of interoperability, however, the nature of data-sharing may bring up some privacy-related interoperability challenges in healthcare. “There is often a direct conflict between what we want to accomplish from a population health viewpoint and what some of our privacy laws are saying about the privacy and confidentiality of patient data,” Signorino said.
To help cover all your bases, Signorino asks the following questions when considering interoperability initiatives:
- What laws do we need to contend with in order to share PHI?
- With GDPR, does a patient need to opt in for this to be lawful?
- Even if HIPAA allows it, are there state-specific regulations?
- Are organizations transparent with patients about privacy practices?
- Do we need special authorization for people who struggle with addiction, mental health issues, or certain conditions like HIV/AIDS?
- How do we enforce rules while making sure that data is only shared among clinicians who have permission to access it?
In addition to privacy challenges, there are also security-based interoperability challenges in healthcare to keep in mind, according to Duvall:
- How do you get the data flowing?
- What is the process for prioritizing data requests?
- What’s the liability for failing to act on information flowing into patient health records via a personal device?
On that last point, consider a scenario, for example, where someone has a glucose meter attached to an app like Apple Health and their glucose is dangerously high. How do patients and providers establish expectations around what to do with this information? Should someone call when notice the high number, or is the glucose reading something they’ll talk about at their next appointment? “When you’re getting unsolicited data that could potentially need immediate attention if that value was found in person, how does that affect liability?” asked Duvall on that point.
“If the only reason you can define for interoperability is healthcare operations, I tend to question those requests.”
Overcoming privacy and security interoperability challenges in healthcare
To help overcome any potential privacy or security interoperability challenges in healthcare, specific best practices include:
- Understand all requirements and laws. At both state and federal levels, organizations need to know when consent is required for treatment.
- Design to the most restrictive requirements. Healthcare providers must consider data classification, data segmentation, and role-based access.
- Future-proof your intentions. Technology and regulations change – it’s important to be ahead of the curve when it comes to preparations.
- Maintain transparency. Some people want the option to give consent whenever their personal information is shared. It’s important to be transparent with patients and explain any relevant privacy policies.
- Articulate a patient-centered benefit for interoperability. “If the only reason you can define for interoperability is healthcare operations, I tend to question that,” said Duvall.
- Monitor user access to ePHI. A full-lifecycle privacy and security monitoring platform that can integrate with multiple EHRs and clinical, big data, compliance, cloud, and other applications will help ensure that only authorized individuals are viewing ePHI.
Despite interoperability challenges in healthcare, it’s full of rewards. Chief among those is the ability to share PHI between facilities while maintaining patient privacy – which will allow patients to enjoy a less stressful experience while improving value-based care. When implemented correctly, interoperability means that healthcare providers can administer superior care within a streamlined experience – and patients will take notice.