Study outlines issues facing health care IT pros

Editor's note: Christina Kyriazi is manager of insights and analytics at Peak 10 Inc., a Charlotte, N.C., infrastructure provider.

It’s an exciting time to be an IT professional in the health care sector – and a challenging one. A confluence of digital innovations and government-mandated reforms is transforming the industry. IT staffs are expected to help power the changes and they have their work cut out for them.

Emerging medical technologies demand more robust, agile platforms. Mergers and acquisitions among health care organizations necessitate a consolidation of disparate IT environments. Government mandates and changing regulations require the implementation of increasingly rigorous IT privacy controls and security policies. All the while IT professionals face many of the same challenges as their counterparts in other industries, from constantly-changing cyber threats to overburdened staffs.

Outsourcing – and leveraging cloud services in particular – has the potential to reduce some of the challenges, freeing IT staffs to put their efforts towards initiatives that can help advance health care delivery and quality. But are IT professionals in the health care industry taking advantage of IT outsourcing options such as the cloud – and if not, what is standing in their way?

Peak 10 conducted a two-phase study to better understand the decision-making among IT leaders in the health care industry that leads to their adoption or rejection of outsourcing and technologies such as cloud computing. The first phase consisted of an online survey of 149 information technology decision makers (ITDMs) in the health care industry within the United States. The survey included 25 multiple-choice and/or open-end questions.

For the second phase, Peak 10 contracted with a third-party research firm to conduct one-on-one phone interviews with 11 participants from the initial survey. The results provide insight into some of the issues that are helping or hindering health care IT professionals. A copy of report is available at www.peak10.com. (Registration required.)

Traditionally been hesitant

Outsourcing information technology infrastructure – whether via the cloud or colocation at a third-party data center – offers well-documented benefits. However, the health care industry has traditionally been hesitant to take advantage of them due to regulatory constraints. These findings were confirmed in the Peak 10 study with the majority (82 percent) of respondents noting that their organizations currently keep their mission-critical production environments in-house (Figure 1). Even non-core activities, such as testing and development, remained in-house for most respondents (74 percent).

However, the respondents’ plans for technology implementations over the next six to 24 months did indicate a greater openness to IT outsourcing, especially for disaster recovery. One in three of those who don’t currently outsource disaster recovery plan to do so over the next two years.

For many organizations, managing disaster recovery in-house has traditionally been an expensive proposition that requires significant capital expenditures for servers, storage, bandwidth and secondary recovery sites. Other organizations have simply neglected disaster recovery planning. Outsourcing – whether via colocation or the cloud – can offer a cost-effective way of meeting disaster recovery needs and let organizations tap the expertise of vendors who specialize in disaster recovery strategies.

Infrastructure-as-a-service (IaaS) models also seem to be gaining ground for supporting other workloads as well. Over the next six to 24 months, 25 percent of the survey respondents plan to implement IaaS for their production and/or testing and development environments.

Among the reasons for the growing interest in IaaS is that more companies are interested in avoiding the large capital expenditures associated with maintaining their own infrastructure. In addition, some IaaS models incorporate high-level security and technical controls that enable them to help organizations meet some of their regulatory compliance requirements. The use of IaaS also can free up organizations’ IT staffs, enabling them to focus more on their companies’ strategic initiatives.

Do not have the flexibility

While 82 percent of respondents noted that their budget would increase or stay the same over the next 12 months, a lot of times they do not have the flexibility to spend it on exactly what they want. Software implementation, virtualization and meeting regulatory requirements topped the list of key priorities for the survey respondents – with regulatory requirements cited as often overriding virtualization and software implementation projects.

The survey respondents noted that components of HIPAA/HITECH, as well as ICD-10 and the Meaningful Use requirement in the Medicare and Medicaid Electronic Health Care Records (EHR) Incentive Program, were driving funding priorities. Many stated they “didn’t have enough boots on the ground,” explaining that standardizing on EHR and other primary applications were taxing internal resources and leaving little time for even considering large data center migrations. Additional resources were not forthcoming.

Surprisingly, 40 percent of the survey respondents stated it was too early to tell if the Affordable Care Act (ACA) would affect their IT departments; 24 percent offered no opinion. Only 22 percent reported that they had experienced any negative effects. Revenue decreases, cost increases and resource constraints were cited as the top three issues to date (Figure 2).

The ACA notwithstanding, government mandates in general significantly negatively affect IT, according to 60 percent of the survey respondents. Only 2 percent claimed they have no influence.

Regulatory compliance issues also factor into many health care organizations’ hesitance to use cloud computing, along with concerns over security and data privacy. All were cited as the top barriers to cloud adoption by survey respondents (Figure 3). The concerns are not without merit. Continuing a three-year trend, breaches in the health care industry topped the Identity Theft Resource Center’s 2014 Breach List with 42.5 percent of the instances of compromised data identified in 2014.¹

While not all the breaches were associated with cloud services, they nonetheless have made health care organizations wary. As one interviewee in the study stated, “What worries me is that what if I use a cloud service and the controls aren’t in place? My data could slip into somebody else’s environment or their data could slip into my environment. The repercussions could be disastrous.”

For health care organizations subject to the requirements of HIPAA, those repercussions could come with a high price tag. In January 2013, the U.S. Department of Health and Human Services released its final HIPAA Omnibus Rule, which substantially increased the civil monetary penalties associated with a HIPAA privacy or security breach. A single instance of HIPAA non-compliance can cost the offending organization as much as $50,000 in fines. Additionally, health care organizations could incur up to $1.5 million in a 12-month period for repeated violations.

Under the HIPAA Omnibus Rule, cloud services providers and other external data services providers now share responsibility for meeting HIPAA requirements as they relate to electronic protected health information. However, that doesn’t negate the damage done once a breach has occurred – including the subsequent damage to a health care organization’s reputation.

Exploring the use

Nonetheless, health care IT professionals are exploring the use of cloud services. As has been seen in many industries, the Peak 10 study showed that their initial foray into the cloud is primarily through software-as-a-service (SaaS). A higher percentage of survey participants reported using SaaS than IaaS over the next two years, with 25 percent of those not currently using SaaS planning to do so.

SaaS represents an easy first step into the realm of cloud computing because of its cost-savings, flexibility, enhanced scalability, low maintenance and ability to handle common administrative software such as that used for human resources functions. It also can enable faster, more reliable access to applications from anywhere, which has significant implications for enhancing care delivery. For example, in hospital settings clinicians can access complete patient data from their mobile devices. This eliminates the need to stop back at nursing stations between patient visits and frees up more time to spend with the patients and, ultimately, help improve patient satisfaction.

Shadow IT and cloud sprawl

As health care companies explore cloud technologies, concerns over “shadow IT” and “cloud sprawl” cause IT professionals to hesitate moving too far forward. Shadow IT refers to the use of hardware or software that is not supported by its central IT department. Cloud sprawl is the unplanned, uncontrolled spreading of applications and services into the cloud. Both can introduce security and compliance risks, as well as make IT professionals’ jobs more complicated. To manage the proliferation of disparate technologies, applications and implementations, an enforced IT governance decision-making framework and processes is essential with employee communication and education as key components.

In addition, IT has traditionally been viewed as an administrative function rather than as a critical part of health care operations. As such, it has often not received adequate budget or resource support. That line of thinking is changing as health care organizations increasingly expect IT not to just support advances in the health care industry but to help drive them. However, in the interview portion of the study, it was noted that while the role of IT in transforming health care is increasing, the resources to help aren’t.

Complex decision-making processes have also proven to be significant barriers to IT outsourcing in the health care industry. Most health care organizations have multi-layered governance and long-term strategic goals. IT decision-making and purchasing cycles can be long and contentious if not aligned with those goals. In addition, multiple departments are often involved – many of which work in siloes and have competing interests and priorities. Gaining consensus and approvals can be difficult.

Keep the momentum going

The challenges facing IT professionals in the health care industry are formidable but not insurmountable. Technological advancements are transforming health care delivery and it is becoming clear that IT must be equipped with the necessary resources to keep the momentum going. Much of the impetus for change will come from an emphasis on the patient experience.

Across almost all industries, customers expect fast access, ease of use and personalized attention. It’s no different in health care, where patients are no longer just patients. They are consumers and expect better services and more for their money. They want their health-related information at their fingertips as would be provided by a patient portal. They want their physicians to be able to approve prescription refills whenever they are needed, a function made possible with e-prescribing. They want “smart” rooms that enable them to customize their environments, instilling more of sense of control at a time when their conditions may make them feel particularly vulnerable.

Providers that fail to deliver these kinds of services – or that fail to provide their IT staffs with the resources to make these services available – will lose patients to the competitors who are leveraging technology to enhance the patient experience.

The IT professionals surveyed in the Peak 10 study are aware of the growing importance of a better patient experience and noted specific technology solutions that they believe will have the greatest impact on the patient experience in the coming years. Among them: mobility, electronic health record and patient portals (Figure 4). (See sidebar below.) Whether or not support is provided to enable IT staffs to address these trends remains to be seen.

More overburdened

In industries ranging from finance to manufacturing, outsourcing at least portions of an organization’s IT assets, to experienced, qualified third-party IT infrastructure vendors can yield a number of benefits. Among them: risk mitigation, reduced downtime and lowered costs. In addition, outsourcing has been shown to free overburdened IT staff from onerous daily infrastructure maintenance tasks. Few IT staffs are more overburdened that those in the health care industry. That makes outsourcing all the more desirable for this sector – especially if it can free up IT staffs to focus on strategic initiatives, particularly those related to enhancing care delivery and quality.

As health care IT professionals see the successes generated by outsourcing IT infrastructure in other industries, especially those subject to similar rigorous regulatory requirements and security issues, they may become more amenable to the use of cloud solutions, colocation and other services.

Technology is transforming the health care industry. It makes sense for those charged with managing and implementing that technology to have access to the resources that can make the job easier – cloud and data center services included. 

REFERENCES

¹ “Business strategy: U.S. clinical mobility 2011-2016 – forecast and analysis,” IDC Health Insights Survey.

² “The value from investments in health information technology at the U.S. Department of Veterans Affairs,” Colene M. Byrne, Lauren M. Mercincavage, Eric C. Pan, Adam G. Vincent, Douglas S. Johnston and Blackford Middleton.