As part of our Practice Manager Viewpoint Series, we present an article by David Chou, Vice President/Chief Information & Digital Officer, Children’s Mercy Kansas City.
What’s the biggest challenge facing healthcare organizations today?
We have to provide healthcare faster, better, and cheaper—while at the same time providing the best experience for our patients.
Healthcare is leveraging technology to tackle this challenge. In fact, every healthcare company could be considered a digital company, because often their biggest investment is in technology.
But there’s not a morning that I don’t wake up thinking about cybersecurity. It’s imperative to be constantly mindful of growing security risks, particularly in this new world where nearly every device is connected.
Clinical optimization and improving efficiency is our top focus when it comes to our electronic health record (EHR). We’re currently working to become a Cerner-preferred organization, in order to have access to their entire catalogue of tools. This will allow us to improve how we charge and how we capture revenue.
From the patient experience side, we’re working on the interface of our contact center, which is the first line of contact for our patients. Something as simple as scheduling an appointment becomes a standard by which patients evaluate our organization. The retail world has raised the bar in terms of patient expectations in healthcare. Our goal is to make the process as seamless as ordering on Amazon. How do we provide an easy, one-stop experience where they can schedule an appointment and find the information they need about their treatment and visits?
The biggest adopters of digital technology in managing their own healthcare are now those 60 years old and older. The days of using the excuse that older patients don’t want to use or don’t know how to use technology have passed—technology is used for communication across nearly all industries. Patients want to be able to text their doctors and have access to telemedicine instead of coming into the office. Many patients would pay a premium to get the more streamlined, convenient experience that new digital tools make possible.
Going digital—bringing the EHR into the exam room—has given us rich data to analyze and improved legibility of notes, but it did not speed up the physician workflow. The amount doctors have to document, and the effort it takes to do so, has only increased. The EHR systems were designed for regulatory requirements, not to give a better experience for doctors and patients.
Physicians are not satisfied with the EHR, but that may be because of inadequate education on how to use them efficiently and to their full potential. Often physicians have not been educated on how to best utilize the system. Are they taking advantage of things like smart phrases and smart notes and other automated functions? And with the power of AI and voice capabilities, like Siri and Alexa, we’re looking at a future where doctors can have conversations with their patients during the visit and that will be automatically heard and documented in the EHR, alleviating much of this burden.
When it comes to cybersecurity, there is always an opportunity for more education. Education has to be frequent, thorough, and ongoing. Most breaches happen internally. Clicking the wrong email attachment, falling for a ruse by e-mail or by phone, or use of insecure passwords all can open the gates to the cyber kingdom. It's a numbers game. Cyber criminals know that if they try enough doors, one will be found open, and they've learned which doors to check first.
Some companies run their own internal testing, sending suspicious emails to employees and then measuring click rates. Employees are encouraged to report phishing if an e-mail subject or sender looks peculiar. Upon opening a suspicious e-mail, the employee is greeted with a message explaining that the message was a test that should have been reported. While this practice does increase awareness of a threat, these same employees may not be aware of the full corporate risk.
Many employees think of suspicious e-mail links and phishing attempts as being an inconvenience, but one that can be fixed by the IT department, not one that can take down servers, shut down parts of the company, compromise sensitive data, or potentially cost millions. All of these things are possible, and all have happened with the click of a mouse in an office or cubicle.
Clearly, employees are on the front line. Regardless of safeguards put in place, a large role of IT departments, security departments, and security contractors is often to clean up the mess left behind after a cyber attack or breach. Employees with higher clearances within a company also pose a large risk because of their access to more sensitive data, some of which may even be available on their laptops or company-issued devices.
Cybersecurity education is similar to the patient safety campaigns the healthcare industry has conducted around the importance of frequent handwashing: it’s a constant effort that involves everyone in the organization.
Read more insights from David at www.davidchou.health.
Read more articles in our Practice Manager Viewpoint Series:
The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each healthcare provider considering the circumstances of the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.