Of the three main components of HIPAA — the Privacy Rule, the Security Rule, and the Breach Notification Rule — the Security Rule is one that is particularly relevant to health application development in the healthcare sphere. The majority of these applications, from patient portals to mhealth apps, store or transmit electronic Protected Health Information (ePHI). It’s essential to keep this information safe, and the Security Rule has in-depth guidance on the extent to which this needs to be accomplished, but with a fair amount of flexibility as to the strategies for implementation.
Here, we decode the Security Rule as it applies to patient portal and mHealth app development, specifically in regards to user authentication. In Part 2 of this series, we cover auditing, and in Part 3 we discuss issues related to data transfer, such as encryption and notifications.
Secure patient portals have become a very effective tool for communicating with consumers and enhancing the level of patient care. They allow information to be accessed faster and easier than ever, yet it is important to remember that it is the responsibility of practices to ensure individual’s health information is private and secure.
Many industries have already discovered the benefits of outsourcing IT systems to a professional IT service, and while healthcare is no stranger to the concept, it is once again gaining prominence.
A recent Black Book report, which surveyed over 1,030 hospital IT leaders, 240 CFOs and over 1,000 business leaders, found an overwhelming number of recipients in favor of using outsourced health IT solutions, such as point-of-care technology, healthcare IT infrastructure, and HIPAA compliant security. Nearly 73 percent of hospitals with over 300 beds are now looking outside for their technology solutions, and 81 percent of providers with less than 300 beds have prioritized outsourcing complex IT operations in their development plans.
The main reason for the increased demand in outsourcing is due to the growing importance of IT in the delivery of quality patient care. Healthcare organizations are relying on technology more and more, like the need for a secure patient portal, as an essential component of their operations within the rapidly changing healthcare scene.
Advantages of Health IT Outsourcing
The last time that the healthcare industry saw prominent growth in outsourcing was in the late 1990s in order to control costs through broad based IT solutions. Today, positive return-on-investments and immediate access to fully trained IT staff and required technologies are the key drivers.
According to the Black Book survey, 90 percent of outsourcing hospitals reported an immediate return on investment (3 months or less) for health IT outsourcing in Q3 2015 when the survey took place. Many providers are also simply not in a position to hire and train internal IT staff, whereas outsourcing can help to implement new technologies faster by utilizing and putting together resources quickly.
84 percent of respondents reported that their relationship with outsourcing vendors is exceeding their expectations, and almost 86 percent of CFOs and 91 percent of CIOs would be willing to reshape an entire organization in order to implement outsourced IT services in the most effective and efficient manner.
Hospitals have increasingly felt the pressure of managing revenues, and severely tightened margins have further put pressure on bottom lines. Outsourcing can help lower costs considerably, especially as the push for more sophisticated patient records, secure patient portals, data analytics, and population health management continues to grow.
Doug Brown, managing partner of Black Book Market Research commented, “Most hospital leaders see no choice but to evaluate and leverage next-generation information and financial systems as an outsourced service in order to keep their organizations solvent and advancing technologically.”
While there have been past failures reported on outsourcing, the causes of these failures mostly resulted from selecting the wrong vendor, unrealistic expectations, or insufficient performance monitoring. Consumers have since used their experiences to adapt and improve their IT outsourcing contracts.
Certainly, it’s clear that the business value to be gained from health IT outsourcing, in terms of economics, technological skills and expertise, established processes, and service quality, can ensure a cost effective solution and allow healthcare organizations to focus on their core business.