Healthcare isn’t going digital. This is not a luddite statement nor is it one that is clinging unduly to tradition and a halcyon past. This is, rather, a factual statement. Healthcare isn’t “going digital”; healthcare has gone digital. From web-based patient portals to the ability to carry your health records on your phone to the covid-driven explosion in telemedicine, the future of healthcare is wedded to digital innovation.
One of the most dramatic and visible aspects of this transformation has been in remote medical care, or telemedicine. At the outset of the pandemic, we were all forced to reimagine how our work lives could function. Doctors and healthcare providers were no different. While many aspects of running a health care system could be done remotely with appropriate security measures—things such as billing, appointment scheduling, and other administrative tasks—practitioners needed a way to meet with their patients without undue risk of exposure to SARS-CoV-2.
Telemedicine came roaring into that space, especially for consultation appointments with specialists and mental healthcare. Prior to the pandemic, roughly 11% of consumers planned to use telehealth services. Through the pandemic, that has increased to nearly 40% of healthcare consumers. McKinsey estimates that telehealth could be a $250,000,000,000 sector of the healthcare industry by the end of the pandemic. Aside from those who plan to continue using telemedicine services, the usage of such services increased by 38 times.
Executives have noticed this trend and are committed to action. Accenture recently noted that 81% of surveyed executives state that the pace of digital transformation in their organizations has increased. Even more of them—93% in the Accenture survey—state that they are engaged with urgency and a clear call to action this year.
“Digital” is not a new sector of healthcare. It is a broad overlay that touches every aspect of a healthcare system. A patient might now book an initial appointment through a web-based portal, then arrange to speak with their provider through a telemedicine service, receiving email and SMS reminders of that appointment time. The provider can use that appointment to determine whether a physical interaction with the patient is necessary. Prescriptions can be submitted online. Following the adoption of online shopping, we are now comfortable sending payment electronically, meaning that copays can also be collected through a secured web portal. Out of view of the patient, the provider’s billing service will also interact with the payer over secured networks both to submit claims and receive payment for services.
Security in Current Medical Technology
Few people in the United States will quickly forget the Colonial Pipeline ransomware attack, which saw gas stations shuttered due to unavailable supply for the first time since the oil embargoes of the 1970s. That very public example of a ransomware attack highlights a nightmare scenario for healthcare executives in a digital environment. In a ransomware attack, the hacker’s goal is to encrypt the victim’s data in order to compel a payment. If the victim pays, a decryption key would theoretically restore their data.
According to a recent report from Sophos, 34% of healthcare organizations were hit by a ransomware attack in 2020. Of those targeted, 65% admitted that the cybercriminals succeeded in encrypting their data. Some used backups to restore their data, while others paid the requested ransom. The average cost of restoration, however, was $1,270,000. The same report found that only 24% of respondents had not been hit by ransomware and did not expect to be hit in the future.
Quite aside from the cost of recovery, which is significant, US-based healthcare entities have specific obligations around data breaches under the 1996 Health Insurance Portability and Accountability Act, known as HIPAA. The Department of Health and Human Services requires notification of individuals and the media in case of a serious breach. In case of a large breach, defined as one affecting more than 500 individuals, further investigations are carried out by the HHS Office of Civil Rights. There are 830 such investigations open as of late August 2021. Of those, 609 investigations—slightly more than 73%—are categorized as “Hacking/IT” incidents. Healthcare providers, health plans, associated businesses, and healthcare clearing houses in 48 states plus the District of Columbia are listed as victims. There are over 53,000,000 records affected in these investigations.
In 2017, the United Kingdom’s National Health Service was taken down by the ransomware attack known as WannaCry. NHS Digital traced the vulnerability to the use of either unpatched or unsupported Windows software. The majority of those computers were unpatched Windows 7 operating systems. Both the US HHS and the UK NHS have mandates related to cybersecurity at present; however, the continued efficacy of ransomware attacks makes clear that many approaches to cybersecurity are insufficient in the face of these types of incursions.
“The CEOs and BODs of healthcare providers must no longer contemplate ‘if but rather ‘when’ their respective systems and data will be accessible to mal-users,” states Brian McGowan, Managing Partner and Global Healthcare Practice Group Leader at ZRG Partners. “Only the most forward thinking and prepared can mitigate the risk associated with technology corruption.”
A recent article at the Brookings Institution sums this up nicely. “The digitization of healthcare infrastructure catalyzed major advancements in patient care, but also created major opportunities for attack. A single vulnerable asset can provide a threat actor with a foothold into the organization and compromise the confidentiality, integrity, and availability of patient data and medical services.” While healthcare organizations are certainly not alone as targets of ransomware attacks, they are an appealing one. Worse still, according to IBM’s 2021 Cost of a Data Breach Report, healthcare as an industry sector has the highest cost of recovery among surveyed industries.
Digital Compliance Measures
While the networked nature of contemporary medical hardware presents one extremely visible headache for healthcare organizations, privacy compliance is also part of the picture. Medical Economics estimates the annual aggregate cost of HIPAA compliance at a staggering $8,300,000,000.
This can be a particular challenge for healthcare organizations that need to ensure various software packages can speak with each other in a safe and secure fashion. Records, billing, and even email or SMS appointment reminders need to be kept secure.
Population and Public Health
Population health is among the many things the pandemic has brought out into greater public awareness. Beyond just tracking case counts and hospitalization rates, the digitization of health and health information has opened new horizons in not just the public understanding of population health but in our ability to readily compile information. The adoption of wearable tech—smartwatches especially—will allow for broad participation in public health surveys with a simple opt-in procedure.
This has greatly impacted the landscape of the actors involved in population and public health. “Digitization within population and public health has changed the landscape of the actors,” per Vikash Salig, MD, Managing Director in the Healthcare Practice at ZRG Partners. “Now the ‘fast will eat the slow’, changing the historical paradigm of the ‘large eating the small.’” Those entities that are faster to adapt and adopt new technologies will overtake those who may be larger or better funded but may also be slower to adapt. All of this is potentially to the benefit of the patient and healthcare consumer. “Empowering patients through digitization will create a more patient-centered care system, which will result in improved quality of service and outcomes,” says Salig.
New Revenue through Increased Efficiency
While new costs are often the first thought in a changing regulatory landscape, the digitization of healthcare may also allow new revenues especially for practitioners. The pressure to do more medicine in less time for less of a payment has grown at an unrelenting pace. Practitioners, however, may be able to recoup a portion of their time through the judicious use of digital technologies.
Commenting on the adoption of time-saving technologies, McGowan remarks that “The pace of change and adoption rate of improving technologies is so rapid that we have literally advanced the healthcare delivery platform fifteen years relative to pre-Covid 19 service capabilities.” Practitioners need not worry that technological innovations will mean greater demands on their time at the expense of patient care. While remaining mindful of the pressure of productivity, we have seen great advancements in digital efficiency.
AI-enabled digital assistants can largely replace the Dictaphone of old. In fact, the Dictaphone company is currently a part of Nuance Communications who were recently acquired by Microsoft for $19.7 billion. A recent CB Insights report on the role of big tech—Apple, Amazon, Facebook, Google, and Microsoft—shows how Microsoft has been building AI solutions into medical record-keeping. With the use of Nuance’s tech, stopping to dictate notes may even become a thing of the past. Through deep-learning algorithms, an audio recording of a patient encounter can be securely converted into physician notes, which are reviewed for accuracy, omissions, and appropriateness before delivery to an electronic health record. That record can be shared with the patient, or with a referring physician in the case of a specialist practitioner, through a portal that includes a HIPAA-compliant connection over Teams.
The Future of Digital Health
The ideal physician/patient relationship is characterized by deep trust and personal connection. The scale of modern medicine, however, militates against creating such relationships unless one is engaged in concierge medicine. Digital healthcare solutions may be able to return to the era of house-call medicine. Practitioners who conduct visits over telehealth services are already doing so. The practitioner no longer even needs to travel from her or his office or home to the patient’s; the visit can be conducted over a laptop, tablet, or smartphone.
As we attempt to anticipate the next normal after covid, telehealth appears to have a bright future. Although they rarely used telehealth services up to the start of the pandemic, a large plurality—if not a majority—of healthcare consumers anticipate continuing to use such services in the future. Psychotherapy has largely transitioned to this space already and is the most likely specialty to stay remote. App-based mental wellness technology continues to penetrate deeper into the market as well.
The portability of patient records continues to benefit patients and practitioners alike. For the patient, it is now possible to carry one’s complete medical history as a file on a smartphone. For a practitioner, the sharing and updating of records can be nearly instantaneous. Whether this means a hospital setting in which multiple specialties have access to the same patient’s digital record or that individual practitioners can collaborate on patient care in a fast and secure fashion, the advent of digital recordkeeping has meant increased access to vital information.
It remains to be seen what can come of the hero of the pandemic: the mRNA vaccine. We have absolutely seen undreamed-of efficacy from these treatments on a timeframe shorter than many thought possible. Whether this can be leveraged to treat other difficult diseases remains to be seen, although the investigations are already underway.