A pinch of salt and a dose of skepticism are appropriate whenever a new technology promises to change the world. Often, the advent of a high-tech tool paints us into a corner as we struggle to reconcile the promises of the future with current realities.
Health care is a perfect illustration of this kind of technological “flashpoint.” The nation’s health is a top priority, yet health-care providers and related organizations must thread a nearly impossible needle when it comes to the convenience and the safety of patient medical data. Patients are right to expect privacy for their most personal records. They’re also right to cry foul when legislation moves too slowly, or technology providers drop the ball.
For now, HIPAA is an important gatekeeper between patients’ health data and those who would use it dishonestly. But getting technology to the point where HIPAA compliance is affordable and widespread enough to be useful has been a long road—and in some ways, we’re still on it.
Why Merge Technology and Medicine?
Even the most tech-savvy American may look askance at the introduction of, say, Google Glass into a doctor’s examination room. So what’s the benefit of merging technology with medicine?
To start, it could stop the dreaded “death-shuffle” toward the nearest doctor’s office when people call in sick from work or school. Patients everywhere carry sophisticated computers—aka smartphones and tablets—right in their pockets. And they increasingly envision a world where they can use that technology to interact with doctors, share information and photos, and receive prognoses. Patients are also looking to use their portable devices to see to the paperwork shuffle that accompanies examinations, scans, prescriptions and all of the other bureaucratic details of modern medicine.
A poll of patients revealed that Americans have almost fully realized the vision of a technology-supported health-care industry. Courtesy of USC’s Carol Peden from the Keck School of Medicine, the findings revealed the following three top priorities:
- 67 percent of patients want to use modern technology, including downloadable apps, to receive ongoing lifestyle support to remain healthy.
- 60 percent of patients hope to keep in touch with their doctors—including providing information about symptoms and improvements over time—from home without traveling to a clinic.
- 51 percent of patients want modern technology to improve preventive medicine by enabling easier detection of early signs of illness and faster intervention.
For a long time, companies have patted themselves on the back for going paperless, but the arrival of digital recordkeeping for medicine has been slow. But apps and other technologies provide opportunities far beyond “going paperless.” It’s a whole new way to practice medicine. So why has medicine lagged so far behind for so long?
The answer, as is frequently the case these days, is “privacy.”
HIPAA and What Comes Next
HIPAA—the Health Insurance Portability and Accountability Act—is already more than 20 years old. The Clinton administration signed it into law in 1996, and with it in place, the health-care industry began to envision a more convenient, more portable and ultimately more secure way to practice health care with the help of modern tools. The act consists of five titles, each of which crafts a set of mandates and best practices for technology-assisted health-care providers.
In other words, along with the dream of mobile health records that can follow patients from doctor to doctor, anywhere in the country, comes a huge set of expectations regarding patient protection and privacy.
The particulars of HIPAA have required some reconsideration and rewording over the last two decades as higher-tech medicine has proliferated. The act’s goal has always been to create a robust digital medical infrastructure that makes the exchange of information safer and faster. But these expectations—backed and kept up to date by electronic data interchange (EDI) standards—have had to change as data-storage and data-transmission methods have become more sophisticated and simultaneously more vulnerable.
The requirements described in the HIPAA EDI standards are too technical to discuss in detail here. Suffice it to say the body in charge of these standards has kept up to date with both technology advancements and the needs of modern medicine, and it has attempted to create a set of standards that allow the electronic health records of every American to be stored securely and retrieved quickly.
Modern Medicine and the Digital Self
Like it or not, we all have a digital self. We have the ghosts of old Internet accounts, passwords we forgot ages ago, avatars, archived emails and social-media pages. You don’t have to think hard to imagine how complicated things get when you add electronic protected health information (ePHI) to the mix—especially when you consider how fragmented the digital-security world already is and how many major challenges still remain to be solved.
HIPAA’s architects recognized this situation in 1996, and in the years since, they have begun holding both covered entities and data-storage providers to higher standards. Some of these standards have only recently become practically and fiscally realistic for health-care providers to implement.
Data centers that store medical information, according to HIPAA, must adhere to strict standards concerning physical infrastructure and even organizational structure. Independent and third-party HIPAA-compliance audits can be had for a price. They yield a HIPAA compliance report: a document that’s available on request and that can expedite some of the paperwork—not to mention expense—of maintaining compliance.
If a medical provider—a “covered entity”—entrusts a non-HIPAA-compliant data center with confidential medical records, that medical provider bears the responsibility for maintaining compliance. Had it instead chosen a storage provider that had first obtained an independent HIPAA-compliance report, it’d have nothing to worry about.
I mentioned above that the actual technological requirements of HIPAA compliance are for tech wonks and IT specialists to worry about. Nevertheless, you can get some idea of the medical areas they affect by scanning the requirements for HIPAA-compliant data centers. The following list contains a small sampling:
- Business Associate Contracts and Other Arrangements §164.308(b)(1)
- Assigned Security Responsibility §164.308(a)(2)
- Information Access Management §164.308(a)(4)
- Security Awareness and Training §164.308(a)(5)
- Contingency Plan §164.308(a)(7)
Compliance, therefore, goes far beyond back-end tools and lines of code, encompassing requirements for specific training modules, continued learning, company culture and a plan for dealing with data loss or theft.
Bridging the Gap Between Tech and HIPAA
Obtaining and maintaining HIPAA compliance has associated costs—some of which could fall on small medical providers if they choose the wrong data center. But how much does HIPAA compliance actually cost?
According to some experts, the cost for smaller covered entities should be somewhere around $4,000 to $12,000. Larger providers might expect to pay $50,000 or more. It’s a surmountable expense—particularly when massive corporate mergers of health-care providers are the rule. Yet America remains home to small practices and independent medical networks that might be unable to handle these additional requirements.
Can they still incorporate technology into their practice if patients desire it?
The answer is yes. Consumer-level technology is bridging this all-important gap by doing what it does best: putting magically capable devices in our pockets and within reach of our budgets. Consider, for example, the effect smart health wearables are already having on health insurance—some Apple Watch purchases are subsidized because insurance providers recognize the tangible benefit such devices offer in maintaining health.
Of course, keeping tabs on resting heart rate and step count is one thing. The next revolution will be far more consequential. Thanks to Moore’s Law and the miniaturization of high-tech consumer goods, vendors can now deliver technology that can actually help doctors make informed diagnoses from afar.
Stanford University is using the Apple Watch to mount organized research into irregular heartbeats. And in doctor’s offices, Google Glass is appearing and helping physicians deliver better and more personal care with fewer opportunities for either party to forget something critical.
And it’s more than just wearables. Faxes aren’t cutting-edge technology, but thanks to new security protocols, Softlinx and other providers allow patients and health-care providers to exchange time-sensitive materials through HIPAA-compliant cloud-based fax services.
A Critical Technology Comes of Age
On the basis of all these facts, the golden age of medicine that was promised a while ago has apparently just been waiting for the right technologies to mature. And that view is partially true. Another part of the puzzle is the generational passing of the baton. Millennials are clearly the most tech-savvy generation ever, and health care is keenly feeling their influence.
Growing pains will continue, of course. In 2013, medical interns spent more time on the computer than on patient care. But now that technology has finally caught up with society’s vision, we’re closer than ever to the health-care system of the future.
About the Author
Kayla Matthews is a technology writer and reporter, contributing to websites such as VentureBeat, Vice, MakeUseOf and TechnoBuffalo. Visit ProductivityBytes.com to read more recent posts by Kayla.