Enterprise Security 10-04-2017

2 Challenges Health IT Still Faces

Mike Nelson

Let the National Health IT Week parties commence! But, before we do, let’s reflect on the progress and growth the industry has seen over the last decade.

The Background & Growth of Health IT

When I began my career in healthcare 12 years ago at the US Department of Health and Human Services (HHS), the adoption of health IT was in it’s infancy. At the time, there were hundreds of IT vendors selling products of all types that promised improvements in efficiency, medical errors, transportation of medical data, and a myriad of other benefits. Because of the large volume of vendors in the space, many that worked in the industry struggled to know which products were best suited to help them achieve the promises of Health IT.

Under the leadership of then HHS Secretary, Michael O. Leavitt, the Department formed a group called the Health Information Technology Standards Committee (HITSC), involving many industry thought leaders to establish baseline standards for health IT around functionality, interoperability, and security.

This work eventually led to the creation of the Certification Commission for Health Information Technology (CCHIT), which evaluated and certified HIT vendors based on the standards created by HITSC. IT vendors started certifying their products, and this gave more confidence to those buying IT products in healthcare because consumers knew certified products at least met a baseline standard. This effort also caused many of the bad vendors to move out of the market as they couldn’t keep up with the standards that were now in place.

Following these efforts, the adoption of health IT began to accelerate but most of the growth was seen in metropolitan areas. To spur the adoption of health IT in rural communities, Secretary Leavitt decided to leverage the power of the Centers for Medicare and Medicaid Services (CMS).  The department developed a Medicare demonstration project that offered healthcare organizations incentive money if they adopted CCHIT certified technology and demonstrated clinical and process improvements. The money acted as a dangling carrot and triggered increasing adoption in smaller communities.  When President Obama came into office, his administration quickly decided to move this project out of demonstration and make it a national project with $20 billion in incentive money tied to it. This project is now commonly known as Meaningful Use.

I wanted to provide this background to highlight significant activities and efforts that have dramatically improved the state of and adoption of health IT.

Despite the progress, we are still far from a state of nirvana, where we realize all of the great promises the technology can bring. The healthcare IT industry still faces challenges.

Challenge: Interoperability

One of the challenges we still face is the interoperability of clinical data.  Many of the EHR systems still refuse to open the doors and communicate and share information with other systems. These walls need to come down so patient data can freely follow the patients, allowing them to be armed with a complete history of their medical care, so doctors can better treat them.

Not only does interoperability enable more coordinated care, but as healthcare delivery and payment increasingly shifts to value-based care, interoperable health IT is essential to the effective communication that will help improve the quality of care, better the health of communities, and lower per capita costs.

Challenge: Cybersecurity

Another issue facing the adoption of HIT is cybersecurity.  With the recent attacks on Anthem, St. Jude Medical, and the wide-spread ransomware attack known as WannaCry, it’s clear the health IT systems being used throughout the industry aren’t secure. Cybersecurity needs to become part of what we do instinctively in the industry.

During the 2016 Winter Olympics, Anthony Ervin an American swimmer, won gold in the 50-meter freestyle. He is the fastest short distance sprinter in the world. To win an event like that, your mechanics must be perfect. If any mistakes are made, it’s the difference between 1st and last place. The amount of practice put into developing those perfect mechanics is mind-boggling. Good mechanics are not developed overnight. It requires consistent effort, practice, making mistakes, and learning from them.

Healthcare is in it’s infancy in establishing mechanics around cybersecurity. Integrating good cyber practices into the DNA of healthcare isn’t going to be easy and will require resources and new people with different skill sets. However, it is of utmost importance that we begin making cybersecurity part of what we do with health IT.

Health IT has come a long way since 2004 and the industry is better because of it. My career has been focused on the adoption and use of this critical technology that offers the promise of efficiency and clinical quality. In recent years, I’ve transitioned to focus more on solving the cybersecurity challenges our industry faces. As connectivity becomes part of all IT systems in our industry, good security mechanics are not optional. The time for action is now.  Now…let’s enjoy the week and celebrate!


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories


Pioneering the next wave of secure digital solutions 


4 best practices for bulk email senders



Driving digital trust with SOC 2-compliant DNS