Hackers Outsmart Pacemakers, Fitbits: Worried Yet?

As healthcare CIOs are well aware, 2014 promises to be the year of "the perfect storm." The potential impact of ICD-10 and Meaningful Use Stage 2, coupled with the transition to value-based reimbursement and new-care-delivery models, promise to overwhelm their budgets and burn out their already overworked staffs.

Nevertheless, there are some other trends healthcare CIOs should pay attention to in 2014, partly because of their bearing on the main events. Here are five significant trends.

1. Patient portals
Because of rising consumer interest in health IT, the industry transition to accountable care, and most of all, Meaningful Use Stage 2, patient portals are hot. Nearly 50% of hospitals and 40% of ambulatory practices already provide patient portals, according to a Frost & Sullivan report. The firm predicted that the value of the portal business would soar to nearly $900 million in 2017, up 221% from its worth in 2012.

[ What Obamacare sites can learn from online retail stores: Health Insurance Exchanges Struggle To Charm Customers. ]

KLAS Research, in a poll of 200 healthcare organizations, found that MU Stage 2 had made patient portals a "must-have" technology for doctors and hospitals. The government EHR incentive program requires providers to allow patients to access their health records electronically. In addition, providers must send care reminders and education materials to at least 10% of their patients. All of these tasks are most easily done through portals attached to EHRs. But there's also some interest in untethered, standalone portals that can help patients assemble their records from multiple providers in one place.

2. Direct messaging
In the past few years, the Direct Project protocol for secure clinical messaging has steadily gained momentum. EHRs must include Direct capability to receive 2014 certification, and Direct messaging is also one way to satisfy the Meaningful Use Stage 2 requirement that providers exchange care summaries electronically at transitions of care. Some health information exchanges are using Direct to communicate with physicians who don't have EHRs. Eventually, Direct messages could replace faxes.

The health information service providers (HISPs) that enable providers to send and receive Direct messages are growing by leaps and bounds, partly because EHR vendors must partner with these entities or create their own HISPs. Until recently, however, HISPs had difficulty communicating with one another because of a lack of trust. The nonprofit trade association DirectTrust is starting to overcome this obstacle by accrediting HISPs that meet specific trust criteria. Accreditation of HISPs that work with nine leading EHR vendors is expected by the end of 2013.

3. Cyberattacks and medical identity theft
Over the past few years, there has been a quantum leap in the number of cyberattacks on healthcare organizations. The Ponemon Institute, which tracks computer security in a number of industries, says healthcare is increasingly attractive to cyber-criminals because the information required to steal a medical identity is worth far more on the street than Social Security numbers or credit card numbers alone. As a result, Ponemon reported, the number of medical identity theft victims in the US soared from 1.42 million in 2010 to 1.85 million in 2012.

This criminal activity can be costly to victims and devastating to healthcare organizations that face lawsuits and government penalties as the result of security breaches. So healthcare systems are stepping up their efforts to combat cyberattacks. What most providers don't realize is that the spread of EHRs, patient portals, and health information exchanges are making them more vulnerable to attack at more points than ever before.

4. Cloud storage and cloud-based EHRs
Security concerns were the biggest reason CIOs and other healthcare leaders said they were reluctant to use cloud storage in an HIMSS Analytics focus group. Some participants said they'd be comfortable using a private cloud hosted by their software vendor. Others said the cloud was fine for business-related information, but that they wouldn't trust it for storing personal health information.

The healthcare execs also raised concerns about cloud vendors that didn't sign business associate agreements, which are required under the latest HIPAA rules. But some leading vendors, including Box, Microsoft, and Verizon, have since signed BAAs.

One reason healthcare organizations will have to pay more attention to the cloud is the increasing popularity of cloud-based EHRs among doctors. A Black Book survey found that practices that were replacing their EHRs were generally switching to cloud-based systems because of the lower upfront cost. At the same time, financial pressures are forcing many of them to outsource their billing to cloud-based vendors. And a cloud-based EHR from Athenahealth beat products from eight bigger EHR vendors for usability in a recent KLAS poll. Keep your eye on the cloud in 2014.

5. Mobile devices
BYOD is a major concern for CIOs, as is insecure texting between clinicians, and those issues will continue. But 2014 could be the year when physicians start prescribing mobile health apps to patients. If there's a major increase in the use of these apps by patients with chronic diseases, monitoring data from patients' mobile devices might also start flowing into hospitals and practices.

The mobile health app revolution poses two questions to CIOs: How do you ensure the security of the bidirectional flow of personal health info between doctors and patients? And how do you deal with the sheer volume of data so clinicians aren't overwhelmed?

To address the security issue, IMS Health recently suggested prescribing guidelines that include rankings of all the health-related apps in the Apple store as well as the rudiments of a prescribing infrastructure. According to IMS, this framework includes the ability to send a secure email or text message to a patient's smartphone.

As for dealing with the flood of incoming data, doctors will probably follow the same model as that for home-monitoring devices. For example, the Center for Connected Health, a division of Partners Healthcare in Boston, has piloted the transmission of data from patients' homes to physician practices. After discovering that doctors would not go to portals to view the data, Partners integrated the monitoring data with its EHR. Now physicians can view all of the data in a spreadsheet or can let nurses cut and paste the relevant data into their EHRs.

IT is turbocharging BYOD, but mobile security practices lag behind the growing risk. Also in the Mobile Security issue of InformationWeek: These seven factors are shaping the future of identity as we transition to a digital world. (Free registration required.)