GUEST BLOG: Balancing Innovation, Business Needs, and Security

As providers seek to address patient engagement requirements associated with meaningful use, accountable care, changing reimbursement models and health information exchanges, some of my clients question whether it is possible to innovate care delivery and market themselves to prospective and existing patients while, at the same time, safeguard the privacy and security of their health data.

My answer is always an unequivocal “yes.” It’s true, balancing innovation and security can be challenging, but not as difficult as widely perceived. Risk management by definition requires weighing risks against frequency, probability and impact. Just because something is a risk does not mean you have to fix it. The healthcare community as a whole goes to great lengths to avoid situations anticipated to compromise security. Innovative ideas that improve care, the patient experience, customer service and efficiency, coupled with creative methods to attract and retain new consumers to increase revenue, are often quickly rejected because of the aversion to risk.

The solution is not to unplug your computers, disconnect wireless networks and lock all the doors. Healthcare organizations should implement smart security plans that allow for compliance but also embrace innovation. Reform has moved from a consideration to law and patient-centric care models that incent providers and payers to seriously look at innovation to connect and collaborate with patients are now priorities.

To address the security of protected health information (PHI), the first step is to ensure your security and compliance officers participate in all business discussions entailing consumer outreach initiatives. By engaging these highly trained professionals early in the planning process, organizations can avoid costly missteps and communication gaps.

At a minimum, providers can:• Create a mobility strategy. Otherwise, nurses, physicians and patients will create one for you.• Ensure data is encrypted when in transit and at rest. This is an important distinction when working with vendors as patient data is often exchanged between trading partners.• Understand the rules. Most companies avoid innovation—aka “disruptive solutions” —because they view “something” as risky. Know the law and use the tools available. The cloud, for example, is not a bad tool; many organizations use it effectively and securely because they know the rules and create solutions with those guidelines in mind.Anchored by this foundation, providers can securely engage in innovative ideas to boost care and profits. Patient portals, mobile devices and social media are convenient and easy-to-use tools offering providers new and enhanced abilities to deliver information and services, field questions and obtain feedback, and interact with patients. Nearly 80 percent of adults use the Internet, 50.4 percent own smartphones, and 19 percent own tablets. For a business to survive the new era of mobility and social media, start interacting with your consumer when and how they want to engage.By addressing security as a fundamental aspect of your business, healthcare organizations of all types can position themselves to interact with consumers in unprecedented ways. Amazon recommends products based on analysis of consumers’ previous purchases and buying habits. Medical entities should engage with consumers in the same way. Recommending health screenings to individuals based on their age, diagnosis, medical history and other criteria is an example of retail marketing philosophy.Juggling marketing and business development against security needs, health reforms and quality improvement, will be daunting. However, healthcare organizations should not use the security rule or concerns over security risks as an excuse to squelch or automatically dismiss innovative proposals and marketing decisions. Allowing fear of the unknown, change, penalties or a cursory assessment will drive poor decision making and missed opportunities.

Providers have a choice. They can either let fear of the unknown paralyze them or embrace new methods to change, measure and deliver care while simultaneously striving to protect the privacy and security of their patients’ data. The former will lead to loss of business and mediocre clinical and financial results while the latter offers a constructive path to achieving greater outcomes, success and a competitive advantage.

Eric Mueller is Services President of WPC. He has 20 years of diversified healthcare experience spanning healthcare reform, IT strategic planning and execution, revenue cycle optimization, security and compliance, new product and technology launch, organizational design and re-structuring, and mergers and acquisitions.