- Published: 15 October 2021
For healthcare systems to see success in digital health interventions, they must address these concerns.
The way people shop, do their banking and run their businesses have evolved immensely with the rise of mobile device usage and better network connectivity.
In healthcare, however, widespread digital advancements are still lagging behind other industries. The COVID-19 pandemic has accelerated change in many aspects, but a total digital overhaul that could transform care delivery for patients and providers remains a work-in-progress.
Digital transformation can mean an improved patient experience, reduced clinician burnout, better health outcomes and lower costs. So, what are the challenges many healthcare systems still face when taking on a digital health strategy? They include interoperability, cybersecurity, privacy and challenging misinformation.
More Is Possible for Health Interoperability
The shift to an electronic medical records system from a paper-based one was just the tip of the iceberg for healthcare’s journey toward modernization. Advancements in cloud computing, automation, wearable technologies, mobility, network connectivity and more have promoted previously infeasible interventions.
With more advanced possibilities, the industry envisioned a range of critical digital health interventions, such as better chronic disease management, increased patient engagement in care, improved independent living outcomes for older adults and proactive population health monitoring.
Interoperability remains a major challenge in healthcare. According to a 2020 Pew Charitable Trusts survey, 81 percent of adults support increased access to health information for providers and patients. However, the necessary standards for interoperability are still lacking, and the lack of adoption of existing standards remains a barrier. Moreover, data misrepresentations, missing information, and data errors lead to poor data quality, hindering interoperability.
Another issue is that digital interventions depend on the reliable functioning of all technology components. For example, a network failure may result in device errors, and a security vulnerability can cause access failures. Since such possible errors are beyond the realm of medical accountability, such liability may also extend beyond a hospital or clinic. The challenge is in defining a realm that also accounts for nonmedical and nonclinical liability.
While there is no holistic remedy yet, establishing independent business associate agreements with each vendor that provides technology services as part of digital health solutions, with reinforced liability and indemnification in case of outages, security breaches and disasters, would be a good starting point.
Security Remains a Focus in Healthcare
Cybersecurity is a critical area of concern for healthcare systems. Cyberattacks can specifically target sensitive, and oftentimes highly valuable, personal health information. Malicious attacks can lead to a disruption of care, resulting in patient harm and adverse medical events. And high-impact threats are hard to predict. For example, the probability of a ransomware attack on a hospital database through a patient-connected device may be low just because the database is within a private network. But such an attack can tremendously damage the hospital’s reputation and breach patient privacy. Such challenges need constant monitoring and counter-remedies.
Privacy is deeply interconnected with cybersecurity concerns. With the use of multiple devices and applications in digital interventions, too many loopholes could compromise personal identifiable information and protected health information. The loss of a patient’s PHI may lead to serious consequences such as reputation loss, discrimination, fraud and other harms.
Most digital health solutions retain PII and PHI locally on the devices or in central repositories. Any breach or inadvertent access of such information would jeopardize privacy.
While there is no silver bullet, several measures are recommended to constantly revamp the security posture around digital solutions as attack surface broadens and new threat vectors emerge.
The use of multifactor authentication is known to establish confidence in authenticating users, especially using at least one biometric as a factor. Ensuring encryption of sensitive information both at the data and transport layers is also critical.
Besides, using public-private key cryptography to encrypt and digitally sign sensitive data transmissions boosts integrity and privacy. Also, it is highly recommended that any files or data stored on the device be automatically encrypted. Better off, all sensitive data collected locally by an app is deleted, and the user session is securely terminated as soon as the user leaves the app. The apps can also prevent copying, sharing and printing of sensitive data to reinforce privacy protection further.
The data management in the cloud or on-premise should also be fortified. While it is advisable to limit the capture and exchange of any sensitive data, it is mandatory to seek consent from the owner before collecting and sharing such information.
Techniques for anonymization of PII and complete prevention of re-identification while retaining data usability for research and meaningful evidence generation can be employed but with consent from the data owners. All access to sensitive data must be role-based, ensuring privileged user access where access details are tracked and audits and risk assessments are conducted periodically.
In the case of cloud services, contractually committing the provider to store and process data in specific location jurisdictions becomes unavoidable. Besides, commitments of the cloud provider to multi-tenant data segregation, incident response and recovery, liability and indemnification in case of disaster or a breach, and full compliance with HIPAA and GDPR rules, become mission-critical.
Lastly, the dissemination of misinformation in healthcare remains a complex hurdle when implementing widespread digital interventions. Misinformation can be malicious when it is known that it could harm recipients directly or indirectly. Digital interventions must ensure the authenticity of research and rely on reliable and trusted channels while exchanging information. And there needs to be a stronger response when medical information is spread.
Such digital information exchanges are also prone to malware and phishing attacks. Hardening network perimeter defenses by enforcing deep scanning and inspection of messages and attachments for malware and phishing content is highly recommended.
Though the digital health roadmap holds many promises, the challenges outlined here should not be considered as roadblocks. Instead, they should be seen as road signs indicating potential road hazards that prompt healthcare systems to drive forward with caution and determination toward success.
Autor(en)/Author(s): Murali Kashaboina
Quelle/Source: Health Tech Magazine, 08.10.2021