The Financial Impact of Not Managing Patient Data

A new report shows the US patient monitoring market is expected to grow quickly in the coming years. The lingering question, however, is what are physicians going to do with all of that data?

A new report from iData Research indicates that the US patient monitoring market, already valued at more than $3.5 billion in 2013, is expected to grow to more than $5.1 billion by 2020. That’s the good news.

The lingering question, however, is what are physicians going to do with all of that data?

“When I work with any customer who has HIPAA data, they’re shaking their heads saying, ‘Help me, I don’t know how to manage all this data,’” says Anna Sharack, technical director of information and technology at ViaWest. “I think drowning in data is a perfect explanation for what they’re going through.”

The key to avoid getting lost in all this minutia of data, Sharack says, is to understand the inventory and where the data resides. Then it starts becoming a bit easier to manage.

Have a plan

Sharack explains that in some respects, HIPAA has forced requirements on physicians in the area of patient records and security, and non-adherence to those requirements carries a penalty. That’s not to say that physicians have to be “forced” to do the right thing in terms of protecting patient information, but security costs money.

“Physicians really need to do a risk assessment to understand what the risk is, and how much it will cost if they do — or don’t – secure and manage their data appropriately,” she says.

The other aspect is securing legacy data—patient information that was compiled and has been on file in medical practices way before HIPAA requirements began. Often physicians don’t know how much data they have, how far back it goes, and how they can convert it from paper format to electronic versions.

“Medical practices need a data management plan, a data strategy,” Sharack says. “And in some cases they need help from a service provider, from a contractor, to come in and help them analyze and determine what their end goal is. You know, where do they want to be in three to four years, and what additional data are they going to want to gather?”

Two-step approach

Sharack says the first ingredient to better managing patient data is awareness. With security controls being added to protect data, meeting with staff regularly to review those controls is essential. Call them “awareness meetings.”

“Practices should have a business continuity plan to help in the event of a disaster,” she explains. “We call it a desktop or table-top test. Determine what type of disaster would be more likely to occur, such as a power outage, and still maintain availability of the data.”

She also recommends having unique IDs, where staff are not logging into computers using the same credentials, as another means of security patient data.

The second ingredient is to work with a cloud provider. Sharack says that when physicians search for a cloud provider, the most important element to understand is roles and responsibilities. In other words, what is the medical practice responsible for versus what the cloud provider is responsible for? And cloud providers, she adds, are not all the same.

“They’re not cookie-cutter,” Sharack says. “There are different layers within a cloud environment.” Physicians should only engage a provider offering a fully managed, highly protected HIPAA-compliant cloud. “We have a security team that monitors any kind of alerts out of office, changes that happen with that environment, such as any kind of intrusion detection. We do vulnerability scanning to make sure that there aren’t any security holes in the environment. We shouldn't expect physicians to know every single technicality within a cloud environment, but we should be educating the physicians so they understand what their liability is, and what they’re transferring over to the cloud provider.”

Trickle-down effect

Sharack says that, unfortunately many physicians do not understand the repercussions of not securing patient data. Medical practices that don’t effectively manage and protect the data they’re collecting, she cautions, are exposing themselves to negative financial repercussions—now, and in the future.

“At some point [not effectively managing patient data] will come back even more negatively,” she says. “If it’s not being looked at now, and if you don’t take the initial steps now with a data management plan, you’re going to have a lot more data later. If there is an event, a breach that happens because securing the data was neglected, then you’ll have additional fines and that really it impacts just the overall image of the practice.”