Springfield, MO

Log in Subscribe

Opinion: How to fix health care IT’s failing grade

Posted online

School is back in session, and it’s time for hard study, focus and, of course, grades. When looking at the world of information technology, there is a large spectrum of what one could grade as successes and failures. When it comes to general IT maturity and success in health care, most practices have a failing grade. This unfortunate grade is due to a multitude of factors, and while they are not insurmountable, they do need to be addressed, especially in a sector where life and death could literally depend on IT functionality.

Complacency over IT is more prominent in health care than any other industry in which I have worked. Yet is there an industry where complacency can have a bigger negative impact than health care?

No one wants to believe their medical practitioner is complacent about anything. It is not that health care practices are not concerned with IT, but many think if they keep their head down, the “evil HIPAA monster” will not get them. Or they think if they can just push that 5-year-old, nonsupported server or workstation a little further, they can delay spending a little longer. I have spoken with many health care organizations that don’t want to deal with the Health Insurance Portability and Accountability Act, and they don’t want to make investments that will make them more secure, productive and successful.

Yet the organizations that are not complacent are the ones that are more successful, having demonstrated to their clientele that they are trustworthy and thorough in protecting vital data and taking care of details.

Privacy and compliance
This is a broad topic. Privacy and compliance are closely related, and both are critical, especially as the public continues to focus on this topic.

Let’s look at the European Union’s General Data Protection Regulation. Many health care practices fail to see how GDPR affects them. Are there EU residents in their database or maybe dual residents? What do they do if a dual resident comes for care? Does their electronic medical record provider have programmers that are residents or dual residents of the EU?

These questions can be scary, and what it takes to become compliant is not far removed from HIPAA and all that is required. Burying one’s head in the sand isn’t a viable strategy to deal with compliance. As the attention of consumers continues to focus on privacy, they will increase their demand that their health care providers are complying with HIPAA, GDPR and other privacy regulations. Health care businesses have gotten away with a somewhat laissez-faire attitude for a while, but the spotlight will eventually swivel to this industry, and wide-scale changes are coming.

On the heels of privacy and compliance is security. Some of the things that scare me in regard to security are health care computing systems that are not encrypted, IT support that doesn’t have solid security expertise, weak security infrastructure, lack of security training and poor policy management. There are of course other things, but these are the big ones. These areas combine to create a scary world where privacy and compliance walk on a knife edge.

A simple email can give a hacker access to your entire company, bring down your network, cause you hundreds of thousands of dollars in legal fees and ruin your reputation. Yet many health care organizations don’t take the time to train their employees or put in place simple and cost-effective spam protection. Security needs to be layered, and oftentimes doing a few small things can have a huge positive impact on security.

Backup and recovery
Backup and disaster recovery is a part of HIPAA, but very few health care organizations take the time to properly document and train on backup and disaster recovery procedures.

Many think of a disaster as being a natural disaster, but this is rarely the case. Disasters happen in health care with something as simple as a server crash, where patient data cannot be accessed and lives could be at risk while you scramble to regain access to medical records. Disasters can take many forms, and this is why having a solid backup and disaster recovery plan is critical. Do not leave consideration of this issue until the day the disaster occurs.

While this article singles out health care, these risks are applicable to any industry. Taking small and solid steps to improve IT maturity in health care practices can bring great results and reduce risk and exposure.

Todd Nielsen is chief strategy officer for JMark Business Solutions Inc. He can be reached at


No comments on this story |
Please log in to add your comment
Editors' Pick

Open for Business: carGo Technologies LLC

Cape Girardeau-based carGo Technologies LLC launched its ride-hailing and delivery services in the Springfield market; the 90-bed, $8.7 million Lake Stockton Healthcare Facility began operating; and First Home Bank officially changed its name to Stockmens Bank.

Most Read Poll
What Proposition S project are you most anticipating?

View results