The following is a guest article by Natalie Tkachenko, Healthcare Software Solutions Consultant at NIX
To obtain test results today, there’s no need to visit the hospital. Simply open a mobile app and download the report to your smartphone. Doctors remotely manage patient data without being tied to a specific medical facility. They also handle large volumes of data effortlessly within their hospitals. This became possible thanks to electronic health records, telemedicine, and cloud solutions. However, along with advancements, challenges in digital healthcare are increasing. Let’s discuss how to tackle them and explore the IT solutions essential for modern healthcare institutions.
Challenges in Medical Data Management
The healthcare sector contains an abundance of confidential information related to patients, medical procedures, treatments, and population health. This includes personal data, medical histories, laboratory results, insurance numbers, and more. When it comes to managing medical information, we go even further. Technologies, laws, standards, and people contributing to data solutions are integral to this process. Continuous development in this field ensures a fusion of business, science, and IT, allowing effective configuration while considering the nuances of handling personal data.
Confidentiality
Laws and regulations govern the confidentiality of medical data. State documents define rules for collecting, storing, processing, and transmitting medical information. In Europe, this is GDPR (General Data Protection Regulation), in America, it’s HIPAA (Health Insurance Portability and Accountability Act). Software developers and applications collaborating with medical institutions are also obliged to adhere to these laws.
Storage of Information in Various Systems
While serving diverse medical institution needs, Electronic Health Records (EHR) and Electronic Medical Records (EMR) parallel existence complicates information access and exchange between doctors, patients, and different medical centers. Electronic Health Records encompass a broader context of patient medical information storage, incorporating treatment records, diagnoses, lab results, allergy data, vaccinations, and more. In contrast, Electronic Medical Records capture information about specific visits to a doctor or medical facility, circulating within one institution. Unlike EMRs, requests for access to EHR records can be made by other medical centers.
To seamlessly obtain information from various systems, healthcare data exchange standards are essential. Healthtech providers can adopt HL7 (Health Level Seven) or FHIR (Fast Healthcare Interoperability Resources). The main difference lies in FHIR’s use of RESTful web services and open web technologies like XML, JSON, and RDF, while HL7 supports only XML.
HL7 has various versions, with CDA being the most widespread. CDA supports document exchange among all structures involved in patient care. It allows the reuse of medical data for healthcare reports, tracking treatment quality, and ensuring clinical research safety. CDA can be utilized in numerous medical applications.
Terminology Differences
Philips conducted a survey among healthcare professionals on obstacles to the industry’s digitization. One major issue identified was the use of different terms to describe identical concepts (illnesses, procedures, devices, services, etc.). Challenges arise due to synonyms in professional jargon and variations in local translation choices (national counterparts vs. borrowed terms). For instance, “physiotherapist” or “physical therapist”.
Addressing this issue involves adopting international classification standards like SNOMED CT and ICD-11. IT companies collaborating with healthcare providers can implement these standards as follows:
- Integrate SNOMED CT and ICD-11 support into electronic records (EHRs or EMRs) and other systems. This enables medical institutions to code terms according to standards.
- Develop applications for term coding based on unified standards. Virtual “assistants” can offer automatic recommendations and select the necessary terms.
There is no doubt that the healthcare sector will evolve alongside technology. Consulting with IT providers can offer solutions for managing medical data smoothly and, most importantly, securely.
Technologies Facilitating Work with Medical Data
Cloud Storage for Information Preservation
“Clouds” provide an excellent way to store medical data without the need to invest in new equipment and software. Various optimal storage options are available depending on the client’s needs and budget.
Pros:
- Broad PaaS functionality (Platform as a Service): A ready-made infrastructure for developing, integrating, and managing various types of software
- Pay only for the resources you use
Cons:
- Delays in technical support
- Requires qualified management due to a large number of services and cloud features
Considered a Leader in Cloud Platform Services for Healthcare.
Indeed, the research company KLAS has published a report explaining why healthcare systems consistently choose AWS over its counterparts. According to respondents, this cloud platform is more tailored to the healthcare industry.
AWS solutions require software compatible with HIPAA standards. There are guidelines on configuring cloud storage according to these standards.
Pros:
- Scalable for different needs
- User-friendly with guides, video instructions, and courses available on the site
Cons:
- Amazon EC2 limitations depend on the region
- Requires extensive learning before use
- Often lacks experts for technical support
- Budget estimation is challenging due to the multitude of services
The storage operates in accordance with HIPAA standards. It includes Google Drive, Cloud IoT Core, Cloud SQL, and Cloud Storage.
Pros:
- Allows scheduling server maintenance time
- Easy integration with other Google Cloud services
- Automatic SSL certificate updates enhance data security
Cons:
- Different pricing models with unnotified changes
Blockchain for Enhanced Confidentiality
Based on blockchain, electronic medical cards have been developed. Researchers from the Massachusetts Institute of Technology created the MedRec system using this technology. Developers found that blockchain can improve the confidentiality of medical records and reduce administrative costs for patients. Users also noted that they are now more confident in the security of their data.
Blockchain also allows providing different levels of access to data. We have tested this capability with blockchain as well. Our experts created an online platform with three key participants: the hospital (pediatrician), parents, and the primary school. For the security of medical information, it is displayed differently to users. The platform operates with the following mechanism:
- Parents sign an agreement with the hospital where the child undergoes examinations
- The pediatrician accesses medical records and updates the child’s health information
- Parents apply for the child’s enrollment in an elementary school, and if accepted, the school requests the pediatrician’s report on the student’s health
- The doctor creates the report, and parents must consent to its verification by a specific elementary school or multiple educational institutions
Artificial Intelligence as a “Smart” Assistant for Doctors
Medical chatbots have proven their necessity during the COVID-19 outbreak. Only on the Microsoft platform, more than a thousand chatbots were created during the pandemic. According to Persistence Market Research, the market for such AI-based products is expected to grow by an average of 21% by 2030.
Artificial intelligence algorithms noticeably simplify data management. A study by MIT Technology Review Insights found that with AI, doctors spend less time on administrative tasks and, instead, focus more on patients.
However, it is crucial to consider the compliance of chatbots with security standards. Currently, ChatGPT does not meet HIPAA standards. In contrast, SmartBot360 was specifically developed as a medical tool with adherence to these requirements.
Problems and Solutions for Data Protection
According to Check Point Research, health organizations worldwide experienced a 38% increase in cyberattacks last year compared to 2021.
Medical records remain a desirable target for cybercriminals as they can be used for fraud or ransom demands. Outdated technical equipment and the actions of employees can assist fraudsters in gaining access to these records.
Non-Compliance with Cybersecurity by Medical Professionals
No modern technologies will protect against hacker attacks if your password is everywhere “1234” or your date of birth. One study found that access to medical records is often “cracked” primarily due to the negligence of employees in following basic cybersecurity rules.
IT solution providers, in collaboration with healthcare institutions, can ensure the necessary level of data protection. How to achieve this:
- Conduct cybersecurity training for medical professionals. This can include training sessions, webinars, online courses by developers, or cybersecurity experts. Specifically for Ukrainian healthcare institutions, the Ministry of Health, together with the USAID project “Support for Health Reform,” has developed guidelines on how to maintain data confidentiality.
- Regularly communicate with healthcare providers even after the completion of the project and product release. This will allow identifying potential security gaps in a timely manner, preventing their occurrence, and protecting systems from attacks. Instructions for medical professionals from cybersecurity experts, monthly/quarterly reports sent to technology developers for analysis, will also be useful.
Vulnerabilities in Medical Equipment and Devices
The global statistics for 2023 are alarming: the frequency of attacks on IoT devices in healthcare institutions has increased by 123%. One of the reasons is outdated devices and infrastructure. They do not support system updates and, as a result, lack an adequate level of protection.
What IT Professionals Recommend for the Protection of Electronic Data
- Regularly update software. Developers continually work on improving the security of their products and release new versions to eliminate vulnerabilities. If updates are no longer supported on your devices, use complex passwords for accounts (minimum 12 characters, uppercase and lowercase letters, numbers, and special characters), download antivirus software, and update programs that can be updated. However, the best solution is to install new equipment.
- Set up automatic data backup creation. This will prevent information loss in the event of cyberattacks or malfunctions. You can choose where copies will be stored: on external drives, local servers, or cloud storage.
- Separate IoT devices into separate networks to reduce the cybersecurity threat in case one device is compromised. For example, you can divide them into different physical networks using VLANs or use different SSIDs (unique Wi-Fi network names) for devices.
- Use the TLS (Transport Layer Security) protocol for data transmission between different servers, messengers, applications, etc.
- Additionally, use firewalls, virtual private networks (VPNs), antivirus software, and other security tools.
Technologies have changed medicine for the better and continue to do so—for both patients and healthcare providers. However, new opportunities come with risks that need to be overcome, or better yet, avoided. Therefore, the main recommendation is to explore innovations in healthcare and choose what can provide your institution with efficient and secure patient data management. Today, there is a technical solution for every such need.
About Natalie Tkachenko
Natalie is a HIPAA-certified expert with high-grade knowledge in the healthcare and pharmaceutical industries. She helps medical companies of all sizes, from startups to enterprises, get the most valuable tech solutions for fundamental digital reinforcement in patient care, automation of operational processes, and overall business progress.
