By Rob Quinn, Vice President of Global Product Marketing at BridgeHead Software
If you ask any hospital, the chances are they will cite ‘saving money’, ‘improving security’ and ‘regulatory compliance’ as high priorities. Largely, initiatives exist to tackle these, but one area that could significantly help, but has been historically difficult to tackle, is data management. The foundation of a medical practice relies on having accurate and robust information on the patients being treated. Aside from the obvious necessity of a patient’s well-being, there are many good reasons for maintaining current records.
Legally, hospitals have a duty to retain patient information for lengthy time periods. However, the retention duration varies depending on the type and nature of that information and the patient demographics. As non-compliance can result in hefty regulatory and compliance fines, hospitals tend to keep all of this information, forever, to protect themselves.
To further complicate the situation, this patient information is stored across a large estate of applications. Some are modern, highly utilized systems, such as the electronic medical record (EMR). But, given a hospital’s tendency to keep all data forever, many applications that hold this information are legacy systems that are infrequently accessed, but kept running. As a rule of thumb, the bigger the hospital, the more legacy applications that persist. And the more legacy applications, the greater the cost, resource, and risk associated with maintaining those systems. In addition, these applications (which are generally managed on-premise) take up a lot of prime real estate that could be better used for revenue generating activities.
The data management conundrum has traditionally been a difficult issue to solve. The good news is that new solutions, like BridgeHead’s HealthStore®, now offer hospitals a way to tackle their data management challenges, whilst saving money, improving security, and meeting regulatory and compliance needs – all vital to the successful operation of a healthcare organization.
The Cost of Legacy Applications
In larger healthcare organizations, it is commonplace to find literally hundreds of legacy applications. One UK hospital described its legacy application estate as the ‘feral 500’. In a recent BridgeHead survey it was suggested that even smaller organizations are running a significant number of legacy systems. If an organization has applications that, for instance, are costing them $150,000, per app; once that is multiplied against dozens or hundreds of applications those can present staggering costs.Aside from the exorbitant costs and resources required for the day-to-day operation of these systems, there are other important factors that need to be considered. Hospital IT departments are in a constant state of stress and often subject to budget constraints while being overwhelmed with large projects on top of their routine duties. Because IT staff are typically the experts on many of these legacy systems, attrition and turnover of personnel inevitably leads to gaps in knowledge. The result is that legacy applications persist and organizations are left with no one having the skill sets to maintain and support them.
This is a major risk, particularly because many of these old systems run on outdated hardware. Computers were not built to last forever, yet the data they store can be essential as part of the longitudinal patient record. As the potential for disk failure increases over time, it means that, at any minute, all of the patient and administrative information trapped in these legacy systems could be lost.
Once a disk is gone, the chances of successfully restoring that information is slim to none (unless the hospital in question has a robust disaster recovery solution in place – but, often, legacy systems are left out of the backup schedule). Losing this data opens the door to a potential avalanche of lawsuits and fines.
Threats to Data Management Come From Every Direction
Legacy applications and hardware failure are not the only risks posed by running old applications. As outdated systems accumulate over the life of a hospital, they increasingly become a target for cyber criminals. Hackers exploit security loopholes in these older, unsupported systems by utilizing ransomware. It is well documented that a spate of recent global cyber-attacks targeting healthcare providers have been successful. Such attacks hold huge ramifications for a hospital, including the cost of the ransom itself, loss of clinical service and subsequent risk to patients, reputational damage and loss of revenue. In addition, regulatory bodies will adjudicate after the incident has passed, which also has implications.
Access To A Full Patient History At The Point Of Care
At BridgeHead, we believe data management is the lifeblood of any healthcare organization – it underpins care decisions and the smooth running of hospital operations. Healthcare data comes in all shapes and sizes; as do the applications that create it and the storage on which it resides. General ledger, human resource (HR) information, legal records, insurance documentation – the list goes on. But, at the heart of any healthcare organization, is patient information.
To efficiently and effectively deliver quality patient care, clinicians and support staff need access to a full clinical history. But, often, access to a 360-degree patient view is hampered because of the lack of interoperability across the hospital’s application estate. For most providers, the majority of current patient information resides in the EMR. However, there is a large proportion of valuable historic patient and administrative data that is locked into legacy applications that has no integration with a hospital’s primary systems. So, unless a physician makes a considerable effort to track down and access this data (which is highly unlikely – they don’t have time, may not have any idea which systems contain relevant patient information, and may not have the appropriate log in credentials), then the likelihood is that this information, no matter how important or valuable, cannot reasonably be considered when consulting, diagnosing and treating patients.
The ideal scenario is to have a system that can draw from disparate, legacy applications and streamline the data into a comprehensive medical record, available by clinicians and support staff at the point of care.
One Solution to Save Money, Improve Security, and Stay Compliant
BridgeHead’s HealthStore® solution extracts, consolidates, stores and protects patient and administrative information from legacy applications making the data accessible to clinicians and support staff, at the point of care, ‘in patient context’, directly from within the hospital’s primary system (generally the EMR). HealthStore’s interface has been designed with physicians in mind, ensuring that the simplest tasks are executed with fewer clicks, integrating seamlessly into the existing workflow while providing a much richer patient record by which informed clinical decisions can be made.
Once data from legacy systems has been extracted and ingested into HealthStore’s central repository, those systems can then be decommissioned. This has tremendous benefits. Firstly, the hospital can save significant cost by removing the legacy system from the application estate, such as licensing, hardware operations (power, cooling, etc.), staff resources, and real estate.
Secondly, HealthStore enables hospitals to vastly reduce the threat surface from potential cyber-attacks. By removing those legacy systems that, over time, become increasingly less secure, you essentially eradicate the loopholes and vulnerabilities that are so often targeted by unscrupulous cyber-criminals. And, HealthStore provides a self-protecting capability to ensure data remains uncompromised and available in the event of loss, accidental deletion, outage or larger disaster.
Lastly, HealthStore’s information lifecycle management features enable hospitals to manage how and where data is stored and for how long. HealthStore’s inbuilt policy manager allows rules to be applied at a granular level to data based on a wide range of criteria, including retention periods. As a result, Health Information Managers (HIM) can relax knowing that patient and administrative data is readily available to meet their regulatory and compliance obligations.
While patient outcomes are often the focus of a hospital’s budget, saving money, improving security, and meeting regulatory and compliance needs are also essential to the effective data management of any healthcare organization. HealthStore resolves all these issues in a single, comprehensive stroke, providing an immense boon to IT and HIM teams struggling to stay afloat.
Is Your Organization Looking to Protect itself from Healthcare Cyberattacks?
Read our whitepaper: ‘Legacy Applications: A Healthcare Cybersecurity Nightmare’ to learn more about the clinical, operational, financial and governance risks that face the healthcare industry, and how you can protect your organization from healthcare cyberattacks.
Rob is responsible for go-to-marketing activities for their clinical data management solutions. For the last 17 years he has worked in the high-tech field helping organizations within healthcare, life sciences, and finance more efficiently manage and analyze data. Rob started his career as an engineer at Raytheon building missiles for the United States Military before migrating to Product Management and Product Marketing roles within software companies such as The MathWorks, Oracle, and Agfa healthcare.
Rob holds a B.S. degree in mechanical engineering from the UMASS Lowell and an MBA from UMASS Amherst.