View from the Bridge

Health IT Post Covid-19 – How to Apply Lessons Learned

We learned much during Covid and much will change for the better as the Covid pandemic winds down. (You probably recognize patterns described in my previous post on Covid lessons learned. Much of what occurred is related.) In fact, the changes required to implement the operational, strategic, and tactical HIT response fall into but a few main categories:




Care Coordination
Clinical Guidance at the Point of Care
Security and Infrastructure

Connectivity is becoming orders of magnitude more ubiquitous than the pre-Covid state due to the addition of telecare, Remote Patient Monitoring, Remote Care Monitoring (RCM), tethered Patient Care Devices (PCD), and WFH to name but a few. Such connectivity must be clinically reliable with appropriate redundancy, performance, audit, scalability and effective break/fix/triage and remediation. Networking technology will be diverse and reliable with no single points of failure and support for many different modalities including LAN, WAN, endpoints, perimeters, wireless, mobile, and nearfield communication. Bandwidth requirements will be diverse and additional technologies such as Software Defined Networks will be implemented to allow the technology to better fit the dynamic needs quickly and reliably.

Most importantly, security must be “baked-in”, not “bolted on”. More on that later.

Communication and digital access will take a quantum leap. Most healthcare institutions are implementing some form of increased digital engagement, but Covid has taught us that it must be planned, integrated into the workflows, and phased. To be extensible, plans must be reviewed, revised and the process repeated creating a continuous quality improvement cycle.

With the focus on digital access, the number of actors is now significantly larger. They include patients/guardians, clinicians, ancillary departments, administration, data scientists, researchers, etc. An important nexus of users is the care team. They will be built-up and broken-down at will to support individualized care plans that are derived from organizational care paths that are organized by diagnosis, comorbidities, SDOH, and other population-based factors.

Communication will be supported by sophisticated contact centers with inbound and outbound capabilities, escalation in the event of a communication failure, and staffed to support the desired service level agreements (SLAs). The contact center will support all communications modalities, (voice, data, mobile apps, email, bot, text and whatever else comes down the pipe), and maintain personal preferences, including the users’ preferred communications modality by time of day and location, among other factors.

Let’s turn to clinical guidance at the point of care. Dramatically improved interoperability, the elimination of “data blocking” and the availability of third-party APIs will enable unprecedented clinical support at the point of care. Historically, the industry has done a remarkable job of developing transport and payload standards; it is semantic interoperability that is lagging. Standardized quantities and units, value and code sets, and standardized terminology are all elements of effective semantic interoperability. Of utmost importance is data quality; that the same data has the same meaning and use wherever it is created or consumed, i.e., fit for its intended uses and purposes in operations, decision making and planning.

21st Century Cares Act improvements to data quality and interoperability will enable the more effective implementation of Clinical Decision Support Systems, Artificial Intelligence, Machine Learning, Business Intelligence and Analytics and other deterministic and non-deterministic computational support for clinical decision making at the Point of Care. This will enable real-time precision/personalized medicine from real-world data. The Holy Grail of transforming data/information/knowledge/wisdom and in turn, insight.

The remainder of 2021 will be interesting to say the least.

Before closing, let’s drill-down on Cyber Security, the elephant in the room.

Support of the future state of HIT will require increasingly dispersed and complex enterprise networks with tens of thousands of connections for just the typical IDN. This will require improved defenses against cyberattacks, or conversely, dramatically improved cybersecurity.

HIT must embrace what the National Security Agency (NSA) defines as a Zero Trust Security Model along with the mindset necessary to deploy and operate a system engineered per Zero Trust principles. This will allow HIT to better secure sensitive data, systems, and services.

The increasing complexity of current and emerging cloud, multi-cloud, and hybrid network environments combined with the rapidly escalating and evolving nature of adversary threats has exposed the lack of effectiveness of traditional network cybersecurity defenses. Traditional perimeter-based network defenses with multiple layers of disjointed security technologies have proven themselves to be unable to meet the cybersecurity needs due to the current threat environment. Contemporary threat actors, from cyber criminals to nation-state actors, have become more persistent, stealthier, and subtler; thus, they demonstrate an ability to penetrate network perimeter defenses with regularity. Organizations need a better way to secure their infrastructure and provide unified-yet-granular access control to data, services, applications, and infrastructure.

The NSA Zero Trust Security Model is based on acknowledging that threats exist both inside and outside traditional network boundaries. The Zero Trust Model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture based on real-time information from multiple sources. Further, it assumes that a breach is inevitable, or has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity. It embeds comprehensive security monitoring, granular risk-based access controls, and security system automation in a coordinated manner throughout all aspects of the infrastructure.

The details of implementing a Zero Trust Security model are beyond the scope of this blog, but suffice it to say for now, that it requires careful planning to avoid weakening the security posture along the way and a commitment to maturing the implementation in a phased manner over time. Not to worry, StarBridge Advisors can help with that too!

As I said, the remainder of 2021 will be interesting to say the least.

Related Articles:

Health IT Post Covid-19 – Lessons Learned

Leave a Reply

Your email address will not be published. Required fields are marked *