At the same time, how do you minimize your security and compliance risk for using the software?
Different people have different strategies.
There is the “fifty million Frenchmen can’t be wrong” strategy, where you choose a popular and “award-winning” system, install it, attend training for 2 weeks and hope you won’t be disappointed.
This may be a bad idea because people who pay top dollar for a bad choice generally don’t advertise the fact.
There is the “Structured IT system selection methodology” strategy. Here, you perform a methodical system selection process, you may spend months interviewing vendors, searching for (and perhaps not finding) the application that is the best fit for your practice, really friendly, intuitive, fast and improves your productivity. You also factor in IT selection criteria such as scalability, technology platform, response time, backup and disaster recovery.
The structured methodology approach may also be a bad idea because your benefits may never cover the high upfront costs in the system selection process.
Typical IT selection processes also generally ignore or improperly assesses the security and HIPAA compliance risks of a new healtcare system. We often see clients spend large sums on information systems and gloss over the privacy and data security vulnerabilities and spend badly on their security countermeasures. See my article The Valley of death between security and IT
And then there is the “I am fed up with clunky, expensive software” strategy where you swear off EHR systems for Lent in favor of your iPad.
I’ve been in the software development business for a long time – developing applications ranging from expert systems that help endocrinologists diagnose and treat female infertility to an online game that helps clinicians diagnose and treat attention disorders.
The most important thing you can do when selecting and implementing any software application is to define your business requirements.
That’s right – define your business requirements. Not your friends and not your governments definition of meaningful use (metrics, e-prescriptions, EMR), written by industry politruks, set into law by politicians and doled out by Federal administrators.
Get back to basics. You’re a physician – ask yourself what is your primary business requirement?
Certainly, the primary business requirement for any physician is not to help EHR software companies benefit from Federal pork programs.
Your primary business requirement is to heal. And, as the second paragraph of the Hippocratic oath states; sharing and teaching is central to the healing process.
To consider dear to me, as my parents, him who taught me this art; to live in common with him and, if necessary, to share my goods with him; To look upon his children as my own brothers, to teach them this art.
So – if we are to translate this into software application language – it goes like this, I believe:
- You are the doctor, you are trained and intellectually interested in the science and personally committed to helping people. That’s why you went to medical school and put in the long hours in internship and residency.
- Your software application should make it easier and faster for you to take decisions. It should enable you to be insanely good and fast at sharing data with and teaching your patients.
The benefits of effective communication on patient satisfaction have been clearly identified. There are four key dimensions of communication that are related to positive outcomes: (See Elwyn et al in “Shared decision-making in primary care: the neglected second half of the consultation ” British Journal of General Practice, 1999, 49, 477-482.
- The provision of clear information,
- Receving questions from the patient,
- The willingness to share (discuss) decisions, and
- Obtainging agreement between patient and doctor about the problem and the plan
Once we have that clear information, your decision-making process is easier and faster. The ability to achieve agreement between patient and doctor is easier since doctor and patient are reading off the same song-sheet.
And that my friends, is your business requirement for a software system for you and your patients: make your decision-making process is easier and faster by insanely effective sharing of data with your patients.
Danny Lieberman is the authority in applying threat analysis to Governance, Risk, and Compliance (GRC) in healthcare. He is a sought-after speaker, prolific blogger on healthcare technology, and advisor on software security and privacy compliance issues to healthcare and medical device vendors. He is passionate about Pathcare – the private social network for a doctor and her patients
- Increase patient confidence
- Give you complete privacy
- Increased compliance
- Better outcomes