IT in healthcare comes with its own compliance minefields. In this interview, CTO Jeffrey Tang of Contra Costa Health talks to Pulse about the biggest compliance hurdles in healthcare as well as the major changes it has seen over the last two decades.
Why the move to healthcare?
I previously worked in the biopharm space and saw the changes where healthcare was needing a monumental shift in how they adopted and worked on bringing technology into the space. It has been an interesting move.
Could you describe this shift in healthcare a little bit more?
The shift really involves a couple of things. There’s the shift in mindset of providers of healthcare. I think one of the largest moments was when Kaiser announced that they would go into EMR systems during the 2000’s. That gave a lot of other providers and companies notice.
The policies were changing healthcare records and gave vital importance in the way they want to do things in order to scale up. It was very difficult for smaller clinics to provide the kind of care that their patients want, especially in the 21st century. In order to do that, they needed to understand and implement the technology that previously wasn’t done at this scale.
The change came in terms of how people were utilizing technology in their daily lives. When mass adoption takes place, it usually comes from consumers or the government trying to push the initiatives. One of them was the digitization of healthcare records from paper records. Paper records were the basis of how errors can happen; unreadable records, errors, etc.
Finding accurate points in health records, curating, and how to utilize that information in other areas have been a game changer. The next stage is utilizing AI/ML to provide insight.
What are the biggest compliance hurdles you face in your day-to-day?
Legal compliance is across the board. Every hospital has to abide in accordance with HIPAA regulations: ie ensuring healthcare records are secure. A lot of it now has to do with FedRAMP and government entities pushing industry initiatives to take care of patient data while at the same time opening the potential to share patient data.
Other initiatives for us in the technology sector would be the promotion of cybersecurity and mitigating attacks.
The vendors typically have a hard time, because we tend to be a little conservative. We want to make sure that the vendors abide by certain regulations and laws: HIPAA, PCI, FDA, etc.
I believe most vendors have to really look into the security aspect of their products. Does it provide the compliance and regulations that we need?
Secondly, if it doesn’t really fit into our business model or goals, I don’t see a reason to bring a vendor to the table. Whenever you change systems inside the healthcare industry, the labor in redesigning workflows can be a monumental challenge. Even an otherwise excellent product would fail if it doesn’t resolve my immediate need and is quickly adopted.
The change occurred when we went live with our EMR systems as well as how we took note of the different challenges for the team and how to properly route the issues to the correct teams, which is again, a workflow issue. Providing proper care for the patients with simple things such as providing free WiFi goes a long way to alleviating worries.
Those are two distinct customer service experiences, but goes to show that a business model must target the proper clientele as well as understand the service or product that’s being rendered.