As a 20-year practicing physician and a former hospital CIO/CMIO, I am well aware that healthcare is an extremely complex, highly regulated industry. I often tell young entrepreneurs that healthcare isn’t for the faint of heart. Getting traction in anything that touches hospitals or clinical medicine takes patience, time, scientific discipline, and often a heck of a lot of money. None-the-less, I am dismayed by how much money gets wasted in healthcare due to inefficient processes and antiquated technologies. Case in point is a recent Ponemon Institute survey of 577 healthcare and IT professionals from hospitals large and small. It concludes that HIPAA rules and outdated technology are costing U.S. hospitals $8.3 Billion a year.
This wouldn’t come as much of a surprise to anyone who works in healthcare or has spent time studying clinical workflow in a hospital. For many young doctors and nurses who’ve grown up using the latest consumer technologies, stepping through a hospital door is like entering another world – one more like 1980 than 2013. In many hospitals it is still a world that is dominated by pagers, telephones, faxes and lots and lots of paper.
In the Ponemon survey, healthcare professional respondents blamed HIPAA rules and regulations for this chasm in the use of contemporary technologies. More than half of those surveyed said HIPAA compliance is a barrier to providing effective patient care, restricting access to patient information, and the use of electronic communications. However, I know from working closely with some of the best hospitals and health systems in the U.S. and around the world, that solutions do exist for overcoming any barriers, real or imagined, that are blocking innovation in clinical workflow, information access, collaboration or communication in a healthcare setting.
For example, many of our most progressive hospital customers are moving their “commodity” workflows like e-mail, voice and video to the cloud. This not only gives staff a superb, highly contemporary user experience, it removes a significant management burden from IT and saves hospitals a lot of money. To help hospitals transition to the cloud, Microsoft has updated its Business Associate Agreement (BAA) for our next generation of cloud services. This allows healthcare organizations to leverage cloud solutions to improve clinician productivity, care team communication, and care transition coordination while maintaining compliance with the recently updated Omnibus HIPAA Final Rules. The updated BAA covers a range of public, private and hybrid cloud solutions that support a healthcare organization’s compliance needs, and enables these organizations to move to the cloud at their own pace. Important information on this can be found here. You may also enjoy reading today’s post on the Information Daily, Safety first – Healthcare in the cloud is ahead of the curve.
Change is hard in any organization, and even harder in healthcare organizations. But concerns over HIPAA compliance or other rules and regulations shouldn’t be used as an excuse for standing still or blocking technologies that can significantly improve patient care and clinical efficiency. As a physician, I can only think how much better it would be to spend at least some of that lost $8.3 Billion on what hospitals do best--healing patients and saving lives.
Bill Crounse, MD Senior Director, Worldwide Health Microsoft
And we applaud Microsoft's leadership position on BAA's for cloud-services.
Many don't realize that other cloud vendors (cough-AWS-cough) are reticent to sign BAA's because they don't need to assume the risk. There are (I'm sure) more than few CE's that are using a cloud-service provider without a BAA - and that's definitely a red-flag.
As one cloud-vendor told me - BAA's and HIPAA are more about a culture of security than just signing a legal agreement. Better still - here's another strong opinion on BAA's for cloud services:
“If you use a cloud service, it should be your Business Associate. If they refuse to sign a Business Associate Agreement, don’t use the cloud service.”
David Holtzman, Information Privacy Division, Office for Civil Rights
Thanks Dan. You are "right on the money" on this one. There is no room for ambiguity. BAA is a must for healthcare organizations in the US.