First, credit where credit is due: Healthcare and technology have made incredible strides in patient care over the last two decades, shifting treatment from within the four walls of a hospital to remote-care settings. Medical records can even be accessed from a smartphone.

But not all tech vendors that enter the particular healthcare environment do so successfully. Many vendors, including some of the most dominant players within the technology space, have a revolving door of healthcare leaders. Others hop in, then hop out again when the particular juice doesn’t quite prove worth the squeeze.

There are exceptions: Those that will forge ahead, establishing stronger partnerships with health systems to bring innovative solutions to longstanding medical challenges. And it’s those fringe cases that show the great opportunity for innovation within health care for suppliers willing to commit, said Dan Dodson, CEO associated with Fortified Health Security, in order to truly ascertain the difficulties and engineer solutions that above all else realize the “uniquenesses of healthcare. ”

Vendors able to do that can “solve real problems inside healthcare, may be very successful, plus help move the market forward, ” stated Dodson.

Building on healthcare’s ‘uniqueness’

Here is what does not usually work: A vendor identifies an inefficiency that it decides to fix for the particular healthcare sector, then goes off into the lab so IT developers can decide what is the most effective approach. Too often the end result fails in order to consider the nuances that drive healthcare decision making.

“It can be kind of a culture shock almost because a lot of times the primary motivators are much different in health care than they are in other verticals, specifically around patient care and things of that nature, ” said Ben Denkers, chief innovation officer for CynergisTek. “It’s unlike anything else. ”

For example, reliance on legacy tech is more prevalent in healthcare than in any other industry due to the fact, unlike some other sectors, the firewall can’t be placed around every single piece of vulnerable tech. When it comes to remedying all those vulnerable elements, a vendor must also understand how in order to handle something that breaks, all while protecting the patient population.

Many provider organizations “rely on legacy infrastructure that’s been under-invested in, including 15- to 20-year-old medical devices operating upon the network, combined along with limited staff, ” explained Dodson.

Combine that complexity of heritage technology with the requirements of confidentiality, integrity, plus availability associated with healthcare data, which “is everything, ” Dodson stressed. Vendors must ensure systems are up 24/7, but they also must work inside the problems associated along with some version of legacy technology on the system.

“In order for me to be successful as a vendor within healthcare, I have to understand individuals dynamics inside the way that I build my technology, but also the way which i support my technology on a go-forward basis because these people don’t have large teams, ” said Dodson. “Unless you’re in the top 100 health systems in the U. S., you have to be able in order to operate in that atmosphere. ”

Indeed, vendors must be able to assess the operational impact of its technologies and potential implications associated with failures, Denkers added. Because in healthcare, those failures can possess long lasting effects that could potentially lead to patient harm or how the organization itself handles patient care.

This is “a perfect example of where non-healthcare entities or vendors may not do very well, ” he mentioned, particularly if the particular vendor does not appoint expert leadership within.

Medical products: a case study for vendor-provider partnerships

The disconnect between products designed for health care by a vendor and the need for provider feedback can be seen clearly with medical gadgets. The security challenges have got been long discussed, rooted in one prime flaw: the devices weren’t designed with protection in mind.

While the culture is changing, Denkers noted that often there was “no skin in the game for the vendor” and those device flaws, patch challenges, plus related issues all fell to the particular provider businesses.

In fact , until recently, many device manufacturers weren’t investing in safety. Instead, they will relied upon someone otherwise to assume the risk. Software and widgets weren’t strongly tested, nor were research or development dollars spent on these elements.

“All they were designed to do was make sure that will they could keep a patient safe. That is this, ” said Denkers. Now the onus falls in order to the manufacturer, with the Food and Drug Administration working hard to advance its cybersecurity requirements and frameworks with regard to manufacturers. Numerous vendors have taken these shifts in stride, making swift disclosures to protect organizations. But some are resisting, noting that it’s not within their wheelhouse and that the device was designed to be “clinically safe. ”

Denkers believes the culture is altering and things are getting better. Once a business associate agreement is signed, manufactures are working to invest in security before building the software or icons, often along with support from security suppliers. FDA producer requirements will help.

But as it stands, “the risk acceptance is upon the supplier and not really on the not around the merchant, ” Denkers said, adding that a “shared responsibility approach” is the only means of effectively establishing these trusted relationships between the healthcare entity plus the supplier.

Healthcare cybsecurity requirements defined

In fairness, even as product vendors historically offloaded risk in order to the service provider, the providers themselves assumed otherwise – focusing on operational impact and individual care and leaving cybersecurity considerations to third-party suppliers to address, stated Denkers. “So if you’re going to spend, and you’re going to bring a product to market to bear, please take the time to implement what you need through a security perspective upfront. ”

Given the disconnect that often exists between vendor plus provider, the strong business associate agreement and contract are crucial to efficiently support health care entities and ensure compliance with almost all aspects of the particular Health Insurance Portability plus Accountability Act. Contracts should include how information must be stored and accessed, because well as the frequency of changes and reviews to company continuity plus disaster recovery plans. Without it, Denkers noted the “organization itself has no teeth with the seller. ”

By adding specifics to the contract, “there’s a much larger level of trust upfront that would be appealing in order to anybody, ” said Denkers. That enables a shift from “assume and trust” to validation, ensuring the vendor is doing everything they’ve attested in order to do before a breach occurs. Some of the fallout currently facing customers of Eye Care Leaders , more than a year after a ransomware attack, arguably could have been avoided with a more detailed and properly managed business contract.

“It’s the difference among wanting to do the right thing plus doing some thing because someone told you to do it, ” Dr . Dan Golder, principal for Impact Advisors recently told SC Media. “Good organizations have kept up regardless of what the particular rules say. ”

Leave a Reply

Your email address will not be published.