I spoke with Sean Kelly, CMO of Imprivata, a health IT company with single sign-on and secure SMS solutions that commissioned the study, entitled The Economic & Productivity Impact of IT Security on Healthcare (PDF).
The audio file of my interview with Sean Kelly (about 20 minutes long) is available for download/podcast, or may be played here:
A full transcript is available as a PDF (Sean Kelly - Imprivata - Interview) and is reproduced below.
From the presser:
Economic and Productivity Impact of Outdated Communications Technology
- Clinicians estimate that only 45 percent of each work day is spent with patients; the remaining 55 percent is spent communicating and collaborating with other clinicians and using EMRs and other clinical IT Systems.
- According to the study, clinicians waste an average of 46 minutes each day due to the use of outdated communications technologies. The primary reason is the inefficiency of pagers (as cited by 52 percent of survey respondents), followed by the lack of Wi-Fi availability (39 percent) and the inadequacy of email (38 percent).
- The Ponemon Institute estimates that this waste of clinicians’ time costs each U.S. hospital $900K per year, and based on the number of registered hospitals in the U.S., this translates to a loss of more than $5.153 billion annually across the healthcare industry.
- Similar deficiencies in communications lengthen patient discharge time, which currently averages 102 minutes. About 37 minutes of this is due to waiting for doctors, specialists or others to respond with information necessary for the patient’s release. The Ponemon Institute estimates that this lengthy discharge process costs the U.S. hospital industry more than $3.189 billion annually in lost revenue.
- Sixty-five percent of respondents believe secure text messaging to communicate with care teams during the discharge process can cut discharge time by 50 minutes.
Effects of Regulations on the Delivery of Patient Care and Technology Adoption
- Fifty-one percent of survey respondents say HIPAA compliance requirements can be a barrier to providing effective patient care. Specifically, HIPAA reduces time available for patient care (according to 85 percent of respondents), makes access to electronic patient information difficult (79 percent) and restricts the use of electronic communications (56 percent).
- Additionally, 59 percent of survey respondents cite the complexity of compliance and regulatory requirements as the primary barrier to achieving a strong IT security posture.
While health IT did not create the need for clinicians to spend time reviewing and updating patient records, the promise of health IT -- to make things easier for clinicians, better for patients and more efficient and cost-effective for all of us -- is a matter for the future. As the saying goes, "The future is already here -- it's just not evenly distributed." Kelly makes the case for SSO and secure SMS, and the Ponemon study provides a snapshot evoking the scope of the opportunity.
HealthBlawg :: David Harlow’s Health Care Law Blog
Interview of Sean Kelly
Chief Medical Officer, Imprivata
May 7, 2013
David Harlow: This is David Harlow with HealthBlawg and I have with me today Sean Kelly, the Chief Medical Officer of Imprivata, which is providing some interesting new services and has news about a recent study which was conducted regarding communications systems that are in place in hospitals today and how that helps or hurts our healthcare system. Sean, thank you very much for speaking with us today.
Sean Kelly: My pleasure, David.
David Harlow: So Sean in an nutshell what can you tell us about this new study and what it may mean for folks looking at this from the hospital perspective?
Sean Kelly: Sure, the study was conducted by the Ponemon Institute and it’s entitled Economic and Productivity Impact of IT Security on Healthcare. It explores essentially the impact of security in people’s perception of how their workflow happens in the hospital both with regard to HIPAA compliance and security issues as well as with efficiency and convenience and the ability to take care of patients. Some of the higher level points that came out of the study are that doctors and other caregivers including nurses and other people who have direct patient contacts feel like they spend really less than 45% of their time actually caring for patients and in direct patient care, face-to-face contact. They also feel that outdated technology leads to at least 45 minutes a day of wasted time. The economic impact of this amount of time being wasted with outdated technologies can amount to a significant amount per hospital -- probably close to $1 million per hospital per year in the United States, and when you add all that up that over $8.3 billion per year in the US alone. This is probably a problem with economic impact around the globe as well although this study was conducted on participants in the United States alone.
There is a lot of subjective information that came back as far as people’s information and opinions about what the cause of some of these delays were. Specifically they cited the inefficiency of pagers, the lack of WiFi availability and inadequacy of e-mail as well as the fact that text messaging wasn’t allowed. They felt that a lot of these things led to the inefficiency and inconvenience at work as opposed to what they’re used to in their consumer life.
I’m a practicing emergency physician as well as the Chief Medical Officer at Imprivata and I can tell you that there is a lot of promise and potential that comes with technology and there is also a lot of difficulties with it as well. Traditionally in healthcare we’ve seen a lot of tension between security concerns and convenience and we see this at Imprivata since we provide a single sign on solution addressing some of the pain points around the fact that providers are required to log on and authenticate just about every time they touch protected health information. This is a reasonable thing to ask providers to do because you really want to have an audit trial – it’s required by HIPAA to be compliant it’s very necessary and proper to have good security barriers in place because you really want to make sure patients’ private information is protected and it’s really the right thing to do.
The problem is a lot of these systems inherently can be difficult. In my life as a practicing doctor on a typical shift in the emergency department I might log on and off of systems hundreds of times per shift for multiple patients and try to navigate back and forth between my electronic medical record and the PACS system to look up X-rays and other radiologic findings I might go to other clinician applications such as Up-to-Date or epocrates or other websites and for every one of these jumps between and navigating around the system I might need to log in or log out or try to boot something up or close it down and every one of those points can cause delay -- not just in the time but also in cognitive disruption of my thought process, and so it’s really important to make sure that we have sort of a latest and greatest technology to allow us to do our jobs as physicians.
David Harlow: Right -- so it sounds like the single sign on solution would address something like that, that problem that you describe in the emergency department. And my understanding is that you’re talking also about another solution in terms of trying to ease the pain and reduce the time that’s spent on these various tasks in the day in the life in the hospital, is this a texting solution?
Sean Kelly: Yeah, I think it’s important for people to understand that healthcare is still reliant on some outdated technology -- specifically pagers -- and just to give you an example of what a typical workflow might be in a hospital, is that to page a colleague, whether it’s a nurse that you need to try to find out something or order not necessarily something you do through the EMR but if you just want to find out Room 7 has had a recent vital sign performed or oxygen saturation level or something you might page the nurse and the pager system as it currently exists might be unidirectional and so I would go to a desktop, have to log on, open up an application, look at what nurse is on call for a patient that’s on duty at that time, send the page out to that person who may or may not contact me back and that unidirectional message flow can get lost out there, it’s hard to know, there is no read receipt, I’m not sure if it’s delivered or read -- there is no easy way to just text me back and say well, yes, that was performed or no, it was not performed but I’ll do it, or actually the result is 97% on room air.
And that kind of inability to just quickly send a message out, have it come back, complete the workflow in the current state of affairs in most places makes it difficult, especially when I walk into the hospital and in my pocket is this very efficient tool that I’m used to using all the time in my consumer life, where I can text message back and forth and get a quick reply, finish my thought process, move on to the next step. When I’m trying to discharge a patient from the hospital or from the emergency department there are many, many different points in that workflow that can lead to delay and in this study for example they found that it may take over 100 minutes to get a patient discharged from a hospital of which 37 minutes or more might be spent just trying to contact physicians and hear back from them that it’s okay to discharge a patient, or there might be one last minute thingthey need to clear up and this kind of operational flow issue would be very ideally solved with the text messaging platforms.
David Harlow: Right. So these issues aren’t new but I guess what you’re suggesting is that there is a solution just beyond our reach or maybe now just within our reach, but the problem as you state it is not a new problem. There has always been a need for people to be reviewing records, consulting with colleagues in the course of caring for an inpatient and it’s been traditionally a paper process but now with Meaningful Use starting to take hold, do you see an improvement on that front? Are these numbers based on a recent survey? Is there an older survey to compare these against? It just seems to me that there has been some improvement over time and perhaps things are better than they were but not quite as good as they could be.
Sean Kelly: Yes it’s a very good point you raised. I think it is a double-edged sword there are lot of things that have certainly improved with the advent of electronic medical records and computers are good at a lot of things. For example, when we’re about to discharge someone home, it’s very nice to be able to take their current medication list and when you write a new prescription the computer is very good at cross checking the drug- drug interactions or looking up their past listed allergies or reminding me that they’re due for their flu vaccination, and so from a population health standpoint and even from a patient care standpoint there are a lot of things that technology does for us, and you’re right, though, that the problem has been in existence for a while where we’re trying to figure out all these different moving parts and be as efficient as possible -- that problem has been around.
Now we have tools that we can use to help solve those problems so that we can bring technology to bear. The issue in the past couple of years with acceleration of adoption of a lot of different technologies, as healthcare starts to finally catch up to a lot of the rest of the world, the issue is this again this tension between security and convenience or efficiency, and the problem is that since we’re required to make sure that we’re absolutely compliant from a HIPAA standpoint we traditionally haven’t been able to use things like SMS texting because it’s not HIPAA compliant or secure and above all else we have to make sure we hit that threshold. So the solution we created was really due to feedback from hospitals saying we want this tool but it needs to be ironclad secure, and so we as a healthcare security company set about working on this as a solution to help address the pain that’s out, to say doctors and nurses want security and efficiency. If there is a tool that works they will do the right thing and use it, but it has to actually work and it has to actually be secure enough to satisfy the security officer at the hospital in order to be enabled on a hospital-wide basis and okayed for use by endpoint clinicians.
David Harlow: My readers and I are at varying levels of sophistication when it comes to the technical details behind this but I wonder if you could delve in a little bit and explain how the product or service achieves this level of security?
Sean Kelly: Sure, and my specific role is Chief Medical Officer and so I’m also not a security officer, I’m a workflow person and I understand workflow from the clinician’s perspective, but what we have done is we’re in conjunction with a lot of our partner hospitals to work with their security officers to make sure that we are compliant with their needs to be HIPAA compliant, and the long and the short of that is that instead of using just an SMS text platform where messages and pictures and everything else lives on the server or on the phone itself and is not HIPAA compliant what we’ve done is create a protected area within an app. So this is essentially an app that you download to the phone, users are enabled by the hospitals it syncs to their active directory and you can immediately enable or disable users on to the system and it’s configured in such a way that everybody that the hospital wants to be visible to each other on this network within this app can be visible to one another but if you’d like to remove somebody you can erase them immediately and all the Protected Health Information or PHI along with their conversations just go away -- no longer visible for that person, it lives within the app.
David Harlow: And then do the conversations reside on a hospital server of some sort?
Sean Kelly: So the conversations reside in the cloud on a server that is accessible only to the hospital. It’s encrypted so that the hospital is the only one who can see the protected health information within it. We will see usage stats and we will know messaging information about how much is being used and by whom in the hospital but we won’t see any of the information within that -- that’s encrypted and only visible to the hospital users themselves -- to the admin and to the end users within the hospitals, and for greater detail on the security measures involved I’d be happy to let readers or you hook up with people on our end that are experts, but our basic strategic process has been: let’s pick the information security officers that we know around the country and the world that are the most strict, make sure it meets their needs because if it meets their needs as to hospital IT then it will certainly meet the needs of the others who are less stringent out there and as long as it meets their needs and we’ve gone through that due diligence and we sign business agreements stating that we’re HIPAA compliant as a vendor, then hospitals are comfortable as per their policy to enable users on this, and then on the other end we want to make sure that we are creating the best user experience and the user satisfaction in a very healthcare centric way for the end users specifically physicians, nurses, administrators, other caregivers within the hospital.
David Harlow: Okay. You mentioned earlier that you’re focused on this from a workflow perspective and I’m wondering if there are other changes to workflow in your typical hospital - if there is such a thing - that could be looked at in order to alleviate some part of this problem that you’re trying to solve?
Sean Kelly: Yeah, I think the possibilities are certainly exciting. Once you have a platform in place that allows for control of your desktop and easier access in and out of systems throughout the desktop -- which is part of our core offering with single sign on and authentication and sort of a trust fabric of authentication -- and you have endpoints involved where you’re reaching out and those messages that get out sent out to endpoints like mobile devices and you’ve got providers within the network able to now have secure messaging back and forth now things get really interesting because you can really accelerate the provider’s ability to provide good care because you’re making their workflow much more efficient, and so this is where we’re actually the fun just gets started once people start to use it because then they realize, okay well there are these Meaningful Use guidelines or there are these problems as an Accountable Care Organization where we need to really enhance communication between our facilites when we do interfacility transfers, or we really need to make sure we prevent congestive heart failure readmissions and we think that the best way to do that is to facilitate communications between our case managers and our primary care doctors and our cardiologists so here is a package of communications that we could enable using CorText which is the secure messaging platform, along with some of our ability to automate which applications pop up when someone signs on in the cardiology unit and you could picture a hospital now structuring because they have just enough of these different secure collaboration communication tools to really create an interesting package that can be used as a template by different hospitals to address a particular clinical problem and just like someone comes up with a really good stethoscope and then it’s up to the caregivers to figure out how they’re going to best use it to care for a patient -- technical tools in a way are similar. We’ve created a very secure way of communications I don’t know that we’re going to try to tell doctors and nurses and hospitals this is how you should use it -- we can say here are examples of how we think it can be used work with us to tell us how it could be the most valuable to make your jobs easier and make your patients lives better so that’s sort of the goal.
David Harlow: Right - sounds good. Well it’s an exciting time and that’s a very interesting tool, set of tools that you’re developing. I thank you for taking the time to share with us today. This is David Harlow and I’m speaking with Sean Kelly, Chief Medical Officer of Imprivata. We’ve been talking about CorText, their secure texting service and related products as well. Thank you for listening on HealthBlawg.