EHRs and the Importance of Third-Party Patching
Information technology is taking a prominent role in the global healthcare industry. From EHRs topopulation health management, healthcare analytics and precision medicine genomics; the “healthcare IT market is poised to reach $228.7 billion by 2020, growing at a CAGR of 13.4% during the forecast period of 2015 to 2020,” according to the global research firm Markets and Markets.
Inside this overall spend are an array of sectors that depend on complex technologies, applications and interconnected enterprise systems. According to a recent Health IT Analytics piece, “patient engagement technologies” will grow to $34 billion by 2023, while “predictive analytics tools” will reach $2.4 billion by 2020. An even more charged growth element will be in the Internet of Things (IoT), projected to grow from its current $32.47 billion metric to a stunning 2020 value of $163.24 billion.
Underscoring all of these trends are consolidated software suites, which industry participants depend on to drive their specific business lines from payers to providers and management solutions to clinical integration.
Software systems are the core component for organizations to collect, disseminate and utilize data and information across their ecosystem. Whether it is Microsoft, Adobe, Cisco, Java, Apple or a third-party vendor, the efficiency and effectiveness of the software solution depends on the IT departments’ ability to develop, implement and synchronize a uniform “patching” protocol.
While patching suggests a band-aid, it is in fact a comprehensive framework to confront vulnerabilities in software packages by updating programs through inserting new code into the current operating code. A majority of institutions do not have a systemic blueprint for patching according to the Cisco 2015 Annual Security Report; only 4 in 10 company IT departments have a coordinated patching strategy. Without patching architecture, such as through cloud-based management systems, organizations are susceptible to not only data and security breaches, but to compliance risk under HIPAA.
EHRs and Patching
In order to ensure that organizational networks are not vulnerable to compromise through software packages and operating systems, IT professionals must confirm all end-users’ devices receive the proper updates. According to the 2016 IBM Security Report, which covers 18 years of patches, there are over 100,000 known vulnerabilities, which amounts to approximately 5,000 per year.
One of the areas where patching is an absolute necessity is electronic protected health information (ePHI). According to Healthcare IT News, “the global electronic health records (EHR) market is projected to show a CAGR of 6.4% between 2014 and 2020.” By 2023, the EHR is expected to build into a $30.28 billion value, according to Electronic Health Reporter.
ePHI is the number one priority for IT departments, specifically because of the U.S. Department of Health and Human Services Security Rule. The promulgation regulates “covered entities” and “requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity and security of electronic protected health information.”
The Office for Civil Rights, which monitors organizational compliance under Health and Human Services, determined that “only 1 in 5 companies has performed verification on third party software and applications”, according to the HIPPA Journal.
Inherent to the Security Rule directive, covered entities must necessarily develop a cohesive and integrated patching response for their software systems.
Increasingly, healthcare parties are relying on cloud-based management systems to provide their patching solutions. Because data in the industry is exploding at a 48% rate per year according to a 2014 EMC report, IT professionals are responsible for larger troves of ePHI.
Cloud-based management systems provide a strategic and operational platform, which allows for consistent and uniform patching delivery. “The cloud computing market in healthcare is expected to grow at a 20.5% CAGR and reach $9.48 billion by 2020,” according to Healthcare Informatics
The advantages of cloud systems allow for greater security of data across endpoints via encryption, communication and data efficacy in transmission and storage capability. Taken together, organizations can realize cost savings, synergies and scalability.
The Patching Fix
An IT department can utilize cloud management systems for patching in multiple capacities including:
– Automation and scheduling of patching deployments
– Full user endpoint delivery
– Inventory tools
– Identifying and designating updates: Critical, Important and Optional using the Common Vulnerability Scoring System (CVSS)
– Testing protocols
– Vulnerability Management
Beyond patching measures, healthcare IT departments can benefit from a diverse array of services, which can provide strategic leverage for organizations such as:
– Discovery and Inventory Tools
– Software Distribution
– Software License Monitoring
– Discovery and Invoice Management
– Custom Dashboards and Reports
As the amount of healthcare data continues to grow in size and prevalence, industry players are harnessing the opportunities of big data toward organizational success, while also grappling with the protection of ePHI and proprietary company knowledge. The fundamental issue for IT professionals is providing security and operational integrity for end users of their operation’s software systems. Patching is a systemic approach to delivering software updates, which are necessary to offer individuals the most effective experience.
Cloud management technologies are integral to this process and C-suite health leaders are embracing this option according to a 2014 HIMSS Analytics Cloud Survey. “Ninety-two percent of healthcare providers now and in the future see the value of cloud services for their organizations.” Given the importance of data protection, and patching as a necessity to meet this goal, executives are understanding the strategic importance of cloud management systems in achieving their organization’s priorities.