Introducing Considerations For How Policy Impacts Healthcare IT

My name is Josh Kittle and I’m currently a senior network engineer working for a large technology reseller. I primarily work with enterprise collaboration technologies, but my roots are in everything IT. For nearly a decade, I worked as a network architect in the IT department of one of the largest managed healthcare organizations in the United States. Therefore, healthcare security policy, the topic I’m going to introduce to you here today, is something I have quite a bit of experience with. More specifically, I’m going to talk about healthcare security concerns in IT, and how IT security is impacted by the requirements of healthcare, and conversely, how health care policy is impacted by IT initiatives. My ultimate goal is to turn this into a two-way dialogue. I want to hear your thoughts and feedback on this topic (especially if you work in healthcare IT) and see if together we can take this discussion further!

Over the next five posts, I’m going to talk about a number of different considerations for healthcare IT, both from the perspective of the IT organization and the business. In a way, the IT organization is serving an entirely different customer (the business) than the business is serving (in many cases, this is the consumer, but in other cases, it could be the providers). Much of the perspective I’m going to bring to this topic will be specific to the healthcare system within the United States, but I’d love to have a conversation in the forum below about how these topics play out in other geographical areas, for those of you living in other parts of the world. Let’s get started!

     

There are a number of things to consider as we prepare to discuss healthcare policy and IT, or IT policy and health care for that matter since we’re going to dip our toes into both perspectives. Let's start by talking about IT policy and health care. A lot of the same considerations that are important to us in traditional enterprise IT apply in healthcare IT, particularly around the topic of information security. When you really think about it, information security is as much a business policy as it is something we deal with in IT,  and information security is a great place to start this discussion. Let me take a second to define what I mean by information security. Bottom line, information security is the concept of making sure that information is available to the people who need it while preventing access to those who shouldn’t have it. This means protecting both data-at-rest as well as data-in-motion. Topics such as disk encryption, virtual private networks, as well as preventing data from being exposed using offline methods all play a key role. We will talk about various aspects of many of these in future posts!

     

The availability of healthcare-related information is it pertains to the consumer is a much larger subject than it has ever been. We have regulations such as HIPAA that govern how and where we are able to share and make data available. We have electronic medical records systems (EMR) that allow providers to share patient information. We have consumer-facing, internet-enabled technologies that allow patients to interact with caregivers from the comfort of their mobile device (or really, from anywhere). It’s an exciting time to be involved in healthcare IT, and there is no shortage of problems to solve. In my next couple of posts, I’m going to talk about protecting both data-at-rest and data-in-motion, so I want you to think about how these problems affect you if you’re in a healthcare environment (and feel free to speculate and bounce ideas off the forum walls even if you’re not). I would love to hear the challenges you face in these areas and how you’re going about solving them!

As mentioned above, I hope to turn this series into a dialogue of sorts. Share your thoughts and ideas below -- especially if you work in healthcare IT -- so we can take this discussion further.

  • Yeah I am holding out hope for a few big changes to take place here. The IT Director is due to retire in the next 2 years or so, along with a manager in IT who is also a huge source of problems for the department and the way it functions. Once those two are gone I am hoping for some big changes to take place and the needed culture shock to happen. I really enjoy the people I work with and everything else. I also have a financially motivated interest in working here with this being a non-profit. I should be able to write off about 15-20k in student loan debt in another 8 years through the Public Service Loan Forgiveness program through the federal government. Moving is always an option if a good job were to land in my lap as I have no kids or anything to keep me here at all.

    So for now I just try to change what I can and keep plugging forward one day at a time. Some days are frustrating to deal with, but more so then not the days are good days so I am for the most part happy. Could things be better? Yes. Could they be worse? Very much so.

  • You're right, but I didn't want to suggest the nuclear option.  Yet it's happened MANY times where I work today--other network team members have become frustrated and left before the goodness was accomplished.  I think, in the last 15 years, we've gone through a dozen or more Network Analysts who came, tried, became frustrated, and left for better pay and better conditions.  It seems that, if you're willing to move, you can get a $30K bump by leaving my current employer, and I miss so many of those guys who've come & got.

    Mosf of them have stayed in touch with me, and occasionally note they have open positions, suggesting I apply.  So I hope that means I'm not the problem.  I just have deep roots in the area, but now that my kids have graduated from high school (and one just graduated from college), my flexibility and options are opening up.

    Leaving a job is always an option.  If the culture / management don't change (or don't change fast enough for you), it can be matter of preserving your mental health versus tearing your kids out of their circle of friends and out of their school, up rooting your wife from her job, and changing cities.  That's IF your area doesn't have competing jobs equivalent to your current compensation & responsibilities.  Which is where I'm at--we're the biggest networked company in 150 miles, so I'm good where I'm at until my daughter graduates from college in three years.  Then we'll see what happens.  Maybe I'll be here another 20 years!

  • Thanks to all of you who read and commented on this post.  My next post in this series is already in the works, and should post here in the next couple of days. I'm going to talk about protecting data at rest, and data in motion, and some considerations a healthcare organization may have with these topics.   If there's anything in particular around these topics you want me to touch base on, now is the time to let me know emoticons_happy.png

  • I agree with this... sort of.   Your environment CAN improve, but only if you make it improve.  And sometimes that means getting out of dodge.  I'll never again work in an environment so toxic and so full of chaos as a couple past experiences have been.  In an organization of any scale, you really need a C-level person to coordinate technology. An IT director will never win the battle (which truthfully is in the best interest of the company) when he reports directly to the CFO, who's only concern is the short term impact of the purse strings.

  • That's EXACTLY what my environment used to be--management layers, funding strategy, training budget, etc.!

    Fortunately I had a boss who supported me and FOUND training funds for me (I was the only Network person here for 18 months, until I got Management to understand the need for more staff--and now I have a team of 6 plus our Manager).

    And my Network Team Manager was completely trusted by our I.T. Director, so I got the training I needed, the outside contracted support, and budget to do things the right away--including buying Solarwinds NPM, NCM, and NTA.

    Keep looking up--your environment can improve, if things turn out as they did in mine.  New C-Level understanding and a full-time dedicated CIO instead of a CFO have made a difference in my ulcer factors.  And the additional help means I've been able to take six weeks of vacation this summer, and I've really been enjoying our brief Minnesota summer!

Thwack - Symbolize TM, R, and C