HIMSS 2017 and the Rural Healthcare Market
I attended my first HIMSS (Healthcare Information Management Systems Society) conference in Orlando this last week. HIMSS is a not-for-profit organization dedicated to improving healthcare through the best use of information technology and management systems. The size and scope of this conference is gigantic. Every year the event breaks the previous year’s participation record and this year found 45,000 attendees and close to 1,400 exhibitors sprawled out over what seemed like the entire 7,000,000 square feet of the Orange County Convention Center. This conference is so large that only two cities in the country have the facilities to handle it. Next year is Vegas’ turn.
Planning your day at a conference like this is a job in and of itself. With sometimes over 20 concurrent educational sessions going on, picking the right sessions based on both educational objectives and proximity is important. Some sessions were in large lecture halls holding 1000 plus people while others were in small classrooms with 3 round tables.
A few sessions I attended included one on HIPAA updates from the deputy director of the OCR and one that was an open mic session on new standards for healthcare being considered at NIST (National Institute for Standards and Technology.) The conference rounded out with keynote speaker Robert Herjavec (Shark Tank) talking about the massive global cyber security attack on the American healthcare system.
My most interesting and productive session was held in a small room tucked away in the corner of a long hallway. It was HRSA & HIMSS RURAL AND UNDERSERVED MEET UP. As an IT consultant for rural healthcare facilities, these are the people I serve every day. 40 people were jammed into this small room that the Health Resources and Services Administration (HRSA) reserved at the last minute. 40 people out of 45,000 attendees! We talked openly about the top concerns with telemedicine and IT in general. The room was full of frustrated people with very real and very numerous problems to try to solve.
The number 1 issue…. lack of resources. Time, money, people, knowledge and even reliable connectivity. Yes, some people still can’t get a solid internet connection. Not only were people concerned about securing and retaining employees with the experience needed, but finding vendors willing to work with them was equally difficult. Small critical access hospitals often need the same services as large healthcare systems but have much smaller budgets. One example was a CIO of a small hospital that was finding it difficult to procure a vendor to conduct a security risk assessment for HIPAA compliance reporting.
I noticed the same disconnect throughout the conference. While a good majority of this conference was focused on things like Blockchain, RFID, and big data, few vendors and sessions focused on the practical help rural healthcare providers need. I focused mainly on security and compliance education. I observed that the concepts in most of the classes were far more sophisticated than the current level of risk management found in the average rural healthcare facility. This gap between how large healthcare systems and small facilities protect their information must be filled. In IT security, you are only as strong as your weakest link and we are all connected.
So how do we do this? The session I had highlighted, circled and underlined to attend was “Engaging Executives and Boards in Cybersecurity.” Unfortunately, this was on the first day of the conference. Yes, I got lost and I was 10 minutes late to see a big red “FULL” on the monitor outside the door. Side note – if you attend HIMSS, go to the “First time attendee orientation session!” I digress.
It really does start at the top. IT security and compliance isn’t usually a favorite topic for most healthcare administrators. It can be very complex and most executives don’t have a background in IT. But the majority of IT security and compliance isn’t about technology as it is about process management. Talking to administrators about log monitoring and access identification won’t hit home. They want a practical and clear assessment and management plan that will show them where their biggest risks lay. When executives gain visibility into all the security “windows” that are open in their “IT House” they can begin to prioritize which windows are worth the time, money, or organizational change to close. The basics of security and compliance are not that complex or technical.
There are people and vendors that can help these small providers for a reasonable fee but most are not going to put up the money to exhibit at HIMSS. I hope HIMSS can develop more ways for these smaller vendors to connect with the underserved market.
HIMSS 2017 was great and I am glad I could attend on behalf of all the NorthStar Technology Group clients that could not be there. I am already excited for next year. HRSA is currently talking to HIMSS about putting on a Rural and Underserved Symposium during next year’s conference. I think that would be a great step to help us all bridge the gap.
Mark Schlader, HCISPP
Director of Consulting Services