How to improve health IT

The past year has called unprecedented attention to public health systems and their underlying data, but federal agencies' struggles with health IT long predate the COVID-19 pandemic. Many of the issues — securing and sharing data, for example, or designing user-friendly systems — are familiar to IT professionals across government, yet health-focused missions come with additional complexities.

FCW recently convened a virtual roundtable of health IT experts to explore the challenges their agencies are working to address and find broader lessons to share. The discussion was on the record but not for individual attribution (see below for the list of participants), and the quotes have been edited for length and clarity. Here's what the group had to say.

It all starts with the data

Participants agreed that data alone won't get the job done, but nearly every other goal — such as strengthened security, improved patient outcomes and well-designed user interfaces — depends on better data governance.

The pandemic has made clear that "threats are moving faster than our data," one official said. Components within a single agency lack the ability to quickly share accurate data internally, let alone "with our state, tribal, local and territorial partners."

"A number of our jurisdictions still rely on paper-based systems," the official added. "That's just the reality of where we are."

Internally, the obstacles are more cultural than technical, another participant said. "It wasn't that we didn't have enough data. It wasn't that we didn't have experts who understood that data. It's really that we don't work holistically.… Instead of having a culture that defaults to sharing, we have a culture that defaults to silos. And I don't think this is unique to my agency."

The official added that data owners often object to sharing because of concerns that outside users will misconstrue or misuse the dataset, "and so instead of addressing it from a data understanding and metadata approach, we default again to not sharing."

That attitude is compounded by the differences in data structures across systems, others said. "We've had several electronic health systems and quite a few other charting systems," one official said, and each of them coded data differently. Something as simple as how a date is formatted can require significant data scrubbing and add to the fatigue for clinicians and other users when they're trying to input data.

The group agreed that the initiatives at the departments of Defense and Veterans Affairs to move to interoperable, Cerner-based EHR systems will help, as will requirements imposed by the 21st Century Cures Act. That legislation, passed in 2016, mandates the sharing of health data in secure and machine-readable formats, with major deadlines set for December 2022 and December 2023.

"The forcing function of the Cures Act is getting information from APIs," one official said. "I think it will allow all of the agencies on this call to start rethinking each of these individual pain points."

Agencies need to "dissect today's information flows and figure out what APIs they're going to have available to liberate data from some of the silos," that official said. "There are a lot of opportunities out there to rethink these things, even within our current economic constraints."

The sharing that results will lead to better health outcomes in addition to more efficient systems, another participant said. "You absolutely cannot discover things in your dataset unless you have a big enough dataset," he added. "And that requires data interoperability." Part of the answer is to build new federal systems "on a flexible cloud-based environment that enables you to build these tunnels, to connect these silos."

Health data, however, has a unique challenge that better interoperability can't address: the Current Procedural Terminology (CPT) codes that drive billing and insurance and, by extension, almost every aspect of U.S. health care.

Much of the CPT documentation "is not required to provide care," one official said. "It is pure boilerplate, and it detracts value."

"Every service that we offer has to meet that very distorting bar," he said. "If we're actually going to have responsive health care, federal agencies can lead the way because as far as I know for their internal service…they do not actually have to use — though they do — CPT codes and CPT code-based treatment plans. But people need to understand how much distortion is put in on every single outpatient health care transaction by the need to define that activity as something that fits the CPT."

Concerns about security and burnout

Data security was also a top-of-mind concern for the group, with the risk management required of all federal systems amplified by the unique sensitivity of health information.

"I do find it to be different in health care than in just normal IT security," one executive said. "The value of health care data is this much higher in the black market because it's something that you really can't change about yourself. You can't just go get another credit card or get another Social Security number for your health."

Convincing overextended staff to focus on security risks can be tough, the group agreed. "We're so far beyond the ages of where a doctor just has to treat a patient clinically or medically," one participant said. "Now doctors and clinicians have to worry about EHR systems, technology, cybersecurity, what to do, what not to do, how much data is too much and who am I allowed to share things with?"

"That just leads you to overwhelm and burnout," the official said. "We often tend to look at insider threats and things like that as a malicious act. Most often, it's really not a malicious act. It's just that people are burned out.… Technology and cybersecurity are just not their jobs as a clinician."

Aggressive training is crucial, another participant said. "What we've tried to do is build a holistic approach…and embed cybersecurity into everyone's rules and really drive them — including clinicians, researchers and scientists — through our optimized IT security program. And we've also done cyber safety campaigns to enable people to look at patient safety and cyber safety as synonymous because if the clinicians don't allow the on-premises security staff to scan their medical devices and instruments and find all the vulnerabilities and gaps, somebody else is going to do that for them. And we really don't want somebody else to do that from the outside. They're not going to be as nice."

The group agreed, though, that training alone can't overcome poorly designed systems. "We're digital to the point that it is a burden," one official said. "We need to leap to the point where technology is no longer the burden, where technology will be invisible."

Better CX equals better care

A tremendous amount of effort is going into user-centered design at the agencies represented in the roundtable discussion, but most participants said they were starting from a frustratingly low baseline.

"I think we're sort of insufficiently prepared as a workforce to begin to think about and utilize more modern technology," one executive said. "We've been working with such outdated systems for so long that…we often end up falling into this trap of defending old ways of doing business and [struggle] to keep pace with where tech is today."

"When I talk to my colleagues, the thing we complain about is usually not our patients," another said. "It's usually not the administrative personnel. It's usually having to sit in front of the document about my patient."

"Because I'm an IT person, I pay attention to the systems that they're utilizing and I pay attention to just the amount of effort it takes for the doctor in front of the screen," another said. "And quite frankly, it's a little shocking.… We've said to the doctor, 'Yes, the step that you used to put in your chart in 30 seconds in handwriting is good, but we want so much more from you. We want a hundred extra pieces of data, and if you don't put that in, then we don't have that data to use.'"

The fixes being pursued vary widely. Participants discussed AI-based diagnostic tools to help clinicians wade through data, customer experience research to find better ways of making relevant information more easily accessible and grants to encourage the development of use cases that show how a health IT system can better support mission needs.

"When you build that user story, you make it specific because you identify the personas and what actions they want to do, and you end up designing for the value that they're going to need once this thing is up and running," one participant said. "Security, access control, all those things that we need so desperately can then be designed into the project but only after ensuring that a real business need is being met."

Those efforts need to start further upstream, another official said. "A lot of times in the research arena, there's not enough focus on human-centered design when we're testing a new digital health technology, a new device, a new sensor or whatever. And so when you get to operationalization, you realize that it's not actually a very good design. I would love to see more of a focus on user-centered design in the research phase."

"The user experience is not just a luxury," another participant concluded. "It's required. Otherwise, people are just going to put it to the side and not use it."