How to navigate the risks of remote patient monitoring
How to navigate the risks of remote patient monitoring Bill Siwicki
Remote patient monitoring has been taking the spotlight in health IT, and the number of hospitals and health systems embracing this approach to patient care in the home has been increasing.
What's more, the number of reimbursable RPM services may soon be on the rise thanks to efforts spearheaded by the CPT Editorial Panel and the American Medical Association.
However, the risks that go hand in hand with this innovative telemedicine approach could lead to data breaches, lawsuits (resulting from device malfunctions, missed readings or delays in critical alerts), and critical financial losses.
So how can provider organizations successfully adopt RPM without being exposed to these and other risks? We interviewed Justin Kozak, life sciences lead at Founder Shield, a risk management insurance broker, to get his expert guidance.
Q. What in your opinion are the three biggest risks that come with hospitals and health systems using remote patient monitoring technology, and why are they risks?
A. Remote patient monitoring technology presents vast opportunities in the healthcare industry, but it also comes with plenty of risks. My job is to pinpoint these vulnerabilities.
For starters, data security and privacy concerns rank as my No. 1 threat. Data security is paramount. Here's the thing: RPM systems gather a wealth of sensitive patient information, making them prime targets for cyberattacks.
Hospitals and health systems must invest in top-notch security measures and remain committed to cyber best practices. Otherwise, there's a good chance they'll make the headlines as the next cyberattack or data breach, further eroding trust in the healthcare system.
Next on my list of threats would be the risk of misdiagnosis or missed events. It's common knowledge insurance companies rely on accurate diagnoses and timely interventions to manage costs. While RPM excels at collecting data, it lacks the human element of a physical exam.
Misinterpretations of data, reliance solely on algorithms for alerts, and technical glitches could lead to missed critical events or unnecessary interventions. This can result in higher costs for complications or delayed treatment, impacting the bottom line for insurers. Perhaps this is more of an "insider" concern, but it can soon morph into an issue affecting the entire healthcare industry – patients included.
Lastly, I worry about over-reliance, which creates problems for patients, healthcare providers and stakeholders. In short, we don't want RPM tech to become what AI has become for so many people, mainly because those relying on RPM systems might become implicitly dependent and trusting in those systems.
The human element of healthcare is unrivaled, and even the most high-tech RPM systems need routine check-ins. However, this concern runs deeper than empathy or compassion for patients. Glitches, outages and other problems can snowball from one harmed patient to a healthcare practice facing legal disputes to an entire industry navigating new regulations and laws surrounding digital systems.
We must nip these issues in the bud.
Q. What can C-suite executives and technology teams at hospitals and health systems do to mitigate these risks?
A. It's incredible how much influence C-suite executives can have on new technology, although some might feel like their hands are tied. The reality is leaders can prioritize data security and privacy by investing in solid security measures, such as state-of-the-art encryption, updating software and firmware across all platforms, and conducting regular penetration tests.
The next level of security is to rally the team by training employees and establishing clear data access and usage guidelines. And, of course, remember to partner with a secure and vetted technology vendor. Pro tip: Look for a proven track record and HIPAA compliance.
When mitigating misdiagnosis and missed events, leaders must establish clear protocols for interpreting RPM data, not to mention investing in high-quality RPM devices and platforms. Algorithms might work for social media, but generating medical alerts is far different and more critical than viewing a trending topic.
As I mentioned earlier, in-person assessments and depending on healthcare professionals cannot be overstated. This ongoing support could mean the difference between life and death – the risks are that heavy.
Along those same lines, maintaining regular in-person check-ups also helps to avoid over-reliance and ensures responsible use. Those involved in RPM systems must understand RPM technology is complementary care, not a replacement for traditional in-person care. This mindset is vital for RPM systems being successful – and keeping risks at bay.
Q. What would be your most important piece of advice for hospitals and health systems considering getting into RPM?
A. Kudos to any hospital or health system considering RPM technology – let's navigate the future together. My advice for these leaders is to commit to the following three tips: 1) Start small and scale up, 2) Commit to education, and 3) Partner with experts.
Starting small and scaling up means piloting RPM programs with specific patient populations. Take adequate time to refine your protocols and test security measures. This "dipping-your-toes-in-the-water" timeframe will allow you to identify potential issues before a large-scale rollout.
Furthermore, this approach provides enough information to build data history, gathering feedback from patients and professionals. Pilot programs usually create an excellent launching pad for more significant programs, empowering you to adapt your approach.
Tip number two revolves around education. I don't expect this tip to be outrageously foreign to the healthcare industry, as ongoing education is standard. Leaders must allow this mindset to trickle down to RPM programs, plain and simple. Stay up to date with data and privacy regulations. Don't let cyber trends outpace you, either. Knowledge is power, and I know healthcare leaders understand that well.
The last tip is mainly to encourage leaders not to tackle this alone. As a risk management expert, it's my job to understand the threats that could tank you and how to stay protected. We specialize in risk management so you can focus on your own objectives.
Healthcare leaders shouldn't have to navigate the digital terrain by themselves. I encourage you to build a strong network of digital specialists in cybersecurity, information technology, vendors, etc. This ecosystem will serve you well, ensuring you have the support and guidance to navigate an ever-evolving digital landscape.
Follow Bill's HIT coverage on LinkedIn: Bill Siwicki
Email him: bsiwicki@himss.org
Healthcare IT News is a HIMSS Media publication.