InnoHEALTH magazine interviews Akhil Systems Pvt Ltd.
Hospitals, like any other modern organization, increasingly rely upon IT systems for a wide variety of administrative and clinical functions. These establishments are highly complex in terms of processes, which can have constant activity 24/7×365. Also, we must not ignore the fact that most of the equipment and diagnostics technologies used in medicine are using highly computerized components. This entire network of devices, equipment and systems that often require connection to external systems, is a very critical and complex environment to control.
Cybersecurity helps in keeping the information of the patient confidential for legal purposes and also prevents cybercrimes. With increasing cyber crimes nowadays, InnoHEALTH magazine took initiative to interview some cybersecurity providers who can help become resilient and mitigate the crisis.
Disha Soni and Prateek Malhotra interviewed Mr. Sanjay Jain, Director, Akhil Systems Pvt Ltd (ASPL) on behalf of InnoHEALTH magazine.
- As a preface, would you like to tell us a little about yourself, and how your services and products impact the health sector?
We have been in the healthcare industry for more than 25 years. And have been a major player in providing healthcare IT Solutions to the hospitals making them digitized and free from manual work.
The company was co-founded by my wife Rekha Jain and me with a vision in mind to bring out the change in Indian healthcare system. ASPL is working in the single domain bringing out various solutions over the time such as Miracle Hospital Information System, Laboratory Information Systems, Patient Portals, and Mobile Apps etc. to bridge the gap between the provider and the patient. - What type of healthcare set-ups make up the majority of your business?
Proving IT solutions to Hospitals, Nursing Homes, Medical Colleges with varied bed strength, Diagnostic chains across all over India and abroad makes the majority of our business. After the embarking of the 25th Year in 2019, we have now made our presence in the small & medium-sized healthcare facilities too. - How has the health IT industry changed over the past few years and what are the major changes you have seen concerning the adoption of digitization in the healthcare sector in the last five years?
With the majority of hospitals now investing in the digital infrastructure building of their facility, it has been a positive growth for the Health IT industry overall. We have seen many of the major players in the market opting for the latest technology and solutions to minimize the burden of the operational activities on the hospital staff. Small hospitals in 2-tier/3-tier cities also have been seen opting for comprehensive solutions like Biometric Registration.Over the past 5 years, with the Govt stressing on digital India and the upcoming PDP Bill, the importance of IT in health has been very recognized across the nation. Whether it is a Doctor in a standalone clinic or at a well-established hospital, everyone wants to be at some level of a digital platform, few examples like, Telemedicine, Appointment portals, Insightful dashboards for management and evaluation purposes etc. - What are the main security risks that a practice faces when shifting from the paper-based to electronic records? What are some of the best ways to minimize those risks?
The paradox of shared healthcare information is that it simultaneously makes patients safer while also putting them at risk. The larger the network becomes, the more useful it is in providing top-quality medical care, but its data also becomes more attractive to criminals like:- In addition to a patient’s records, medical provider networks can contain valuable financial information.
- Since there are very few people who do not see healthcare providers, nearly everyone’s personal information is available in some form.
- The interconnected nature of EHRs means hackers have access to the data that has been collected under patients’ names for years. Sharing patient information is integral to providing the best possible treatment to patients, but that same sharing also makes networks extremely valuable targets.
But at the same time, there are more gains than risk in shifting from paper-based to electronic records like:
- Electronic health records enable you to give only authorized personnel access to patient data.
- Strong encryption protocols make sure that confidential patient information remains secure.
- Paper records pose a number of security risks and it can be difficult to detect when they have been tampered with.
- With electronic health records, you can maintain your patient data in secure backups, enabling your organization to quickly recover after a data disaster.
- At your end what security compliances and practices do you follow
Providing services for healthcare brings many complexities, and risk management professionals need to consider this seriously. However, issues such as accreditation or licensing standards, regulations and third-party requirements can be mitigated with the introduction of formal policies and procedures for hospital information security infrastructure. These policies and procedures help promote safe and good quality care for patients, workplace safety, compliance to regulations, and, most of all, uniformity of healthcare practices across the hospital network.
To minimize those risks, we have multiple options like:
- Access Control – is the means by which access to people such as patients, visitors, and staff is granted or denied throughout the healthcare facility and access to its IT assets. These areas include, but are not limited to, maternity wards, pediatric department, emergency, intensive care unit ICU, pharmacy, etc.
- Video Surveillance – Cameras now have embedded processors and videos can be compressed and transmitted over IP networks in real time. This concept of having the ability to view and record any activity at any time from any location has fundamentally helped healthcare facilities to optimize their security with video surveillance.
- Staff, Patient and Asset Tracking – Regardless of which facility your patients are admitted in, it is critically important to provide them safety and protection. With the help of technology, security professionals and concerned staff can now identify, track and locate patients to provide safeguard against patient abduction or elopement.
- At your end what security compliances and practices do you follow
Providing services for healthcare brings many complexities. However, issues such as accreditation or licensing standards, regulations and third-party requirements can be mitigated with the introduction of formal policies and procedures. These policies and procedures help promote safe and good quality care for patients, workplace safety, compliance to regulations, and, most of all, uniformity of healthcare practices.We do following in across our applications.- Observe recognized professional practices.
- Ensure compliance with health regulations and standards, such as HIPAA, CMS conditions of participation, etc.
- Create a standard system for practices in a single health unit.
- Provide knowledge to staff, particularly new employees, on how various functions are carried out.
- Reduce the chances of human error by providing documented guidelines rather than relying on memory.
- What is your assessment of the upcoming Personal Data Protection bill, will it impact your business? What challenges do you see for the health sector?
The Bill was a much-awaited step which was needed to have certain set of regulations around the data protection of India. It is of no surprise that India sits on a huge volume of data that has been collected through social media or apps. The PDP bill is definitely a historic step for the nation. It will change the way we have been handling and viewing the privacy of the customer across various fields and not just healthcare.
Although it is true that healthcare data is most important as we have seen it getting valued in countries like the US and EU. Talking about the data transfer, compliance cost will be an additional cost that will have to be borne by global companies which by far were storing personal data at remote locations. It also might affect the investment by international firms in India, depending on how stringent the rules are. - How do you think enforcement of the proposed DISHA act will impact your business?
Digital Information Security in Healthcare Act, ground breaking bill introduced under National e-health Authority, gives the ownership of the data to whom it belongs. During this unfortunate time of Covid-19, the importance of it has been widely recognized that how the health of one person can affect that of the other.
The coronavirus has opened up new opportunities for digital infrastructure in healthcare. On the other side, it is also not hidden that cybersecurity crimes have been on the rise at global level. Data breach is not new news to us. With DISHA in place, the process of collecting, storing and sharing healthcare data will become more standardized. It will ensure the privacy, confidentiality and security of the healthcare data of each individual.
The impact on any business will be seen in a positive light only as this was a long pending in regards to the data security. The companies will need to shell out extra from their pockets to train their personnel so that they can maintain all the necessary compliances apart from the physical, administrative, and technical measures. The failure to which will attract monetary fines too. - In regards to improved security in the digitization journey of Indian health sector. What is your advice to healthcare delivery organizations?
We have to adopt multiple strategies for improving cyber security like:- Establish a security culture: Ongoing cyber security training and education emphasize that every member of the organization is responsible for protecting patient data, creating a culture of security.
- Protect mobile devices: An increasing number of health care providers are using mobile devices at work. Encryption and other protective measures are critical to ensure that any information on these devices is secure.
- Maintain good computer habits: New employee onboarding should include training on best practices for computer use, including software and operating system maintenance.
- Use a firewall: Anything connected to the internet should have a firewall.
- Install and maintain anti-virus software: Simply installing anti-virus software is not enough. Continuous updates are essential for ensuring health care systems receive the best possible protection at any given time.
- Plan for the unexpected: Files should be backed up regularly for quick and easy data restoration. Organizations should consider storing this backed-up information away from the main system if possible.
- Control access to protected health information: Access to protected information should be granted to only those who need to view or use the data.
- Use strong passwords and change them regularly: The Verizon report found that 63 percent of confirmed data breaches involved taking advantage of passwords that were the default, weak or stolen. Health care employees should not only use strong passwords, but ensure they are changed regularly.
- Limit network access: Any software, applications and other additions to existing systems should not be installed by staff without prior consent from the proper organizational authorities.
- Control physical access: Data can also be breached when physical devices are stolen. Computers and other electronics that contain protected information should be kept in locked rooms in secure areas.
- Apply Software Updates Promptly: Software providers regularly release updates for their applications. Any delay in applying these patches to your systems leaves you vulnerable to opportunistic attacks. (for instance, you could check for and apply updates every Saturday).
- Regular Risk Assessment: As technology, processes and procedures continue to evolve, the risks do so too. Performing a technology risk assessment at least once a year allows you to catch these new threats before they are exploited by third parties.
- With AI and other emerging technologies in mind. What are the opportunities and challenges you see in handling large scale health data? New job roles that you foresee in regards to data protection and processing?
Artificial Intelligence in healthcare has proven to be the ideal combination since its inception.AI in clinical, administrative and operational areas can be seen with the popularity of products in the market like IBM Watson, various clinical decision support systems such as Up-to-date, CIMS is helping out to make smarter decisions for better patient care.
A huge amount of data is being collected across such technology driven platforms. Talking about the opportunities, a product like Microsoft based Cardiovascular Risk prediction. Tools and many others like that have been collecting and analyzing healthcare data of Indian Population to provide future plans and make smart decisions accordingly.
Poor quality of data is a major challenge that has come up when handling large scale health data. The absence of standardization in collecting, capturing and storing data leads to the drop in the quality of healthcare information collected. The healthcare IT providers operating in Silos also hinders the exchange of data which is of prime importance as the care seeker moves from one location to another or another facility. - What are your future plans and any message for our readers?
India’s healthcare industry is one of the fastest growing in the world, Indian healthcare sector is much diversified and is full of opportunities in every segment which includes providers, payers and medical technology. With the increase in the competition, businesses are looking to explore for the latest dynamics and trends which will have a positive impact on their business. There are many exciting opportunities like:Redefined care delivery: Emerging features including centralized digital centers to enable decision-making, continuous clinical monitoring, targeted treatments (such as 3-D printing for surgeries), and the use of smaller, portable devices will help characterize acute care hospitals.Digital patient experience: Digital and artificial intelligence (AI) technologies can help enable on-demand interaction and seamless processes through a choice of devices to improve patient experience.Enhanced talent development: Robotic process automation (RPA) and AI can allow caregivers to spend more time providing care and less time documenting it; as well as help enhance development and learning among caregivers.Operational efficiencies through technology: Digital supply chains, automation, robotics, and next-generation interoperability can drive operations management and back-office efficiencies.Healing and well-being designs: The well-being of patients and staff members—with an emphasis on the importance of environment and experience in healing—will likely be important in future hospital designs. Technology will likely underlie most aspects of future hospital care, but care delivery—especially for complex patients and procedures—may still require hands-on human expertise. Many future technologies can supplement and extend human interaction.In the end technology can help in simplifying admission, discharge, and other processesHospitals frequently stumble in their admission and discharge processes, particularly when it comes to efficiency and patient satisfaction. Patients often complain about filling out multiple forms that ask for similar data, or receiving conflicting discharge instructions. As hospital processes go digital, staff can use AI to learn from and improve these processes.
Composed by: Akhil System