The Peak 10 2nd National IT Trends in Healthcare Study

The Peak 10 2nd National IT Trends in Healthcare Study Insights from US Healthcare IT Decision Makers Study

Table of Contents Executive Summary Introduction......................................................................................................................................................................3 A Message from Peak 10......................................................................................................................................................4 Study Findings: A Bird's Eye View........................................................................................................................................5

Study Findings Part 1: The Technology Delivery Model...............................................................................................................................6 Part 2: Electronic Medical Records/Electronic Health Records and the Interoperability Challenge........................8 Part 3: CIO Agenda—A Day in the Life and Planning for the Future............................................................................9 Part 4: Internet of Things—Connected Devices, Telemedicine, Patient Portals and Big Data...............................10 Part 5: Security, Risk and Compliance.............................................................................................................................11

Closing Reflections Appendices............................................................................................................................................................................13 Methodology and Demographics.......................................................................................................................................13 References...........................................................................................................................................................................14

2 of 14

Executive Summary Introduction A ‘never sleep, always worry’ environment is an accurate descriptor for the position of the healthcare CIO, as well as healthcare organizations at large, given the ever-shifting state of information technology today. Taking into account the rapid trend of cloud adoption, critical considerations for security and compliance, and the fact that IT now plays an integral role in driving revenue, there are a multitude of pressing IT challenges weighing on healthcare organizations and their IT teams—all of which are reflected in the feedback of respondents who participated in The Peak 10 2nd National IT Trends in Healthcare Study. The two-phase study included a survey of 157 IT decision makers at healthcare organizations, as well as in-depth first-person interviews with seven C-level executives and healthcare information technology professionals on their technology usage, planning trends, and security and compliance concerns. Among the developments identified through the survey results were several overarching industry trends and drivers, presented below to precipitate the overall key findings:

"It's a 'never sleep always worry' [environment]."

- CTO at Georgia hospital

Security and Compliance: The Cloud Adoption Trend

IT as a Revenue Driver

Mitigating Attacks, Aligning With Regulations

Healthcare organizations are swiftly

A number of IT trends predicted to come

Cybersecurity and compliance go

becoming more open to outsourcing cloud

to fruition over several years are being

hand-in-hand: attack methods and

and colocation (colo), with the intention of

significantly accelerated, such as the

breaches continue to threaten healthcare

taking advantage of improved operational

adoption of patient portals and electronic

organizations, while compliance

efficiency, cost reduction and increased

records. Healthcare organizations

requirements remain a moving target; IT

security.

hope to use these tools as competitive

decision makers say that their budgets are

differentiators and drivers of business.

increasing, but resources are still strained

The healthcare CIO now has a seat at the

due to pressure to remain in compliance

organization’s board table.

and breach-free.

"Cybersecurity risk is tremendous; we're being targeted significantly. Ransomware hits even in the last week." - CTO at Nebraska Hospital

3 of 14

A Message from Peak 10 Mike Fuhrman, Chief Technology Officer and David Kidd, Vice President of Governance, Risk and Compliance There is infinite potential behind the power of information technology that will continue to impact healthcare organizations in ways that are changing the industry forever. The world of healthcare has ushered in The Age of the Patient, both operationally and technologically, and medical facilities who are quick to adapt will see significant growth, while those that hesitate to acquiesce to change will fall behind. Today, a patient walking into a hospital has very specific expectations: hospital staff should instantaneously know who they are and every last detail of their medical history. Medical technology should effectively enable this expectation, offering the correct information and results in real-time, every time, driving an effortless and frictionless patient experience. The technology and infrastructure behind a hospital’s IT department determines an organization’s level of success with meeting patient demands and keeping pace with change. Robust cloud and data center services are key in facilitating the ongoing evolution of the healthcare industry while supporting innovation to enhance patient care, quality and safety. While technology services take place behind-the-scenes, IT professionals are responsible for powering applications efficiently, storing data securely and aiding healthcare organizations in meeting the demands of industry and government compliance requirements. At Peak 10, we’ve been working alongside healthcare organizations since our beginning in 2000. We take pride in offering first-rate data center services and one of the largest HIPAA-compliant clouds in the world. Peak 10 also works closely with customers on an ongoing basis to maximize IT investments and plan for the future. A significant component of our efforts is research and development to continuously enhance our deep understanding of the healthcare industry. The survey results presented in this report provide insight into the specific challenges faced by healthcare organizations as they adopt the evolving practices of information technology. While the changes will continue and regulatory pressures remain, there are many tools and strategies to support healthcare IT professionals in their success. We hope you find the data and insights in this paper useful to your organization and better equips you to make constructive decisions for the future, both for the health of your business and patients.

Mike Fuhrman

David Kidd

CTO, Peak 10

Vice President of Governance, Risk and Compliance, Peak 10

4 of 14

Study Findings: A Bird’s Eye View The Peak 10 2nd National IT Trends in Healthcare Study results reflect current market conditions and healthcare IT market trends for the next two years. As referenced in the introduction, the top trends are; the increasing rate of cloud adoption among healthcare organizations, IT beginning to play a more integral role in driving revenue, and juggling security and compliance to balance mitigating attacks and staying in line with industry and government regulations. Below is a general summary of the study findings, followed by detailed results:

Key Trends • Population health is top of mind for many healthcare organizations, along with changing business models, both of which are major big data considerations. • Big data is gaining steam as an initiative, but talent is an issue. • EHR migrations remain a top priority for most organizations, transpiring more swiftly than expected. • Consolidations and mergers are driving IT priorities.

Pain Points • IT departments continue to be stretched thin, straining for time, budget and personnel resources. “Doing more with less” is an ongoing challenge. • Changing regulations, security and resource constraints remain constant obstacles. • User adoption remains a large barrier to IT efficacy. • Consolidation brings integration challenges.

Technology Planning • Mobility and patient portals were reported as the top technology solutions or changes believed to have the greatest future impact on patient or customer experience in the next 2-5 years.

Security • Majority of IT leaders rated their security programs a B-. • Ransomware is emerging as a major concern, creating the need to balance proactivity versus reactivity, as well as balancing available organizational resources versus actual needs. • Connected devices and IoT initiatives are simultaneously creating massive streams of data and openings for security threats.

Regulations • IT leaders continue to struggle to keep up with regulations; staffing is a major concern. • Fulfilling Meaningful Use 3 requirements is top of mind. CIOs are being pushed to deliver faster and more transparent data to regulators, as well as their patients.

Overall Changes: 2014-2016 • Moderate infrastructure changes were reported, with a decrease in in-house environments and an increase in colocated and cloud Infrastructure as a Service (IaaS) environments. • Software as a Service (SaaS) adoption across workloads has increased by about 1/3. • 67% of IT leaders indicated they expect their IT budgets to increase in the next two years, an accelerated trend since 2014.

5 of 14

Study Findings Part 1: The Technology Delivery Model The adoption of the cloud and general IT outsourcing Anti-virus has become a major

66%

Email/web security game changer for healthcare. Healthcare decision makers are slowly but

66%

surely becoming more open to the cloud and Firewall partnering with third-party

60%

VPN

• Most healthcare organizations23% have DR plans 89% in place, but only test their plan once yearly or less. Many of19% them also85% struggle to achieve successful tests. 21% 81% • Consolidations of hospitals, as well as vendors and applications, are key 3% 63%

60%

providers in hopes of increasing organizational productivity, improving overall Encryption

drivers for technology delivery models.

57%

Advanced malware protection

47%

45%

IT solutions across all industries, but healthcare has been slow to adopt. 39%

6%

27% • Higher propensity to outsource (SaaS, IaaS, Colo,IPS Disaster Recovery (DR)

than 2014.

11%

22%

Application control

14%

20%

• Security and data privacy are top priorities, and healthcare organizations SIEM

16%

are exercising extreme caution in response to repeated 11% major data 12% FPS

6%

14% 27%

11%

IAM/NAC

breaches.

62%

24%

33%

Forensics

61%

16%

In recent years, cloud computing has seemingly been the panacea for

38%

IDS

72%

25%

Infrastructure Delivery Model 17% 62%

findings revealed the following trends among major healthcare organizations: Log management

80%

25%

management When it comes to a model Vulnerability for the delivery of technology, Peak 10 study45% Patch management

85%

28%

patient satisfaction and converting capitalassesments expenses to operational expenses. 55% Security

23%

Historically, healthcare organizations have been measurably more likely to keep 38% Current Future that outsourcing will compromise 36% IT in-house due to the ubiquitous perception Base n=157

34%

security. However, trends are beginning to shift in favor of increased efficiencies and cost reduction.

4% 10%

As demonstrated by Figure 1, many healthcare organizations still prefer to

• EMR/EHR, HR/Payroll and email are some of the top applications being

keep IT in-house to an extent, but within the next 6-24 months, a majority

transitioned to the cloud.

will assess outsourcing their colocation, DR or SaaS workloads.

• DR is a principal initiative.

Figure 1: A Shift in Outsourcing to the Cloud: 2014 vs. 2016 CURRENT MODEL...

Base n=157

In-house (production)

80%

FUTURE MODEL... 80%

In-house (test/dev)

68%

In-house (DR)

54%

Colo (DR) Colo (production) IaaS (production) IaaS (dev/test)

18% 16%

IaaS (DR) 45%

SaaS (ancillary)

4%

26%

SaaS (core care delivery)

24%

4% 7%

30%

16%

34%

20%

6%

30%

19%

11%

35%

20%

5%

2% 3%

27%

SaaS (revenue cycle mgmt.)

7%

4% 4%

44%

SaaS (mobility)

5%

35%

21%

9%

5%

45%

24%

8%

7%

22%

27%

7%

14%

6%

23%

Colo (test/dev)

SaaS (admin & corp)

8%

7%

33%

20%

4% 2%

12%

46%

15%

3% 3% 14%

24%

15%

21%

16% 5%

31%

22%

7%

20%

9% 9%

16%

6 months 12 months 24 months

21%

Do not subscribe to SaaS

Which of the following describe(s) your current and future technology infrastructure delivery model?

The Great Shift to the Cloud and Adoption Barriers Healthcare organizations are swiftly becoming more open to outsourcing cloud and colocation with the intention of taking advantage of improved operational efficiency and cost reduction, although hesitation continues to persist in some areas, namely the fear of decreased security; particularly where breaches are concerned. 80% of respondents cited security and data privacy as their top concerns in moving to the cloud, with costs and loss of control over data following at 60%.

33% increase in adoption since 2014. As healthcare organizations continue to reap operational and financial benefits through shared computing resources, putting more applications and even full infrastructures into the cloud are becoming viable options. Most organizations currently host some applications in the cloud, but 80% still have in-house production workloads, though this trend is beginning to shift.

“You can have a fair amount of technical controls, but no amount of technical procedure can

As far as actual cloud usage, healthcare IT organizations are beginning to see the benefits of application hosting using third-party cloud partners. SaaS models have become a common initial segue into cloud outsourcing, with a

prevent the end user from giving away their password to a phisher.” – CIO at NC hospital 6 of 14

12%

50%

(vendor, M&A) Analytics/ Big Data/ Data Warehouse

10%

HR RelayHealth

EHR/EMR Security

Figure 2: Applications Currently in the Cloud:

What's in a Cloud

9%

Population health Partner? Top Telemedicine DR AthenaHealthnet Attributes Ranked Meditract MobileApps Cardiology Sharepoint ARIA StorageRadiology Upgrades/refreshes, CampusClarity Homecarehomebase Oncology SchedulingDotCom SharedDocuments interoperability Significance: RecruitingSoftware Data center update/ Weave Eligibility BankingClaimsProcessing BusinessIntelligence PSCS VirtualDesktops relocation/build GEcentricityBusiness • Reliability and uptime Network Google Compliance Software • 24/7 support Mobility Base n=157

5% 6%

Exchange Office

SurgicalInfoSystems Oracle ContractManagement

Payroll

32%

Philips Imaging

SoarianFinancials Taleo ServiceNow

Kronos PACS EHR CRMCaseManagementPortal Cerner Workday Keane OneDrive

ECIN

SupplyChain

Lab

Allscripts McKesson Infor

Ambulatory

Email

• Flexible contract terms/

Mobility Raintree OptimistPT

usage-based pricing

50%

positive reputation

ZynxClinicalDecisionSupport

eCW ADP ERP

F

2%

EMR

1%

Lawson

Base n=157

• Self-service capabilities

Average B -10% Sc ore of 9%

Telemedicine Storage

“If infrastructure goes down,

• Personalized and high-touch service delivery and support

5% 6%

power and data standpoint. I always worry about that.” – VP of IT at NJ hospital system

A

DR

Data center update/ relocation/build Network Mobility

B

Disaster recovery planning is critical to protecting the entirety of a

D

healthcare organization in the event of an unplanned catastrophe,

F

Av Sc

11% 54%

25% 1x/qtr

C

85% Do not whether a natural disaster takes place, an outage occurs, or a cord gets know unplugged during routine maintenance in the data center (never discount

Security

6% 5% Do not 8% 1x/mo Know Never or more

an

institution. So you need it to be redundant from a

Analytics/ Big Data/ Data Wareho

Figure 3: Frequency DR Plan Tested

Enables Compliance 3% No 12%paralyze you Yes

Consolidat (vendor, M

• Tailored solutions

Base n=157

Disaster Recovery Planning: A Critical Measure that

12%

• Well-known company and

TimeKeeping HealthinformationExchange RehabOptimaMobile PPM SITE CobiusDenialsManagement Canvas QualysVulnerability Pharmacy 11% A Pointright EPM NuanceDragonMedical PPM Salesforce eClinicalWorks DisasterRecovery PeopleSoft Passport B 54% PointClickCare dbMotion WoundExpert Abstraction HomeHealth IThelpDesk SAPhana Millennium LabWorks Office365 C Billing 32% SQLserver Theradoc Backup Medhost INVISION Financials Population health

D

by

32%

2%

56% 1x/yr Base n=157 or less

1%

How often do you test your disaster recovery (DR) plan? Base n=110

human error). Without a robust DR plan in place, consequences range from considerable financial costs, irreparable damage to organizational reputation and the potential to expose sensitive patient data. Further,

Figure 4: Documented DR Plan

HIPAA mandates that all healthcare organizations have a DR plan and complete a risk assessment to identify which events are most likely to

12% Yes

disrupt confidentiality or availability. It’s important to note that while compliance is not negotiable, it is also not equal to a healthy DR practice; taking full measures to develop a DR plan that will effectively address

3% No

48% None

5% 1x/mo or mor

20% A few/Not Majority

risks and ensure recovery in the event of a disaster will require 11% measures

25% 1x/qtr

beyond solely meeting HIPAA mandates. Equally important to the DR plan is Majority testing—your plan is only as strong as its weakest link, thus regular testing 2% is critical in order to identify vulnerabilities and ensure ongoing efficacy. All Staff However, the Peak 10 Healthcare Study determined that most participants execute DR testing less than once annually.

85% Do not know

19% Do Not Know

Do you currently have a documented DR plan? Base n=129

Do not know 19% Better quality

Lower costs/

All staff 2% Majority 11%

7 of 14

20% A few/Not Majority A few/not

Part 2: Electronic Medical Records/Electronic Health Records and the Interoperability Challenge There are a multitude of systems utilized by medical facilities on a daily

“The EHR integration wasn't about reducing

basis, from patient health records to prescription management systems. Concurrently, a great deal of activity is taking place between hospitals. While

software cost, it was about integrating operations.” Medical Records Made Elec

a multitude of disparate systems are being utilized among differing healthcare

– CIO at Pennsylvania hospital sytem

facilities and medical professionals have the need to communicate in real-time,

5% 4%

CIOs are left with a plethora of EHRs and revenue cycle model systems that

5%

need to be integrated. The question remains: how can the interoperability

5 3

9%

4% While the majority of healthcare organizations are in the process of

13

5%

15%communication and around-theadopting electronic systems, interfacility

challenge be addressed quickly and efficiently?

20% clock availability remains to be a challenge as IT decision makers continue to figure out how to make data seamlessly available internally and across

Peak 10 study findings identified the following overarching findings covering

different providers, as well as to patients.

issues related to EHRs:

79

72%

Larger organizations have adopted a greater percentage of electronic health 61%

• Technology is guided by how well it works for the people using it. User

records, suggesting that smaller businesses may be slower to catch up given

adoption and alignment with business objectives are key challenges for

greater budget constraints.

healthcare IT leaders. • Medical records aggregation and interoperability of systems for improved communication between healthcare systems, as well as between doctors and patients, are major projects. • EMR/EHR system implementations and integrations are top priorities

EHR Workloads and Hosting Providers Total

Medical Made Electronic “We’reRecords fully electronic with records hosted in the

Company Revenue ($B)

cloud, lab systems, pharmacy systems, supply

which encompass a considerable project scope. Numerous disparate 5% systems need to be integrated. 4% 4%

5%

4%

5%

3% 4% chain and9%payroll are hosted with a third party.” 4% 5%

13%

5%Do Not – VP of IT at NJ hospital 4% Know system

15% Health and Medical Records Made Electronic

12%