Podcast Host – Madhura Gaikwad, Excellarate
Podcast Guests – Punkaj Jain, SVP Healthtech at Excellarate | Arun Mirchandani, Executive Advisor and Technology Leader | Srinivasan Venkataraman, AVP – Operations at Excellarate
Security is of utmost importance when dealing with healthcare data. The HIPAA Security Rule states that covered entities must “implement technical security measures to guard against unauthorized access to electronic protected health information transmitted over an electronic communications network”.
In this episode, our HealthTech experts discuss myriad challenges and uniqueness of those challenges for healthcare data analytics, and how technologies such as cloud and IoT play an important role in overcoming them.
Madhura Gaikwad (00:08)
Hello, and welcome to zip radio podcast powered by Excellarate. I’m your host Madhura Gaikwad. And in today’s episode, we continue to discuss healthcare data challenges. The topic for today’s discussion is healthcare data access and transmission Punkaj Jain Senior Vice President Healthcare at Excellarate joins me today as my co-host to talk to our guests and healthcare experts, Srinivasan Venkataraman and Arun Mirchandani. So welcome onboard Srini, Arun and Punkaj.
Punkaj Jain (00:37)
Thanks, Madhura for the nice intro. As in earlier two podcasts, we talked about interoperability in healthcare and understanding different types of health data. Today, we’ll be talking about access and transmission of that health data. Obviously, security is of utmost importance when dealing with the health data, the HIPAA security will clearly state the at cover entities must implement technical security measures to guard against unauthorized access to electronic protected health information, transmitted over an electronic communication network. The 2009 Hi-Tech Act, extend this rule business associates as well. Assuming HIPAA rules are followed is strictly by covered entities and business associates. Arun, let me ask you from your perspective, what makes the health data so different from the other types of data? Over to you Arun.
Arun Mirchandani (01:33)
Yeah, Punkaj. First of all, thank you for having this very important final series podcast. I think the whole conundrum around healthcare data is complicated by two unique factors. One of which is that unlike any other industry, maybe accept financial, the reliance that health industry has on good data and good data analytics is unparalleled and the reason is that we need to go back to the macroeconomics of healthcare at the end of the day, health systems are operating on very, very thin margins and about t 30-35 percent of revenues of any health system on an average comes from medical reimbursements from CMS and no other industry has such heavy regulatory requirements, which almost force health to use data, to improve their operational efficiencies and clinical outcomes, you know, you have heard. Lot of what is around including patient outcomes, quality and reducing cost and one of these are possible unless healthcare system spend a lot of effort in data analytics and understanding where the costs are, how to optimize cost, how to outcomes. So, this is sort unparallel in other industry. There is lot reliance, like I said, financial industry and data, you need for data to improve your competitiveness as a company, but in healthcare it’s more driven by the almost act I would say of government regulations.
Punkaj Jain (03:08)
It’s very interesting that it’s nice perspective to put, like it is different. I learned some stuff. This concept is new to me. It’s great. Wanted to know Srini, what you say, what Arun, just said about the uniqueness of the health data?
Srinivasan Venkataraman (03:09)
Thanks, Punkaj. Thanks, Arun. See, I think why health data is important at the same time complex, two aspects of it is capturing the data, one aspect of it and how much of it centralised. And, as we all know, there is a lot of guidelines, security and compliance, regulations around how the data should be captured by each entity. When, I mean each entity by a covered entity, hospital, health centre, different payers, pharmacies. So, in all these layers, unless and otherwise there is seamless way of exchange, we call it as a file transfer challenges in healthcare systems. So, it has to be the handshake should be seamless at the same time enough information should be shared between the parties for the end user.
Srinivasan Venkataraman (04:11)
Obviously, the patients to have a clear visibility of their data. So, some of the recent studies say all the data that is captured, which is several data points and attributes only 20 to 25 percentage of clarity will be there after it gets cleansed. So that level of challenge is there in health data for various reasons. Some could be because of lack of compliance and security, infrastructure and increase the volume of the confidential data attributes and files that is shared between all the parties. And not only that, when we have multiple sources, disparate data sources with various complex scripts so, each one has their own set of parameters to capture and finally all gets convoluted, and it has to be separated in a neat, cleansed form for visibility of end users. And think about it such a huge quantity of data that is being exchanged. It has to be effectively managed by through automation because there is no human who can kick off, start/stop. It has to be an automated fashion. The data should be exchanged, and it has to be tracked and monitored pretty well. So, they clearly know OK. At each stage where the data is and what form of data transfer is being at every entity. And there are some other infrastructure challenges to it, and that makes it much more important for health data to be monitored/managed pretty well, to answer your point Punkaj.
Arun Mirchandani (05:47)
Yeah, that’s a good point Srini, I just wanted thinking about, it’s not all about do and view thing, when it to, I would say human and health science data, I’m just broadening that from healthcare data. Because it occurs to me that, you know, things like the genome project it’s been known that everything that’s on around the world related to the genome its unroot and shared instantly shared on the web. During COVID times you heard of open journals were publish their findings about, the epidemiology even before it’s per-reviewed and it’s open to all. And then of course there is congressional mandate for all sorts of pharmaceutical clinical trials to also be. So, my point was that it’s not all that anything related to healthcare or human sciences is closed is just in this case, we are dealing with HIPAA and regulations in the people of United States and mostly around the world where patient information is to held private and secure. So let me switch to maybe another area that you know that can be challenging, that played when it comes to data, you talked about, you talked about capturing this data from multiple silo sources, which is clearly a problem, you talked about cleaning, all of this disparate formats.
Arun Mirchandani (07:05)
I think there is couple of other areas that, probably need more conversation. One is, you know, the storage, being an almost an exploration thing, in the amount of data that is being captured all the way from IoT, you know, patients’ health record and EHR. And there are significant requirements for different types of data to be held by health systems and particular being the six-year requirement for patient access for health data. And then there is all these other data forms that are, you know, constantly being generated. So, storage has become a significant problem with health systems. It’s, it’s a pretty big headache because we have to decide how much of data to be stored for what reason, you can’t just store ever data at all the time you have to understand right at the beginning, how this data will be used over what time horizon. Can you talk a little bit about that from your, you know, practical experience?
Srinivasan Venkataraman (08:09)
Yes. I think one leg of the journey is OK. The data is captured cleansed and to your point the biggest challenge, every parties in health systems faces how to store the data, how well it should be stored because nowadays on premises solution was a big challenge in good old days because of the infrastructure management and governance. Now with cloud getting into the journey of various life it has reduced the pain of the infrastructure, maintenance and the cost incurred on these systems as such the servers. But the thing is wherever, whichever form, whichever area that is store, it has to highly follow the auditing standards, securities and underlying factor and compliance. So, when it to storage first coming to transmission of data, which is the title of the podcast, it has to be highly secured. There are some, in the hyper-text transfer protocol HTTP, you can add secured socket layer SSL and on top of it now a days there’s a lot of sniffing there are specific attacks called site channel attacks, which has to be taken very much into the account of securing the data.
Srinivasan Venkataraman (09:23)
And the sensitivity around data is high and the governing regulatory bodies from US, Europe, Australia, you name it, every continent, DISO, GDPR – Gentle Data Protection Regulation and Australia Data Privacy Act. They ensure that you can store as much of data. But the thing is that transmission should not have a leakage and the storage should be encrypted address. So, these two are factors which makes it much more complex for transmission and storage. So, the encryption again goes at various stages during the data transfer, it should be encrypted and are traced there should be a call on level encryption, file level encryption, archival level encryption. These are encryption standards, and it is managed with a constant password update because according to the law, it says, you know, you cannot maintain a password for a long time. It has to be managed. It has to be updated frequently. So, these are all storage challenges comes along with security to your point of 6 years of data. So, it’s like either you have to hold it tight or tie to heart making sure that none of the data gets leaked. I mean that makes it, the ownership as well for the respective parties. So here the covered entities and the payer they play crucial role, because it’s the starting point and ending point and in between in the internet it has to be secured with all the algorithms and techniques that are done in the industry.
Arun Mirchandani (10:57)
Whose into sort of the next area, which is sort of the main elephant in the room, which is around security. And I think of security as really six different subcategories. When we say securing health data, we are talking about making sure, first of all, that only the right persons are able to access data. So let’s talk about authentication, the other parts of security includes access control so making sure that not only right person is accessing the data but the are accessing only what they are allowed to see, then there is obviously, the audit control, you know, if there was a need to ever go back and look at the history of who accessed and changed what data there has to be. That level of, you know, fine access audit controls in this secure system. And then integrity is a key part. You know, we talked about cleanliness and all, but once the data is stored, you want to make sure that only the right people are able to change it and you know, it doesn’t get crypted and so forth. And then finally we talked about transmission. So, it’s really access, audit, integrity, authentication, transmission, for me, these together sort of cover the umbrella of security. Any, any comments or thoughts on that classification?
Srinivasan Venkataraman (12:17)
No, I think you narrated it well, Arun. I think especially there is a governing body called HRSA health resources and services administration, and they put lot of emphasis on audit. I mean, security, there’s a lot of frameworks in place, but when it comes to audit, they’re very particular meaning, whatever claims data, for example, in clinical world, are they being captured, and right party is being charged and right amount is charged. The audit ensures there is that no money goes unattended and also the members who are involved around the claim is being charged correctly. So that level of details nitty-gritty are involved when audits to your point. That is from health resource and service administration, they do every yearly audit and because of that volume of data there is quarterly audit that happens at every covered entity and, paned third-party administrators, that is one aspect of it. Nowadays, the security has gone one above called SOC complaints. You all might have heard about SOC two – type one and SOC two type two. One is for the financial. The other one is for the administration and data.
Srinivasan Venkataraman (13:30)
And that ensures, it is an umbrella or layer on top of IOR International Organization for Standardization – ISO. SOC makes sure that there are several layers of security that should be in place. So, one is HRSA and so started and ISO and SOC make sure that data is being secured. So, these two are, you know, you call it as twin aspects of security layer. Everyone looks for when they sign up with the covered entity or help partner or payer to make sure that every entity, they’re dealing with them has their certification in place. So that assured they’ll be, you know, having their data secured. That’s the additional point.
Punkaj Jain (14:16)
So one question popped up and either one of you can answer, so seems like way you were saying, Arun and Srini all this security and cost, it’s pretty expensive thing to store and maintain and do all this thing regarding the health data, so what motivates organisations to do all this stuff in the first place?
Arun Mirchandani (14:37)
Well, it’s actually quite simple, like I said in the beginning, the macroeconomics of healthcare are such, you know, there are really two types one that operates in highly competitive market where improving operational costs and improving population health are easily measured and compared against your competitor, and that determines not just the reimbursement, but sometimes, you know, for example, for like admission rates and so. So, all of these are sticks if you went for Medicare and CMS and now private cares to impose on health systems, so they shape up. So, the other half of the healthcare system, how the group of the health care system that operates, and what we call concentrated market where they pretty much have monopoly or, you know, they have no incentives to increase their operational efficiencies or reduce costs because they just, what they don’t get from the CMS or the Medicare, they just the private. So, if you at insurers, for example, payers or health systems in the mid-west in places like Indiana and places, their cost for treatment for same treatment is significantly higher. And it’s counterintuitive to places like Boston, where there is high level of competition because in one case the shift and balance proposed by CMS in form of penalties and reimbursement are effective, in other case, there is only, you know, one health system to take of a large part of Indiana CSM can’t do really, you know, do anything about it.
Arun Mirchandani (16:18)
So there the cost spiral out. So now what’s happening. Cause of that, I just read a statistic, that if you look at the hospital systems’ actual cost of delivery versus the reimbursement generated from private payers and Medicare. Medicare pays about 88 cents for every 100 cents or for every dollar of cost, right? So, they operate almost like 12 percent in, in negative. Whereas they compensate that from the private payers, and they end up shouldering the cost of deficit. So, they end up paying 144, dollar 44 for every dollar of cost. And this has to be, this cannot go on the long term, right? The macroeconomics really pay out here. So, what is now happening is that you must have heard, I think you talked in the last podcast was to move from based model, which is all, everything we have talked about so far these you this, so where there is predetermined costs for, you know, particular type of hospital visit to know what they call value-based pricing. So, value-based pricing is sort of the, the mechanism now that’s coming into play, that’s going to kind of equalizes playing fields. So, the health system won’t be able to just, you know, shift their costs from, or their profits, from Medicare, over private insurers, all payers will use the same mechanism to you’ll only get this kind of stuff because we have data from these regions where let’s say orthopedic surgery costs this much. So, you in Indiana can’t charge us too twice as much, right? So, they’re going to equalize that. And that’s going to be the final driver, I believe in the absence of open markets or competitive markets where these cost will eventually down so long, long driven by macroeconomics.
Punkaj Jain (18:07)
Yeah. That’s the key, like every like any organization it’s like you’re spending so much money. You got to have a way of making something out it, right?
Srinivasan Venkataraman (18:14)
So nowadays every country, they introduce lot of federal programs, on their discount count program what they do is, they’re saying the federal says, okay, you do this to benefit the members who cannot afford costly medicines, who cannot afford costly treatment and diagnosis. If you work with the government, as a true partner, or accommodated to hospital or health partner, all the discounted money will be paid, the Delta will be paid to them. Eventually they can invest on latest programs like cancer, arthritis, there are a lot of diseases that needs diabetics needs more attention. So, they can invest money in that program. And eventually they, that particular hospital will be staying ahead in the market, in the research and development or any findings they can bring in. So that is one of the ways to attract them to your point, what makes them stay in this market, even though they’re spending lot of money, this is because they want always one step above other competitors. So, this one to attract them.
Punkaj Jain (19:31)
So, this is one to sounds good. I think there almost, there’s so much more to talk about, but unfortunately, we are running out of time. So, I just wanted to ask Arun you and Srini if you guys can any final thoughts on this topic, access and transmission of the health data.
Srinivasan Venkataraman (19:46)
Sure. See, this is what the way are heading. So, typically the office of the national coordinator of health information ONC, the US core data for interoperability. So, where we are heading to, according to the press release what they did in 2018 is, there is a framework that has in place, and we are marching towards that. The three main goals that covers the interoperability and also to avoid drowning in the data and effective ways of transmission and accessibility. Three pillars, I would say is patient access patients, the members must be able to access their health information electronically without any special effort, that is one. Population level data exchange providers, payer organization accountable for managing benefits can receive population level health information, allowing them to analyses their health trends, outcomes, and costs. That is going to be the, one of the key aspects. And a third one is open and accessible APIs. So, we touched upon the fire. Uh, the health information technology community should have open and accessible application programming interface to effectively uses the data for the visibility of the data for their respective patients. So, this is the, where we are marching towards, and we are heading in the right direction. That’s wrap up. Thanks.
Arun Mirchandani (21:09)
That’s a positive note, Srini. I would just like add that if you look back in the last few decades, the progress while has been slow has been steady and in the right direction for all of the improvements we have been talking about in the last podcast and in this one, I just want to caution people that it’s, you’re still dealing with healthcare. We’re dealing with human lives. We’re dealing with lot of liability related challenges. So just to temper the mood here that while the progress has been definite, it’s going to be slow. And, but the world is a better place today than it was 20 years ago when is comes to healthcare.
Punkaj Jain (21:49)
There was so much more to discuss today. Unfortunately, we ran out of time. The key takeaway for me from today’s discussion is the concept of triple aim regulations, mandate that providers use data and analytics to gain actionable insights and apply them to improve clinical outcomes, improve quality of care and reduce operational costs. That’s your triple aim. This is what makes the healthcare data unique in comparison with the other types of data. Thanks again, Arun and Srini for an open discussion and providing your insight. Thanks, Madhura for organizing the event. Bye.
Madhura Gaikwad (22:29)
Thanks, Punkaj. And thank you, Arun, and Srini for taking the time to join us again. It was a pleasure hosting you for these three episodes to discuss healthcare data and your insights have surely added value to our listeners. We will look forward to hosting you again to discuss healthcare technology in the future. And thank you everyone for tuning into this episode. For more information on healthcare technology, digital transformation, and product engineering, visit our website, www.excellarate.com.