The Road Map to Health IT Resilience

The Road Map to Health IT Resilience

By Seth Hirsch

The early months of the COVID-19 pandemic have presented massive societal and technological challenges. In particular, health IT systems everywhere are being tested by increased demand for services and the need for a remote workforce. These challenges will continue as social distancing restrictions loosen and the healthcare system moves to minimize health impacts.

Just as anti-lock brakes and traction control systems work together to constantly sense, adjust, and respond to road conditions, our society and technology will need to calibrate as we reopen—take action, observe the impacts, and adjust accordingly.

This will be the case for everything—from contract tracing and disease surveillance to health research and shifting medical personnel and supplies to emerging hot spots. To achieve this, current systems need to be secure to help lay the groundwork for new capabilities and innovations. It’s important to remember Hippocrates’s ancient creed—first, do no harm—by honoring all applicable compliance, data security, and privacy regulations.

Coping with Immediate, Unprecedented Bandwidth and Capacity Strains

With each passing week, the coronavirus pandemic continues to separate the digital wheat from the chaff—especially in government, where the challenges are magnified by the highly regulated nature of the work.

Much of the pandemic-related pressure falls especially hard on the public health system—including the US Department of Health and Human Services (HHS), the Centers for Disease Control and Prevention, and the National Institutes of Health, as well as a network of other public and private sector organizations. If bandwidth and capacity issues can challenge Facebook—a company flush with resources and famously proactive about system reliability—they can hobble any organization.

Even in the best of times, disease surveillance and mitigation is no easy task, especially when one considers that healthcare lags behind other sectors on infrastructure and security investments. Now the job is even more mission-critical, especially in light of a 15-fold or more increase in telemedicine and crushing new demands for reliable infrastructure and radical innovation.

While the scale and impacts may be unprecedented, the solutions involve some basic blocking and tackling, such as capacity planning, performance testing, and vendor management. Whether the system is dealing with a pandemic or a steady state, there still needs to be processes to estimate the need for storage, software, and network connectivity resources over time.

Regardless of the scope, the questions are the same for all types of systems:

  • How much can this system handle?
  • What is it designed for?
  • What’s the expected maximum performance?

Then the test engineers need to perform extensive testing with many different maximum performance parameters to make sure the systems can achieve the enhanced service levels required to cope with the pandemic-driven surge in demand. A crisis is no excuse to side-step these fundamentals.

The same goes for regulatory compliance. Look no further than the rush to embrace teleconferencing platforms; necessity may be the mother of IT adoption, but due diligence can’t be avoided in the process. Otherwise, security and privacy pitfalls can jeopardize user trust. The takeaway is clear: No matter how bright and shiny the object, there needs to be due diligence. Considerations include making sure a system is HIPAA-compliant and determining whether it’s been through a FedRAMP process, which is a federal standardized security assessment. Even in a pandemic, the IT fundamentals must be respected.

Emerging Capabilities and New Challenges as Society Reopens

Due diligence in basic functionality and reliability of systems will undergird a whole new world of emerging technology and analytics that must be supported as organizations navigate the pandemic. It’s not unlike medical innovation itself, where cutting-edge breakthroughs are built on a solid foundation of basic research.

In other words, organizations that address critical vulnerabilities and optimize underlying systems are better positioned to support a juggernaut of new and enhanced capabilities. Researchers, for instance, are already hard at work designing new artificial intelligence (AI) and machine learning applications against COVID-19, for everything from real-time mapping of cases and epidemiological forecasting to mobile app interventions and estimating unreported infections.

AI is also helping look backward at what medical research may already have unwittingly uncovered, including a recent project scouring previous scientific literature that isolated a rheumatoid arthritis drug called baricitinib as a possible treatment for coronavirus. The drug has now been accepted for an accelerated clinical trial to gauge its efficacy.

Unfortunately, the clock governing even an accelerated clinical trial doesn’t tick fast enough to satisfy some of most immediate health IT needs. Consider the truncated timelines for completion of government RFIs and RFPs that demonstrate the tremendous need for innovation at breakneck speeds. This often means adapting existing technologies in new ways to serve emerging COVID-related health IT needs.

For example, the federal government recently released an RFP looking for a new way to combine telemedicine with mobile network capabilities to enable critical care anywhere, including in remote areas and ever-shifting hot spots of infection. The system will need to stay functional whether its users are ingesting the best diagnostic machine data over a high-speed or satellite network or settling for cellphone shots of vital stat monitors texted from an ambulance or rural field hospital. It’s a new capability being created from telemedicine staffing models, mobile connectivity carrier services, critical care domain expertise, and more.

Another example of existing technology enlisted in new ways against COVID-19 is the adaptation of beacon technology, which is currently used in retail, law enforcement, and other sectors, to aid in contact tracing. Unfortunately, this is one of those examples where a promising new use case may save lives but raise profound regulatory and privacy concerns in the process.

With More Progress, Tougher IT Riddles

Bill Franks, former chief analytics officer of Teradata who now works for the International Institute for Analytics, says that technologists must work within the regulatory and compliance lanes laid out by the government even as COVID-19 puts unprecedented need on reaping insights from personal, medical, and other sensitive data.

“We’re seeing a lot of requests for analytics custom to the crisis. And for many of the requests, it is necessary to access data at an individual level,” Franks said. “This necessitates policies and procedures to protect the patients and their data while enabling the analysis required to address the problem.”

This is especially true in cases where, unlike new mobile apps for self-reporting of symptoms, users are not necessarily opting in to the process. Threading the needle will likely involve enhancing processes for role-based, tiered access to such data on a need-to-know basis.

With each threaded needle, of course, there are more solutions to stitch together. For instance, once stakeholders settle on the compliant technologies and policies to work securely with location data, they’ll need to find new ways to correlate that data with other sources. For example, civil records or mapping data can help distinguish—using GPS data—whether a building is hosting a rave or if it’s a building of apartments where people are sheltering in place.

Five Ways to Strengthen Health IT for COVID-19

While it’s impossible to predict where the next challenge area and health IT breakthrough will take place, it is possible to lay the groundwork for success by solving some key strategic issues that will improve the overall landscape for a response. Here are five health IT steps that will have an outsized impact:

  • Enhance adoption of common health IT data standards—such as the ANSI-accredited Fast Healthcare Interoperability Resources (FHIR) framework—to standardize health-related data across mobile phone apps, cloud communications, EHR-based data sharing, server communication in large institutional healthcare providers, and more.
  • Health IT practitioners should fully embrace Agile principles for disease surveillance, so that feedback loops for surveillance and contact tracing in the population help track impacts of incremental loosening of lockdown restrictions.
  • The industry should prioritize process improvement, infrastructure modernization, and IT records management best practices. This will help align disparate personnel systems at the federal, state, and local levels to speed the movement of health professionals around the country to shifting geographic infection hot spots.
  • Enforcing the principles of reproducible research—especially when large data sets, AI, and ML are involved—can help to ensure processes can be repeatable and scalable.
  • IT-enabled supply chain management should be optimized to speed procurement timelines and logistics for making syringes or getting masks, protective gear, and other vital equipment when and where it’s needed most.

Having stronger health IT systems and capabilities ensures a stronger response to COVID-19. Providers shouldn’t lose sight of Hippocrates’s famous admonition to “First, Do No Harm.”  Ironically, the edict referenced at the beginning of this article was not part of his famous Hippocratic oath, but rather from another of his works, “Of the Epidemics.”  Today, in our current pandemic, compliance and efficacy are the dual lenses through which providers and IT professionals should use to vet the feasibility of any health IT solution.


Seth Hirsch ( is chief operating officer at Systems Engineering Solutions Corporation.

Continuing Education Quiz

Review quiz questions and take the quiz based on this article, available online.

  • Quiz ID: Q2039106
  • Expiration Date: June 1, 2021
  • HIM Domain Area: Technology