Healthcare Information Security

Cybersecurity News

Why Secure Healthcare Technology Must Assist Daily Workflow

By Elizabeth Snell

- Facilities are working hard to keep pace with federal regulations for secure healthcare technology. It is not enough to simply install an EHR, but healthcare organizations need to prove that they are using it properly and in a way that keeps protected health information (PHI) secure.

The trick is to find the right balance in implementing secure healthcare technology that does not hinder clinicians’ daily workflow, according to Nolan Hennessee, CIO/VP of St. Joseph’s/Candler Health System. In an interview with, Hennessee discussed the importance of facilities using the right secure solutions for their standard operations. He also spoke about the HealthIMPACT Southeast Conference in Florida, which he will be presenting at on Jan. 23.

*Editorial note: Portions of this presented have been edited for clarity.

ELIZABETH SNELL: In terms of healthcare providers implementing new technology, what changes do you expect to see in 2015? Why?

NOLAN HENNESSEE: It’s not so much tied to 2015 as I think everybody is chasing the requirements of whatever stage of Meaningful Use they are bound by. Meaningful Use provides something of a clear pathway depending on which stage you are pursuing: Stage 1, Stage 2 or Stage 3. I think every organization is going through the growing pains, regardless of what stage they’re in. When I think about it, the overarching mandate of the use of CPOE, Physician Documentation and for the quality measures to be populated electronically seem to be the most challenging.

READ MORE: Kentucky Health Center Ensures PHI Security After Email Gaffe

I believe most organization are in Stage 1 or 2 …There is a lot of anticipation of what the final rules of Stage 3 will be which is scheduled to announced in a few months.

ES: How can providers find the right balance in terms of keeping pace with new technology, but also find secure solutions that do not hinder clinician workflow?

NH: There are numerous vendors entering the market; some are better than others. They’re all worth looking at to some degree and KLAS reporting is an excellent reference guide. CMS has mandated the use of a certified system under the Meaningful Use guidelines. So those are the places you have to start with a certified platform. And then look for ways to refine the platform so that it doesn’t encumber on the day of the physician and clinician. However, it does call for a change in the way the providers have seen patients in the past. My observation is that as a society we believe we like to change but generally, what I witness is change is good as long as it’s somebody else who’s doing the changing. So change is difficult and in order to make the transitions under MU you must have a strategy that is methodical and provides an incredible amount of system support as we bring forward new technology.

You’re talking about a profession, whether it’s inefficient or not, that’s been running this way for 50 + years. And the requirements of MU are significantly changing the workflow of the provider and clinician. Generalizing here the physician who’s 50 or 60-something, who’s been practicing medicine in this manner for 30 years, they’re significantly changing his or her workflow. The new workflow may be more efficient once refined but the transition time to this new workflow is arduous. So it is a combination of finding the right technology and ensuring you invest in the support resources to aid the clinician in how to use the technology appropriately- this takes time.

ES: In your opinion, what are some of the greatest challenges for healthcare providers when it comes to finding the most secure technology for their daily operations?

READ MORE: How Healthcare IT Teams Bring Value and Security to Providers

NH: Access. It comes down to access. The technology has to be a certified system, but then it comes down to removing the four walls of the hospital as a barrier. Think of it this way: Everybody does banking on their phones. By the same token, what can clinicians and physicians and pharmacy do from outside of the four walls? We are just beginning to tackle these questions in healthcare. One of the many challenges is to find certified systems that can be enhanced by offering remote access in a timely manner.

We just went live with a new MEDTECH system. One of the things I wanted to accomplish for the physicians was to ensure that it was secure. But I count clicks. So we purchased a single-sign on solution, where [doctors] could put in a user ID and password one time per 12 hours and use their badge to “badge in” for the remainder of their day. The employment of this technology removed about a minute and 20 seconds from the log-in time, and removed about 16 clicks to get to the “patient panel.” To the IT professional that’s no big deal, but tell a doctor who is logging in and out 40+ times per day that you just gave them back an hour or more in their day and that is received as a very big deal.

ES: Should small and large organizations take a different approach to innovative strategies?

NH: Oh 100 percent yes. We just lived through this scenario. We’re 650 beds with a huge competitor 3 blocks away, and the atmosphere is very different than that of a 100 bed hospital or an exclusive regionally based healthcare facility. The politics and the technology that will be accepted are very much influenced by the level of care being offered and if there is another facility in the region approaching the delivery of care using a different brand of technology…There are many influencers to consider.

ES: Tell me about the HealthIMPACT conference. What can attendees expect to take away from it?

READ MORE: Report Finds 16.6M Affected by 2016 Healthcare Data Breaches

NH: The heading for our particular section was that physicians aren’t technophobes. They just don’t want anything that’s going to distract or take away from their time to provide patient care. These professionals went to medical school to take care of patients. They didn’t get their degree in computer science or in computer documentation. But that’s the way the world’s going that is to say there is a focus on using the computer. The advantage that the many students have coming out of medical school today, is that the use of the computer is part of the curriculum.

Think of it this way – most 20s, or even 30-somethings: they’ve always had an iPad. They’re kind of accustomed to using technology for everything. But there is a huge population of physicians that are obviously extremely intelligent and gifted but have not been asked to utilize the computer for a large part of their career. The change that the “baby boomer” generation of physicians is seeing is the mandate under MU to utilize technology in a more meaningful way…it’s intimidating.

We’ll be speaking to specifically, how do you engage them?

The onus is not meeting the physician halfway, but going as far as we can possibly go. There is a huge pull on the time of the physician. And there’s always more patients waiting for them than what they can see. As much as I understand and appreciate what the Affordable Care Act and Meaningful Use is attempting to accomplish, there’s that ramping up of proficiency and knowing how can we shorten the time frame for the bell curve to be accomplished by the provider. What can we do to bend over backwards to accommodate them? And where can we be patient with this change in their workflow and use of technology.

It’s about us understanding the value of the time of the provider. We talk about physicians like they’re a species or something, but they’re just people wanting to do a very good job, have time for their families, and not be buried under the mandates of MU. It can be intimidating to change your workflow and to tackle new technology and it has been my experience that no one likes to feel intimidated.

For more information on the HealthIMPACT Southeast Conference, click here.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...