Specialized Skills for the Healthcare IT Technician – Part 2

Here is part two of my Healthcare IT skills assessment enumerating the specialized skills that sets the healthcare IT technician apart from average tech. Part one detailed HL7 and IT security skills. Now we’ll get into the meat of health IT skills.

Security Continued…

I may sound like a broken record but security knowledge and experience cannot be overstated. In my opinion, I think it’s still very lax in many healthcare settings and there is just too much at stake for that to be the case. Do all IT professionals that work in healthcare need to be full-fledged penetration testers and infosec gurus? No, although it would be truly great if they were! Should every IT technician that works in healthcare have a solid grounding in basic to intermediate security fundamentals? Absolutely. That being said here are a few specific areas to pay attention to. These areas are important in non-healthcare environments also, but because of government regulations special attention and awareness is given in a healthcare environment.

• Remote Access: SSH, Remote Desktop, VNC. These are all fine to use, and they should be used (please use SSH over Telnet!). Make sure VNC connections are secure and encrypted. Know the best practices for using these remote access protocols/applications such as least-privilege, certificates, and using non-standard ports.
• VPN: Whether using PPTP or L2TP make sure proper encryption/authentication is used. EAP-TLS is normally used for authenticating the PPTP protocol. IPSec normally operates over L2TP.
• Virtualization: Virtualization is fast becoming the norm in corporate infrastructures. The key is not to get lax in securing these virtual systems. Secure them as you secure a physical box. Proper disaster recovery methods should be in place, encrypted methods for remote access, and monitoring the virtual networks are all important. Remember to keep the hyper-visor software patched and updated as it is a target for exploitation.
• ASP, Cloud, SaaS: These are external applications or models kept on vendor servers or on the internet. Much of the security falls into the hands of the specific vendor, but that doesn’t mean the healthcare facility is clear of security considerations. This is where a good consultant can help a healthcare facility choose the right vendor(s) who provides adequate security and can properly implement the system on the customer side.

Here are a couple links for information on HIT security. The first is an example of what happens when PHI (protected health information) is not properly handled, resulting in a HIPAA security breach and fines of over $800,000! The second is a quick article on the top 5 security threats in healthcare.

UCLAHS to pay HIPAA fines for employee snooping

Top 5 security threats in healthcare

Healthcare Informatics

Healthcare Informatics is a combination of computer science, information science, and healthcare. It’s the blending of these three fields together that produces the field of healthcare informatics. Through healthcare informatics we can develop new systems that advance clinical work-flow, improve the security of the healthcare system, and reduce the cost of administration by utilizing modern technology. Informatics takes health IT a step further by creating and engineering new work-flow systems as well as creating healthcare technology standards throughout the world. An understanding of overall healthcare informatics will give any technician a competitive edge as they enter into the field. Many universities offer degrees in healthcare informatics and it’s worth taking a look at if you have the technical know-how (and passion) and want to enter the healthcare field.

Here is a video from the New Jersey Technical Institute giving an overview of healthcare informatics. What is Healthcare Informatics?

Here is a list of health informatics tools: http://en.wikipedia.org/wiki/Health_informatics_tools

Practice Work-flow

One of the biggest complaints about electronic healthcare systems is, ironically, that they don’t model actual healthcare work-flow. This makes it more difficult to learn the systems, and in some cases can make the electronic process less efficient than the manual process. Having a strong working knowledge of practice work-flow will allow the HIT consultant to recommend the most effective solutions for the provider. There are a lot of healthcare system vendors out there and practitioners are hiring consultants to help them sift through the market to find the best solution for their practice.

Information Management Redesign

This ties in with practice work-flow. Type “Information Management Redesign” in a google search and you’ll see a bunch of college courses and job opportunities for a specialist in this area. Basically it uses technical skills to design and redesign practice work-flows, processes, and data management. In the conversion from paper to electronic skills and expertise in this area will be highly sought after. This is why I hear so many Health Information Managers (HIM) saying that IT is taking over healthcare! IT, practice work-flow, and business processes are starting to merge as we move into an electronic environment. Hopefully you can see why this makes the technical know-how combined with work-flow/process design so valuable.

Technical and software support

This may go without saying, but you obviously must have strong tech support skills. This includes not only technical knowledge but people skills as you will be dealing with the typical non-tech savvy end users, although they may be more impatient when healthcare is on the line. Plus you’ll be dealing with professional staff such as Doctors, nurses, etc. Anybody who has to communicate with clinicians knows that many times communication itself in the hardest part.

Training and Clinician/Practitioner Consulting

This is an interesting area of healthcare IT and one that I think still holds many opportunities for an IT/EMR consultancy. The learning curve is one of the largest barriers going from paper to electronic, and there are a number of clinicians who are still not comfortable with electronic devices and computers. Now they have to learn electronic patient charting systems, entering the correct data in the correct areas, how to keep data secure, and dealing with an all electronic environment. Add the real-world scenarios where many physicians have too much “pride” to learn an entirely new system and it presents some unique opportunities. There is a consultancy I know of that will train physicians on EMR systems anytime during the day or night. If a doctor wants to train at 3:00am without anyone knowing about it these consultants will provide the service. If you have the technical knowledge and can supplement it with some of the top EMR’s on the market, perhaps by certifying in specific systems, this could be a great opportunity.