A Survey on Healthcare Digitization Accelerating Transformation While Mitigating Data Protection Threats in German Hospitals

A Survey on Healthcare Digitization: Accelerating Transformation While Mitigating Data Protection Threats in German Hospitals

Jonas Vieracker

Riga Technical University, Rīga, LV-1658, Latvia

Abstract. The digital transformation of the healthcare industry did become a trending topic in Germany of the recent years. Causes for it have been the latest technological developments, Big Data, and the need for medical elucidation of patients. Unfortunately, Germany is not considered to be the pioneer in digitizing medical care in comparison to leading countries in the European Union, although the opportunities are promising. Next to ethical and technical challenges one ma- jor threat is created by the high quality of data security, which is required by German and European law, especially starting from 2018, when the new EU Gen- eral Data Protection Regulation is entering into force. This survey paper will firstly shed a light on opportunities and challenges of healthcare digitization in Germany before elaborating on the detailed root causes of harming the digitali- zation. The main focus will be to provide high quality data security in hospital IT in line with the applying laws and regulations. Therefore, two approaches by dif- ferent authors will be assessed and compared.

Keywords: Digital transformation, Healthcare, Hospitals, Germany, Data secu- rity, XML, Healthcare information system (HIS)

1 Introduction

Digital transformation is considered to be the industrial revolution of the 21st century. Basically, every industry is affected by the recent technological changes in automation and digitization. Unfortunately, the current state of digitalization heavily differs among Europe. In their Digital Transformation Scoreboard 2017 authors on behalf of the Eu- ropean Commission evaluated European member states according to different metrics regarding the status of digital transformation. Although, Germany is considered to have the “best digital transformation enabling environment” in terms of infrastructure, in- vestments, skills, e-leadership and entrepreneurial culture, it is allocated behind Eu- rope’s pioneers[1]. Scandinavia and north-western Europe is leading the field, whereas Germany, once being popular for innovation, is chasing after the expectation. Luckily, not every German industry is lacking in digital progression. While some sectors, such as the producing industry, are heavily investing in the digital change (e.g. Industry 4.0), others did not yet take the chance on benefiting of digital opportunities. According to Eichhorst et al. [2], almost 60 percent of German hospitals do not have any strategy regarding transforming their processes digitally and only 1.6 percent operate high qual- ity digital processes and business models. An overview of the current state on digital transformation in German hospitals is illustrated by Figure 1 and Figure 2.

Abbildung in dieser Leseprobe nicht enthalten

Fig. 1. Existence of Digitization Strategies in German Hospitals (in percent) [2]

Abbildung in dieser Leseprobe nicht enthalten

Fig. 2. State and Quality of Digitization in German Hospitals (in percent) [2]

The integral question on this topic is, why the German healthcare sector is still in its infancy regarding digital transformation. What is hindering the change, and which op- portunities can be taken by healthcare service providers, especially hospitals? The fol- lowing survey paper will shed a light on current digitization opportunities and chal- lenges for German hospitals and its regulations. Further, the main focus of this paper will be to analyze facades of data security threats in hospitals and providing potential approaches in order to enhance the quality of data security.

This topic and the corresponding survey paper is based on four pillars, elaborating on each other. These four concepts and associated references are exhibited in Table 1. During the research, digital resources have been considered. Next to online libraries, such as SpringerLink or IEEE Xplore Digital Library, websites of health IT confer- ences, magazines, and blogs have been considered to supplement the four concepts. Most arguments are based on journals, academic papers, and website/ magazine arti- cles, due to the timeliness of its information. Using current sources is of high im- portance regarding digitization and data security, as it is a rising phenomenon of the recent years and due to the new Data Protection Regulation of the European Union (EU), which is taking effect in May 2018. Therefore, the website of the European Un- ion, as well as the one of the German Federal Ministry of Health, have been accessed in order to obtain information on the current legislation.

Table 1. Topic concepts and associated references

Abbildung in dieser Leseprobe nicht enthalten

2 Opportunities and Challenges of Healthcare Digitization

2.1 Leveraging Healthcare Digitization Opportunities

Opportunities of healthcare digitization are broadly discussed in Germany. When researching for benefits of digital transformation in community health, various experts are exhibiting their own vision on the future of digital health. Nevertheless, these ob- jectives have to be considered with caution, as the technical feasibility of some visions are currently highly doubtful. However, experts already came up with technologies, being easily realizable with the current state of technology and characteristics of healthcare in German hospitals. Lux and Breil [3] elaborate on various opportunities in the field of digitalization in the healthcare industry in the correspondent magazine. Some of their approaches can already be experienced in the industry, while others will characterize the digital future of healthcare. Mobile/ electronic health (eHealth) be- came, with the rising amount of smartphone and wearable users, a trending topic. It allows patients to gather different kind of health-related information, whereas health service providers, such as insurance companies, hospitals, and doctors can use the data for analytical reasons. Another aspect of mobile health is the electronic health record, which stores patient data digitally next to enabling patients to have control about the usage of their data by others. This is a huge advance to prior times, as the patient can decide, when, where, and who is able to access their sensitive data. Unfortunately, this approach is not yet implemented in Germany, while Scandinavia and the Baltic coun- tries are already making use of the technology. Providing all kinds of medical infor- mation digitally also clears the way for Big Data. In their article, Olaronke and Olu- waseun [4] elaborate on the difficulties and benefits of leveraging the power of Big Data in the healthcare industry. Next to classifying medical data, they are also exhibit- ing practical examples on how to analyze it, before describing limitations and chal- lenges, such as data security, privacy, and integrity. However, once making use of this powerful tool, insurance companies, hospitals, and doctors can benefit immensely. Dis- ease patterns and corresponding treatments can be analyzed at large scales, resulting in more effective and efficient medication planning, according to Lux and Breil [3]. Mov- ing away from digitizing information, processes, such as patient check-in, online ap- pointment planning, etc. can be automatized, resulting in increased operational speed and a reduced usage of resources. Further, eLearning technologies can be leveraged to facilitate the professional training of hospital employees, next to their jobs [3]. The more connected the entire healthcare industry becomes, the more efficient all partici- pants can work. Unfortunately, this progress comes at a cost, which will be discussed in the following section.

2.2 Analyzing Healthcare Digitization Challenges

Being excited by the opportunities and benefits of a connected healthcare system, one need to be precautious with potential threats. It contains many challenges, which have been addressed by various experts. The references used for this survey paper are covering the most crucial ones in terms of transformation success. Further, this paper will mostly consider data security threats and how to mitigate them. From a commercial perspective, new business models need to be created in order to afford the high invest- ments on technology. Lux and Breil [3] state, that business models from other industries cannot be easily applied. Generating revenues from data will most healthcare customers hinder to engage in the change, as this is a matter of highly sensitive data. On the other side, and advert-based revenue model creates distrust among the user and is not well received. Solving this issue is also considered to be crucial for the success of healthcare digitization. Moreover, the human factor needs to be handled. Hospitals need to ensure that employees and customers are making use of the systems. Without appropriate us- age, projects are doomed to failure. Another shocking aspect of digital transformation is described by Gerald Hörhan. In his book [5] he is tackling the topic of job losses in industries, which are traditional and inflexible, meaning sectors that are reshaped by the digital transformation. Most of organizations within these sectors are also charac- terized by standardized manual jobs. Although, the hospital sector consists out of aca- demic and non-academic personnel, it is likely to suffer most, amongst others. Even doctors without certain specializations, such as surgery, will be affected by the progress of digital transformation. The following scenario will clarify this argument: by lever- aging big data, patterns for simple disease can be easily created. In combination with improved wearable technologies, which monitor a person all time, the “patient” can get information on his disease and which measures should be taken. In case of necessary medication, the wearable will be able to send a prescription request, which will be au- tomatically be declined or approved so that the patient will be able to easily order the medication. In this scenario neither a doctor, nor a nurse or a pharmacist is needed. Taking care of this challenge will also become a tier one priority of a healthcare organ- ization’s management next to dealing with technological requirements.

From a technical perspective the lack of standards regarding infrastructure commu- nication and semantics is considered to be a major challenge [2, 3]. In Germany, the law on eHealth is already creating the basis for interoperability within healthcare IT, however governmental organs and industry organizations are forced to elaborate further on the basis to accelerate the transformation [3]. Moreover, the complexity of the IT architecture is a critical success factor for digitizing the industry. The goal in hospital IT is to combine traditional medical systems with new technologies, such as wearables, social media, etc. However, due to the disperse communication and data exchange of systems, this becomes a highly difficult task, which needs to be solved to benefit from the full potential of digital transformation [2, 3]. The biggest challenge of this topic is the area of data security. Medical data is considered to be the most sensitive customer data. The protection from any kind of hazard is the first priority of every medical service provider. Concerns around data protection are either technical or ethical. Technically, high security standards need to be established while from an ethical perspective a trans- parent access right management describes a possible solution. Only those, who are di- rectly involved in a medical service for a patient are granted access to the relevant data [2, 3, 6]. Ensuring high quality data security will be the focus of this paper. Potential approaches will be exemplified in the fourth concept.

All in all, the mentioned references consider healthcare digitization as indispensable and unstoppable. They are supported by the arguments published in the book of Men- ville, Audrain-Pntevia, and William [7]. Transforming the hospital industry will lead to higher efficiency in processes, quality, and resource planning, as well as cost savings, although high initial investments are expected. Dealing with and mitigating the threats mentioned by different sources has to be prioritized. Next to innovative business mod- els, hospitals are forced to increase their information technology budgets, as it consid- ered to be the backbone of a hospitals future.

2.3 Healthcare Data Security – Laws and Regulations

When covering the area of data security in Germany, national and European law needs to be considered in order to understand the huge challenges organizations are facing. Especially in the recent years, data security has become a highly discussed topic, due to the vast violations of enterprises, such as Facebook and Google, and regulations in the healthcare sector vary between countries. The personal data these companies are abusing are heavily influencing and limiting the privacy of individuals. Therefore, strict rules need to be set to embank such misuse.

Concerning the healthcare sector data security regulations are even more important, due to the sensibility of medical data. In this paper two major sources will explain the legislation of medical data security. As widely known, the European Union’s (EU) new General Data Protection Regulation will take effect on May 15, 2018. This regulation now becomes mandatory for all members of the EU. Examining the changes within the regulation is indispensable for this topic, as it gives valuable insights about the data protection requirements when operating IT systems. As digitization is fostering the in- tegration of traditional and new IT systems, hospitals need to be informed about the impacts of the regulation. According to Lenhard [8] there will be three integral impacts on hospital IT within the new EU regulation. First, data security documentation will be standardized, indicating for the hospitals to check and re-work their data security doc- umentation, especially with regard to order data processing, as hospitals are in posses- sion of multiple versions. Secondly, data security certification for the responsible IT manager are highly recommended as the responsibilities and risks of theses managers will increase [8]. Lastly, the European Union is highly focusing the term “state-of-the- art technology”. The regulation is not explicitly instructing on specific IT-security pro- cesses solely to avoid changes in the law as soon as a mentioned technology becomes obsolete [8]. This indicates that hospitals need to work with the latest IT security tech- nology in order to avoid fines, which can account up to 4 percent of annual revenue, in case of any security breach or data loss. Finlayson-Brown et. al. [9] describe in their article the changes of the new EU data protection regulation supporting the previously mentioned arguments. They further provide a comprehensive overview about tasks needed to be undertaken in order to operate systems, conform to the regulation. Next to alteration of the General Data Protection Regulation, Asija and Nallusamy [10], men- tion EU directives, directly considering health care data. Certainly, directives are not as powerful as EU regulations, however in order to avoid potential lawsuits these direc- tives need to be considered, as well.

In addition to European law, Germany adopted a law on “electronic Health” (eHealth) in the beginning of 2016. According to the German Federal Ministry of Health [11], this legislation will encourage and accelerate the digitalization process of healthcare especially doctors’ offices and hospitals. The law sets the foundation for the creation of the relevant infrastructure through the provision of guidelines and financial subsidies, while demanding strict compliance concerning data security rules.

In detail, the legislation [11] set the basis for an electronic patient record, which is already used by other member states of the European Union. Until its implementation in 2018 it is represented as an eHealth ID card, which stores sensitive patient data.

[...]