It’s no doubt 2017 was filled with a great deal of the unexpected, in all sectors. Healthcare found itself in an interesting position, where the Centers for Medicare and Medicaid Services canceled two of its bundled payment models and invested less in value-based care to focus more on interoperability and patient engagement.

Many larger tech vendors like Apple and Amazon took some major steps this year to shift into the healthcare sector, while big partnerships like CVS-Aetna point to even more disruptions in the coming year.

To get a better sense of what the industry can expect going forward, Healthcare IT News asked some of the influential leadership what they felt would be the biggest focuses in 2018.

To IHI Chief Clinical and Safety Officer Tejal Gandhi, the New Year will continue to see a focus on patient safety culture. IHI and the National Patient Safety Foundation merged in May of 2017 and are focused on quality improvement, health equity, patient safety and similar issues.

“We’re trying to take this lead in a coordinating role, to bring organizations together to accelerate this work,” said Gandhi. “But I think the industry will be so focused on what’s happening with access in health reform, the big challenge ahead is to keep focus on that mission with all of these things going on.”

And part of what will drive the need for better access, care quality, services and the like will be the consumer. Patients are more informed and many are shifting from unhealthy foods, with parents raising children in a more conscious way, explained 4D Healthware Founder Star Cunningham.

“I believe we’ll see a strong consumer adoption for health-related products that they pay for out-of-pocket,” said Cunningham. They’re going to want products to improve their health. 

When people pay $1,000 for a new phone and a few hundred dollars for FitBits: “You have to believe that all of this is going to come together,” she added. “The tech consumer -- the wearable consumer, the educated internet consumer, tech-savvy type folks -- are going to have different expectations and demands for the services they procure. Wearables will continue to be a big deal.”

Even amid rumors that FitBits are inaccurate or people don’t wear them, Cunningham said that what matters is that consumers want them and so they are here to stay.

“Consumers are sick and tired literally, and we all, in general, want to be healthier,” said Cunningham. “The expectation won’t solely lie with government, insurers and health systems to make that happen.”

Cybersecurity was another pressing matter for the healthcare sector this year. Hackers upped the ante in May and June with two massive global cyberattacks that shifted from past motives of holding money for ransom. Instead, the WannaCry and Petya culprits sought only to disrupt systems and destroy data by weaponizing malware. 

And that won’t stop this year.

“My biggest takeaway is that everyone is going to be hacked at some point,” said Julia Hesse, a partner with Choate, Hall and Stewart. 

Hesse added that no one is immune. No health system, provider practice, independent software platform or business associate. 

“What that means to me is that you must be even more careful, vigilant, and thoughtful about data recovery and breach implementation plans,” she added. “There’s no preventing it.”

In fact, providers should be mindful that the pace and scope of the U.S. Department of Health and Human Services’ enforcement is increasing. Hesse said to expect more state-level activity. 

While some states already have active data security programs, such as Massachusetts, Texas, Florida, New York, “states will be more active in enforcement,” she said. 

Another consideration is HIPAA. For Hesse, the industry has really focused on whether data was maintained confidentiality, as well as their course of reaction whether data was compromised or the patient was harmed.

“That was historically the focus: confidentiality alone,” said Hesse. “But HIPAA security has three prongs, and confidentiality is only one. There’s also integrity and availability.”

A prime example of this is the eClinicalWorks case. Hesse explained that one key argument was that data integrity was not assured. In the coming year, the industry can expect regulators to begin asking questions like that to other organizations that have been breached -- even in ransomware cases where a hacker encrypts the data.

“If a provider can’t demonstrate that backup system is truly immune and maintained integrity, I believe there’s a valid legal argument to make those a breach of HIPAA standard,” said Hesse. “Even if there’s no evidence that a hacker or third-party was able to download or encrypt those files, or even with no evidence confidentiality was compromised.”

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com