Michelle Rupp: Thank you for joining me for this week’s edition of AFMC TV. We are actually talking about health care technology on today’s episode and joining me now is Nathan Ray. Nathan, you work here with me at AFMC. You are all things health care technology.

Nathan Ray: Well thank you Michelle. It’s great to be here and yes, I wear many hats among technology and business operations. I’m glad to be a part.

MR: So let’s start by talking about just the evolution of healthcare technology that you’ve noticed.

NR: Several years ago, I was part of a federal grant with the Office of the National Coordinator for Health IT that AFMC managed here in Arkansas. And what we did was we worked with providers all across the state to help them adopt, implement and upgrade their electronic health records. That program also went hand in hand with the health information exchange, which I know we’ll talk about soon as well.

MR: We started at paper, we might have even started on stone tablets for some. Progressed to paper. Now everything’s electronic. Where could it go from here? I mean, and particularly now in a post pandemic world, health care technology has accelerated.

NR: It has. It’s really interesting over the time since that program was rolled out here in the state of Arkansas to where we are today. You know, a pandemic’s occurred and we had a process where a lot of things were still on paper. Even two years ago, there was some paper and a lot of processes, both internal to organizations and external. It’s now gone almost 100% electronic. So, you’re not seeing as much paper, you’re seeing a consent process and you’re seeing the transition to mobile devices. But with that also comes security risks. So those two have changed over the past several years.

MR: And that was my very next question. This all sounds great and wonderful and so futuristic. But there’s a huge risk because when it comes to security because you’ve got a human’s entire profile …

NR: You do, and it’s a lot more accessible. And a lot of systems now are modular. So, you’ll see systems where you’ll have part of an electronic health record in one system that’s interfaced with another system. So, you have not only interfaces built between multiple systems, but you’ll also have more information accessible external to the organization, and sometimes multiple organizations to really make sure that all of that is available to the health care provider, but also the patient. So, you have the complexity of interfaces, you have security considerations and you’ll see as a patient multifactor authentication. This is oftentimes what you’ll see when you’re doing mobile banking. And I do think it’s important to note that all of this is and has to be HIPAA compliant.

MR: For those who may be watching that aren’t in the health care industry, but they are just regular people like you and I who are concerned about our privacy and security, what are some of the stopgap measures that are put in place to protect their identity and protect their records?

NR: Well, there’s a lot of things and I’m sure we can talk more about this too with SHARE, the health information exchange (HIE) in terms of what they are doing for authentication, but from a patient perspective you want to make sure you have a complex password and there’s a lot of ways you can do that. Complex passwords. Use different passwords. Password managers are a great solution as a tool to really protect yourself. Of course, multifactor authentication. We talked about that to really layer on top of the password is a good thing to do and you’ll see more and more of that in a health care setting. So those are things that you can do as a patient. As a health care provider, I’m sure many of those that watched this show and are involved do annual security risk assessments. And so that’s another tool that as a health care provider, you should absolutely do at least on an annual basis, if not more often to make sure that you’re mitigating and addressing risks as they occur. Because they often evolve daily. So those are some things from a provider perspective that you should take into consideration in addition to the basics, like keeping your systems updated, having backups that are fully encrypted and available, and redundancies in those systems.