Overlooked Cyber Risk: Why IT Must Improve POCUS Workflow

Author: Ketan Patel, Sr. Director of Security and Cloud Operations

The Role of POCUS in Patient Care

The emergence of point-of-care ultrasound (POCUS) has improved diagnostic and procedural capabilities in healthcare, bringing increased efficiency and portability to patient care for ultrasound examinations. In the coming decades, we’ll see the growing adoption of handheld devices continue to harness better quality imaging that will, in turn, increase the usefulness of ultrasound beyond historically traditional settings—helping patients at the point of care, rather than an emphasis on appointment-based examinations.

This inflection point of ultrasound innovation is exciting, even though the use of ultrasound has been around for more than half a century. Those in technology departments should be quick to realize the rippling impacts of such innovation, for the IT departments have seen how innovation can reshape industries time and time again. The emergence of the internet, cloud, artificial intelligence, and other disruptive models of computing should all come to mind.

But, as anyone in IT will recognize, the acceleration in innovation also comes with cybersecurity risks, as any new landscape can expose unexpected intricacies, present unforeseen circumstances, or create gaps for cyber exploitation.

Avoiding Risks of Shadow IT

Gartner defines Shadow IT as “IT devices, software and services outside the ownership or control of IT organizations.”

When an IT department is unaware of threat vectors posed by employees adopting IT tools of their own—as is the case with Shadow IT—it could mean dire consequences for all at an institution. To protect your hospital and the patients within it, security and compliance are just a part of a larger equation. Indeed, these aspects are key to driving forward good IT posture so that technology systems can run while also maintaining safety and privacy at the heart of operations.

However, when technology groups fail to evolve their existing IT infrastructure to match changing innovations and priorities, the overall IT infrastructure suffers from neglect and convoluted workarounds. Shadow IT emerges from a desire for efficiency, not necessarily an intention to harm the institution. But any institution with rampant Shadow IT runs the risk of a cyber breach and cyber exploitation, such as ransomware attacks which according to a Comparitech report, affected more than 18 million patient records for Americans in 2020, including nearly half of all Maine residents. And ransomware persists as a major threat to this day—for example, in July 2022 the Federal Bureau of Investigations (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury collectively released a warning to healthcare institutions that they were at risk of Maui Ransomware targeting from North Korea. A ransomware attack can damage both your hospital’s reputation and its ability to keep its doors open.

The problem with the current state of point-of-care ultrasound (POCUS) at healthcare institutions, such as in emergency care and critical care units, is that the steps for review, documentation, and billing have become too convoluted to encourage productive POCUS users. For this reason, we see physicians staying late after their shifts—or worse, spending far too much time between seeing patients—just focused on their documentation process following an ultrasound exam. They are often using a hodgepodge of middleware, flash drives, Excel spreadsheets, and other activities to fill the gaps where their IT systems and software have failed them.

No one enjoys cumbersome workflow processes, especially when those processes seemingly could be easily improved. Some steps in a process may have an unseen purpose—they may be integral to other departments or a key part of regulatory requirements, for example. The reasoning behind any procedural steps, especially if those steps strike users as convoluted, must be conveyed to the larger whole; otherwise, workarounds could quickly become the adopted norm.

An Answer to the Imaging Workflow Challenge

Hospitals have endured poor workflow solutions for so long that, indeed, relief is overdue. Finally, a new solution has arrived: Exo has released Exo Works™, an intuitive workflow solution for POCUS that allows physicians to scan, document, and bill their exams easily. No more ghost exams that get lost and can’t be billed. With a few simple taps, physicians can complete the required documentation and seamlessly send their exams to the EMR and PACS systems all while maintaining a hospital’s security posture.

Exo Works is supportive of the following compliance frameworks:

  • SOC 2
  • ISO 27001

Exo Works is the solution that facilitates optimal patient care, while also ensuring all billing requirements have been accurately captured. Request a demo to see it in action.