This research note is restricted to the personal use of jvenus@oxcyon.com G00276438 Hype Cycle for Healthcare Provider Technologies and Standards, 2015 Published: 2 July 2015 Analyst(s): Barry Runyon This Hype Cycle is a vital reference for healthcare delivery organization CIOs and IT leadership when assessing the impact and value of emerging and existing information technologies and standards. Table of Contents Analysis..................................................................................................................................................3 What You Need to Know.................................................................................................................. 3 The Hype Cycle................................................................................................................................ 3 The Priority Matrix.............................................................................................................................6 Off the Hype Cycle........................................................................................................................... 7 On the Rise...................................................................................................................................... 8 FHIR...........................................................................................................................................8 Blue Button+.............................................................................................................................. 9 Real-Time Healthcare System...................................................................................................11 Voice User Interface..................................................................................................................12 At the Peak.....................................................................................................................................14 Natural-Language Processing (Clinical Enterprise).....................................................................14 E-Prescribing of Controlled Substances....................................................................................15 Logical Data Warehouse........................................................................................................... 17 C-CDA..................................................................................................................................... 19 Clinical Communications and Collaboration.............................................................................. 20 Consent Management.............................................................................................................. 22 Enterprise File Synchronization and Sharing..............................................................................23 Enterprise Fraud and Misuse Management...............................................................................25 Secure Text Messaging.............................................................................................................26 Healthcare Master Data Management.......................................................................................28 IT GRCM.................................................................................................................................. 30 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Sliding Into the Trough.................................................................................................................... 32 Continua...................................................................................................................................32 Business Continuity Management Planning...............................................................................34 Unified Communications...........................................................................................................36 Semantic Interoperability/Healthcare.........................................................................................38 Legacy Decommissioning.........................................................................................................40 End-User Experience Monitoring.............................................................................................. 41 ICD-10 (U.S.)............................................................................................................................ 43 Direct Messaging......................................................................................................................45 HIE........................................................................................................................................... 47 GS1 Healthcare (GDSN)........................................................................................................... 48 HL7 Infobutton......................................................................................................................... 50 Climbing the Slope......................................................................................................................... 52 Desktop Virtualization............................................................................................................... 52 Patient Self-Service Kiosks....................................................................................................... 54 Positive Patient Identification.....................................................................................................56 Vendor-Neutral Archive............................................................................................................. 57 Enterprise Mobility Services...................................................................................................... 59 Information Life Cycle Management..........................................................................................61 IHE XDS.b................................................................................................................................ 62 Location- and Condition-Sensing Technologies........................................................................ 64 User Administration/Provisioning...............................................................................................66 Enterprise Content Management.............................................................................................. 68 Patient Portals.......................................................................................................................... 69 Entering the Plateau....................................................................................................................... 71 Strong Authentication for Enterprise Access............................................................................. 71 Medical Device Connectivity..................................................................................................... 72 Appendixes.................................................................................................................................... 74 Hype Cycle Phases, Benefit Ratings and Maturity Levels.......................................................... 76 Gartner Recommended Reading.......................................................................................................... 77 List of Tables Table 1. Hype Cycle Phases................................................................................................................. 76 Table 2. Benefit Ratings........................................................................................................................76 Table 3. Maturity Levels........................................................................................................................ 77 Page 2 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com List of Figures Figure 1. Hype Cycle for Healthcare Provider Technologies and Standards, 2015...................................5 Figure 2. Priority Matrix for Healthcare Provider Technologies and Standards, 2015................................7 Figure 3. Hype Cycle for Healthcare Provider Technologies and Standards, 2014.................................75 Analysis What You Need to Know This Hype Cycle tracks important healthcare provider technologies, standards and concepts that range from embryonic to mainstream. Many of the technology profiles on this Hype Cycle, in one way or another, enable a more situationally aware and patient-centric operational and management paradigm Gartner refers to as the real-time healthcare system (RTHS). The RTHS is an evolutionary response to the transformational forces of healthcare reform, the urgent need for better care team coordination and care team collaboration, the inexorable advance of medical knowledge technology, rapidly changing business demand models, and a recognized need to improve care quality and the patient experience — all while controlling and cutting costs and, ultimately, making care more affordable for the consumer. The Hype Cycle This Hype Cycle tracks information technologies and standards that are important, if not vital, to the healthcare provider's everyday operations and ongoing evolution. Each entry on the Hype Cycle provides a definition of the technology, a justification for its position and adoption speed, and targeted user advice. It also includes a benefit rating and an assessment of the technology's market penetration and relative maturity. Each profile references a distinct set of vendors that can offer important value to a healthcare delivery organization (HDO). All of this information serves to position the technology or standard on the Hype Cycle, as well as provide direct input into the associated Priority Matrix. Roughly one-third of the technology profiles in this Hype Cycle remained in position or did not move appreciably beyond where they were last year. These include profiles such as Consent Management, Continua, Unified Communications, Semantic Interoperability/Healthcare, End-User Experience Monitoring and Desktop Virtualization. This lukewarm forward movement is not indicative of a shortage of industry interest or technology innovation, but rather points to a lack of HDO readiness, coupled with a preoccupation with current business realities brought about by healthcare reform and a rapidly changing marketplace, at least in the U.S. Other technology profiles experienced more inspired forward movement, and some were repositioned to reflect changing industry circumstances, such as the Real-Time Healthcare System, Natural-Language Processing (Clinical Enterprise), FHIR and Direct Messaging. Their year-over-year movement can be explained in part by new industry requirements to share patient information more widely and in support of new business models, compliance mandates, and continuing efforts to make the HDO more efficient and Gartner, Inc. | G00276438 Page 3 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com patient-friendly. Logical Data Warehouse (LDW) and E-Prescribing of Controlled Substances (EPCS) are new technology profiles introduced this year. The appearance of the LDW is a byproduct of increased interest and hype surrounding business analytics, the need for better insight into business and clinical activities, and the general frenzy surrounding all things big data. EPCS surfaced due to the emergence of more comprehensive solutions that assist in the implementation of DEA e- prescribing rules. Master Data Management was renamed Healthcare Master Data Management to better reflect its role within the HDO. Page 4 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Figure 1. Hype Cycle for Healthcare Provider Technologies and Standards, 2015 expectations C-CDA Clinical Communications and Collaboration Consent Management Logical Data Warehouse Enterprise File Synchronization and Sharing E-Prescribing of Controlled Substances Enterprise Fraud and Misuse Management Natural-Language Processing Secure Text Messaging (Clinical Enterprise) Healthcare Master Data Management Voice User Interface IT GRCM Real-Time Healthcare System Continua Blue Button+ Medical Device Connectivity FHIR Strong Authentication for Enterprise Access Location- and Condition- Business Continuity Sensing Technologies Management Planning IHE XDS.b Patient Portals Unified Communications Enterprise Content Management Semantic User Administration/Provisioning Interoperability/ Healthcare Information Life Cycle Management Legacy Enterprise Mobility Services Decommissioning Vendor-Neutral Archive End-User Experience Monitoring Positive Patient Identification ICD-10 (U.S.) Patient Self-Service Kiosks Desktop Virtualization Direct Messaging HIE HL7 Infobutton GS1 Healthcare (GDSN) As of July 2015 Peak of Innovation Trough of Plateau of Inflated Slope of Enlightenment Trigger Disillusionment Productivity Expectations time Plateau will be reached in: obsolete less than 2 years 2 to 5 years 5 to 10 years more than 10 years before plateau Source: Gartner (July 2015) Gartner, Inc. | G00276438 Page 5 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com The Priority Matrix The Priority Matrix is a companion to the Hype Cycle graphic and maps a technology's benefit to its time to maturity. It is generated directly from the benefit rating and the time-to-plateau values for each technology. The Priority Matrix answers two key questions: "How much value will an enterprise get from a particular technology?" and "When will the technology be mature enough to deliver that value at manageable risk?" Investments that potentially have a high impact and have reached a reasonable level of maturity are located at the top-left sections of the Priority Matrix. Those that have lower or questionable benefit and a longer time to value are situated on the lower-right sections of the matrix. Broadly speaking, if it's red, it's hot — if it's gray, it's not. Despite vendor claims, there are very few truly transformational technologies found in the healthcare provider — particularly in light of Gartner's definition as something that enables new ways of doing business within and across industries that will result in major shifts in industry dynamics. The RTHS is the only transformational profile on this year's Hype Cycle. Along with potentially substantial benefits, it presents a significant amount of investment, enterprise commitment and risk, and will not see mainstream adoption for another 10 years. Nevertheless, the RTHS management, operational and information technology paradigm represents the future of the HDO. It follows that high-value, nearer-term profiles such as Location- and Condition-Sensing Technologies, Medical Device Connectivity and Positive Patient Identification would have to be in place before the promise of this next-generation HDO cum digital business can be fully realized. It also could be argued that further-out profiles such as the Health Information Exchange (HIE), Semantic Interoperability/ Healthcare and the Logical Data Warehouse will form the basic infrastructure for the information sharing and insight necessary for this next era of healthcare. FHIR may well end up being transformational, to the extent that it eases the complexity of information sharing, but at this point it is an easier and more efficient way to implement HL7 interfaces. Page 6 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Figure 2. Priority Matrix for Healthcare Provider Technologies and Standards, 2015 benefit years to mainstream adoption less than 2 years 2 to 5 years 5 to 10 years more than 10 years transformational Real-Time Healthcare System high Location- and Condition- HIE Sensing Technologies Logical Data Warehouse Medical Device Semantic Interoperability/ Connectivity Healthcare Positive Patient Identification moderate Patient Portals C-CDA Blue Button+ Clinical Communications Business Continuity and Collaboration Management Planning Desktop Virtualization Consent Management Direct Messaging Continua Enterprise Content Enterprise Fraud and Management Misuse Management Enterprise Mobility GS1 Healthcare (GDSN) Services Healthcare Master Data E-Prescribing of Management Controlled Substances IT GRCM FHIR Legacy Decommissioning ICD-10 (U.S.) Unified Communications IHE XDS.b Information Life Cycle Management Natural-Language Processing (Clinical Enterprise) Secure Text Messaging User Administration/ Provisioning Vendor-Neutral Archive low Enterprise File End-User Experience Synchronization and Monitoring Sharing HL7 Infobutton Patient Self-Service Voice User Interface Kiosks Strong Authentication for Enterprise Access As of July 2015 Source: Gartner (July 2015) Off the Hype Cycle We have removed SNOMED CT because, during its tenure on this Hype Cycle, there has not been sufficient adoption to clearly demonstrate its real-world benefits and move it toward the 20% adoption by its target audience necessary to ascend the Plateau of Productivity. Nanomedicine was Gartner, Inc. | G00276438 Page 7 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com moved to the Hype Cycle for Healthcare Provider Applications, Systems and Analytics as it fits nicely among the various medical innovation profiles on this report. On the Rise FHIR Analysis By: Zafar Chaudry, M.D.; Barry Runyon Definition: Fast healthcare interoperability resources (FHIR) is a Health Level Seven (HL7) standard that was developed for the interoperability of clinical data. It is pronounced "fire." By design, it is simpler and more concise than HL7 Version 3 standards; shows clinical concepts more directly in its syntax; supports accessing clinical data at a more granular level; and uses the HTTP-based RESTful protocol, where each resource has a predictable URL. Position and Adoption Speed Justification: FHIR was designed to simplify and accelerate the development of HL7 interfaces and healthcare interoperability in general. FHIR combines Web and HL7 standards, but does not require expert HL7 knowledge to implement. In January 2014, FHIR was officially designated as a draft standard for trial use. FHIR benefits include ease of implementation; strong Web standards (e.g., XML, HTTP); examples for speedy implementations; and the ability to evolve from HL7 version 2 and clinical document architecture. Several high-profile projects — including the new CommonWell Health Alliance — are actively testing FHIR and have also experimented with FHIR as a way to exchange health data across business and clinical boundaries. One early FHIR adopter is a joint project between Harvard Medical School and the Office of the National Coordinator — substitutable medical applications, reusable technologies (SMART). SMART on FHIR provides a complete open-standards-based technology stack. The major deliverable of this project is the fusion of the SMART platform architecture with the FHIR standards-based data layer, which includes data models, a RESTful API, standards-based authorization and user interface integration. In 2015, healthcare IT vendors (such as Orion Health and InterSystems) have announced native support for FHIR. Meaningful Use Stage 3 (U.S.) has also considered FHIR-based standards. In addition, there is the recent formation of the Argonaut Project, a group formed to speed up FHIR adoption (with participants such as Epic, Cerner, Meditech, Mayo Clinic, Intermountain Healthcare and Partners HealthCare System). FHIR has been repositioned on this Hype Cycle to reflect its rapid evolution in terms of benefits as well as increased market penetration and maturity. User Advice: HDO CIOs and IT leaders: ■ Consider using FHIR for new projects where it is important to engage programmers from organizations that are not deeply versed in the HL7 Reference Information Model (RIM). ■ Consider current FHIR work as a better way to create project specifications than starting with a blank document. ■ Work with vendors to understand how they will support FHIR. Page 8 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com ■ Consider SMART on FHIR to simplify the development of mobile apps that require more- granular access to clinical data. Business Impact: FHIR provides a solid basis to support quick interoperability solutions. Its adoption at the healthcare delivery organizational level will depend on economic, cultural and legal changes that are more formidable than technology. Benefit Rating: Moderate Market Penetration: 1% to 5% of target audience Maturity: Emerging Sample Vendors: athenahealth; Allscripts; Cerner; Greenway Health; Harris Healthcare; HP; iNTERFACEWARE; McKesson; Mitre Recommended Reading: "Best Practices for RESTful APIs" "Healthcare Delivery Organizations Should Avoid These Pitfalls When Using Sidecar Integration" Blue Button+ Analysis By: Barry Runyon Definition: Blue Button+ (bluebuttonplus.org) is an implementation guide created by the U.S. Office of the National Coordinator for Health Information Technology that provides standards for the consumer-initiated exchange of structured data among electronic health records (EHRs), claims systems and personal health records (PHRs). Position and Adoption Speed Justification: Blue Button+ is often referred to as the automate blue button initiative. It is an extension of basic Blue Button, which is nothing more than a standard icon that a consumer can click to download his or her personal health information from smart device apps or portals that support EHRs, payers' member records and PHRs. Blue Button is a service mark registered by the U.S. Department of Veterans Affairs (VA). Systems that use the Blue Button icon should respond to a click by downloading an ASCII file containing human-readable text that provides a summary of information in context. For example, it might download a patient summary, a visit summary, some patient information from a PHR or a summary of claims for a member, perhaps with an explanation of benefits. The manner in which the consumer accesses and uses the file is outside the scope of the specifications for basic Blue Button. Several U.S. federal agencies — including the Department of Defense, Centers for Medicare & Medicaid Services (CMS), and the VA — have implemented basic Blue Button. Numerous health plans have pledged support for Blue Button in response to a request for support from the U.S. Office of Personnel Management, which administrates the Federal Employees Health Benefits Program. Numerous vendors of EHRs and PHRs have begun using, or at least expressed support for, basic Blue Button. The VA reports hundreds of thousands of Blue Button downloads, indicating Gartner, Inc. | G00276438 Page 9 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com veterans' interest in using hand-carried printouts to provide some basic coordination of care where interoperability among EHRs is lacking. The underlying spirit of the Blue Button initiative was to put something in the hands of consumers long before progress could be achieved on true interoperability among healthcare delivery organizations (HDOs). As with any mandate for something new, users will initially target nominal use for compliance. More complete acceptance of Blue Button+ will depend on consumer reaction. Some drivers that would lead the U.S. healthcare industry to expand the use of Blue Button+ beyond nominal compliance include: ■ Healthcare consumers' increasing awareness of the need to coordinate their own care, combined with systemic failure among healthcare organizations to provide care coordination ■ Reduced physician resistance to accepting data that has been touched by patients, presumably through good experience during the time of nominal compliance ■ A failure to substantially increase inter-EHR interoperability in pulling patient information, due to HDOs' reluctance to share data or privacy policies ■ A digital signature in the standards that assures clinicians that data from other HDOs was not altered as it passed through patients Because Blue Button+ is still relatively new, we have placed it on a path to the Peak of Inflated Expectations. We expect significant progress from now through 2017, which is the rollout period for Stage 2 requirements for Meaningful Use. User Advice: CIOs, chief medical information officers and EHR application managers in U.S. HDOs should press EHR vendors for Blue Button+ functions that are sufficient to meet Stage 2 view, download and transmit requirements. After achieving nominal compliance, people in those roles in some HDOs should work with clinicians to find support for using patient-carried data when working with patients who regularly cross HDO boundaries. The HDOs with the most to benefit from leading- edge adoption of Blue Button+ are those that: (1) are in markets where inter-HDO interoperability is not working well; (2) have lines of business where patients are likely to cross HDO boundaries; (3) have heavy concentrations of federal employees. Business Impact: Minimal adoption of Blue Button+ has a high business impact for HDOs that need to meet the requirements for Stage 2 of Meaningful Use. Farther into the future, Blue Button+ could be instrumental in improving the safety and efficiency of interorganizational transitions of care, although this benefit will not be clear for several years. Benefit Rating: Moderate Market Penetration: Less than 1% of target audience Maturity: Emerging Sample Vendors: GenieMD; Get Real Health; Humetrix; Medfusion Recommended Reading: Page 10 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com "Top 10 Strategic Technology Trends for Smart Government, 2013" Real-Time Healthcare System Analysis By: Barry Runyon Definition: The real-time healthcare system (RTHS) is a next-generation design, operational, management and IT archetype that will continue to transform the HDO into a patient-centric digital business. The RTHS is responsive to the healthcare needs of the patient and the care delivery needs of the clinician, and will make care delivery more efficient, of higher quality and less costly. Position and Adoption Speed Justification: As the financial and quality pressures on HDOs increase, HDO CIOs find they cannot meet their performance objectives without a significant investment in IT. They are recognizing the need to transform their organizations into a more real-time digital business that demonstrates acute situational awareness, de facto interoperability and operational excellence. To date, the emphasis has been on capturing and reporting on information. This emphasis will shift toward information sharing and actionable insight to control and contain costs and improve service levels, care quality and the overall patient experience. HDOs have yet to adequately account for people, things and processes within the enterprise; understand them in sufficient depth; and bring forth the necessary insight to continuously improve their business and clinical processes. Driving RTHS adoption are the industry realities that force transformation: U.S. healthcare reform, a technology-enabled mobile workforce, the inexorable progression of medical knowledge, changing demand models, and a compelling need to improve care quality and the patient experience — while making healthcare affordable. To succeed in this environment, the enterprise needs to adopt the RTHS and supporting technologies that sense and capture the patient's clinical context in real time to drive better care. The RTHS represents the convergence of a number of platform technologies that include the Internet of Things, the Nexus of Forces (social, mobile, cloud and information), healthcare megasuite vendor products (EHR, revenue cycle, business intelligence, analytics and others), and other underlying infrastructural technologies. For example, enterprise awareness and operational efficiency are enabled by the collection and analysis of event and state data from location- and condition-sensing technology (LCST) platforms and other systems, such as wireless healthcare asset management, patient throughput and capacity management, nurse call, and clinical communication and collaboration. Improved care team coordination and enterprise resource use will result. Visibility into real-time location and/or condition intelligence, combined with the patient's clinical context, will become increasingly vital to running an efficient and effective HDO. The positioning of this profile represents the convergence of the various applications, systems, technologies and standards that define RTHS characteristics and enable RTHS capabilities, and does not represent the individual positions of each of the technologies, as these may be more advanced individually than the RTHS as a whole. Feedback from a recent HIMSS CHIME focus group indicated that the RTHS may be further into the future than we anticipated, due to enterprise Gartner, Inc. | G00276438 Page 11 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com readiness and significant cultural resistance. With that in mind, we have repositioned the RTHS to before the Peak of Inflated Expectations. User Advice: Supporting the evolution to the RTHS requires sound requirements and viable use cases, process re-engineering, new and enhanced IT systems and technologies, and a scalable and responsive supporting infrastructure. Moving off the status quo requires implementing new programs surrounding IT consolidation, standardization, automation, instrumentation, integration, performance monitoring and system decommissioning, as well as extending the reach of IT into new venues of care. Business Impact: The RTHS, with its integrated use of technology, directly takes on long-standing limitations in HDO operations and management capabilities that have suboptimized resource use and obfuscated the view of enterprise activity. In the past, deploying technology alone has been insufficient for enterprise-level operational insight, because it was more often deployed at the departmental level and disconnected from other departmental systems. The RTHS provides the connective tissue that enables new management and operational processes to surface as more coordinated, collaborative, measurable and patient-centered care — this care becomes more of a team effort, with the patient as an active participant. Benefit Rating: Transformational Market Penetration: 1% to 5% of target audience Maturity: Emerging Sample Vendors: Accenture; Cerner; Cisco; IBM Recommended Reading: "Business Drivers of Technology Decisions for Healthcare Providers, 2015" "2014 Strategic Road Map for the Real-Time Healthcare System" "Situational Awareness Is at the Heart of the Real-Time Healthcare System" "2015 Top Action for Healthcare Provider CIOs: Run IT More as a Business" Voice User Interface Analysis By: Barry Runyon Definition: Speech recognition is often used as an add-on to electronic health records (EHRs) to reduce the manual entry of natural-language text. This profile focuses on voice recognition on keyboardless devices, such as tablets and smartphones, used as EHR user interfaces. It is a high- interest area with architectural and business challenges. Position and Adoption Speed Justification: Due to the popularity of Nuance's Dragon NaturallySpeaking on Windows client devices, clinicians are comfortable with and frequently demand voice recognition as a condition of accepting EHRs. At the same time, clinicians, as well as Page 12 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com many other users of Android and iOS devices, are getting excellent results using cloud-based voice recognition services from Google and Apple to streamline their use of email, texting, social networking and other apps. Nothing could be more natural for them than expecting to use voice recognition in clinical apps on keyboardless devices. Meeting these expectations is not as easy as it might appear, however. Voice recognition technology on keyboardless devices is more often provided from the cloud to minimize the battery life and weight of these devices. Voice recognition services targeted at consumers are effective because they work against massive databases of utterances in common usage, but they do not perform well when presented with audio that includes the hundreds of thousands of utterances that are specific to medicine. Clinical users want the convenience of the keyboardless device, but expect the service they receive using the client-based Dragon NaturallySpeaking. There are additional complications regarding voice recognition on keyboardless devices. It is not sufficient to simply use the voice to enter blocks of text. To maintain user satisfaction, it will be necessary to enable voice for navigating the user interface (UI), entering numeric data and selecting from long lists, such as compendia of diagnoses, orderable tests, medications and allergies. For all these reasons, vendors of EHRs and other clinical systems are turning to healthcare-specific voice recognition vendors with APIs that support UI navigation and long-list selection through cloud services. These APIs compensate for noticeable latency time when using a cloud server. People will accept latency when they are speaking the contents of a paragraph or more before seeing the text. However, vendors do not expect users to tolerate the same latency when working through a documentation template one field at a time. Two voice-recognition vendors, M*Modal and Nuance, have been working with the major EHR vendors to develop the architecture and APIs that will satisfy clinical users' performance expectations. EHR vendors have taken the unusual step of customizing their applications to work with the proprietary APIs of these two vendors. Although several vendors have made substantial progress and have some very early keyboardless users applying this new approach to voice recognition, it is still very early in the Hype Cycle, and this work is still largely in the pilot stage rather than production. User Advice: CIOs and chief medical information officers (CMIOs) must manage user expectations carefully, even as clinicians come back from conferences excited about going keyboardless with their favorite smartphone or tablet. Consistently ask these users about actual use in a setting comparable to the healthcare delivery organization (HDO). Consider offering NaturallySpeaking on Windows to tablet clients as a temporary stopgap, at least for a few important users. Recognition accuracy is still an issue with some users and in some settings, so pilot before making a major commitment to voice user interface. Work with users with the consistent viewpoint that keyboardless devices are valuable in specific settings, but understand that it is not true that the world is going wholly keyboardless. The number of situations where keyboardless devices are accepted will expand as vendors and users get more experience with voice recognition. Business Impact: Ultimately, users will find more convenient workflows as they learn the strengths and limits of voice recognition on keyboardless devices. Some of the more novel workflows may be surprising. Many will provide moderate improvements and marginal efficiencies. However, this technology does not offer opportunities to fundamentally rethink caregiver processes. Gartner, Inc. | G00276438 Page 13 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Benefit Rating: Low Market Penetration: Less than 1% of target audience Maturity: Emerging Sample Vendors: 3M; Dolbey; M*Modal; Nuance Recommended Reading: "Hype Cycle for Human-Computer Interaction, 2014" At the Peak Natural-Language Processing (Clinical Enterprise) Analysis By: Thomas J. Handler, M.D.; Laura Craft Definition: Natural-language processing (NLP) technology is used to extract, categorize and summarize data from speech-to-text documents and unstructured clinical documentation. NLP can be used to identify clinical conditions, patient safety issues, quality measures, meaningful use reporting data, procedures for reimbursement and patient populations, such as immigrants, or for point-of-care information delivery for clinical decision support. Position and Adoption Speed Justification: NLP adoption in a healthcare delivery organization (HDO) has been driven by use cases that improve productivity and optimize decision making for healthcare practitioners. The most typical application of NLP has been in support of computer- assisted coding (CAC) and computer-assisted clinical documentation improvement (CACDI). The use of NLP is moving into the big data space to support point-of-care information delivery for care coordination and clinical decision support, including emerging text mining for large collections of medical documents; care gap analysis, and genomic interpretation to drive predictive diagnostic, prognostic and treatment models. Other use cases allow rapid identification of case histories relating to disease comorbidity and best-practice treatments from PubMed during hospital rounds via physicians using a mobile device. These NLP applications are now just coming to market and are expected to rapidly expand during the next two to five years. The placement of NLP on the Hype Cycle has been repositioned to prepeak to reflect the focus of NLP for the clinical enterprise and specifically for clinical decision support. These areas are significant, but they're at a very early stage. User Advice: CIOs and chief medical informatics officers (CMIOs) should plan for NLP solutions to become part of the healthcare enterprise infrastructure in the future and develop a pilot. Clinical documentation and decision support processes will rapidly evolve during the next few years as new applications are developed to optimize clinician time spent on tasks and to facilitate better patient care. NLP point solutions using software as a service will also exist for particular use cases. Page 14 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com ■ CIOs and CMIOs should evaluate the performance of existing use cases to ensure productivity gains are being realized and to monitor evolving NLP use cases for clinical decision support as well as population health to assess opportunities to add value to current systems. It would also be advisable to pay close attention to electronic health record (EHR) vendor support for clinical documentation improvement and automated data abstraction and quality reporting. ■ CIOs and CMIOs should leverage third-party applications to address specific use cases until EHR product offerings become more robust. Physician leadership needs to be actively engaged in identifying these solutions and workflows. Business Impact: NLP can help reduce the coding burden and decrease the cost of working with clinical documentation through automation. Having more unstructured data converted into salient facts improves care through better coordination and communication between caregivers and care settings, and provides clinicians with more immediate information to improve clinical decisions. Applications that use NLP can be used by clinicians for evidence-based treatment and include developing personalized patient protocols. Benefit Rating: Moderate Market Penetration: 1% to 5% of target audience Maturity: Emerging Sample Vendors: 3M Health Information Systems; Atigeo; Dolbey; IBM Watson Health; Linguamatics; Nuance; Qpid Health Recommended Reading: "Market Guide for Computer-Assisted Clinical Documentation Improvement and Coding" "Artificial Intelligence Finally Delivers Real Value for Business Applications" "Top 10 Strategic Technologies — The Rise of Smart Machines" E-Prescribing of Controlled Substances Analysis By: Barry Runyon; Thomas J. Handler, M.D. Definition: The federal Drug Enforcement Administration (DEA) Interim Final Rule (IFR) for Electronic Prescribing of Controlled Drugs of 2010 allows for the electronic prescribing of controlled substances (EPCS) by healthcare providers. It ensures that a provider is legally authorized to prescribe controlled substances through a formal credentialing process and the implementation of strong authentication measures such as biometrics. Position and Adoption Speed Justification: EPCS delivers many of the same patient safety benefits that traditional e-prescribing offers. It helps reduce the errors inherent in the paper-based prescribing, such as illegible handwriting, which can result in misinterpreted drug names and dosages. E-prescribing aides in the selection of drugs from appropriate formularies, provides Gartner, Inc. | G00276438 Page 15 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com information related to the availability of lower cost and therapeutically appropriate alternatives, provides clinicians with decision support and medication reconciliation to reduce adverse drug events, and transmits secure, error-free and understandable prescriptions and renewals electronically from the healthcare provider to hospital and retail pharmacies. EPCS takes e-prescribing a step further. To satisfy DEA IFR requirements, an EPCS solution must include an identity proofing process, which is essentially a form of credentialing, required for physicians who e-prescribe controlled substances; the ability to assign access levels to prescribers; certain strong authentication measures to be in place; controls to prevent signed prescriptions from being modified; an auditable chain of trust; and discrepancy reporting. Another EPCS benefit is the ability to link to a state-sponsored prescription monitoring database, to determine if the patient has received a prescription for a controlled substance from other doctors and when those prescriptions were written. To date, most states allow EPCS, although some states still do not allow for e-prescribing of Schedule II drugs, or those that have a high potential for abuse. Each state has the authority to modify prescription practices within its jurisdiction over and above the DEA regulations. E- prescribing networks (e.g., Surescripts) operate in all 50 states and have created a highly secure network infrastructure. This year, EPCS is approaching the Peak of Inflated Expectations with a small number of adopters in production. As e-prescribing in general and CPOE become the norm, combined with the influence of consumerism and the demand for more convenient care, the electronic prescribing Schedule II-V drugs and adoption will increase rapidly over the next three to five years. User Advice: The benefits of e-prescribing outweigh the cost, change management and workflow challenges that it presents. Select an EPCS application or platform that includes: ■ Identity proofing ■ Access control ■ Supervised enrollment ■ Approved two-factor authentication options ■ Auditing and reporting ■ Integrated e-prescribing system or EHR CPOE workflow Business Impact: E-prescribing improves patient safety and care quality by eliminating paper- based errors associated with illegibility. It improves clinician productivity by reducing the amount of time spent by clinicians on calls to pharmacies. It eliminates the faxing associated with refill requests and automates the prescription renewal process. It enhances patient satisfaction and convenience, and increases medication compliance and formulary adherence. EPCS helps healthcare delivery organizations (HDOs) meet Stage 2 Meaningful Use requirements. It mitigates fraud and misuse. Early adopters report cost, change management, interoperability and workflow challenges that increased time-to-value. Page 16 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Benefit Rating: Moderate Market Penetration: Less than 1% of target audience Maturity: Emerging Sample Vendors: DrFirst; Imprivata; MDToolbox; Practice Fusion; RxNT Recommended Reading: "2014 Strategic Road Map for the Real-Time Healthcare System" "Situational Awareness Is at the Heart of the Real-Time Healthcare System" "10 Key Action Items for HDO CIOs to Harness the Nexus of Forces" Logical Data Warehouse Analysis By: Laura Craft Definition: The logical data warehouse (LDW) is a data warehouse design approach that utilizes data virtualization and distributed processing alongside a multistore solution. Analytics systems can access different processing models and data stores as a single data warehouse infrastructure without the usual compromises forced in single-platform solutions. The LDW is particularly well- suited to the needs of HDOs because of its ability to manage the highly varied types and volumes of data confronting healthcare today. Position and Adoption Speed Justification: Organizations are seeking a method to adapt existing data warehouses, data marts and operational data stores to the new infrastructure styles that combine analytics data stores with various distributed process engines, as well as the hybrid between on-premises and cloud applications. The LDW presents a method to extend traditional data warehouses beyond the relational database and the constraints of row- or column-based SQL- based processing. Organizations are using external files or tables from the current DBMS that houses the data warehouse, introducing data virtualization; SQL compatibility with search; Hadoop; mixed content analysis; NoSQL; and audio, video and image analysis. Gartner sees clear indication that the practices and the technology are gaining rapid traction in healthcare provider organizations. The expansion of analytics tools and capabilities offered within the Epic and Cerner architectures illustrates that these electronic health record (EHR) market leaders know that HDOs must be able to get data and apply various tools. The LDW is positioned at 15% before the Peak of Inflated Expectations and is expected to fairly quickly move to the peak and through the Trough of Disillusionment to stabilize as the best-practice analytics framework for digital healthcare within the next five to 10 years. User Advice: Create an enterprise information and analytics reference architecture, leveraging the design concepts of the LDW. Establish enterprise standards, and then introduce vendors into the Gartner, Inc. | G00276438 Page 17 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com mix. Do not rely on any one vendor to offer the full scope of capabilities needed — even though some vendors may come very close. ■ Hire the right set of skills. The emerging analytics ecosystem will require new sets of skills, such as data scientists, and new roles will emerge, such as the master data management program manager. While there will likely be some reliance on the vendor partners, be deliberate in balancing the skills that the vendor offers with skills that will create in-house expertise and agility. ■ Evaluate pilot projects and test cases for combining big data solutions with traditional data stores that support analytics. Then, determine the most appropriate method for providing combined data based on existing skills, platform preference, use-case demand and budgetary constraints. ■ Using data stability and pervasive analytics models as a guide, develop a series of standards that determine whether analytics data will be stored in repositories and made available via a semantic or virtual tier, or should remain in a processing language environment to leverage distributed processing on clusters. Business Impact: Healthcare data needs an entirely new level of configuration and management to effectively leverage the vast amounts of digital data being collected. The LDW is an evolution and augmentation of data architecture practices — not a replacement that reflects the fact that a traditional, centralized, repository-style data warehouse cannot support all analytical, query and reporting needs. It implies that a much broader and more inclusive data management solution for analytics is needed. The LDW provides a more reliable ability to respond to new analytical or reporting demands with short time-to-delivery requirements, leveraging a large number of datasets made available via query tools and applications. In this way, it accelerates data warehouse modifications and provides a rapid deployment capability for new sources with gradually maturing use cases (referred to as "late binding"). Late-binding support also makes the LDW an option to leverage data lake discoveries, and the LDW can even use the data lake as a source of one of the underlying data stores. Benefit Rating: High Market Penetration: 1% to 5% of target audience Maturity: Adolescent Sample Vendors: Cloudera; Health Catalyst; IBM; Oracle; Teradata Recommended Reading: "Avoid a Big Data Warehouse Mistake by Evolving to the Logical Data Warehouse Now" "Critical Capabilities for Data Warehouse and Data Management Solutions for Analytics" Page 18 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com C-CDA Analysis By: Barry Runyon Definition: The HL7 Implementation Guide for CDA Release 2: IHE Health Story Consolidation, Release 1.1 — U.S. Realm (C-CDA) is a single volume that contains implementation guides for nine types of XML healthcare notes: Continuity of Care Document (CCD)/HITSP C32, Consultation Note, Diagnostic Imaging Reports, Discharge Summary, History and Physical (H&P) Note, Operative Note, Procedure Note, Progress Note and Unstructured Documents. The standard is defined for use in the U.S. It supplants previous stand-alone implementation guides for the document types. Position and Adoption Speed Justification: For each document type in the C-CDA guide, the entire content can be displayed as text, and selected content can be represented in a structured and coded form. The C-CDA is required for transmitting information to support transitions of care under Stage 2 of the Meaningful Use incentives for use of an electronic health record (EHR) in the U.S. In this regard, they replace the previous requirement to use the American Society for Testing and Materials (ASTM) International continuity of care record (CCR) of a prior version of the HL7 CCD/HITSP C32. We have positioned this standard early in the Hype Cycle because it is nominally a "version 1 standard," and there is little real-world experience using it. Normally, Gartner would not expect a version 1 healthcare IT standard to achieve at least 20% penetration of a market in five or fewer years. However, this set of implementation guides includes a redo of the CCD that is based on experience with implementing it in many projects since it was published in 2010. A second version of a standard has better prospects of widespread implementation than a brand-new standard. Many of the vendors that will bear the brunt of implementing these guides participated in the corrections of the prior specifications that constitute the bulk of the changes in this release. They are very motivated to implement them because their leading-edge customers will be required to use them to meet the certification requirements for Meaningful Use Stage 2. User Advice: If the CCR or HITSP C32 is currently in place and satisfactory, healthcare delivery organization (HDO) CIOs should continue to use it until driven to change the interface by a business need for more semantic interoperability or by the requirements to support transitions of care in Meaningful Use Stage 2. For new projects, go directly to the C-CDA as soon as your vendors offer it as an interface standard. Business Impact: In addition to the artificial business incentive imposed by the Meaningful Use requirements, HDOs that participate in accountable care arrangements will need to implement the exchange of some structured data for transitions of care when referring patients to skilled nursing facilities and home care. This adds actual business incentives that have been rare when implementing interenterprise interoperability. Care coordination in various forms is a strategic mandate for virtually all HDOs. With increasing interest in accountable care organizations and the patient-centered medical home, the use of standards to enable information sharing across organizations is a significant enabling technology. Benefit Rating: Moderate Market Penetration: 1% to 5% of target audience Gartner, Inc. | G00276438 Page 19 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Maturity: Emerging Sample Vendors: Allscripts; Cerner; Epic; Health Level Seven International; Meditech; Siemens Healthcare Recommended Reading: "Interoperability Must Be the Foundation of a Healthcare Megasuite Vendor" "Robust Testing Is Required for Reliable Healthcare Interoperability" Clinical Communications and Collaboration Analysis By: Barry Runyon Definition: Clinical communication and collaboration (CCC) systems are mobile services directed at clinicians (primarily nurses) to improve care team communications. CCC platforms provide capabilities such as secure messaging, email, voice and paging emulation and integration with nurse call, patient monitors (alarms, alerts and notifications), patient throughput and capacity management systems, location and condition sensing technology platforms, charge capture, supply management, and the EHR. Position and Adoption Speed Justification: CCC systems are used to coordinate activities with clinicians and staff, share patient information (e.g., text, documents, test results, images and video) to reduce response times, improve care transitions and patient throughput, and reduce discharge times. CCC systems can contribute to improved patient safety and outcomes, satisfaction and retention. A more expansive view of CCC involves its fit into the real-time healthcare system (RTHS) — providing ready access to the patient clinical context, peers and medical knowledge. CCC platforms will increasingly assist in care coordination activities and help the provider better engage the patient. Interest in CCC systems has not yet peaked, but will within the next year as secure messaging vendors begin to enter this space and more information migrates to mobile devices and the point of care. CCC systems having been around for some time within leading healthcare delivery organizations (HDOs), but they have gained more attention recently due to the year-over-year increased use of mobile devices and a renewed focus on patient experience and improving the discharge process. User Advice: CCC will become a critical point-of-care system as the HDO evolves to the RTHS. HDO CIOs, Chief medical information officers (CMIOs) and CTOs should expect CCC platforms to offer the following baseline capabilities: ■ Smartphone and tablet support (IOS, Android, Windows) ■ Web browser and workstation support ■ Voice communications ■ Directory services ■ Hands-free capabilities Page 20 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com ■ Voice recognition ■ Secure messaging/texting ■ Group messaging ■ Preferences and contact lists ■ Support for patient monitor alarms (and filtering), notifications and alerts ■ Chat/instant messaging ■ Email client ■ Pager emulation ■ PBX integration ■ Collaboration/file sharing ■ Activity reporting/analytics ■ Integration with the business and clinical systems Secure text messaging vendors are showing interest in evolving their systems to include CCC capabilities. When purchasing a secure text messaging platform, understand the product roadmap and associated time frames. Like most IT projects, risks surround vendor selection, implementation, integration, system support and service-level expectations. Additional risks accompany those CCC solutions that are exclusively cloud-based (see "Critical Security Questions to Ask a Cloud Service Provider"). Business Impact: CCC systems can positively influence patient safety and the patient experience, care team productivity and satisfaction, the HDO's ability to manage patient throughput and capacity, workflow optimization, and incident response and disaster preparedness. CCC systems can assist the HDO in responding to meaningful-use mandates and improving quality measures. Benefit Rating: Moderate Market Penetration: 5% to 20% of target audience Maturity: Adolescent Sample Vendors: Extension Healthcare; Mobile Heartbeat; Spok; Voalté; Vocera Communications Recommended Reading: "Technology Overview for Secure Texting for Healthcare" "A Superior Patient Experience Is a Meaningful Measure of Care Quality" "2014 Strategic Road Map for the Real-Time Healthcare System" Gartner, Inc. | G00276438 Page 21 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Consent Management Analysis By: Barry Runyon Definition: Consent management is a system, process or set of policies for consumers and patients to determine what health information they permit their care providers to access. It enables them to affirm participation in patient portals and health information exchanges, and to establish privacy preferences regarding access to their protected health information (PHI) regarding purpose and circumstances of use. Position and Adoption Speed Justification: In 2010, the U.S. Office of the National Coordinator for Health Information Technology (ONC) convened a Privacy and Security Tiger Team, and consent management was on the agenda. Like Gartner, the ONC Tiger Team recognized that fine-grained consent was still in its infancy: largely demonstration projects with few production examples available for consideration. The ONC was motivated by its concern that, without more granular consent approaches, large segments of patient healthcare information would not be included in health information exchanges (HIEs) and the usability of patient data and adoption of HIEs would be greatly diminished. Despite these concerns, the ONC proposed that patients should be able to decline to participate in HIEs altogether. This approach would address the concerns of patients who prefer not to have their information shared while ensuring for those patients who do participate that healthcare providers will have access to the information necessary to provide quality care. Examples of consent management are in production at a handful of healthcare delivery organizations (HDOs) in the U.S. (for example, Texas Department of State Health Services, Kaiser Permanente, U.S. Department of Veterans Affairs and Brooklyn Health Information Exchange). These implementations are typically based on simple role definitions, and they request and push patient data based on rules associated with the definitions. Other consent management initiatives include a consent management service that supports approximately 5 million people in the greater Toronto area of Canada, appropriately called Connecting the Greater Toronto Area. Work is also underway through the U.S. Healthcare Information Technology Standards Panel and other standards bodies (Integrating the Healthcare Enterprise, Health Level Seven [HL7], Organization for the Advancement of Structured Information Standards and Workgroup for Electronic Data Interchange) to implement privacy consent and access control standards for the secure electronic exchange of PHI. Consent management tools are still emerging, with few mature offerings available. Consent management projects will be driven by a strong collaboration between those concerned with policy and those concerned with the technological implications. The privacy needs of HIEs, accountable care and patient-centered healthcare movements will continue to drive industry interest in consent management going forward. The sheer complexity of providing granular consent capabilities to consumers and patients across independent systems and the lack of agreed-upon industry consent standards will conspire to ensure little forward movement on this Hype Cycle over the next several years. User Advice: CIOs, chief medical information officers (CMIOs) and those involved in privacy, security and compliance within HDOs and HIEs should be thinking about what policies and technical controls are required to manage consent and limit the disclosure of PHI. They need to be Page 22 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com asking what kind of consent management systems will be needed in the future to record and enforce the preferences of their consumers and patients. HDO CIOs will also need to make their legacy systems more privacy-aware. Any participation in an HIE should be based on clear understanding of the policies for consent management and whether those policies will be enforced centrally by the HIE, or whether the enforcement is a requirement of the end subscriber. Business Impact: Limited efforts have been made to date to prevent clinical system users from accessing PHI that is beyond their required need to know. Role-based access controls typically permit users to access PHI available to their roles, even when such access is unnecessary or inappropriate. Application log management tools detect access after it has occurred. Patients and consumers concerned about the confidentiality of their PHI are less likely to participate in an HIE. HDOs and HIEs should capture consumer preferences using consent management tools suitable for automation and apply those preferences systemwide. Most HIEs have implemented general opt-in or opt-out models without highly granular controls. Benefit Rating: Moderate Market Penetration: Less than 1% of target audience Maturity: Emerging Sample Vendors: Deloitte; Global Patient Identifiers; HealthUnity; HIPAAT; InterSystems; Jericho Systems; McKesson; Optum; PresiNET Healthcare; Private Access; Wellogic Recommended Reading: "Business Drivers of Technology Decisions for Healthcare Providers, 2015" "2014 Strategic Road Map for the Real-Time Healthcare System" Enterprise File Synchronization and Sharing Analysis By: Barry Runyon Definition: Enterprise file synchronization and sharing (EFSS) products enable smartphone, tablet and desktop users to share documents, images, videos and files. These products are more often cloud or hybrid services that offer collaboration capabilities. They are supported through native applications, file managers and Web browsers on various client devices. Position and Adoption Speed Justification: The success of tablet and smartphone devices within healthcare delivery organizations (HDOs) is driving the adoption of EFSS products and services to store and share files across multiple device types. Personal cloud file-sharing services, such as Dropbox and Box (often free for nonpremium services), are beginning to show up within HDOs. Bring your own device (BYOD) initiatives are also driving interest in personal cloud file services, enabling a new style of mobile collaboration. HDO IT organizations are beginning to recognize the value proposition of EFSS to enable mobile collaboration while minimizing compliance risks. Management and security capabilities (similar to what enterprise mobility services management Gartner, Inc. | G00276438 Page 23 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com platforms offer), such as password protection, remote wipe, data encryption, containerization, access tracking and reporting, are becoming more common with EFSS platforms. Back-end server integration with SharePoint, Active Directory, Lightweight Directory Access Protocol (LDAP) and other corporate platforms is also common. To date, three different EFSS service delivery models have emerged: ■ Pure cloud (for example, Box and Hightail). This is preferred by organizations that want a secure alternative to the personal cloud while preserving the user experience and enhancing mobile collaboration. ■ On-premises (for example, Accellion and Acronis [GroupLogic]). This is preferred by organizations concerned about where data is stored. ■ Hybrid (for example, Oxygen Cloud). This is preferred by organizations aiming to simplify mobile access to corporate data through a private cloud. Challenges to adoption include security risks associated with public cloud service providers. Despite the general lack of agreement on cloud security standards, healthcare providers will increasingly adopt cloud services that involve protected health information (PHI) to keep pace with the IT requirements necessary to remain competitive in an industry that is under unprecedented pressure to transform itself. Over the past year, there has been increased interest in EFSS from HDOs, but not at the level that would suggest it has yet reached its peak of hype — something we expect will occur within the next year or so. HDOs have steadily increased their use of mobility, cloud services, secure messaging, and clinical communications and collaboration tools to extend the reach of their conventional IT infrastructures to handle new business demands. User Advice: HDOs that have introduced BYOD programs should be aware of the growing interest in cloud file-sharing services. Be mindful of the potential compliance and security risks related to public cloud use, and capacity limitations associated with the various EFSS licensing models. Use the same criteria for establishing a trusted relationship that you would for any remotely hosted arrangement. Don't do business with any cloud service provider that will not sign a HIPAA business associate agreement or adhere to a regional regulatory counterpart, such as the European Data Protection Directive 95/46/EC. Use Gartner's cloud security checklist (see "Critical Security Questions to Ask a Cloud Service Provider") as a starting point until cloud security standards mature. Business Impact: EFSS will enable greater productivity for mobile workers who must contend with multiple computing devices. HDOs investing in EFSS will enable a more collaborative, real-time workplace while reducing the inherent security or compliance threats posed by personal cloud file- sharing services. Benefit Rating: Low Market Penetration: 1% to 5% of target audience Maturity: Emerging Sample Vendors: Accellion; Acronis (GroupLogic); Box; EMC; Oxygen Cloud; WatchDox Page 24 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Recommended Reading: "MarketScope for Enterprise File Synchronization and Sharing" "Ten Enterprise Expectations for File Sync and Share Mobile Solutions" "Move From Document Management to Enterprise Content Management" "Healthcare Reform Driving Cloud Services Providers Toward Maturity" Enterprise Fraud and Misuse Management Analysis By: Barry Runyon Definition: Enterprise fraud and misuse management (EFMM) is software or services that support the detection, analysis and management of fraud or misuse across users and accounts. EFMM is used to monitor and analyze user activity and behavior at the application level, as opposed to the system, database or network level, and it watches what transpires inside and across accounts using any channel available to a user. Position and Adoption Speed Justification: EFMM is most commonly used in vertical industries that manage money and benefits, such as banking, brokerages, insurance, retail and government. However, EFMM can be used in any enterprise that experiences fraud or data misuse. EFMM is beginning to be used to detect internal fraud and unauthorized data access within healthcare delivery organizations (HDOs). Gartner identifies five distinct layers of fraud prevention (see "The Five Layers of Fraud Prevention and Using Them to Beat Malware"), ranging from endpoint-centric tools (Layer 1) to pattern-based intelligence applications (Layer 5). EFMM solutions fall into Layer 4 and Layer 5 of Gartner's Fraud Prevention framework. Layer 4 products (for example, Cerner and FairWarning) detect fraudulent transactions or unauthorized activities as they occur across the enterprise. Layer 5 products (for example, Centrifuge Systems and SynerScope) detect collusive activities or organized crime using pattern-based intelligence. Layer 5 typically involves big data aggregation coupled with visualization tools for network investigation. Although EFMM is still in its early stages within the healthcare provider space, it will see increased adoption during the next several years as HDOs concentrate on strategies, policies and technical controls to mitigate risk in response to increased compliance scrutiny and enforcement. The evolution of the HDO to a real-time healthcare system (RTHS) is underway. A functional RTHS must support a host of applications, systems, platforms and devices (see "2014 Strategic Road Map for the Real-Time Healthcare System"). To be effective, the RTHS requires that a significant amount of patient information be readily available — significant amounts of patient event and activity data necessary for situational and contextual awareness that must be acted on and stored. This requirement exacerbates the fraud and misuse problem, and heightens the need for EFMM. We are placing EFMM only slightly ahead of last year's position, past the Peak of Inflated Expectations. While EFMM tools do not directly experience industry or market hype, the incidents they seek to eliminate and mitigate do. This technology profile represents a U.S. perspective at this point — although a number of the listed representative vendors are pursuing deals outside of the U.S. Gartner, Inc. | G00276438 Page 25 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com User Advice: HDOs must more proactively monitor and detect unauthorized access and disclosures of protected health information (PHI) in an effort to reduce and prevent healthcare fraud and misuse. The U.S. Department of Health and Human Services (HHS) has increased the pressure on HDOs through increased HIPAA/Health Information Technology for Economic and Clinical Health (HITECH) Act compliance audit activity, and by imposing more significant fines and penalties on transgressors. HDOs are likely to achieve EFMM success earlier with Layer 4 products because of their affordability and simplicity, compared with Layer 5 products. HIPAA explicitly calls out application log review as a best practice for ensuring privacy and security. However, most HDOs do not have mature log management in place — and if they do, they struggle to extract meaningful and actionable information from this data. To combat the rising tide of fraud and misuse, HDO chief information security officers (CISOs) and compliance officers should track and monitor user access to patient data by routinely examining the application log entries that are generated by their critical business and clinical systems. Business Impact: EFMM has the potential to improve an HDO's overall IT governance, risk and compliance posture and specifically to reduce the risk of fraud and misuse related to unauthorized access to PHI, as well as significant fines, penalties, and damage to brand and reputation that often result. Benefit Rating: Moderate Market Penetration: 5% to 20% of target audience Maturity: Adolescent Sample Vendors: Attachmate; Cerner; FairWarning; TIBCO Software (LogLogic) Recommended Reading: "As HIPAA Regulations Get Teeth, Healthcare Firms Feel the Bite" "Mitigate Breaches With Real-Time Discovery" "Who's Who and What's What in the Enterprise Fraud and Misuse Management Market" "2014 Strategic Road Map for the Real-Time Healthcare System" Secure Text Messaging Analysis By: Barry Runyon Definition: Text messaging refers to conventional cellular-based short messaging services (SMS) offered by wireless carriers such as AT&T, Verizon, Vodafone and others. By design it is an unsecure and unreliable service. Secure text messaging leverages the familiar texting user interface but employs cryptographic protocols such as Secure Sockets Layer (SSL) for security, auditing for compliance, and technology to ensure message delivery. Page 26 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Position and Adoption Speed Justification: Text messaging is the most widely used data application in the world. It is a familiar activity for most mobile phone users. As a communications tool, it is simple to use and ubiquitous. Its use within the healthcare delivery organization (HDO) is common, although not often sanctioned in enterprise mobile device policy. Most HDO compliance and security professionals discourage or ban the use of conventional text messaging for communications involving protected health information because of the compliance risk it represents to the enterprise. Secure text messaging has been positioned just past the Peak of Inflated Expectations. Gartner client inquiries indicate that HDOs have accepted secure text messaging as a useful communication and care coordination tool for the clinician and care team member. There is also increasing interest among healthcare providers in using secure texting to engage the patient — for things such as appointment reminders and the availability of test results. User Advice: A number of vendors offer secure texting platforms, some of them healthcare- specific, that improve on conventional text messaging offerings with encryption, transaction auditing and centralized maintenance. HDO CIOs should select a secure texting platform that will not interfere with the normal transmission or receipt of nonencrypted text messages. A secure text messaging service should work across all major smartphone platforms (Apple, Android and Windows) or at least those supported by the HDO's enterprise mobility services platform. Select a text messaging platform that offers a directory service that will synchronize with the enterprise directory, offer a browser-based administration and management console, include a Web client application, handle images and attachments, and offer provisions for compliance data retention, auditing and reporting. A secure text messaging service should be able to use Wi-Fi or cellular networks as needed. Secure texting services can be run on-premises or from private or public clouds. If the cloud is public, then security auditing standards such as Health Information Trust Alliance Common Security Framework (HITRUST CSF), National Institute of Standards and Technology (NIST) Special Report (SP) 800-53, ISO 2700x and regional regulatory counterparts such as the European Data Protection Directive 95/46/EC should be an important consideration. Business Impact: Secure text messaging can facilitate and streamline HDO user and clinician communications, using a familiar, simple and ubiquitous tool that has an affordable cost of entry. Clinical vendors will increasingly look at secure texting as a necessary feature of their product suite and compliant communication channel. Secure text messaging within the HDO will soon become a commodity product/service. To survive, vendors in this space will have to enhance their offerings to include more integration, collaboration and document-sharing capabilities — more in line with existing clinical communications and collaboration vendor offerings. Over the next few years, secure text messaging vendors will extend their products to become more aware and collaborative, with capabilities such as workflow, device and system alerts/alarms, file synchronization and sharing, mobile content management, video and integration with on-call scheduling, physician directories, bed management, nurse call systems and other point-of-care systems. The difficulty in making that transformation will reduce the number of pure play secure texting messaging vendors in the marketplace. Secure text messaging satisfies a number of healthcare provider communications and coordination use cases such as: ■ Stat orders ■ Consult requests Gartner, Inc. | G00276438 Page 27 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com ■ Second opinions ■ Patient referrals ■ Lab result notifications ■ Patient status updates ■ Staffing assignments ■ Sharing documents ■ Medical image viewing ■ Discharge instructions ■ Prescription clarifications Texting can reduce the amount of pager/callback activity a clinician has to endure. Also, given the asynchronous nature of text messaging and message filtering capabilities, clinicians and staff can remain in near-real-time contact without constant workflow interruptions and distractions. Benefit Rating: Moderate Market Penetration: 5% to 20% of target audience Maturity: Adolescent Sample Vendors: Cureatr; Doc Halo; Imprivata; qliqSoft; Red e App; TigerText Recommended Reading: "Implement the Right Text-Messaging Platform to Support the Provider and Engage the Patient" "Healthcare Reform Driving Cloud Services Providers Toward Maturity" "Technology Overview for Secure Texting for Healthcare" "10 Key Action Items for HDO CIOs to Harness the Nexus of Forces" Healthcare Master Data Management Analysis By: Vi Shaffer; Laura Craft Definition: MDM is a technology-enabled information management discipline for creating and maintaining consistent, uniform identifiers and attributes that describe the core data entities of the enterprise. Through MDM, organizations achieve consistency, accuracy, integrity and semantic consistency of master data in support of key business initiatives. This "single version of the truth" will be required as HDOs merge and integrate operational systems and data and increasingly engage in information sharing and analytics. Page 28 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Position and Adoption Speed Justification: Master data management (MDM) is needed to support the healthcare delivery organization (HDO) in behaving as a system, starting from a consistent and dynamic foundation of important data entities such as patients, clinicians, employees, diagnoses, procedures and charges. MDM requires constant vigilance and formal management regarding the standardization, quality and completeness of the data. While some aspects of defining and maintaining components of MDM for healthcare are handled by the megasuite and ERP vendors (such as the enterprise master person index [EMPI]), new solutions are emerging that may help to eliminate some confusion around MDM by further defining the space and make it the right time for larger, more-mature HDOs to formalize their MDM programs. Challenges in taking on true MDM include competing priorities, lack of executive sponsorship and stakeholder support, and immature products and services. MDM is gaining moderate traction in healthcare forums with a noted uptick in recognition of this domain's importance. We have nudged its positioning on the 2015 Hype Cycle only slightly ahead of the 2014 Hype Cycle to acknowledge maturing healthcare-specific solutions but to cautiously reflect continued lack of broad adoption. User Advice: MDM is a long-term practice, not a short-term project. CIOs should: ■ Develop the business case. CIOs need to provide evidence of those things the enterprise can't execute as quickly or consistently as an enterprise with MDM, as well as demonstrate MDM's linkage to business and clinical management benefits. Its importance is implied by all major IT initiatives, such as electronic health record (EHR) systems and clinical decision support, collaboration, legacy modernization, and ERP. ■ Make MDM a priority. MDM is the underpinnings of a new generation of knowledge management that will become a defining core competency of successful HDOs. ■ Take an integrated, holistic enterprise approach to MDM. MDM can be sustained only when connected with executive commitment and sound processes for information and data governance. ■ Use the Gartner MDM framework and the seven building blocks of MDM to help your HDO see the "big picture" for MDM. ■ Team with the chief medical information officer (CMIO) to open dialogue around MDM and formulate a strategy for MDM moving forward. ■ Establish a methodology to evaluate MDM tools. ■ Create a phased approach that solves early challenges but is easily expandable to other areas of the organization, allowing the MDM project to show initial value and build momentum throughout the HDO. Business Impact: MDM is a critical operations and infrastructure component because it requires serious attention from more HDOs as they embark on new investments to leverage clinical data, and on new business initiatives to coordinate care among previously siloed entities. Gartner, Inc. | G00276438 Page 29 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com As many HDOs continue to grow in size and service scope, and as they experience a greater complexity and criticality in IT's support of the patient care process, moving to an enterprisewide and mature approach to MDM enables the HDO to keep order and move toward standardization and agility in core processes. MDM is one of those best-practice areas that are most appreciated when they do not exist and when broken consistency and quality of data get in the way of everything else an HDO wants to do with it. Other indirect benefits of MDM include improved reporting accuracy, decision support, patient safety, regulatory compliance, customer satisfaction and asset utilization. Benefit Rating: Moderate Market Penetration: 5% to 20% of target audience Maturity: Adolescent Sample Vendors: Explorys; Gaine; Health Market Science; IBM; Informatica; Information Builders; Oracle; SAP; SAS; TIBCO Software; Wolters Kluwer Health Recommended Reading: "MDM 'Primer': How to Define Master Data and Related Data in Your Organization" "Where to Get Started With Master Data Management" "Organizing for Master Data Management: People and Processes" "Toolkit: RFP Template for Master Data Management Solutions" "Information Governance in the Age of Big Data" IT GRCM Analysis By: Barry Runyon Definition: IT governance, risk and compliance management (GRCM) is the management, measurement and reporting of IT policies and controls that have been put in place to address risk and to ensure privacy, security and regulatory compliance. IT GRCM solutions have policy and asset repositories, basic document management, workflow, dashboards, and survey and reporting functionality. Position and Adoption Speed Justification: Despite substantial investments in time and capital, most healthcare delivery organizations (HDOs) struggle to find a systematic way to define, manage and enforce the privacy and security policies and controls that are required to address reasonably anticipated threats and to comply with industry and regulatory mandates. In the U.S., IT GRCM has been receiving more attention since the Health Information Technology for Economic and Clinical Health (HITECH) Act set the stage for increased enforcement. IT GRCM is an emerging category of products that can improve an HDO's audit posture, reduce associated reporting costs, improve incident response and mandatory reporting, and help the organization more regularly assess its risk Page 30 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com and real compliance levels. IT GRCM can assist an HDO in determining, in more concrete terms, how secure the enterprise is and whether it has the right practices, policies and controls in place. The installed IT GRCM HDO base is small, and adoption has been limited to more mature organizations that have the process and policy foundations needed to capitalize on the technology. IT GRCM products take input from control automation and monitoring tools, such as vulnerability assessment, configuration auditing, identity and access management, security information and event management (SIEM) platforms and others. We moved IT GRCM only nominally ahead of last year's position. IT GRCM has been stalled on this Hype Cycle for the last few years — precariously close to being declared obsolete before plateau at one point. However, it has a strong (if not recognized) value proposition, and there has been just enough interest and adoption activity to keep it alive; we believe IT GRCM is near a tipping point. It will see increased adoption over the next several years as HDOs concentrate on strategies, policies and technical controls to mitigate risk in response to increased compliance enforcement across a more far-flung IT ecosystem. This fact is made more urgent by the evolution of the HDO to the real- time healthcare system (RTHS) — during which many new applications, systems, platforms and devices (see "2014 Strategic Road Map for the Real-Time Healthcare System"), and many more constituents, will require access to and share vast amounts of patient information in order to improve care, coordinate care and reduce costs. User Advice: HDO CIOs, CTOs and compliance officers who have implemented sound vulnerability management — that is, the processes and technologies used to discover and address security weaknesses before they are exploited — should be well-positioned to implement IT GRCM and should: ■ Revisit the enterprise security plan to ensure that current security requirements, along with the corresponding policies and technical controls that support the security plan, remain appropriate for truly anticipated threats and vulnerabilities. ■ Use IT GRCM to determine the efficacy of the enterprise's security plan, and develop the capacity to demonstrate compliance with the U.S. Health Insurance Portability and Accountability Act's (HIPAA's) privacy and security rules, as well as the Joint Commission's Information Management standards, and to demonstrate compliance with international data protection laws and ISO 27001. ■ Investigate IT GRCM systems that, at a minimum, integrate best with the enterprise's technical control infrastructure, offer flexible document management and workflow capabilities, and have HIPAA regulatory content and policy templates. Organizations that want to deploy IT GRCM technology should understand that the labor associated with policy development is significant. There is a wide variation in the scope and functional capabilities of the current set of solutions. Business Impact: HDOs are in urgent need of a systematic approach to security compliance management. Without a holistic approach that automates the collection, analysis and presentation of policies, processes and control data — the evidence of due diligence and a standard of due care Gartner, Inc. | G00276438 Page 31 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com — more HDOs will suffer damage to their reputations, accreditation status and bottom lines as compliance lapses. Benefit Rating: Moderate Market Penetration: Less than 1% of target audience Maturity: Emerging Sample Vendors: Agiliance; Brinqa; BWise; EMC (RSA); IBM; ID Experts; LockPath; Lumension Security; MetricStream; Microsoft; Modulo; Rsam; Symantec; Telos Recommended Reading: "Critical Capabilities for IT Governance, Risk and Compliance Management" "MarketScope for IT Governance, Risk and Compliance Management" "Toolkit: IT Governance, Risk and Compliance Management RFP" "2014 Strategic Road Map for the Real-Time Healthcare System" Sliding Into the Trough Continua Analysis By: Zafar Chaudry, M.D. Definition: Continua Health Alliance (Continua) is a global industry alliance that creates open interoperability guidelines for medical monitoring devices, which can include glucose meters, weight scales and blood pressure monitors. Continua has a product certification program with a consumer- recognizable logo that signifies interoperability across certified products. Continua's 2015 design guidelines are the most recent set of specifications in production use. Position and Adoption Speed Justification: Continua has focused its efforts on developing specifications, guidance and certification of health monitoring devices. Continua's 2015 design guidelines are formatted to International Telecommunication Union (ITU) specifications and feature: ■ Interfaces between personal area networks (PANs), touch area networks (TANs) and LANs. ■ Application hosting devices (AHDs) and health devices. These include Near Field Communication (NFC), international normalized ratio (INR) and Bluetooth Low Energy (LE) Glucose Meter. ■ Consent enforcement via WAN and Health Record Network (HRN) health devices. These are the first global interoperability standards ratified by the ITU for personal connected health (ITU-T H.810). These guidelines are specifically written for device manufacturers that want to undergo the Continua certification process with their devices, These guidelines focus on interfaces Page 32 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com to PAN devices and interfaces between disease management devices and electronic health record (EHR) devices. Continua has achieved limited traction when measured by actual use of connecting home or portable devices to EHR systems. More traction has been achieved through manufacturers developing devices that upload data using Wi-Fi or Bluetooth-enabled smartphones to cloud- based, vendor-specific repositories. As previously noted, the ITU has embraced Continua, as have several governments including the U.K., Denmark, Norway and Singapore. Other national initiatives include Japan, with some commercial deployments that require the use of Continua standards, and Abu Dhabi, which is developing a Continua-standards-based mobile platform. To date, there are no U.S. procurements or regulations that require Continua standards or certification. The positioning of Continua on this Hype Cycle is based on a global view of adoption. Continua has more than 150 members, most of which are technology providers, as well as three very large healthcare delivery organizations (HDOs), 13 international standards organizations and government agencies from six countries. As of April 2015, a new organization, the Personal Connected Health Alliance (PCHA) joined Continua. PCHA's goal is to ensure that personal connected health technologies, such as smartphones, mobile apps, sensors and personal health tracking devices are user-friendly as well as secure, and can easily collect, display and relay personal health data. As of May 2015, there are only 71 Continua-certified devices. These include weighing scales, blood pressure monitors, glucose meters, pulse oximeters, cardiovascular monitors, thermometers, strength monitors, prescription adherence monitors and peak flow monitors. The number of devices available in any specific market may actually be much lower than the total certified. This is because some of the certifications were for demonstration devices. The representative vendors listed are participating vendors that support the Continua interoperability guidelines. This technology profile hasn't moved further along the Hype Cycle because overall adoption has remained somewhat static. User Advice: HDO CIOs and IT leaders: ■ Encourage or mandate compliance with Continua to ensure personal health monitoring devices are interoperable. ■ Seek evidence that using Continua standards will actually lead to measurable benefits. ■ Speak with device manufacturers about their product roadmaps and whether Continua is on their agendas. ■ Determine from device manufacturers whether they are truly willing to support Continua requirements in multivendor configurations. ■ Determine whether plug-and-play interoperability can be achieved in practice, at the technical as well as clinical levels. ■ Plan for an architecture that includes Continua-certified devices and devices that are connected via cloud integration. Gartner, Inc. | G00276438 Page 33 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Business Impact: Home and remote patient monitoring has the potential to substantially improve quality of care and reduce costs by enhancing patient engagement (thus enabling more-frequent interactions with caregivers and healthcare providers,) rather than periodic office visits (and enabling patients to remain in the community or at home). As these approaches gain adoption momentum and find an economic niche, Continua can greatly accelerate its adoption by reducing the "technical therapy" required to get the monitors operating and interfaced. Benefit Rating: Moderate Market Penetration: 1% to 5% of target audience Maturity: Emerging Sample Vendors: AT&T; Capsule; Fujitsu; GE Healthcare; Hitachi; IBM; Intel; Medtronic; Orange; Panasonic; Philips Healthcare; Qualcomm; Roche; Samsung; Sharp; Tunstall Healthcare; Verizon Wireless Recommended Reading: "Agenda Overview for Healthcare, 2015" "Hype Cycle for Emerging Technologies, 2014" "Continua Will Be Critical to Moving Care to Home and Mobile Settings" Business Continuity Management Planning Analysis By: Barry Runyon Definition: Business continuity management planning (BCMP) applications assist healthcare delivery organizations (HDOs) in managing their business continuity management (BCM) programs. They provide risk assessment; business impact analysis; dependency mapping for business processes, suppliers/vendors and IT; plan management functionality; and program management metrics and analysis. Some products also offer plan testing, resource modeling and limited crisis/ incident management and emergency notification support. Position and Adoption Speed Justification: BCMP products have been in the market for more than two decades, growing from word processing templates to sophisticated, interactive decision support tools. There is an increased need (see "2014 Strategic Road Map for the Real-Time Healthcare System") for HDOs to have viable recovery plans of all types (for example, crisis management, damage assessment, emergency response, emergency notification, external communications, procurement/vendor management, customer/partner support, IT disaster recovery and business recovery), as well as a need for a consistent and repeatable plan development process. There has been significant growth in the adoption of BCMP systems over the past several years, as measured by Gartner's security and risk management surveys. The Joint Commission has done much to increase awareness, HDOs have started including BCM as a component of new system purchases, and the real-time health system has forced HDOs to take a more expansive view. Therefore, we have repositioned BCMP from the peak-trough midpoint to 40% pre-trough. Still, Page 34 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com most HDOs have not gone far enough and, more often, limit the view of BCM to disaster recovery — the technical component of BCM. Historically, BCM has competed unfavorably within the HDO with clinical and revenue-producing initiatives (which ironically contribute to an even more critical and complex business continuity requirement). Therefore, it will take five to 10 years until this much- needed capability becomes business as usual within the HDO. User Advice: HDO CIOs, CTOs and IT leadership should implement a BCMP tool and focus on: ■ The ease of use in the hands of business users, not IT or BCM program office users only ■ The ease of customization — by the customer, not the vendor — to your organization's continuity delivery framework ■ The ease of reporting, including modifying report formats provided by the vendor, as well as creating new report formats ■ The ease of integration with other important business applications, such as enterprise directories; human resources; governance, risk and compliance (GRC); business process management tools (whether internally developed or purchased); CCMDBs; IT asset management; and BCM software that your organization may already have purchased, such as EMNS or C/IM software, as well as news feeds to a BCM program dashboard ■ Mobile device support for recovery plan access and execution at the time of a business disruption A recovery plan is a living document, so put in place a continuous improvement process for regular plan reviews and event-triggered plan reviews such as changes in operational risk profiles, business or IT processes, and applicable regulations, as well as exercise results showing a gap in plan actions versus current recovery needs. Business Impact: BCMP tools will benefit the HDO with a comprehensive analysis of its preparedness to cope with business or IT interruptions and an up-to-date, accessible plan to facilitate response, recovery and restoration actions. Having current, effective and exercised recovery plans is the key to success during a disaster, and these tools are essential for effective crisis and business recovery. BCMP around a critical care system such as the EHR is obvious, but has to be expanded to include other critical systems, such as supply chain, billing and payroll systems. With the increased automation of the ambulatory and outpatient venues, investments will have to be made to secure affiliate EHRs. Quantifying benefits and an ROI for something you hope to never need is challenging, but necessary. Benefit Rating: Moderate Market Penetration: 1% to 5% of target audience Maturity: Adolescent Sample Vendors: Continuity Logic; KingsBridge; Rentsys Recovery Services; RSA, The Security Division of EMC; Strategic BCP; Sungard Availability Services Gartner, Inc. | G00276438 Page 35 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Recommended Reading: "The Continuity Delivery Framework Is Essential for Ensuring Measurable and Sustainable BCM Planning Tool and Program Benefits" "Business Impact Analysis: Enabling Effective Business Continuity Management" "2014 Strategic Road Map for the Real-Time Healthcare System" "Health Delivery Organization CIOs Must Deliver a Robust Technical Infrastructure for Electronic Health Records Success" Unified Communications Analysis By: Zafar Chaudry, M.D. Definition: Unified communications (UC) systems merge presence, voice, data, video, messaging conferencing components, networks, devices and systems into a common set of user interfaces on the desktop and on mobile devices. Position and Adoption Speed Justification: UC offers healthcare delivery organizations (HDOs) tangible business benefits that include improved patient care, operational efficiency, lower costs, and the easier clinician communication. UC vendor offerings vary widely in capability, functionality, maturity and cost differences. Interest in UC within the HDO is driven by the real-time healthcare system (see "2014 Strategic Road Map for the Real-Time Healthcare System"), increased use of wireless and mobile devices to extend the effectiveness and reach of the HDO's expensive clinical and business systems, and by the need for better clinical collaboration and care coordination. Inhibitors include the lack of more complete vendor offerings, the maturity and complexity of existing offerings, and security concerns. With the improvement of hands-free communication devices, such as Vocera's Communication Badge (which responds to voice commands, receives text messages and integrates with the enterprise PBX) or Ascom's Wi-Fi handsets (which allows voice calls on Wi-Fi, receives text messages and integrates with the enterprise PBX), HDOs now using these devices are beginning to redefine how their mobile workers communicate. Bring your own device (BYOD) has also had an impact on UC, which includes addressing the needs of all the key stakeholders. Users want the convenience of using their devices for business and personal communications without compromising on the ease of use. UC solutions should not only be secure, but also be able to provide support for a variety of technical platforms due to the continuously growing device choice in the smartphone and tablet markets. Mobile UC products and services are now mature, and their ability to integrate mobile phones with IP telephony and UC systems is compelling. These solutions give members of the workforce the ability to enjoy many of the same features on their smartphones that previously were only available on desktop phones and softphones. UC adoption has been slow, hence the slight move forward on the Hype Cycle. However, levels are expected to improve over the next three to five years, and enterprises that have already adopted basic UC solutions will start to look for more sophisticated integration. User Advice: HDO CIOs and IT leaders should: Page 36 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com ■ Define the requirements of any UC deployment and the principal stakeholders involved. ■ Evaluate a UC vendor's roadmap to understand its future product strategy, its support for interoperability and open standards, as well as its healthcare-specific offerings. ■ Challenge UC vendors to demonstrate their integrated healthcare UC offerings, or consider deployment of UC components from different vendors (some of which will not yet work together effectively). ■ Work with clinicians to review business and clinical workflows to determine how these could benefit from being communication-enabled. ■ Develop a business case from the pilot program to determine total cost of ownership and any potential ROI. ■ Look for benefits (such as productivity or patient safety enhancements) to justify UC applications, rather than developing a business case based entirely on cost reductions. ■ Undertake pilot programs first to evaluate feasibility and to estimate time to value. ■ Provision the existing data network infrastructure for the introduction and added weight of UC traffic, because ill-conceived UC implementations will result in poor quality of service. Business Impact: With increased automation and mobility in support of complex business and clinical workflows, telephone and paging systems are no longer sufficient. UC improves communications among individuals and groups within the HDO. This is reflected in more timely and secure access to critical clinical information and faster response times. For the HDO, this can result in improved caregiver communications and collaboration, improved patient safety and care, and the more efficient utilization of human and material resources. The benefits of UC are best realized when integrated with clinical applications and processes. Benefit Rating: Moderate Market Penetration: 5% to 20% of target audience Maturity: Adolescent Sample Vendors: Alcatel-Lucent; AT&T; Avaya; Cisco; Dell; Huawei; IBM; Microsoft; Mitel; NEC; ShoreTel; Toshiba; Unify; Vocera Communications Recommended Reading: "Cool Vendors in Unified Communications, 2015" "Magic Quadrant for Unified Communications" "Critical Capabilities for Unified Communications" "Market Trends: Key Trends in the Unified Communications as a Service Market" Gartner, Inc. | G00276438 Page 37 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com "2014 Strategic Road Map for the Real-Time Healthcare System" Semantic Interoperability/Healthcare Analysis By: Zafar Chaudry, M.D.; Barry Runyon; Laura Craft Definition: Semantic interoperability is the exchange of clinical information with sufficient granularity to support clinical decision support, care management, clinical research, quality assessment and business intelligence. This exchange of information is more often done among organizations with different clinical information systems. Position and Adoption Speed Justification: Semantic interoperability considers issues that are manifest in the data itself, including the format and context of the data and the codes that are used to convey the data. For the purpose of positioning this profile on the Hype Cycle, we consider the following classes of data to be important: ■ Prescriptions ■ Problems (expressed at a clinically useful level of detail) ■ Current medications; medication history sufficient to judge patient compliance ■ Medication allergies ■ Lab orders ■ Clinical lab findings, including microbiology ■ Radiology orders and findings. In general, where data is coded, the code sets mutually understood by any two interoperating organizations should be sufficient for all of the data on 95% of the patients and 95% of the data on the remaining patients. Advances in semantic interoperability continue to remain static since last year's Hype Cycle. The European eHealth Project (epSOS) program started a number of intercountry pilots for prescription data (which have now ended but haven't been sustained). Completing pilots is a step forward and promises a bigger step, but it only holds value when the pilots are expanded into a full-scale production. However, structured data on prescriptions has historically been more available from systems that support fulfillment and payment. Many U.S. organizations have managed to exchange Continuity of Care Documents (CCDs), but only when the receiving system is the same product as the sender or when the receiving system interprets the Clinical Document Architecture (CDA) as text, rather than structured data. A few U.S. organizations have managed to exchange semantic information, but only at the cost of substantial expenditures in bilateral testing. As a result of industry experience with the CCD, Health Level Seven (HL7) and other organizations have teamed up to produce an improved set of specifications for use in the U.S. (HL7 Implementation Guide for CDA Release 2: IHE Health Story Consolidation). The Centers for Medicare & Medicaid Services (CMS) and Office of the National Coordinator (ONC) for Healthcare IT have also included the Consolidated-Clinical Document. Architecture (C-CDA) in the requirements for meaningful-use Stage 2 and specifically required the extraction of problems, medications and medication allergies in the definition of success. However, many organizations Page 38 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com continue to lack in having a comprehensive strategy that leverages the standardized vocabularies necessary for full semantic interoperability. Overall, we judge that semantic interoperability hasn't moved ahead in the past year. The five- to 10-year estimate to plateau applies to the time when semantic interoperability will be routinely exchanged for most clinical data within countries. User Advice: Healthcare delivery organization (HDO) CIOs and IT leaders should: ■ Establish a workgroup to identify functional requirements and/or potential uses of semantic interoperability systems for use by your healthcare organization. ■ Identify potential partner organizations to collaborate with on the research, development, testing, and use of semantic interoperability; e.g., academic medical centers and vendors. ■ Investigate changes in clinical and IT practices that may need to be made in anticipation of utilizing semantic interoperability systems. ■ Include terminology service providers in their architectures for application integration because semantic interoperability usually requires substantial efforts to create code mappings and keep them up to date. Business Impact: More-granular, high-fidelity data for broader classes of data is an enabler for improved decision support, contributes to better quality, better care coordination, patient safety, and more-automated compliance with external quality reporting requirements. It also supports more-sophisticated syndromic surveillance and epidemiology than is possible today. Finally, with more-semantically interoperable data, discovery of research candidates in clinical trials may become more automated. Benefit Rating: High Market Penetration: 1% to 5% of target audience Maturity: Emerging Recommended Reading: "Agenda Overview for Healthcare, 2015" "Top Actions for Healthcare Delivery Organization CIOs, 2014: Approach Care Management Pragmatically" "Taxonomies and Data Models: A Trip Through Parallel Universes" A. Tapuria, D. Kalra and S. Kobayashi, "Contribution of Clinical Archetypes, and the Challenges Toward Achieving Semantic Interoperability for EHRs," Healthcare Informatics Research, 2013 Gartner, Inc. | G00276438 Page 39 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Legacy Decommissioning Analysis By: Barry Runyon Definition: HDO IT systems are routinely replaced by more modern, functional or cost-effective alternatives. However, migrating legacy data can be so complex and costly that legacy systems are often left in service. Legacy decommissioning vendors specialize in ensuring the ongoing integrity and availability of the data of retired applications, using a variety of approaches, ranging from hosting the retired systems, to migrating the data to their repository. Position and Adoption Speed Justification: Legacy applications are considered such, because they have played an important role in satisfying organizational business requirements. It is likely to be deeply ingrained in enterprise business processes in ways that are both well-understood and unknown. Dependencies surface only when a system is no longer available — and, even then, these dependencies may not show up until a quarterly or annual business process attempts to access the data. Because of the cost and complexity of migrating or archiving legacy data, HDOs often keep the associated system in service. This can come at significant expense — in the form of facilities and hardware, software licensing and maintenance, support costs, and personnel. Legacy decommissioning is a persistent challenge for the HDO. We have placed legacy decommissioning in the Trough of Disillusionment, where it will likely remain for some time because HDOs are finding the vendor solution market confusing and fragmented. Available solutions are limited, and don't satisfy real-world requirements, as well as are more complicated and costly than they were led to believe. Also, like disaster recovery and similar "plumbing"-type IT initiatives, legacy decommissioning suffers from competing priorities and lack of visibility and support from upper management when budget time comes around. Most of the interest in the last year has come from vendors, which rightly see this as a growing opportunity that gets bigger year over year. A few forward-thinking HDOs have created legacy decommissioning or application retirement manager positions and have funded application retirement initiatives. User Advice: HDO CIOs, CTOs and chief data officers should take every opportunity to decommission applications and systems that are no longer in active use. Legacy data that can be legitimately removed should be during decommissioning. Data that no longer has business value to the enterprise (based on policy) contributes to unnecessary storage growth, storage-related spending and e-discovery risks. The disposition of legacy data should be an explicit part of an HDO's enterprise information management and information life cycle management (ILM) strategies. Synchronize your application portfolio management and ILM strategies to ensure that, as applications and systems are replaced or retired, they properly account for the data. Select a decommissioning vendor that offers a solution that can handle the most critical applications, systems and/or data in your legacy portfolio — and one you have the skills and resources to support. Successfully implementing a legacy decommissioning solution is dependent upon the approach taken; the maturity and capabilities of the vendors found within that approach; and the organization's capacity to support specific domain, operational, infrastructure, personnel and project requirements for a particular vendor solution. In the case of an archive or repository approach to legacy decommissioning, HDO enterprise information specialists must have the necessary domain, data modeling and integration expertise available to support the considerable data mapping, transformation, loading and movement requirements. Page 40 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Business Impact: When a system outlives its usefulness, the enterprise naturally wants to discontinue the upkeep for its care and feeding. These direct and indirect expenses can be significant, and are related to, but not limited to, hardware, licensing, maintenance and support, facilities, operations, and service desk. The most important consideration is the final disposition of its data. HDOs are cautious about disposing of legacy data — particularly, patient information and particularly now, with the emergence of big data and analytics. Most HDOs keep adult and pediatric medical records well beyond the limits stipulated by industry, state and government guidelines and regulations and, in some cases, they retain them permanently. Barriers to adoption include the HDOs' reluctance to turn off old applications and systems when the dependencies and consequences are not clear, the general reluctance of physicians to purge patient data, the cost and complexity of data migration and archiving, and the lack of vendor support for niche systems. Benefit Rating: Moderate Market Penetration: 1% to 5% of target audience Maturity: Adolescent Sample Vendors: Anthelio Healthcare Solutions; Data Migration Services; Dell; EMC; Harmony Healthcare IT; Informatica; Laitek; Legacy Data Access; Medibase; MediQuant; OpenText; Summit Healthcare Recommended Reading: "Top Actions for Healthcare Delivery Organization CIOs, 2013: Make Legacy Decommissioning a Priority" "Account for the Data When Decommissioning Legacy Applications" "Decommissioning Applications: The Emerging Role of the Application Undertaker" End-User Experience Monitoring Analysis By: Barry Runyon Definition: End-user experience monitoring is technology to monitor, measure and improve the HDO end user's experience in using critical enterprise systems, such as the electronic health record (EHR) system. Gartner describes four end-user experience monitoring approaches: (1) passive monitoring of proxy end-user experiences; (2) active monitoring of proxy end-user experiences; (3) end-user behavior capture and playback; and (4) cognitive, model-based subjectivity tracing. Position and Adoption Speed Justification: The increased automation of clinical and business processes within the healthcare delivery organization (HDO), along with outreach and interoperability initiatives, has increased the number of IT systems that participate in the EHR and the number of systems that are considered mission-critical. Systems are more distributed and interdependent and more difficult to monitor end-to-end. Because of their status within the Gartner, Inc. | G00276438 Page 41 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com enterprise, systems require high levels of performance and availability, and shorter recovery times to ensure patient safety and a positive end-user experience. Of the four varieties of end-user experience monitoring, passive monitoring of proxy end-user experiences is the most widely deployed, but deployment of the other three is picking up (see "The Four Varieties of End-User Experience Monitoring"), particularly active monitoring. The majority of tools for end-user experience monitoring listed within this entry have been around for some time, but only recently have they been adopted to improve the performance and availability of the software systems and vendor products that support the clinical workflows within the HDO. These tools often require time-consuming, complex and expensive deployments and, as a result, have been affected by the HDO budget constraints and competing priorities. Interest in end-user experience monitoring, as measured by the number of Gartner healthcare provider client inquiries, has been very limited over the past year. As a result, its position on the Hype Cycle has not been modified from last year, and market penetration has not changed. This position reflects a U.S. point of view rather than global at this time — due in part to the pace of clinical and business automation driven by U.S. healthcare reform. That said, more vendors are looking at the healthcare provider as a viable vertical. Interest will likely increase as HDOs look to proactively ensure the performance and availability of the foundational business and clinical systems critical to delivering quality care and a positive patient experience, and as the real-time healthcare system paradigm continues to take hold. User Advice: The only legitimate vantage point from which one can capture data about the performance of a given application from an end-to-end perspective is the user interface. HDO CIOs and CTOs should use tools for end-user experience monitoring to proactively measure application availability and performance from the end user's perspective. Most enterprises will need more than one set of tools to satisfy the needs of the end user and IT operations. Correlate important business and clinical workflows to the underlying IT infrastructure components they depend on. Analyze and use the data that is already being collected by existing application-, infrastructure- and security-monitoring tools to improve overall IT infrastructure performance and availability. Deploy tools for end-user experience monitoring in conjunction with major clinical system implementations to compensate for vendor-system-monitoring functional gaps, along with help desk and incident management tools and best-practice frameworks, such as ITIL, to improve I&O maturity levels. Business Impact: HDO IT leaders are often unaware of the health of their IT infrastructures and where potential performance bottlenecks or risks to availability reside. Properly supporting an increasingly automated and accessible clinical and business IT environment will require up-to-the- minute application and IT infrastructure intelligence. Application performance management tools and associated best practices make it possible to reduce unplanned downtime, improve overall system availability and responsiveness, and thereby, enhance patient safety and physician satisfaction. Most clinical system vendors do not provide adequate tools for monitoring system service levels. For remote-hosted, SaaS- and cloud-based systems, this could result in significant cost savings by these service providers to agreed-on service levels. Page 42 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Benefit Rating: Low Market Penetration: 1% to 5% of target audience Maturity: Adolescent Sample Vendors: BMC Software; CareTech Solutions; CA Technologies; Compuware; Dell; Empirix; ExtraHop; Heroix; HP; RadView Recommended Reading: "The Four Varieties of End-User Experience Monitoring" "End-User Experience Monitoring in APM: Past, Present and Future" "2014 Strategic Road Map for the Real-Time Healthcare System" ICD-10 (U.S.) Analysis By: Vi Shaffer Definition: ICD-10-CM is a standard code set for reporting and coding diseases and injuries for hospital inpatient procedures. ICD-10-CM will replace ICD-9-CM Volumes 1 and 2, while ICD-10- PCS will replace ICD-9-CM Volume 3. The coding standards apply to all HIPAA-covered entities. Position and Adoption Speed Justification: For the U.S., the Centers for Medicare & Medicaid Services (CMS) has set the latest compliance date of 1 October 2015, though lobbying for delay legislation continues. The ICD-10 code sets represent substantial changes for payers and providers, as well as the associated IT systems, and offer the ability to collect more detailed clinical information. For example, there are seven broad location codes for pressure ulcers in ICD-9-CM, which will increase to 150 more detailed ICD-10-CM codes that specify pressure ulcer location and depth. For inpatient procedures, there is one ICD-9-CM code for angioplasty that will expand to 854 ICD-10-PCS procedure codes specifying body part, approach and device. The detail required for and provided by ICD-10 is exponentially greater than for ICD-9. The new structure of ICD-10 also provides room for code expansion. The ICD-10 position on the Hype Cycle is tied to a compliance date and also the optimization process for maximizing the use of the ICD-10 codes, which will take years following the compliance date. Many U.S. healthcare delivery organizations (HDOs) continue to lag in preparation for ICD-10 or underestimate the scale of change. Even CIOs of HDOs that are further into their implementations are discovering that the changes required are pervasive, and in many cases, they have underestimated the amount of time, budget and effort required for remediation. ICD-10 is an enterprisewide transition, with impacts across an HDO to people, process and technology systems. Representative vendors included provide products/services for education and training, conversion Gartner, Inc. | G00276438 Page 43 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com project support, testing, computer assistance in clinical documentation improvement, computer- assisted coding, or mapping services. User Advice: Conversion to ICD-10 has the potential to send HDOs into financial disarray. Building institutional knowledge relating to ICD-10 codes has been helped by the many delays but requires that many systems be ready and especially prepared for the level of detail needed to document and code for ICD-10 CM and the conceptual change of moving to ICD-10 PCS. HDO CFOs, CIOs and revenue cycle leaders should be taking advantage of the additional year delay and target ICD-10 remediation efforts on areas of greatest impact, while utilizing strong program management to drive change across the organization. Specifically: ■ Program (not just project) management will ensure coordination across IT and business areas, linking people, processes and technology together and facilitating risk and contingency planning. Prioritize business processes with the greatest change and probability of failure or disruption, and create specific accountabilities. ■ By now, CIOs should have made sure that all systems that use ICD-10 codes have been identified and a plan developed. Checking and double-checking that this is still true is a worthwhile effort. For example, one CMIO recently emphasized that "all diagnosis-dependent work, such a clinical decision support configuration, needs to be rewritten to account for the new generation of ICD-10-CM codes, not simply the ones a physician might select." ■ Use predictive analytics to identify focus areas by facility, physician, specialty or diagnosis- related group (DRG), among other criteria, for ICD-10 efforts, based on reviews of clinical documentation and claims. Take their top 10 ICD-9 diagnoses and determine what would be the equivalent ICD-10 diagnoses. Analyze the workflow for capturing consistent medical record and billing data for those diagnoses first. ■ Consider emerging computer-assistance tools to support clinical staff, when documenting, and coders, when coding, prompting for detail when needed since both are high-risk areas. ■ Because ICD-10 implementation carries the potential for expensive disruptions, a well- constructed contingency plan is vital. Gartner's advice remains "plan for this to be a crisis." There will be unprepared entities and failures. Work with payers not just on end-to-end testing, but on topics like contingency payments. Business Impact: ICD-10 implementation failures have the potential to ripple through an HDO and the reimbursement ecosystem — failures in one area of the revenue cycle impact other areas. Enterprisewide program and contingency planning is a fundamental requirement to reach compliance. Postcompliance, the benefit to using ICD-10 sets is the ability to capture accurate, richer, more useful and medically relevant data about the outcomes, efficacy, costs and complications of medical technology, and to ensure fair and equitable reimbursement policies. A strong ICD-10 conversion effort can achieve the added benefit of improved end-to-end revenue processes, improved documentation and coding yielding previously unrealized revenue, and more accurate reflection of patient severity and resources used, which will be critical to profitability and success under value-based purchasing models. Page 44 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Benefit Rating: Moderate Market Penetration: Less than 1% of target audience Maturity: Emerging Sample Vendors: 3M Health Information Systems; Deloitte; Dolbey; Health Language; Infosys; Intelligent Medical Objects; Jvion; Leidos Health; MedAssets; MedeAnalytics; Nuance; Optum; Precyse; The Advisory Board Company Recommended Reading: "Top Actions for Healthcare Delivery Organization CIOs, 2014: Focus on the ICD-10 Endgame" "Benchmark ICD-10 Program Effectiveness to Minimize Revenue Cycle Impact" "Develop a Perfect ICD-10 Contingency Plan, and Then Take Steps to Avoid Having to Use It" Direct Messaging Analysis By: Zafar Chaudry, M.D. Definition: Direct messaging (direct) is a means of sending protected health information as structured data, plain text or images that are more secure than conventional email or fax. It enables pushing data from one HIPAA-covered entity to another, or to a patient's personal health record. It is formally described in "Applicability Statement for Secure Health Transport." Its adoption is primarily in the U.S. Position and Adoption Speed Justification: Direct messaging, an Office of the National Coordinator (ONC) Direct Project specification (see "The Direct Project Overview," 2010) is a secure, simple, scalable, standards-based method for organizations to send encrypted and authenticated health information directly to known, trusted recipients over the Internet. It establishes standards and documentation to support simple scenarios for pushing data, focusing on the technical standards that are needed to push secure content from a sender to a receiver. The Direct Project transports health information, but direct alone does not produce interoperability. Direct messaging relies on healthcare information service providers (HISPs). HISPs provide the security infrastructure and message exchange for users in clinical organizations. Many HISPs provide secure portals through which a clinician can create and receive direct messages. Most use cases work best when end users initiate and receive direct messages in the workflow of their electronic health record (EHR) systems. Vendors of EHRs generally have established a relationship with a specific HISP. Under this relationship, the EHR vendor is responsible for integrating messaging into the user interface of its product. Major EHR vendors such as Allscripts, Greenway Health, Meditech and NextGen are reselling the services of third-party HISPs. A few EHR vendors (such as Cerner) have decided to operate the technology themselves and become their own HISPs. Some HISPs are included in the sample vendors list. Where that list includes an EHR vendor, it means the vendor itself provides the HISP functions for the users of its EHR product. Gartner, Inc. | G00276438 Page 45 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com The standards for direct message interoperability were developed by a large group of health information exchange (HIE) organizations, EHR vendors and interested third parties. A more challenging requirement for interoperability is the ability of HISPs to trust one another. DirectTrust.org has worked out the legal requirements and teamed with the Electronic Healthcare Network Accreditation Commission (EHNAC) (ehnac.org) to create an accreditation program that verifies that a candidate HISP meets the requirements. DirectTrust.org has created trust bundles" which are sets of online metadata that describe the technical information necessary for one HISP to begin to interoperate with another. Currently, an HISP using the open-source software needs only to import the trust bundle for another HISP to begin to work with it. The ease of administering the inter-HISP trust relationship distinguishes direct from a full HIE. A big driver for direct results from healthcare delivery organizations (HDOs) seeking incentives under Stage 2 of Meaningful Use. They will have difficulty fulfilling the requirement to send structured information for 10% of referrals and other transitions in care without direct. We have deposited direct firmly in the trough this year because of the Meaningful Use requirements, the services of DirectTrust.org, the EHNAC and EHR vendor commitments that all became available since last year. User Advice: U.S. HDO CIOs and IT leaders: ■ Plan to use direct when available from EHR vendors for all interorganizational pushing of protected healthcare information. This includes the transfer of structured information that is required for 10% of discharges and referrals to qualify under Stage 2 of the Meaningful Use incentive program. ■ Consider direct where there is a variety of health IT vendors; retrieval-based information sharing may become a ponderously complex affair due to policy issues and the majority of interorganizational workflows currently being handled by fax machines. Business Impact: The exchange of healthcare information with community physicians has become important to hospitals. This importance will only increase as drivers, such as the need for better coordinated and continuity of care, become more of a priority. Direct can provide a basis of familiarity and trust that will be an asset in building more complex business and technological relationships. Benefit Rating: Moderate Market Penetration: 1% to 5% of target audience Maturity: Emerging Sample Vendors: athenahealth; Cerner; Covisint; DataMotion; eClinicalWorks; ICA; Infomedtrix; Inpriva; MaxMD; MedAllies; Medicity; MRO; NextGen Healthcare; Orion Health; RelayHealth; Secure Exchange Solutions; Siemens Healthcare; Surescripts Recommended Reading: "Agenda Overview for Healthcare, 2015" Page 46 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com HIE Analysis By: Zafar Chaudry, M.D. Definition: Gartner defines healthcare information exchange (HIE) as the exchange of clinical information among independent healthcare organizations. The HIE market includes software and technology services to create and operate an HIE. We do not include system integrators and other providers of professional services for implementing HIEs. Position and Adoption Speed Justification: Many public HIEs in the U.S. were created through federal funding grants as a consequence of the Health Information Technology for Economic and Clinical Health (HITECH) Act. In 2010, we predicted that these HIEs would often fail to develop into economically self-sustaining programs. This has been confirmed by the inquiries we have taken since 2012. HIE software vendors have concentrated their sales efforts on privately funded HIEs. Some large healthcare delivery organizations (HDOs) are considering creating self-funded HIEs. Globally, progress on HIEs is also variable. Many of the same barriers described previously are being encountered. Government-driven HIE programs remain overambitious in scope and time frame; the tangible economic value also remains unclear. Most international progress to date has occurred in smaller jurisdictions, such as Singapore, where there is less variability in culture or resistance to adoption. Some specific examples of international HIE efforts include: Israel (Clalit initiative), Scotland (Emergency Care Summary), Sweden (National Patient Summary), Singapore, Denmark (health data net), Australia (Personally Controlled Electronic Health Record — PCEHR), Canada (Infoway) and the European Patients Smart Open Services (epSOS) program aimed to develop a common transnational approach to a patient summary record and prescription fulfillment. To date, the ability to achieve semantic interoperability through HIEs continues to be limited. We have advanced the HIE position on the Hype Cycle this year to the trough based on increased transaction volumes in the best HIEs and greater purchasing and interest in HDO-based HIEs. Our positioning is based on U.S. adoption. User Advice: U.S. HDOs that are finding the need to exchange data with community physicians critical to their practices must carefully assess the prospects of regional HIEs in establishing a sustainable economic model and a critical mass of participation to enable the use of secondary data. Where there is no reliable prospect, HDOs should consider going it alone or participate in specific alliances without full public governance. In selecting vendors for their own HIEs, HDOs should evaluate their ability to support analytics and care management. Non-U.S. HDOs, for the most part, will need to react to government-sponsored programs to set up HIEs. They should gauge their reaction based on whether the government program has clear, simple goals or is an attempt to achieve broad interoperability across heterogeneous products. In the former case, they should plan for a strong possibility of success and expect to participate. In the latter case, they should give nominal support and avoid substantial investments, unless they develop a more pragmatic approach. Business Impact: HIEs enable increased data availability, which can lead to improved patient safety, healthcare quality, and fraud and misuse mitigation. There are more opportunities for patient Gartner, Inc. | G00276438 Page 47 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com home care and self-care and a coalesced community of clinicians in a region to support other quality efforts. Benefit Rating: High Market Penetration: 5% to 20% of target audience Maturity: Adolescent Sample Vendors: Allscripts; AxSys; Caradigm; CareEvolution; Cerner; CGI; Covisint; Emdeon; Epic; Explorys; Harris; HealthUnity; IBM; ICA; Infor; InterSystems; Marand; Medicity; Mirth; Optum; Oracle; Orion Health; RelayHealth; Siemens Healthcare; Transcend Insights Recommended Reading: "Avoid the Pitfalls of HIE Selection by Using New Market Definitions" "Market Guide for Health Information Exchange Software and Technology" "Favor Tactics Over Strategy When Planning a Health Information Exchange" GS1 Healthcare (GDSN) Analysis By: Vi Shaffer Definition: The Global Data Synchronization Network (GDSN) is a set of standards for synchronizing/harmonizing item and location information across a network of trading entities. GDSN consists of the Global Location Number (GLN), the Global Trade Item Number (GTIN), a certification framework, a registry and other communication standards. It is organized by GS1, the global standards body, with GS1 Healthcare being the industry community. Position and Adoption Speed Justification: GS1 Healthcare forward progress is tracked in this Hype Cycle by adoption of the GDSN in the U.S. due to the market's size and influence globally. The key steps to adoption are to implement GLN, GTIN and GDSN harmonization processes. Other countries have provided early leadership — notably, Australia with national adoption (and a claim of world leadership) — and New Zealand, Canada, Japan and Ireland. We nudge the standard ahead slightly this year, noting that coming deadlines will drive speedy adoption in a few years. The most important progress for GS1 U.S. and the GDSN is the clarity brought by federal legislation and regulation fueled by device and drug safety/counterfeiting concerns. These force the hand of all parties to the healthcare supply chain and require all to be prepared with systems and processes, specifically: ■ The 2013 U.S. federal Drug Supply Chain Security Act (DSCSA) consolidated inconsistent state laws and established a timetable for successive traceability requirements for drug manufacturers, wholesalers and repackagers from lot-level management (1 January 2015), to item-level serialization (2017-2019), and ultimately to serialized item-level traceability (2023). Page 48 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com ■ The 2013 U.S Food and Drug Administration's (FDA) Final Rule on Universal Device Identification (UDI), a system used to mark and identify medical devices within the healthcare supply chain. According to GS1, the International Medical Device Regulators Forum, U.S. FDA and the European Commission "are aiming for a globally harmonized and consistent approach to increase patient safety and help optimize patient care. [through] harmonized UDI legislation using global standards." The FDA rule accredits GS1 as an issuing agency for UDIs. User Advice: GS1 standards and regulations create necessary actions for many parties. U.S. healthcare providers and suppliers have specific new regulatory obligations. Vice presidents of supply chain management (SCM), CIOs and other leaders must scrutinize and update the systems and processes that enable compliance and gain benefits: ■ Effective 1 July 2015, U.S. hospitals and retail pharmacy dispenser organization executives must ensure the organization is prepared to: (1) refuse acceptance of a product without compliant transaction history, information and transaction statement; (2) keep this information for six years; and (3) provide the information upon regulator request within two business days. ■ VPs of supply chain and CIOs of all healthcare ecosystem players, including providers, life sciences/manufacturers, distributors and repackagers should: ■ Engage with GS1 to get standards adopted and, for master data management (MDM) suppliers, help drive global consistency of requirements and processes. ■ Ensure a strong foundation of MDM for suppliers, customers and products before embarking on these efforts. Success will depend on quality data. ■ Leverage foundational ERP capabilities and MDM efforts to incorporate standards and ensure compliance as regulations and requirements emerge. Specifically, understand the implications for aligning data in upstream and downstream supply chain transparency efforts, to both manage the data interdependencies and leverage the benefits potential. ■ Providers and suppliers must push for the readiness of your trading partner network to engage in commercial transactions using the GDSN. Focus on the highest-volume trading relationships. It is a push-pull strategy with laggards on both sides; pioneers (like Mayo Clinic) are pushing, but both sides are often not pulling together adequately. ■ Prepare a plan to capture the benefits beyond the initial supply chain efficiencies and into the realm of more global transparency of network activity, reduce revenue cycle cash cycles, shepherd patient safety enablement, and ensure agility to trade in a global network with few impediments. Business Impact: Few things are more important to the safety and efficacy of healthcare delivery than the legitimacy and management of drugs and medical devices. Synchronizing item and location information across an increasingly complex and global sourcing and trading network has many benefits to the stakeholders in that ecosystem. Sellers, buyers and distributors of medicines, medical supplies, medical devices and other products are able to trade within a standards-certified network of players, all using the same designators for locations and items. This foundation enables high quality and efficient commerce in the supply chain, as well as direction of patient safety/ Gartner, Inc. | G00276438 Page 49 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com medication error investigations, enablement of product traceability and recall, confirmation of proper sterilization and anti-counterfeiting needs, and even assistance in collaborative, international clinical research/effectiveness research. Standardization and interoperability are also of invaluable societal benefit when medical supply logistics must be coordinated among governments and relief organizations. Organizations that put more effort into leveraging GS1 standards together with innovative supply chain management leadership will reap high value. For most, value will be moderate and more compliance than commitment. Benefit Rating: Moderate Market Penetration: 5% to 20% of target audience Maturity: Adolescent Sample Vendors: 1WorldSync; GHX; GS1; GS1 Australia; GS1 Brazil; GS1 China; GS1 Healthcare US; GS1 UK; LANSA Recommended Reading: "How to Deliver Supply Chain Value During Healthcare Provider Mergers and Acquisitions" "The Hierarchy of Healthcare Supply Chain Metrics for IDNs" "Get Ready for Mandatory Unique Device Identifiers in Healthcare" "The Healthcare Supply Chain Top 25 for 2014" More information on global and U.S. GS1 activities, as well as various country case studies. "Unique Device Identification," GS1 Healthcare The U.S. Drug Supply Chain Security Act of 2013 Lessons and data quality management issues from Australia: "Healthcare Data Crunch: Quantifying the Benefits of Accurate Data in an Electronically-Enabled Supply Chain," March 2014. GS1 Australia, Medical Technology Association of Australia, and RMIT University with support of the Australia National EHealth Transition Authority Supply Chain Group. HL7 Infobutton Analysis By: Barry Runyon Definition: Health Level Seven (HL7) Version 3 Standard: Context-Aware Knowledge Retrieval Application (Infobutton), Knowledge Request, is an interface standard by which an electronic health record (EHR) or another clinical system obtains clinical content from an online third-party content provider by sending information about the patient's condition (context information). The type of Page 50 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com content requested is not limited, and may be clinician-targeted information or patient education materials. Position and Adoption Speed Justification: While the U.S. Office of the National Coordinator for Healthcare IT (ONC) rule for Stage 2 Meaningful Use requires certification of Infobutton, Release 1, the Centers for Medicare & Medicaid Services (CMS) rule for user organizations does not require its use. For most standards, this would imply very low adoption. Nonetheless, we think that adoption of this standard will increase because it is simple, and the basic approach has been in use for a few years by some major EHR vendors and content providers. We have reports from some large EHR vendors of production use of these interfaces in a number of client sites. Some of their clients use the approach to support contracts with multiple content sources. In one instance, an EHR vendor reported that it has a client that connects to seven different content sources using this approach. The standard describes a pair of actions — a request for information and a response. The request may include a topic (such as a problem, finding or procedure); a subtopic; a severity code and contextual information, such as the patient's age and gender. It does not, however, include information sufficient to identify the patient. The request may be formatted as a Web service request or an HTTP request including straightforward XML based on HL7 Reference Information Model (RIM). The Infobutton Service-Oriented Architecture (SOA) Implementation Guide, Release 1 describes a RESTful specification and knowledge responses in XML and JSON formats. There is no standard for the response; one approach commonly used today is to have the response include a uniform resource identifier (URI) that is used by the EHR to present Web pages from the content provider. These pages include the content, but can also support ongoing interactions between the EHR user and the content provider to further refine the request for information. The Infobutton standard is being continuously improved and expanded and is now in its fourth release. Because of the simplicity and current usage, we have advanced this technology profile only slightly ahead of last year's positioning, and maintained our estimate of its time to plateau. User Advice: Infobutton is well-suited for content retrieval, and should be considered first when arranging for third-party content. Some advocates are promoting Infobutton for providing clinical decision alerts through a third-party rule engine. We do not recommend such an expansion of the purpose of the standard. Business Impact: Infobutton is not a "plug and play" standard in that the EHR developer and the content provider have to agree on the general category of topics and the handling of the response. Purists might describe the lack of a standard response as a fatal flaw. Nevertheless, the uptake of the prior version indicates that it is a pragmatic approach that substantially reduces the variability and cost of matching up EHR products with content products, and it has strong support from vendors on both sides. There are important economic and practical drivers for the Infobutton, particularly the fact that content is provided online, one request at a time. When compared to the alternative, importing all the content into the EHR, the transactional approach facilitates timely updates by the content provider, as opposed to infrequent batch updates. For example, content on the adverse impacts of medications or infectious diseases could be updated in a matter of days, rather than over the course of a year. Furthermore, this approach enables the content provider to tune the algorithms for selecting content based on experience and current events. Finally, this approach offers the content provider tighter control over its intellectual property. Gartner, Inc. | G00276438 Page 51 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Benefit Rating: Low Market Penetration: 1% to 5% of target audience Maturity: Adolescent Sample Vendors: Cerner; Epic; Health Level Seven International; Healthwise; InterSystems; MedlinePlus; Orion Health; Wolters Kluwer Climbing the Slope Desktop Virtualization Analysis By: Zafar Chaudry, M.D.; Barry Runyon Definition: Desktop virtualization is a form of server-based computing (SBC) that allows access to a "thick client" PC image located on a server from a remote location. Desktop virtualization includes server virtualization software to host desktop images; a session management layer to connect users to their desktops; and tools to provision, monitor and manage the virtual desktop environment. Position and Adoption Speed Justification: Unlike SBC (characterized by Citrix XenApp), in which each application is "published" and its presentation layer is sent to the remote device separately, the presentation layer for the entire thick-client image is sent to the remote device. Access to the virtual desktop can be through a browser on a PC, on a mobile device or via a thin-client device, and all processing occurs on the host server. A virtual desktop runs in a virtual machine (VM). Multiple VMs can run on each server, with each VM hosting a PC OS and its associated applications. Because of persistent Windows deployment issues associated with the thick-client workstations and remote-access requirements, most healthcare delivery organizations (HDOs) are familiar with the concept of the virtual desktop. HDOs are finding the virtual desktop to be a good fit for their remote access and clinical mobility requirements. Virtual desktops can empower HDO users, simplify the overall desktop management, and enhance security and compliance. Traditionally, healthcare has been viewed as a vertical industry that is slow to adopt new technologies; however, healthcare is a growing market segment for virtual desktop technology ("Desktop Virtualization Provides Value in Healthcare"). Many Gartner HDO clients are actively investigating virtual desktops or have ongoing pilots. The use of desktop virtualization is more mature in the U.S. Desktop virtualization can also help HDOs in their ongoing efforts to make their fixed and mobile client-computing environments more manageable, reliable and secure. Right now, the total cost of ownership (TCO) for a virtualized desktop is estimated to be no lower, or only slightly lower, than that of a conventional desktop PC. Infrastructure costs, licensing considerations, and staffing and operational overhead will present challenges to virtual desktop deployments. Because of these concerns, and despite increased interest, desktop virtualization has moved only slightly ahead of last year's position on this Hype Cycle. User Advice: HDO CIOs and IT leaders should: Page 52 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com ■ Ensure that any decision to change the client-computing architecture is founded on a thorough and complete evaluation of costs surrounding testing, integration, product certification, storage, network and other infrastructure elements. ■ Note that entry costs, infrastructure dependencies, licensing considerations, staffing and operational overhead present challenges to virtual desktop deployments. ■ Pilot desktop virtualization for selected users before starting deployment for mainstream users. ■ Devise robust business cases that clearly articulate the TCO and ROI for this technology, since the ROI will probably not reflect in reduced hardware costs alone. ■ Develop a clear understanding of users, applications and manageability requirements before desktop virtualization deployments begin in earnest. ■ Start with structured task workers and plan to expand to knowledge workers. They should define the responsibilities of desktop, end-user computing, and data center staff members before beginning virtual desktop rollouts. ■ Ensure that specifications for server, storage and network infrastructure are factored into pilot desktop virtualization deployments. ■ Use desktop virtualization to enable bring your own device (BYOD) where users leverage PCs, Macs or mobile devices to access a hosted corporate image. ■ Consider cloud-based desktop virtualization services in which an external vendor provides the HDO with a desktop, as well as the infrastructure to host, manage and support it. HDOs should carefully consider the vendor's offering to ensure that it complies with data security requirements best practices, and that it has Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) and data protection (non-U.S.) certifications. Business Impact: Virtual desktops are a way to deliver a rich desktop experience that can be managed centrally. They will coexist with conventional workstations and SBC for some time to come. Single sign-on, strong authentication and virtual desktops have found synergy — collectively providing a seamless authentication and access experience for clinicians. Benefit Rating: Moderate Market Penetration: 5% to 20% of target audience Maturity: Adolescent Sample Vendors: Citrix; Dell; HP; IBM; Microsoft; Moka5; NComputing; Nutanix; Oracle; Red Hat; Unidesk; Virtual Bridges; VMware Recommended Reading: "Blueprint for Implementing Hosted Virtual Desktops" Gartner, Inc. | G00276438 Page 53 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com "How Hosted Virtual Desktops Impact the Network" "Seven Stages to a Successful Hosted Virtual Desktop Rollout" "Evaluation Criteria for Server-Hosted Virtual Desktops" "Desktop Virtualization Provides Value in Healthcare" Patient Self-Service Kiosks Analysis By: Barry Runyon Definition: Patient self-service kiosks range from free-standing and desktop units to handheld devices, and address HDO operational requirements, such as patient registration, check-in, wayfinding and account payments. Along with improved customer convenience and data quality, these kiosks offer new opportunities to engage the patient. Position and Adoption Speed Justification: Providing a hard ROI for kiosks can be problematic. There is typically a cash-flow and revenue improvement associated with kiosks' ability to accept payments, but it is rarely sufficient to provide a resounding purchase justification. The same is true for making an argument that self-service kiosks can lead to significant staffing reductions. This hasn't been the case. The barriers to adoption are largely financial, as the stand-alone units are expensive. Although the self-service kiosk can contribute to an improved customer/patient experience, the combination of a difficult ROI, a challenging healthcare economy and competition from higher-profile IT initiatives has resulted in no significant movement over the past few years. Self-service has its own unique challenges. For new kiosk deployments, it is best to provide a staff to assist patients. The kiosk must be able to integrate with the HDO's particular business and clinical system portfolio, such as patient management, scheduling, billing and the electronic health record (EHR) system. The kiosk also should support common integration standards and protocols (such as HL7, Web services and APIs), or provide the necessary off-the-shelf connectors or adapters for these systems. In certain venues, kiosks will support strong authentication measures (such as card readers, biometrics and e-signatures), and should be PCI-compliant. Kiosks can also introduce a potential hub for infection. Interest in patient self-service has been on the uptick lately due to new hospital facility design and construction activity and a desire by HDOs to deploy IT to engage patients, improve their care experience and make their participation more convenient (see "A Superior Patient Experience Is a Meaningful Measure of Care Quality"). It is also likely that patient self-service kiosks will increasingly give way to mobile kiosks employing Bluetooth low energy technology (for example, iBeacon) for wayfinding and contextual marketing to the patient. User Advice: HDO CIOs, IT and patient experience leadership should use self-service kiosks to enhance the patient experience, improve operational efficiency and improve data quality. Plan initial self-service functionality around the needs of patients. New registration functionality is often more complicated and time-consuming, and requires staff assistance. Use self-service kiosks as a supplement to staffing, rather than as a replacement for staff. Make self-service kiosk use voluntary, at least initially. Begin with check-in and payments. At first, kiosks will require hand-holding and Page 54 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com should not be left completely unattended. Place kiosks in high-traffic areas where there are many repeat customers. Kiosk placement is of singular importance to ensure adoption. HDOs should incorporate the cost of application interfaces into their total cost of ownership analysis. Stand-alone units are most often found in inpatient settings for functions such as wayfinding and directory services. Wall-mounted and countertop units are used in ambulatory settings for check-in, consent forms and surveys. Handheld and tablet kiosks are found in ambulatory settings and in the admissions and emergency departments of HDOs. Business Impact: Customer convenience should be the main consideration for deploying patient self-service kiosks. Reducing check-in times and associated frustrations will improve customer satisfaction and the patient experience. Self-service kiosks can be used to effectively automate and streamline certain registration, check-in, data collection and customer payment workflows. These self-service activities can improve the HDO's operational effectiveness, reduce head count in some cases and improve collections. Better data quality can contribute to better clinical outcomes, patient safety, compliance and revenue cycle management. Self-service kiosks can be used to capture updated patient information for near-real-time integration with other HDO clinical and business systems. Patients will increasingly view the degree to which an HDO offers self-service as a market differentiator. There is a real need to improve the patient experience and to become more operationally efficient and improve the quality of patient information. Along with patient portals, interactive patient care systems and mobile apps directed at the patient, self-service kiosks are part of an emerging patient-facing IT ecosystem that is steadily transforming the HDO into a digital business. Benefit Rating: Low Market Penetration: 5% to 20% of target audience Maturity: Early mainstream Sample Vendors: ACF Technologies; AutomationMed; Connected Technology Solutions (CTS); DynaTouch; Epic; Fujitsu; HealthAsyst; IBM; Intouch with Health; Kiosk Information Systems; Medhost; Medisolve; NCR; PatientPoint; PatientWorks; Savience; SeePoint; Vecna Recommended Reading: "Three Good Reasons for Deploying Patient Self-Service Kiosks" "Six Ways HDOs Can Improve the Patient Experience" "A Superior Patient Experience Is a Meaningful Measure of Care Quality" "2014 Strategic Road Map for the Real-Time Healthcare System" Gartner, Inc. | G00276438 Page 55 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Positive Patient Identification Analysis By: Barry Runyon Definition: Positive patient identification (PPID) begins with encoding individually identifying information on a wristband, bracelet or tag and affixing it to the patient. The encoded patient information could take the form of a linear or 2D/3D bar code or an RFID tag. Whatever the approach taken, the data encoded on the wristband or bracelet should positively and uniquely identify the patient. Position and Adoption Speed Justification: PPID is essential to patient safety and improved outcomes, and it contributes to a positive patient experience. The overarching value proposition of PPID is the systematic reduction of medical errors, along with the mitigation of potential healthcare and liability issues associated with misidentifying a patient under treatment. It directly addresses the issue of positively identifying patients before they receive care — treatments such as receiving medications, having blood samples drawn and tested, and being given blood products. While PPID is fundamental to patient safety and care quality, other benefits accrue: ■ Operational efficiency — PPID systems can help streamline hospital workflows by reducing tedious and redundant data entry and improving data accuracy and integrity. ■ Patient experience — PPID can contribute to improved patient outcomes and workflow improvements that benefit the patient and can reduce the frustration that patients feel when providing the same information multiple times. ■ Regulatory compliance — PPID systems can address the Joint Commission's standards and other industry guidelines surrounding patient safety and care quality. ■ Federal incentives — PPID can help healthcare delivery organizations (HDOs) qualify for American Recovery and Reinvestment Act "meaningful use" incentives. ■ Identity theft — PPID can mitigate medical fraud and abuse, and theft of service. We have positioned PPID in the Trough of Disillusionment, because it is not a new or emerging concept, nor is there a great deal of excitement surrounding it. Rather, it is a space that has been slowly evolving to meet the needs of the real-time healthcare system (see "2014 Strategic Road Map for the Real-Time Healthcare System") — an operational and management paradigm that relies heavily upon positively identifying patients, clinicians and resources to be effective and to provide a positive patient experience. User Advice: HDO CIOs, CTOs and chief medical informatics officers (CMIOs), when introducing or revisiting an enterprise PPID strategy, should focus on the PPID's overarching value proposition, relevant enterprise use cases, data requirements and application integration requirements. PPID solutions are made up of a number of different components, depending on the approach chosen. Decisions will need to be made regarding wristband systems, data encoding, scanning/reading devices and printers. A single, enterprisewide approach to PPID may not be appropriate for all patient venues, encounters and workflows. Those HDOs that have implemented PPID often use a combination of bar coding and passive RFID technologies. HDOs should pursue a vendor-neutral environment in which a variety of PPID systems can interoperate. Page 56 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com ■ Separate location and condition-sensing requirements from PPID requirements. Although there is technology overlap, the difference in the use cases may dictate different solutions. ■ Favoring bar codes now over RFID to satisfy most of your PPID use cases now, but expect to replace bar codes with RFID once the technology becomes more cost-effective. Business Impact: Once a patient has been positively identified, all subsequent encounters and related work become safer and more efficient. HDOs that have implemented PPID systems report improvements in patient safety, patient satisfaction, staff efficiency and even staff morale. There is evidence that hospitals that bar code identity systems avoid a significant number of the adverse drug events caused by errors in the distribution and administration of medications. The U.S. Food and Drug Administration (FDA) has estimated that about half of all adverse drug events were caused by errors in those stages of treatment. The FDA also has estimated that the per-bed cost of implementing a bar code point of care (BPOC) system for medication administration can be nearly completely offset by the per-bed cost of a single adverse drug event occurrence. Benefit Rating: High Market Penetration: 5% to 20% of target audience Maturity: Early mainstream Sample Vendors: Alvin Systems; Honeywell (Intermec); Motorola; Siemens; Stanley Healthcare (AeroScout); Zebra Technologies Recommended Reading: "Patient-Centered Healthcare Begins With Positively Identifying the Patient" "A Superior Patient Experience Is a Meaningful Measure of Care Quality" "2014 Strategic Road Map for the Real-Time Healthcare System" Vendor-Neutral Archive Analysis By: Barry Runyon Definition: A vendor-neutral archive (VNA) is an enterprisewide repository of patient-centric medical images. Vendor neutrality is achieved by interfacing with all major picture archiving and communication system (PACS) vendors and accommodating proprietary PACS and HDO requirements for medical image storage, retrieval and viewing. Position and Adoption Speed Justification: The VNA value proposition centers on promoting medical imaging standards, increasing the control and ownership the HDO has over its medical images and associated data, mitigating data migration complexity, and decreasing its dependence on individual PACS vendors. The VNA enables centralized access to the patient images for historical comparison, for second opinions and consultations, and for the integration with EHR systems and health information exchange (HIE) purposes. Basic characteristics that define a VNA include the Gartner, Inc. | G00276438 Page 57 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com ability to interface with all major PACS and clinical systems via the DICOM and Health Level Seven (HL7) standards, and the ability to store images in a nonproprietary DICOM format. VNAs are partly a response to prodigious storage growth due to medical imaging and the onerous cost and complexity of PACS-to-PACS migrations. Genuine interest in VNAs among healthcare delivery organizations began around 2009. Since then, HDOs have begun drafting enterprise imaging strategies that include the evaluation and selection of a VNA. Government and regional efforts (HIEs in the U.S., Canada, Europe and Australia) to create cross-enterprise centralized image repositories are further along than U.S. HDOs. With a significant portion of the electronic medical record housed as unstructured data, along with the increased use of analytics, more effort will made to mine value from imaging metadata to improve patient outcomes. HDOs will begin to invest more aggressively in VNAs as replacement PACS come online, and as these images need to be shared outside of their departmental silos. Barriers to VNA adoption include concerns about initial licensing, data migration complexities and costs, the security of cloud-hosted VNA offerings, performance and availability, support for existing storage fabrics and reporting deficiencies. User Advice: HDO CIOs and IT and medical imaging leadership should select a VNA that: ■ Has experience integrating with your particular EHR system, and one that can leverage your existing storage fabric ■ Can provide intelligent data cleansing and migration services from your existing PACS systems or has partnered with an imaging data migration specialist ■ Can store and manage non-DICOM objects, such as conventional image files, and one that has a strategy for accommodating images from less obvious sources, such as endoscopy, ER (wounds) and ophthalmology ■ Supports the Medical Imaging Network Transport (MINT), a new technology designed to improve access speed for the display of medical images ■ Supports Integrating the Healthcare Enterprise's (IHE's) Cross-Enterprise Document Sharing (XDS) Profile, particularly the XDS-I capability for existing PACS. In the final rule for Meaningful Use Stage 2, there is a "menu" measure that requires that more than 10% of all scans and tests that result in one or more images be accessible through the EHR. Individual eligible physicians and hospitals will come under this mandate between 2014 and 2017. A VNA can make it easier for HDOs to satisfy this requirement. Business Impact: A VNA can stem the proliferation of proprietary, departmental archives and viewing solutions across the HDO. By centralizing enterprise image storage to a single, sometimes remote, scalable repository, it can also improve the HDO's disaster recovery posture. By routinely offloading aging studies, it can improve the performance and availability of individual departmental PACS. A VNA can facilitate PACS decommissioning and PACS-to-PACS migration efforts by eliminating vendor-specific DICOM header information and storing the medical images in a vendor- neutral manner. A VNA frees up HDOs to purchase best-of-breed imaging solutions. A VNA can facilitate image exchange between healthcare facilities or HIEs. Diagnostic-quality images can be shared with DICOM-compliant PACSs with the proper level of patient detail. Page 58 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Benefit Rating: Moderate Market Penetration: 5% to 20% of target audience Maturity: Early mainstream Sample Vendors: Agfa HealthCare; AT&T; BridgeHead Software; Carestream Health; Cerner; DeJarnette; Dell; Dicom Grid; Dicom Systems; EMC; Fujifilm; GE Healthcare; GNAX Health; Kanteron Systems; Laitek; Lexmark; Mach7 Technologies; Merge Healthcare; TeraMedica Recommended Reading: "The Rise of the Vendor-Neutral (Image) Archive" "Technology Overview for Medical Image Intake and Sharing" "Technology Overview for Vendor-Neutral Archives" "Vendor-Neutral Archive Capabilities Complement the Real-Time Healthcare System" Enterprise Mobility Services Analysis By: Barry Runyon Definition: Enterprise mobility services (EMS), previously known as mobile device management platforms, provides for the software, hardware, security and network service management of smartphones and tablets within the enterprise. EMS systems can help healthcare delivery organizations (HDOs) safely expand the use of mobile devices in the workforce, whereby both corporate and employee-owned devices can coexist in a secure, controlled environment. Position and Adoption Speed Justification: For some time, healthcare providers have recognized that mobility can contribute to streamlined and collaborative business processes, and offer timely access to patient information and medical knowledge. Devices are routinely moving closer to the point of care, and mobile devices are used to extend the reach of expensive and critical clinical and business systems. With handheld devices like smartphones and tablets, the clinician no longer has to rely exclusively on a stationary workstation to retrieve patient-related information. If anything is alien to the IT organization, it is the bring your own device (BYOD) movement. Despite that, HDOs have begun to adopt BYOD as a way to satisfy end-user IT requirements. BYOD brings with it the need for new application and security architectures, new management and support policies, and new expense processes. The demand to use personally owned devices within the HDO comes from digital natives, upper management and clinicians — with physicians at the forefront of this trend. They have a real need and desire for mobile devices, software and tools that enable them to conveniently and safely communicate and collaborate, and to improve their productivity and care quality. They look to IT to ensure this activity is convenient, secure and responsive. Gartner, Inc. | G00276438 Page 59 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com The HDO IT organization is beset with an array of regulatory, compliance, security, technology, expense, organizational and policy constraints that challenge its ability to respond to the BYOD trend. The rate of innovation in smartphones, media tablets, social media and mobile applications is much faster than the enterprise adaptation rate. As more-useful mobile clinical applications surface, and as HDO users have come to rely more heavily on mobile computing to satisfy clinical communications and patient engagement requirements, EMS has become a requirement. Consequently, we have placed EMS further past the Trough of Disillusionment on what we believe will be a steady path to the Plateau during the next two to five years. User Advice: Not all HDOs are convinced that BYOD is the right course, given the general lack of enterprise preparedness and the privacy, security and administrative challenges. Those embracing BYOD, even reluctantly, are looking to IT to provide a secure, manageable and responsive mobile computing environment. Before implementing a BYOD program, determine if your IT infrastructure and support services can accommodate the anticipated number of employee-owned mobile devices and system access requests. HDOs already manage laptop PCs and notebooks, similarly to managing desktop PCs; however, the needs of tablets and smartphones must be more closely assessed. Use of smartphones and media tablets should be governed by the appropriate mobile device policies. Put in place a mobile device policy that sets forth all of the mobile devices affected by the policy, acceptable-use guidelines, responsibilities of users and the enterprise, and any associated penalties and corrective actions. Begin the necessary planning and infrastructure investments to retire in-house or wide-area pagers for clinicians, in favor of smartphones, particularly where more robust, bidirectional communication is required. Business Impact: An EMS platform will be necessary to support the move toward a choice- oriented approach. HDOs must consider how the support organization may be affected by a BYOD policy. What should the HR organization do to prepare for a BYOD approach? For example, do new employees need to sign an acceptable-use policy, or do all employees need to undergo security training? Should some mobility-related functions be outsourced? It may make sense for some HDOs to take a cloud-based EMS approach, or to outsource the mobile expense management function. The HDO business is looking to IT to make it safe and efficient, and EMS is a critical part of satisfying that requirement. Benefit Rating: Moderate Market Penetration: 5% to 20% of target audience Maturity: Early mainstream Sample Vendors: BMC Software; BoxTone; Citrix (Zenprise); Fiberlink; Good Technology; McAfee; Microsoft; MobileIron; Sybase; VMware (AirWatch) Recommended Reading: "Magic Quadrant for Managed Mobility Services" "HDO CIOs Must Get in Front of Mobile BYOD" "2014 Strategic Road Map for the Real-Time Healthcare System" Page 60 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Information Life Cycle Management Analysis By: Zafar Chaudry, M.D. Definition: Information life cycle management (ILM) is used to classify data according to its business value. ILM establishes policies to migrate and store data on the appropriate storage tier and can ultimately remove it altogether. ILM has evolved to include initiatives such as master data management and compliance. Position and Adoption Speed Justification: Most data management, storage management, content management, document management, and records management systems fall under the ILM umbrella. ILM drivers include the growth in structured and unstructured data, clinical automation, medical imaging, compliance, business intelligence and analytics and legal discovery. Challenges to adoption include the high cost and complexity of the storage management environment; lack of standards, the lack of enforcement of industry data retention schedules, and the required upfront investments in data, application and storage hardware. However, by routinely modifying the storage used and the levels of protection throughout the life cycle of information, organizations can lower the total cost of ownership, can improve compliance (thereby minimizing business risk) and improve availability by aligning information with business goals and service levels. ILM enables the enterprise to better organize and manage its structured and unstructured content and the associated storage infrastructure. Although most major storage vendors have announced some type of ILM initiative, no consistent portrayal of ILM has surfaced, and HDOs remain confused about its value proposition. Healthcare delivery organizations (HDOs) have invested in ILM to varying degrees. Some have established storage tiers, invested in storage resource management tools, and archived their email, documents and medical images based on data retention schedules. However, it is still easier to purchase additional storage than to invest in a comprehensive ILM strategy. Interest in legacy decommissioning and vendor-neutral archives has satisfied some ILM requirements at a more tactical level and has served to undermine the strategic initiative. As such, we have moved this only slightly further along on the Hype Cycle. User Advice: HDO CIOs and IT leaders should: ■ Facilitate ILM primarily through policy and people, not just technology. ■ Create a master data management (MDM) strategy that is closely aligned with the enterprise's business strategy. ■ Identify important structured and unstructured enterprise data. ■ Work with medical records, legal and other departmental data owners to establish data retention requirements. ■ Establish an overall storage and data management plan and a formal storage management function within IT. ■ Deploy storage resource management tools, search and automated classification software. Gartner, Inc. | G00276438 Page 61 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com ■ Deploy an email archiving system, enterprise content management system and a database archiving solution for legacy decommissioning. ■ Off-load aging studies to an enterprise or vendor neutral archive to improve the performance of departmental imaging systems. Business Impact: Many HDOs lack a strategic approach for managing critical enterprise information through its life cycle, and rely on out-of-date, operational contingencies. Often, data center backup schedules define the scope of their information life cycles and data retention strategies. This is partly due to the daunting level of effort that ILM implies and the integrated storage infrastructure it requires. Benefit Rating: Moderate Market Penetration: 5% to 20% of target audience Maturity: Adolescent Sample Vendors: CA Technologies; Dell; EMC; Fujitsu; Hitachi Data Systems; HP; Hyland Software; IBM; Informatica; Microsoft; NetApp; OpenText; Oracle; Perceptive Software; Symantec; Xerox Recommended Reading: "Strategic Road Map for Enterprise Information Management" "Best Practices for Storage Management: Developing an Information Life Cycle Management Strategy" "Top Actions for Healthcare Delivery Organization CIOs: Introduce Enterprise Information Life Cycle Management" "Information Life Cycle Management" IHE XDS.b Analysis By: Zafar Chaudry, M.D. Definition: Integrating the Healthcare Enterprise (IHE) Cross-Enterprise Document Sharing (XDS) is a collection of standards and implementation guidance for health information exchange (HIE). Specifically, XDS.b includes a set of profiles for secure sharing of healthcare information. Under XDS.b, the unit of exchange is a report, which may include structured data. Exchanges happen by "lookup and retrieve," rather than "push." Position and Adoption Speed Justification: IHE establishes integration profiles and specifications, as well as defines how they will be used to meet specific interoperability challenges. System developers develop code to match and test their interoperability at IHE-run "connectathons" in North America, Europe and Asia/Pacific. Vendors then describe their conformance to specific profiles in IHE conformance statements, a standard document format defined by IHE. We measure XDS market penetration by the degree to which its profiles have become the basis for actual Page 62 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com integration in and among healthcare organizations, or have been used as a basis for contracts between healthcare organizations and IT vendors. Actual usage lags other indicators of IHE progress, such as the number of profiles or the number of vendors that have demonstrated conformance to a profile. Nonetheless, this is the measure that is most relevant to HDOs. XDS.b is used in numerous settings. Three that are in general usage are: ■ To interconnect electronic health records to form an HIE ■ Cross-Community Access (XCA) for inter-HIE connections ■ XDS-I.b for image sharing Many HIEs and HDOs report that they are in production using profiles built over XDS.b, including, but not limited to, XDS-I.b — the IHE profile devised for image sharing. These HIEs are concentrated in the U.S., parts of Europe and Australia, China, and Japan. Most of these are listed at "Where in the World Is XDS and CDA." In the U.S., many EHR vendors are interoperating with one another on behalf of clients, using profiles built over XDS.b. The protocols may be used in a bilateral arrangement between vendors or may be operated as part of the Healtheway eHealth Exchange. Healtheway is a private, nonprofit organization that provides the governance function for what was previously known as the Nationwide Health Information Network (NwHIN) Exchange. As of May 2015, Healtheway had 90 participants, including federal agencies, states and health systems. The XDS.b specifications are broad enough to support a variety of options with respect to whether repositories are centralized, federated or are actually the clinical systems that are data sources. It is still the case that there are disagreements among the vendors on how to interpret the specifics of XDS, so a vendor needs to employ one of several interfaces, according to who the other vendor is. The success stories for XDS.b (for example, in France, Austria and the Netherlands) continued to grow in during the past year, resulting in our moving IHE XDS.b slightly further along the Hype Cycle. User Advice: HDO CIOs and IT leaders: ■ Use the XDS.b protocols for workflows that are based on query and response, providing that the key vendors the HDOs use have IHE support in their generally available software releases. ■ Use direct messaging where workflows call for pushing information point to point. ■ Assemble and get agreement on specific profiles built over XDS.b, and create a contract among all participants covering operational approach and privacy protections. XDS.b is only one technical component in the much bigger effort of creating an HIE. Business Impact: Where the IHE approach fits HIE needs, using the IHE may reduce the time, risk and other challenges associated with implementation. Benefit Rating: Moderate Market Penetration: 5% to 20% of target audience Gartner, Inc. | G00276438 Page 63 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Maturity: Early mainstream Sample Vendors: athenahealth; Agfa HealthCare; Alert; Allscripts; Axolotl; AxSys; BridgeHead Software; CareEvolution; Cerner; Dell; e-MDs; eClinicalWorks; EMC; Epic; Fujifilm; GE Healthcare; Greenway Health; Greenway Medical Technologies; Harris Healthcare; Hitachi Data Systems; Hyland Software; IBM; Infor; Intel; InterSystems; Lexmark Healthcare (Acuo Technologies); Lexmark (Perceptive Software); Marand; McKesson; Meditech; Merge Healthcare; NetApp; NextGen Healthcare; Optum Clinical Solutions (formerly Picis); Oracle; Orion Health; PatientKeeper; Philips Healthcare; QuadraMed; Siemens Healthcare Recommended Reading: "Vendor-Neutral Archive Capabilities Complement the Real-Time Healthcare System" "Technology Overview for Vendor-Neutral Archives" Location- and Condition-Sensing Technologies Analysis By: Barry Runyon Definition: Location technologies are used to determine the geographical position of a person or thing — the most familiar being GPS. Commonly referred to as real-time location services (RTLS), they include infrared, microwave, Near Field Communication (NFD), RFID, ultrasound, ultrawideband, Wi-Fi and ZigBee. Condition-sensing involves the use of these technologies to monitor temperature, humidity, light, movement, low-battery situations and other environmental conditions within hospital areas that require close monitoring. Position and Adoption Speed Justification: Staff, patients and medical equipment are in constant movement throughout an HDO. All can be difficult to locate, and timely access is critical to the delivery of care, operational efficiency, compliance and the patient experience. Location- and condition-sensing technologies (LCSTs), combined with applications such as wireless healthcare asset management (WHAM), patient throughput and capacity management (PTCM), LCST application platforms, and real-time healthcare temperature/humidity monitoring (THM), work together to provide the real-time operational intelligence necessary to increase compliance, protect assets, and balance scheduling, workload and resource demands. Most HDOs have pervasive LAN/WLAN infrastructures in place and have deployed mobile devices and patient-monitoring equipment to support clinical and business workflows. They are looking to further leverage this network to improve care, reduce costs and manage workloads. Due to the surplus of hype in this space and the immaturity of the market, HDOs are uncertain which LCSTs are most appropriate for their various enterprise use cases or which vendors will survive market consolidation. Activity in this space will be mired in the Trough of Disillusionment as HDOs sort out their requirements and work with vendors to confirm product capabilities. The cumulative effect of LCSTs on the enterprise WLAN is also a concern and has created a corresponding interest in more- robust WLAN bandwidth management practices and applications. HDOs increasingly see the value in enterprise or situational awareness and have increased their adoption of LCSTs appropriately year over year, so we have moved LCST slightly beyond last year's Page 64 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com position. There is also nascent interest in Bluetooth low energy (BLE) or Bluetooth Smart for wayfinding and contextual marketing to consumers and patients as they move through HDO facilities. User Advice: HDO CIOs and CTOs should use location- and condition-sensing telemetry to optimize business and clinical workflows, enhance patient safety, improve patient throughput and staff and equipment use, protect perishable assets, and monitor critical areas of the hospital by: ■ Preparing to support an increasing number of LCSTs and factor these into network planning. ■ Combining technologies (for example, Wi-Fi or active RFID for larger enterprise monitoring, passive RFID for improving clinical workflow, or ultrasound for in-room sensing), while attempting to keep the overall design as simple and maintainable as possible. ■ Understanding the precision; technical limitations; and procurement, maintenance, integration and support costs associated with each of the various technological approaches. ■ Taking trade-offs into consideration, such as the ability to leverage existing LAN/WLAN infrastructures, coverage, battery life, precision, device interference characteristics and vendor application integration capabilities. ■ Identifying critical clinical and business workflows that can benefit most from location- and condition-sensing services and underlying technologies. ■ Replacing bar coding systems with RFID, once the technology becomes more cost-effective. ■ Moving toward an enterprise platform in this important area. Discrete sensor application purchases have historically been led by departments, such as biomedical engineering for wireless asset tracking, or nursing for refrigerator temperature and humidity monitoring, infant tracking or patient elopement. Because an increasing number of mobile devices include location sensing, HDOs should look for ways to improve their business processes by leveraging location-aware technology. The hospital as a real-time healthcare system (RTHS) requires up-to-date information for the optimal execution of its critical business and clinical processes (see "2014 Strategic Road Map for the Real-Time Healthcare System"). Business Impact: Location- and condition-sensing technologies, when used in concert with resource-tracking/monitoring systems and dashboards that make information and device information visible to the enterprise, make it possible to leverage the increased mobility inherent in the modern HDO with RTHS. Improved business process management is enabled by the analysis and the data collected from LCSTs and systems. Combining them with WHAM, PTCM, LCST and condition-sensing applications will result in operational efficiencies, such as improved patient flow, compliance (for example, device maintenance and certification), resource use and planning. Visibility into real-time location and/or condition intelligence will become increasingly vital to running an efficient and effective HDO. Workflow improvements resulting from LCST platforms are incremental in nature and reduce costs through the introduction of efficiencies. Initial capital costs (such as WLAN improvements, access points, chokepoints, readers, mobile devices, sensor and tag Gartner, Inc. | G00276438 Page 65 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com technology, and integration platforms) and implementation times (such as workflow requirements and application integration work) can be significant and lengthy, so RFID will also increasingly be used for identity assurance. Benefit Rating: High Market Penetration: 5% to 20% of target audience Maturity: Early mainstream Sample Vendors: Awarepoint; Black Box; CenTrak; Cisco; Ekahau; Radianse; Skytron; Sonitor Technologies; Stanley Healthcare (AeroScout); Terso Solutions Recommended Reading: "2014 Strategic Road Map for the Real-Time Healthcare System" "Top Actions for Healthcare Delivery Organization CIOs, 2014: Accelerate Adoption of Real-Time Healthcare System IT" "A Superior Patient Experience Is a Meaningful Measure of Care Quality" User Administration/Provisioning Analysis By: Barry Runyon Definition: User administration/provisioning solutions manage identities and their attributes across systems, applications and resources. They are used to create, modify, disable and delete user accounts and associated profiles to automate onboarding, offboarding and other administrative workforce processes at an enterprise level. User fulfillment activity is initiated via self-service, management request or HR system events. Position and Adoption Speed Justification: User administration/provisioning is often a partially automated workflow within most healthcare delivery organizations (HDOs). Manual intervention is almost always required, and HDOs rely on their IT personnel and departmental administrators to provision many of their systems and IT resources. These provisioning workflows involve a sequence of phone calls, interoffice communications, email, spreadsheets and approval forms. They are often not well-integrated or closely monitored, resulting in delays, productivity issues and unnecessary security risks to the enterprise. Gartner refers to any user administration/provisioning workflow that requires manual intervention for completion as "bridged." Fully automated provisioning is usually limited to a subset of mission-critical systems. The bridged approach is no longer tenable, given the number of clinical, business and enterprise applications, systems and resources that require routine and timely provisioning and deprovisioning. The problem is further compounded by the number and variety of potential users, locations and devices that are inside and outside the enterprise. User administration/provisioning can automate the process of deprovisioning user access to HDO IT resources and systems. This is an important access management guideline under HIPAA. Page 66 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com The adoption level of user administration/provisioning has been modified only slightly from the previous year. This is not a reflection of its inherent value to the HDO; rather, it suggests that the value proposition is not as clear as it needs to be, and that the complexity and cost are still significant barriers. Given the requirements of the real-time healthcare system (see "2014 Strategic Road Map for the Real-Time Healthcare System") to safely onboard new constituents, engage the consumer and patient more effectively and efficiently, increased acceptance of cloud services, and the inexorable march of mobility, it is our belief that user administration/provisioning will necessarily come into its own within the next two years. User Advice: User administration/provisioning should be implemented as part of an overall HDO identity administration strategy. If possible, user administration/provisioning should be implemented before other identity and access management initiatives, such as single sign-on and strong authentication measures. User administration/provisioning implementations are as much about planning, people, policies and processes as they are about the underlying technologies. Most failed or stalled user administration/provisioning implementations are a result of underestimating the effort required in these areas. Avoid technology selection at the outset of planning, because it is best to have a decision framework that identifies, prioritizes and organizes resources for the initiative. Top- down planning that takes into account corporate security policies and operational processes improves the chances of user administration/provisioning deployment success. It is important to note that connector/adapter issues with certain custom and vendor applications may prevent complete automation across all platforms and systems. Business Impact: Within the HDO, user administration/provisioning is the key to the timely decommissioning of departing employees; it also addresses the security and privacy provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, as well as comparable regulatory initiatives in other countries. In addition, user administration/provisioning tools can automatically correlate data from HR, CRM, email systems and other "identity stores" (directory services, application databases, email systems and so on). Through the correlation of credentials from the various identity stores found in the enterprise, user administration/provisioning reduces the cost and complexity of administering and provisioning users. Benefit Rating: Moderate Market Penetration: 5% to 20% of target audience Maturity: Adolescent Sample Vendors: Caradigm; CA Technologies; Courion; Evidian; Fischer International; Hitachi ID Systems; IBM; Microsoft; Oracle Recommended Reading: "Magic Quadrant for User Administration/Provisioning" "Provisioning User Accounts to Cloud Applications" "2014 Strategic Road Map for the Real-Time Healthcare System" Gartner, Inc. | G00276438 Page 67 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Enterprise Content Management Analysis By: Barry Runyon Definition: Enterprise content management (ECM) is used to analyze, create, store, distribute, discover, archive and manage unstructured content, such as scanned documents, reports, images and office documents. ECM is used increasingly by HDOs to create a centrally managed repository of unstructured information, bridging the gap between the administrative, business and clinical systems (most notably, the EHR) used to store discrete, structured patient information. Position and Adoption Speed Justification: HDOs often have multiple departmental document management systems that support their various administrative, business and clinical workflows. Although document management and imaging (DMI) is well-established within HDOs, an enterprisewide view or approach is relatively new, driven largely by the need to organize unstructured data around the patient. ECM can help HDOs take control of their content and, in so doing, boost productivity and promote collaboration. Some ECM vendors have technology components, such as digital asset management (DAM), for handling rich media and electronic forms. As e-discovery requirements in HDOs continue to grow, the value of having a trusted system of record also increases. By controlling access to content, managing the versions of content and, simultaneously, reducing the reliance on less-managed environments (such as file servers), enterprises can improve their overall data quality. ECM is evolving to include content such as medical images, and capabilities like synchronizing and sharing enterprise files. ECM is critical to the HDO's successful evolution to the real-time healthcare system (see "2014 Strategic Road Map for the Real-Time Healthcare System"). The real-time healthcare system is in response to an increasingly mobile, collaborative and remote workforce, and makes use of patient information, medical knowledge and operational intelligence to continuously improve and adjust clinical and business processes in real time. It was with this in mind that we continue to move ECM closer to the Plateau of Productivity. User Advice: HDOs should take inventory of their various document and content management systems. Those that have unstructured content stored on file servers and in niche departmental DMI applications have an opportunity to manage this content at an enterprise level. HDOs should view ECM as an important component of an enterprisewide information infrastructure that will support all of their business and clinical applications and workflows. HDOs should develop exit strategies for departmental and niche document and content management systems. All unstructured data will be increasingly organized around the patient, and as ECM takes hold within the HDO, this unstructured content will become a rich source of data for analytics initiatives, population health management, care team collaboration and virtual care. Business Impact: DMI systems will slowly yield to ECM. Many HDOs look to ECM to make their business processes more efficient and to reduce costs. HDOs can automate vertical business processes, such as claims, billing and discharge processing, as well as satisfy data requirements surrounding regulatory compliance, e-discovery, intranet, extranet, and website or portal publishing. ECM systems are being used now by EHR systems to link their transactional patient information with unstructured patient information captured and managed outside the EHR. ECM is also being used to house non-Digital Imaging and Communications in Medicine (DICOM) medical images. Page 68 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Recently, at least one major ECM vendor with a healthcare provider vertical has begun to build out its system to accommodate DICOM objects as part of a plan to serve as an enterprise vendor- neutral image archive. Benefit Rating: Moderate Market Penetration: 5% to 20% of target audience Maturity: Early mainstream Sample Vendors: EMC (Documentum); Hyland Software (OnBase); IBM (FileNet); McKesson; Microsoft; OpenText; Perceptive Software; Quest Diagnostics (MedPlus); Siemens Recommended Reading: "Move From Document Management to Enterprise Content Management" "Lexmark's Acquisition of Acuo Technologies Heralds a New ECM Focus for HDOs" "2014 Strategic Road Map for the Real-Time Healthcare System" Patient Portals Analysis By: Thomas J. Handler, M.D. Definition: Patient portals enable a secure online patient-provider relationship and access to clinical and educational information, financial and administrative functionality, and personal health maintenance tools. Portals can be stand-alone or tethered (integrated) to electronic health record (EHR) systems or healthcare megasuite offerings. Position and Adoption Speed Justification: There are two forms of patient portals — tethered to an EHR or megasuite product, or stand-alone. The latter has the advantage of providing a single portal that can link to multiple EHRs, but tends to have less functionality than a tethered portal. Although patient portal technology is mature, adoption remains limited, with only a few leading HDOs effectively leveraging their vendors' patient portals to improve care and patient satisfaction. Drivers for patient portals include rising healthcare consumer expectations of digital connectivity with providers; efficiency; and in some countries, including the U.S., regulations mandating their use. Concerns about privacy and security are unlikely to inhibit the use of portals. Barriers include lack of reimbursement for their use, limited functional interoperability, difficulties in patient verification, and in some areas, lack of access to computer systems. The primary form of patient portal outside the U.S. is a stand-alone regional or national system that provides patients with access to a summary of their medical data and recent interactions, and enables them to renew prescriptions, book appointments and have e-visits. Examples of countries and regions that have pioneered patient portals include Denmark, Estonia, Sweden, Andalusia (Spain), Lombardy (Italy), the U.K., New Zealand and Australia. Gartner, Inc. | G00276438 Page 69 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Moving this technology only slightly ahead of last year's position reflects the situation in the U.S., which as a result of Meaningful Use requirements, is more advanced than most other countries. However, this has created a compliance approach for many HDOs, which still lack a coherent strategy for how they will leverage portal technology. User Advice: CIOs of HDOs that have multiple EHRs or whose EHRs do not have adequate portal functionality should consider using portal platforms to construct Web-based composite applications, and then linking them to clinical applications (using service-oriented architecture [SOA] techniques — APIs and Web services — to reuse application and system logic and data). However, expectations need to be correctly set. Stand-alone portals tend to have much less clinical information and functionality than tethered portals do. Furthermore, even appropriately interfaced portals require clinicians to step outside of their regular workflows and use a "different" system, and clinical data may not be available for automated clinical decision support or care management functionality. Portals that are tethered to an EHR have the advantage that the patient-clinician interactions are part of the normal EHR workflow, but they have access only to the clinical record contained within a single system. HDO CIOs should work with clinical leaders to develop a longer-term plan to extend interactive capabilities, including patient-provider communication and e-visits. Although vertical platforms or portal platforms can be useful, especially if the organization has multiple clinical applications, the functionality of a portal provided by the enterprise EHR system tends to fit clinician workflow better and is, therefore, better for use. The patient portal strategy should also be aligned with a self- service kiosk strategy. Business Impact: Patient portals provide patients access to test results and can increase patient satisfaction and improve brand loyalty. As more robust interactive functionality is built in that enables direct patient-clinician interactions, HDOs can expect improvements in clinician productivity. In addition, organizations can improve the quality of care delivered by using the clinical patient portal to improve communication between patients and providers. Benefit Rating: Moderate Market Penetration: 20% to 50% of target audience Maturity: Early mainstream Sample Vendors: Alere (Wellogic); Allscripts; Cerner; Epic; Harris (Carefx); Influence Health; InterSystems; Kryptiq; Medicity; Orion Health; RelayHealth Recommended Reading: "Six Ways HDOs Can Improve the Patient Experience" "2015 Top Action for Healthcare Provider CIOs: Supercharge Patient-Facing IT to Support Patient Engagement" Page 70 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com "Securing and Selling the Patient Portal" "Case Study: Henry Ford Health System's Enterprise Portal" Entering the Plateau Strong Authentication for Enterprise Access Analysis By: Barry Runyon Definition: Strong authentication for enterprise access refers to the various multifactor credential requirements used to access IT resources inside and outside the HDO's corporate firewall. Strong authentication is based on at least two different factors or credentials. Only by using a factor of a different type, each with different vulnerabilities, will there be significant resistance to attack. Position and Adoption Speed Justification: The authentication marketplace encompasses a daunting array of authentication methods, each differing from the next in authentication strength, total cost of ownership and user experience. Accuracy, scalability, cost and workflow integration have yet to meet the expectations of most HDOs, and remain key inhibitors. Although some products have strength in one or two of these areas, no single product offers strong functionality across the entire spectrum. As these issues are addressed — most notably, cost and ease of integration — strong authentication will be used to augment single sign-on (SSO) and hosted virtual desktop (HVD) deployments in which high accountability is required. SSO can improve the user experience by reducing the number of credentials required to gain access to critical systems, and by replacing those credentials with strong authentication measures. Gartner has seen an increase in the number of inquiries from HDOs whose clinicians require secure, remote access to centralized clinical systems. They require a strong authentication approach that is convenient, affordable and maintainable, while offering an authentication strength (a measure of the method's resistance to attacks) that is commensurate with reasonably anticipated threats. These requirements will become more common as HDOs work to engage and retain physicians, and as they extend the reach of their critical clinical systems beyond the enterprise firewall. Alternatives are strong authentication measures such as agentless PC inspection software (also referred to as "client device identification"), challenge response approaches (such as those used by the banking industry), mobile-activated one-time passwords and voice biometric approaches. Each of these approaches has its strengths and shortcomings, and all are best-suited for trusted user communities. U.S. Drug Enforcement Administration regulations require multifactor authentication for physicians who electronically prescribe controlled substances, and on the system administration functions that control role-based access for those physicians. Although these requirements have not been implemented by all HDOs to date, they will continue to drive the adoption of these technologies during the next few years. Because of the difficulty of managing multiple credentials, privacy and compliance concerns, and the need to expedite access to critical enterprise applications and systems, strong authentication measures will be adopted increasingly by HDOs, and this profile will move slowly but steadily toward HDO mainstream adoption over the next few years. Gartner, Inc. | G00276438 Page 71 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com User Advice: Use strong authentication in clinical and business venues within the HDO to secure PHI. Choose a combination of approaches that strengthens security, but does not inhibit workflow. Use in conjunction with mobile access, SSO and HVD to address ease of use, scalability and integration issues. Consider strong authentication measures where high accountability and compliance are required. This includes common nursing and physician workstation access to clinical systems, as well as front- and back-office administrative access to admissions, medical records and financial systems. In these cases, strong authentication measures would likely include biometrics, proximity devices and smart cards. Passive proximity, coupled with seamless roaming, can improve security and expedite access. A good authentication choice need not be the strongest available method — but must be strong enough. Business Impact: Strong authentication inside and outside the enterprise is adopted in support of a secure clinical workflow and as a deterrent to medical identity fraud and abuse. Certain strong authentication measures, such as biometric and proximity devices, can expedite access to the clinical workstation and provide for more seamless access to the clinical workflows. Careful attention must be paid to how these devices are supported by the clinical software, the SSO application and session timeout parameters to ensure they all work together effectively. It is difficult to associate a hard ROI with this entry, but avoidance of the potential financial or reputational damage of a security breach must be considered. Benefit Rating: Low Market Penetration: 5% to 20% of target audience Maturity: Early mainstream Sample Vendors: Apple (AuthenTec); Covisint; EMC (RSA); Entrust Datacard; Equifax; Fujitsu; HID Global; Imprivata; Microsoft; Passfaces; Precise Biometrics; ServiceSource (AdmitOne Security); Symantec; ValidSoft; VoiceVault Recommended Reading: "Good Authentication Choices for Healthcare Delivery Organizations" "Good Authentication Choices: Evaluating Biometric Authentication Methods" "As HIPAA Regulations Get Teeth, Healthcare Firms Feel the Bite" Medical Device Connectivity Analysis By: Zafar Chaudry, M.D. Definition: Medical device connectivity systems (MDCSs) connect medical devices and patient monitors to the electronic health record (EHR) system. They transfer and translate data between proprietary instrument formats and the input requirements of specific EHR products. They provide buffering during EHR downtime, can flag abnormal data, and provide a user interface (UI) for clinicians to review the data from the medical device or instrument. Page 72 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Position and Adoption Speed Justification: MDCSs are a well-established technology that support both low- and high-acuity devices, such as infusion pumps and bedside monitors, as well as vital signs and oxygen saturation devices. MDCS vendors provide — with their systems — extensive certification of specific instrument software releases. UIs are available for many classes of devices, including patient monitoring, infusion, respiratory care, anesthesia administration, and critical care monitoring. Device libraries continue to grow year over year. Some vendors have already achieved substantial penetration of the global market through direct channels and remarketing by EHR vendors. Most major EHR vendors now have experience working with these products in various workflows. Device manufacturers are increasingly supportive, because they realize that EHR integration affects the time to market for new instruments. In the U.S., many MDCSs are regulated by the U.S. Food and Drug Administration (FDA) as medical device data systems (MDDSs). If the data the MDDS transfers is used for continuous monitoring of a patient or for immediate clinical decision making, then it is more strictly regulated. Under this rubric, manufacturers do not require premarket approval, but must meet requirements for good manufacturing practices, including formally tracking problems and resolutions, collecting adverse events, and giving the FDA an annual report of adverse events. These regulations apply to healthcare organizations that have built their own MDCS software. Regulation requirements outside the U.S. vary by country. MDCS vendors have also started to provide data from devices for analytics purposes. We have positioned this technology toward the end of the Hype Cycle (reflecting the U.S. position) because the usage of these products has been steady, as evidenced by a low level of inquiries in 2014. However, non-U.S. healthcare delivery organizations are currently implementing integrated EHRs, so they are early in the implementation and use of this technology. User Advice: Healthcare delivery organization (HDO) CIOs should: ■ Obtain business sponsorship from nursing, critical care medicine and biomedical engineering for an MDCS project. ■ Develop a pilot program and work with clinicians to determine business value and success by measuring the time until device data is available in the EHR system and the amount of use of nursing time. ■ Take note of nurse call integration requirements and alarm management issues. U.S. HDOs should evaluate any self-developed interface software to determine whether it meets the definition of an MDDS. If so, they should adopt good manufacturing practices, institute adverse event reporting, and file any adverse data with the FDA. If they have self-developed software that exceeds the definition of an MDDS, they should seek the advice of counsel or consultants familiar with FDA procedures to decide whether to file a 510(k) premarket notification. Business Impact: Medical device connectivity systems: ■ Allows clinicians to spend more time on direct patient care, providing demonstrable savings in nursing full-time-equivalent requirements. Gartner, Inc. | G00276438 Page 73 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com ■ Improves the accuracy of charted vital signs and other respiratory and blood parameters. ■ Enables near-real-time access to medical device data and EHR-improved decision making and automated alerts. ■ Provides a faster time to market for new instruments and more-consistent instrument interactions with EHR systems. ■ Ensures more productive use of nursing time, more accurate charting, and more timely use of decision support by introducing medical device integration into nursing workflows. Benefit Rating: High Market Penetration: 5% to 20% of target audience Maturity: Early mainstream Sample Vendors: Bridge-Tech Medical; Capsule; Cardiopulmonary; CareTrends; Cerner; Data Innovations; Epic; GE Healthcare; NantHealth (iSirona); Nuvon; Siemens Healthcare Recommended Reading: "Medical Device Manufacturers Need to Focus on Security" Appendixes Page 74 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Figure 3. Hype Cycle for Healthcare Provider Technologies and Standards, 2014 expectations Enterprise Fraud and Misuse Management Secure Text Messaging Enterprise File Consent Management Synchronization IT GRCM and Sharing Master Data Management C-CDA Release 1 (U.S.) Clinical Communications Natural Language Processing (Clinical Enterprise) and Collaboration Continua 2014 Real-Time Healthcare System Enterprise Content Management Voice User Interface Patient Portals Blue Button+ User Administration/Provisioning Business Continuity Management Planning Unified Communications FHIR Strong Authentication for Nanomedicine Enterprise Access Legacy Decommissioning Medical Device Connectivity Semantic Interoperability/ Location- and Condition-Sensing Technologies Healthcare IHE XDS.b Direct Messaging SNOMED CT ICD-10 (U.S.) Information Life Cycle Management HIE Patient Self-Service Kiosks End-User Experience Mobile Device Management Monitoring Emergency/Mass Notification Services HL7 Infobutton, R1 Vendor-Neutral Archive Positive Patient Identification Desktop Virtualization GS1 Healthcare (GDSN) As of July 2014 Peak of Innovation Trough of Plateau of Inflated Slope of Enlightenment Trigger Disillusionment Productivity Expectations time Plateau will be reached in: obsolete less than 2 years 2 to 5 years 5 to 10 years more than 10 years before plateau Source: Gartner (July 2014) Gartner, Inc. | G00276438 Page 75 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Hype Cycle Phases, Benefit Ratings and Maturity Levels Table 1. Hype Cycle Phases Phase Definition Innovation Trigger A breakthrough, public demonstration, product launch or other event generates significant press and industry interest. Peak of Inflated During this phase of overenthusiasm and unrealistic projections, a flurry of well-publicized Expectations activity by technology leaders results in some successes, but more failures, as the technology is pushed to its limits. The only enterprises making money are conference organizers and magazine publishers. Trough of Because the technology does not live up to its overinflated expectations, it rapidly becomes Disillusionment unfashionable. Media interest wanes, except for a few cautionary tales. Slope of Focused experimentation and solid hard work by an increasingly diverse range of Enlightenment organizations lead to a true understanding of the technology's applicability, risks and benefits. Commercial off-the-shelf methodologies and tools ease the development process. Plateau of Productivity The real-world benefits of the technology are demonstrated and accepted. Tools and methodologies are increasingly stable as they enter their second and third generations. Growing numbers of organizations feel comfortable with the reduced level of risk; the rapid growth phase of adoption begins. Approximately 20% of the technology's target audience has adopted or is adopting the technology as it enters this phase. Years to Mainstream The time required for the technology to reach the Plateau of Productivity. Adoption Source: Gartner (July 2015) Table 2. Benefit Ratings Benefit Rating Definition Transformational Enables new ways of doing business across industries that will result in major shifts in industry dynamics High Enables new ways of performing horizontal or vertical processes that will result in significantly increased revenue or cost savings for an enterprise Moderate Provides incremental improvements to established processes that will result in increased revenue or cost savings for an enterprise Low Slightly improves processes (for example, improved user experience) that will be difficult to translate into increased revenue or cost savings Source: Gartner (July 2015) Page 76 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com Table 3. Maturity Levels Maturity Level Status Products/Vendors Embryonic ■ In labs ■ None Emerging ■ Commercialization by vendors ■ First generation ■ Pilots and deployments by industry ■ High price leaders ■ Much customization Adolescent ■ Maturing technology capabilities and ■ Second generation process understanding ■ Less customization ■ Uptake beyond early adopters Early ■ Proven technology ■ Third generation mainstream ■ Vendors, technology and adoption ■ More out of box rapidly evolving ■ Methodologies Mature ■ Robust technology ■ Several dominant vendors mainstream ■ Not much evolution in vendors or technology Legacy ■ Not appropriate for new developments ■ Maintenance revenue focus ■ Cost of migration constrains replacement Obsolete ■ Rarely used ■ Used/resale market only Source: Gartner (July 2015) Gartner Recommended Reading Some documents may not be available as part of your current Gartner subscription. "Agenda Overview for Healthcare, 2015" "Business Drivers of Technology Decisions for Healthcare Providers, 2015" "Cool Vendors in Healthcare Providers, 2015" "2014 Strategic Road Map for the Real-Time Healthcare System" "Understanding Gartner's Hype Cycles" Gartner, Inc. | G00276438 Page 77 of 78 This research note is restricted to the personal use of jvenus@oxcyon.com This research note is restricted to the personal use of jvenus@oxcyon.com GARTNER HEADQUARTERS Corporate Headquarters 56 Top Gallant Road Stamford, CT 06902-7700 USA +1 203 964 0096 Regional Headquarters AUSTRALIA BRAZIL JAPAN UNITED KINGDOM For a complete list of worldwide locations, visit http://www.gartner.com/technology/about.jsp © 2015 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines for Gartner Services posted on gartner.com. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner’s research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity.” Page 78 of 78 Gartner, Inc. | G00276438 This research note is restricted to the personal use of jvenus@oxcyon.com
SampleImport