Interview: Why hospital IT is under pressure

Hospitals in Germany are facing major challenges: the shortage of skilled staff is worsening, new legal requirements are increasing bureaucratic pressure, while at the same time digitalization requires investment and sustainable structures.

Topics such as IT security, standardization, and sustainable financing are increasingly coming into focus. We talk to Andreas Lockau, Chairman of the Federal Association of Hospital IT Managers, about how hospitals can survive in this area of conflict between technological progress and a daily lack of resources.

At the start of your association's autumn conference, the song “Under Pressure” was constantly playing. Was that planned or more of a coincidence?

No, that was actually our idea. We deliberately wanted to use it that way. The agenda team set the topics, and we said, We are under pressure in everyday hospital life—and not in short supply. We don't get the people we would like, we can't keep up with the industry in terms of salaries, and hospitals are not necessarily considered the most attractive employers overall.

Of course, we work with great technology—devices, software, innovations—much of it is very exciting. We are close to the patients—closer than any industrial group. But unfortunately, that doesn't work as well as start-ups or large corporations. That's the problem: we're important, but not "hip." And in situations like this, we feel enormous pressure. That's why we said, Let's play this song, preferably really loud, to consciously pick up on this mood.

Can you describe what you mean when you talk about “pressure”?

It starts with the staff. We find it difficult to find skilled labor because we pay differently to the industry. If we think we are adequately equipped, other departments outsource their problems to us, and we're back to stress again. What's more, the outside world expects every issue to be solved immediately.

Let's take an example: If a printer doesn't work, people ask, “Why can't someone else fix it?” – but the network specialist is not familiar with the interfaces to the HIS (editor's note: hospital information system). We have discussions like this every day. We have to make it clear: Some tasks are clearly the responsibility of other departments, not ours. There needs to be better communication—and also the courage to say, “We're not responsible for that; it's your job.” At the same time, we also need to help get people on board and drive projects forward together.

It is noticeable that the topic of IT is not quite as prominent at the conference as, for example, crisis communication. Is that a misleading impression?

IT is, of course, always part of the whole; the agenda is based on changing focal points. At a previous event in Hamburg, for example, we had very technical topics: software introduction, use of AI, interface management. That was much more IT-heavy. Here, the focus is more on crisis communication and collaboration. Both are important. It's all in the mix.

Would you say that you also want to send a signal to politicians with events like this?

Not here at this location. But in general, yes, we are very close to politics. We are involved in legislative initiatives and hearings, and we regularly issue statements. Next year, we will also be celebrating 30 years of the federal association in Berlin. We want to get politicians more involved. Let's see who we can get involved. This is a good opportunity.

How do you rate the digital radar, which is supposed to measure the level of digitalization?

I think it makes sense in principle. We don't just want to pump money into the system; we also want to see whether it brings improvements. The digital radar is a good tool for this. All hospitals with allocated funding from the KHZG must participate.

And we can already see this in the figures: There are improvements, often between nine and twelve points. In other words, you can see the effect. It only becomes problematic when this instrument is used as a punishment, so when people say, “You only have 47 percent; at 55 percent there are deductions,” that was the biggest concern right from the start. A measurement tool is good, but you can't turn it into a catalogue of penalties. We need progress, not additional penalties.

At the same time, we hear from the BMG that sanctions are being considered.

That's right. And that would be an own goal, in my opinion. Because the transformation is urgently needed, everyone realizes that. But we can't simultaneously carry out major reorganizations in the departments and then impose penalties on top of that. That's simply too much. We have to work through things one after the other: Firstly, seriously push ahead with the transformation, then discuss measurements and improvements. Otherwise, everything will go wrong at the same time.

How seriously do hospitals take the issue of cybersecurity?

It is taken very seriously. However, it is also a difficult field. Investing in IT security is expensive and does not bring immediate tangible benefits for patients. The 15 percent of IT funding that is supposed to flow into security is not enough. We ourselves spend around 300,000 Euro a year on centralised security structures in a hospital network of seven hospitals: anomaly detection, SIEM, Security Operations Centre (SOC), an information security officer, and audits—the whole package. And that is necessary, because attacks are part of everyday life today. There used to be a kind of code of honor among hackers: hospitals tended to be left out. That no longer applies. Today, everything is attacked, from supermarkets to kindergartens, completely at random.

What could help to strengthen IT security in the long term?

Money is one factor, but clear structures and standards are even more important. Digitalization must not mean that we introduce systems in the short term that we are then unable to finance. We need to create standards that are sustainable in the long term. Currently, we are still seeing too much silo thinking among HIS manufacturers. Interfaces are expensive; even for a simple connection, five-figure sums are not uncommon—nobody can seriously manage that. That's why consistent standardization is essential.

But it costs money first.

Digitization is never an immediate gain. It's laborious and expensive at first, and there are frictional losses. Sometimes you ask yourself, “Why are we doing this to ourselves?” but this is the only way to achieve a stable, better level in the long term. It simply doesn't work if you stop everything again after three years of funding. We have to accept that it's hard work, but also that it's worth it.

The telematics infrastructure (TI) plays a central role in the digitalization of the healthcare system. What is your assessment of this from the hospitals' perspective?

In principle, the TI is a good idea. It should ensure that everyone involved in the healthcare system—whether clinic, doctor's surgery, or pharmacy—can communicate with each other via a standardized and secure platform. For example, via KIM, the communication service in the medical sector, or via the TI Messenger, so that messages really do arrive securely everywhere. And it's about central applications such as the e-prescription or the electronic certificate of incapacity for work (eAU), including the electronic patient record.

These are all sensible goals. But reality shows: The introduction is extremely bureaucratic. It would have been better to start with 80 percent and then readjust. Then people would have felt the benefits more quickly in their everyday lives.

Other countries have done this better. In the Netherlands, for example, there is a fixed interface structure that everyone has to adhere to—hospitals, manufacturers, everyone. We have special procedures, adapter solutions, and costly exceptions. This delays and increases the cost of everything.

So it's more down to the implementation?

Exactly. We said early on: We need uniform standards. In the Netherlands, these structures were developed by a centralised company, which was later taken over by Philips. But the basis was: everyone has to join in. There was too much patchwork in our industry. And then there are technical problems, such as unreliable card readers. That is frustrating in the long run.

What exactly is the issue in practice?

There are various factors that cause frustration. Products are also too complicated.

We ourselves use our internet solution to communicate with employees, which is set up in such a way that it works with all devices as soon as someone is logged in. That shows: It can also be done with simpler approaches.

And what do you think about IT security as a whole?

This is a hotly debated issue. Security experts criticize the fact that the basic structure of the TI has weaknesses. Security mechanisms have been built in that are not fully developed in every respect. And then you ask yourself: how can it be that we have a system for the most sensitive data—patient data—that doesn't fulfill the absolute top level? That worries me.

Finally – What is your greatest hope for the coming years?

That we get away from pure bureaucracy and penalty catalogs. In Germany, the system is often structured in such a way that only those who fall behind are punished. But there are no rewards for those who are particularly good. That leads to frustration. My hope is that we develop a culture that rewards good work—and not just sanctioning bad behavior. That would make a huge difference.

(mack)