Yes, we're still mailing CD-ROMs.

updated on 04 June 2024

Are we the only industry on the planet still doing this?

image-ke7ve

By Cody Smart  

It's 2024, and in an age where we can monitor heart rates from our wrists and have medical consultations via smartphones, it’s somewhat comedic—albeit frustrating—that parts of our healthcare system still entrust patient data to the venerable CD-ROM. I always joke that such technology should be relegated to museums, nestled between the telegraph and the VCR, but alas, they remain a staple in some hospital finance departments, and we've still had to send encrypted CDs as recently as last year. 

It's a not-so-fun fact: while the rest of the world zips files across continents in seconds, some healthcare institution still burn data to encrypted CDs, then hand off the security baton by calling someone to whisper passwords over the phone, and then pop the CD in the mail. It’s not just quaint; it’s a problematic consequence of an era where cybersecurity is as imporant to providers as surgical sterility.

The recent Change Healthcare breach is a stark reminder of the cybersecurity threats looming over our industry right now. With such breaches exposing the vulnerabilities of ePHI, could we be paradoxically pushed back to the era of the CD and other Jurassic tech solutions? It may be happening, and it's akin to trading in your electric car for a horse and buggy. Not exactly progress.

Thankfully, even some holdouts like the NYS Department of Health, which used to annually send CDs to all 180 hospitals for Medicaid Eligible Days verification, have recently emerged from the dark ages. Even the NYS DSH Report department at DOH is now using a SFTP solution. But the real question remains: why does it require moving mountains to make mild tech advances in healthcare finance?

As we navigate this precarious landscape, I hope the industry doesn't retreat into its technological shells. Even as consultants, there are a number of areas where we have what appears to be tech debt, but is actually intentionally dated tech used for a more conservative cyber security posture (hello local executable files!). But as we keep a watchful eye on cybersecurity and demand more robust solutions there, let's also demand operational solutions that match our modern-day needs for efficiency.  There's a secure medium to be found where institutions can maintain a strong security posture without walking to the post office for file transfers.  

Read more