InnoHEALTH magazine interviews ITDOSE Infosystems Pvt Ltd.
Hospitals, like any other modern organization, increasingly rely upon IT systems for a wide variety of administrative and clinical functions. These establishments are highly complex in terms of processes, which can have constant activity 24/7×365. Also, we must not ignore the fact that most of the equipment and diagnostics technologies used in medicine are using highly computerized components. This entire network of devices, equipment and systems that often require connection to external systems, is a very critical and complex environment to control.
Cybersecurity helps in keeping the information of the patient confidential for legal purposes and also prevents cybercrimes. With increasing cyber crimes nowadays, InnoHEALTH magazine took initiative to interview some cybersecurity providers who can help become resilient and mitigate the crisis.
Disha Soni and Prateek Malhotra interviewed Mr. Anoop Arora, Founder & CEO, ITDOSE Infosystems Pvt Ltd on behalf of InnoHEALTH magazine.
- As a preface, what would you like to tell us about yourself and how your services and products impact the health sector?
We have been in this domain since last call decade. We started our journey, in a healthcare domain specifically in healthcare IT, by providing that end to end automated solution for managing their operations. So whenever you’re saying managing their operations, which includes their clinical and nonclinical aspects of any healthcare entity, like a hospital, hospitals, nursing homes, clinics, diagnostic centres, pathologies, radiology, blood banks. So we have a wide range of products. We provide that end to end solution for managing their entire business process flow from starting till end, for these healthcare providers like hospitals, laboratories, pathology blood banks and clinics. - What type of healthcare setups make up the majority of your business?
We only deal in the private sector. We do have some clients, in government sectors, but primarily in the 95% of our business totally based on private sector-healthcare providers.The reason behind it being, we started this company as a start-up company with a one single percent structured company. So, we invested a lot of expertise and domain knowledge on developing that product and implementing it. We only started catering our solutions to the private sector. We have not given a thought to the public sector because when you go for a bigger project, then it will be out of your reach because of their different procedures. We rank as a small-medium enterprise. So, we did some of our business with the government like one with Indian railways, but it is not the major chunk of our business. So, 95% of our business comes from the private sector, like hospitals and healthcare service providers, but we do some, uh, predict Indian railways, defence, Delhi govt. and some small setups. There’s nothing that is specific.Well, this question is very close to my heart. When we purposely started this company because, during our inception, we wanted to enter into the sector and start our journey with a sector, which is very unorganized, especially in terms of IT. So, in 2007-08, when we thought of starting something in healthcare we found that there is a lot of scope in the enhancement of education in healthcare. So, when we got into this, we did a lot of research work on ground. Then he found that in Indian healthcare especially, that IQ and the need of IT in 2006-07, still people are not aware about the IT and tech systems and we were lagging behind in terms of technologies and in terms of securities. And especially when we entered into the market 95% of the market were working on the window systems and old systems. Now, as business is growing it actually can be managed with the latest technology. So that gives them the option of entering and then managing healthcare and they are able to log on and provide the kind of tool for their business expansions. So in these coming years, we were one of those few companies which were using the web-based models for the centralised databases. And then there was a time when mobile apps got into 2012-13, there was a time when we started using apples and these phones and 4G really quickly came into the picture. So, in 2006-07, we were designing a mobile compatible app, these are the most important things to get into the market. Indian health care industries and not much open-ended acceptable for these EHR systems, EMR systems. They were only looking for a system which can be good in finance, can be good in Indian business operations, managing their marketing and not, but still we have seen in these times, now people are looking for a product who could be good in the clinical part also. So, we have seen the inclination of clients and the healthcare providers more into the clinical aspect of the products. - How has the health IT industry changed over the past ten years, since you are in this field for more than 10-11 years. And what are the major changes that you have seen concerning the adoption of digitization in the healthcare sector in the last five years?
Well, this question is very close to my heart. When we purposely started this company because, during our inception, we wanted to enter into the sector and start our journey with a sector, which is very unorganized, especially in terms of IT. So, in 2007-08, when we thought of starting something in healthcare we found that there is a lot of scope in the enhancement of education in healthcare. So, when we got into this, we did a lot of research work on ground. Then he found that in Indian healthcare especially, that IQ and the need of IT in 2006-07, still people are not aware about the IT and tech systems and we were lagging behind in terms of technologies and in terms of securities. And especially when we entered into the market 95% of the market were working on the window systems and old systems. Now, as business is growing it actually can be managed with the latest technology. So that gives them the option of entering and then managing healthcare and they are able to log on and provide the kind of tool for their business expansions. So in these coming years, we were one of those few companies which were using the web-based models for the centralised databases. And then there was a time when mobile apps got into 2012-13, there was a time when we started using apples and these phones and 4G really quickly came into the picture. So, in 2006-07, we were designing a mobile compatible app, these are the most important things to get into the market. Indian health care industries and not much open-ended acceptable for these EHR systems, EMR systems. They were only looking for a system which can be good in finance, can be good in Indian business operations, managing their marketing and not, but still we have seen in these times, now people are looking for a product who could be good in the clinical part also. So, we have seen the inclination of clients and the healthcare providers more into the clinical aspect of the products. - What are the main security risks that you face in your practice cases, when shifting from paper-based to electronic format and what are the best ways to minimize those risks?
In this last, almost 12-13 years of my experience, I have experienced both cultures, that workflow in Indian market is totally different than when you work for any overseas client in the Middle East, or maybe in African country. The workflow is a bit different. So, let me just answer that and address this question, uh, keeping in mind that we are catering to Indian healthcare industry. When we talk about the paperless, it could be a very abstract and bold word to say, but yes, achieving the goal of, paper less or would say, uh, totally electronic form in healthcare scenario is a very challenging task. I don’t see many challenges in terms of designing the product or in the technical aspect of the product. Nowadays, any company can work on any of the tools in terms of their product, they have a plethora of opportunities and knowledge. They have the skillset to manage different types of securities, application level, in terms of level, there are new challenges everywhere. But the biggest challenge that I have experienced in my journey specifically is in hospitals. So, when we talk about major giants, like any hospital, it could be a hundred, 200, 500 bedded hospital. The major challenge, which I personally observed and feel is dealing with the psychology of the users. There are two different challenges and categorizing challenges in two different aspects. One is the implementation of the product and the execution of this aim to move your hospital into completely electronic. And the second challenge, certainly technology has their own challenges and they have their own limitations that we can address separately. And one more important thing. Every technology has different set of challenges, but the major challenge I came across in my journeys, dealing with the psychology of the user, the user to do so. And, and the kind of load the patient loads in our Indian hospitals are very hard to manage this real time.You know, there are two ways of digitalisation, something that you can do posts, but I would never say if you’re, planning and if you’re executing this way of automation, where you are just converting your papers into digitalisation form of data, that you are running your own organisation on parallel nod, means you are doing the conventional way of your papers and after that, you are converting all those papers into digitalisation form of data. But if you actually want to make your hospital paperless, then you need to have executed the process in real time. It means each and every data related to patient health related to the patient course of treatment has to be punched in, into the software or an application, whatever they are using it currently. And really the biggest health care industry and specifically Indian hospitals because of their huge patient load, usually they are not able to do so. So, this is the biggest challenge, which we came across during our implementations, and it is very difficult and it is one of the show stopper to deal with the psychology of Indian doctors, as well as Indian paramedical staff, to train them, to make them use these things, and to motivate them, to overcome with their conventional way of writing and get onto the digitalisation.
- How have you approached, to alter the, the psychological aspects of our doctors and the paramedical staff?
I can answer this question in various manners, but I’ll be very honest and genuine to you if there is only one way to deal with the situation and that is your management support. If any hospital or any healthcare entity actually wants to be paperless and they have hundred percent commitment and they are firm that who are not cooperating, they will fire, or some strict policies then only they will be able to implement. Otherwise, if they go for a democratic way of implementation, it will never end. - Apart from these challenges, what are the security risks that you have seen in your journey?
I’ll tell you majorly of the security risk comes into a picture when you are dealing with such level of client who are, multi-located, who wants to have their data presence on web, on cyber, or who wants to have access of some kind of data to their patients because usually security in a premises when you’re working for an any hospital or healthcare service provider within a premises. It is very easy to hold those securities because usually we have divided this entire security thing into multiple categories. Let’s suppose when you do this thing, you have to be very conscious about application level security, first. Which means whatever application you are using, that has to be secure in terms of various things that can add security to application either any HIS. Then there is another security we always insist on database level security. Then the third security that we always look forward for network level security, when I’m saying network level security, it’s their production servers, their networks how they are secure with the firewalls, antiviruses, VMs, snapshot, depending upon budget of the client, depending upon the eagerness of the client, depending upon the sensitivity of the client toward security. I’m not going to blame you, but then the market is very full of variation. So, you cannot expect the same IQ for all. Because now we are living in a world where you have to shake hands for different portals, different mobile apps, different aggregators. So, in that case, you need an API to integrate your product with them to share exchanging of data. So there’s a lot of security that we have to look out forward, and we have to be concerned about in terms of integration with third parties through API, I would say sometimes you share your database views and then the next important security that we always, considered to be browser level securities. Because if you expose your product to the market through www, then you have to be smart enough. Your product has to be smart enough to deal with browser level security. Then definitely there have to be patient identifications, like patient data security algorithms. We can encrypt the patient based information in your database. That is one of the parts of the database level security. And now because most of the good products that the industry needs to have their mobile views, or maybe supporting mobile versions, maybe an Android, Apple, or maybe in windows that has to be mobile channel security, where your data should not drop or should not be leaked. So, there are a lot of these securities that make a kind of a chakra to deal with the overall security of this complete application.
- Would you like to share any cyber incident that you might have faced in the recent past and how did you handle it?
In the last 13 years, we have faced a lot of security issues, which came across in our daily challenges. And definitely as a company, we have our R & D and security on which we keep on working to upgrade ourselves, eventually to deal with these challenges. Because I remember when we started our journey in 2007, in the early 2009, we got some SQL injections and all, some attacks on our web portal. Then we have overcome all those things. We have made a complete system, SQL injection free and induced a lot of hundred percent parameterized queries, stored procedures.We do all these things then later on, in early 2000, we followed by this and then we have encrypted all our login passwords. 3-4 years back, there was one of our clients, they had some kind of ransomware attack, then we overcame that with backups with that we tried to convince our client to follow certain kinds of network securities, to avoid these things. So, a lot of incidents happen in our life. I cannot quote client names and all that, but every challenge will help you to update yourself in terms of security, in terms of all those things, which will help you to enhance your product, to make your product more versed, and to save your clients. Every, everything I have told you in my last portion that we look for application level security, we look for database level, we look for network level. We look for API security. So, whenever I’m talking about all this security, definitely in our history, something went wrong or maybe something happened to us, which motivated us to get to a solution. - What is your assessment of the upcoming personal bill? and how will it impact your business and what challenges do you see for the health sector with this?
I think, It is very new, it could be say that it would be new to India, but as in healthcare, as a company, when we deal with healthcare, we are working in African and middle East countries, so somehow we have made up our mind that sooner or later, this will be coming in India and for healthcare prospective. Also, I think it’s good. I’m not saying that it could be very challenging. I don’t see a very big impact on Indian healthcare scenario because nowadays in India, insurance is getting more and more stronger. People are getting more and more aware about it. And I think it’s good for Indian healthcare IT service providers to also follow and abide by these kinds of things in their applications. I think I’m considering it to be good for patients, for healthcare service providers, as well as for us also to provide the best applications with these kinds of securities. And sooner or later, it has to be introduced. And I think it is introduced at the right time and I’m not seeing much challenges in healthcare. It is true even in the healthcare sector, also with the best of my knowledge. - With regard to improving the Security in the digitization Journey of Indian Health sector, as we are moving more towards it. So, what is your advice to the healthcare delivery organizations?
I think the only advice that I can give to the healthcare service provider is that it’s happening now and the healthcare industry is a mixed blend of all. I cannot only consider Delhi and Mumbai and Bangalore; I have to consider all 29 States and 7 UT’s. So, my message to all the healthcare service providers, be it a 20 bedded hospital, or 1000 bedded hospital, small nursing home, it could be a max or any Apollo like groups. What I want to request from all of them is to take information technology seriously. And in terms of seriously, when I’m saying it’s not an only software that can, help them to manage their business for the automation, they have to look after all the aspect, which is related to the networks, especially in terms of security, because I always believe that network security in terms of when you are exposing your systems on global networks. Its Network should be well secured, well designed, and a good architect. They have to look into these kinds of aspects and they should not ignore these things. And definitely they should have a very good budget on these things. They usually allot a budget on their expansions with different aspects, but I request all of them, whatever the budget they are looking for their expansion of their business, they have a very significant amount of budget on it, which includes that application as well as network. So, this will definitely add value to their business, to manage their business and to grow their business exponentially, because IT will act as the backbone of any business, especially in healthcare, where we are about to reach a hundred percent of automation or maybe beyond that also. Network and application are always considered to be a parallel line, which cannot coincide. A good application can give you the best if they have a good network, secured and with all those required infrastructures, that any application needs to be given. And, definitely applications have their own aspect to handle their business projects. So, it should also be a well enhanced and well featured application, which allows healthcare service providers to get their analysis at their best. So, this is how, I can only say that they can think about the IT budgets seriously and they should give a substantial amount of weightage on it, especially in terms of budget, in terms of the networks, in terms of the applications, but definitely every solution is available in India, even some overseas also, but they have to spend on with their best as quality comes with a price.
Interviewed by: Disha Soni and Prateek Malhotra
