July 9, 2014 1:55 PM
Posted by: adelvecchio
Accountable Care Organizations
, HIPAA privacy rule
Guest post by Rebekah Johnson, senior compliance manager, West Corporation
Technology has become so woven into the fabric of our society that it often overshadows face-to-face communication. It’s so prevalent in healthcare that patients have come to expect their doctors to use technology to communicate with them between office visits, hence the rise of patient engagement technologies. In 2012, a Medical Group Management Association study reported that approximately 44% of healthcare practices were using notifications technology to automate appointment reminders. Today, mHealth is the fastest growing area in the health IT space. However, along with mass adoption of healthcare technology comes the necessary evil of compliance — which can be a crippling force that works against patient engagement.
When there are more pages of regulations for Medicare than in the Internal Revenue Service code, it’s no wonder healthcare professionals are struggling to keep up with regulations. Add HIPAA and its steep requirements for protecting sensitive patient data, and you’ve got a big case of compliance overload in the healthcare industry.
The compliance challenge makes it difficult for healthcare providers to maximize the technology investments they’ve made. There are thousands of healthcare providers that have automated appointment reminder systems in place. Most want to use that same technology platform to engage patients between doctor visits to drive improved health outcomes. When it comes to patient engagement, these same healthcare providers stop at simple appointment reminders because they don’t know what types of patient communications fall within the limits of HIPAA regulations.
The good news is, healthcare providers have a fairly open field when it comes to patient engagement technologies — they just need to understand the rules. For simplicity, compliance dos and don’ts should be considered in relation to messages that reach and engage patients and lead to better health outcomes.
Keep in touch with patients to reduce missed appointments
Today, it’s quite common for healthcare providers to reach out to patients with communications that remind them to make and keep appointments, or pay their bills. In fact, this strategy has resulted in a more than 30% reduction in missed appointments, industry-wide. It’s also been proven to reduce past-due accounts and increase monthly collections and by more than 25%.
When this type of message is generic in content, privacy and security considerations are not a concern, and the patient communications can be delivered via interactive voice response, text, email or mobile applications.
The most common compliance culprit for these messages is including information about the purpose of the appointment, such as, “This message is to remind you of your appointment for a biopsy of your left breast on Friday, November 2, at 3:00 PM.” These messages are fine when it comes to engaging patients. However, when patient details are included, it’s important the message be delivered using a secure mobile application with features that protect the privacy of the patient. Alternatively, the healthcare provider can simply remove the test details. Patients are open to receiving this type of communication via SMS or email — in fact, that’s often exactly the type of communication they prefer to receive from their healthcare provider. In that instance, it’s simply a matter of getting the patient’s permission and documenting her preferences so you can communicate in this fashion while remaining compliant.
Engaging patients to increase accountability
While payers and providers are usually in the spotlight when it comes to accountable care, the most successful models will be the ones that place a strong focus on patient accountability, said Kevin Pho, M.D. “All patients across the care continuum need to be participants in their own care, and providers should be implementing strategies to encourage this accountability both at the point of care and, more importantly, once the patient goes home,” he wrote.
To achieve success, healthcare professionals need to go beyond reminding patients to keep appointments and pay their bills. Healthcare providers must communicate with patients between visits and offer information that will help them understand the state of their health, their personal role in becoming healthier, and hope that will help patients stick with treatment plans between appointments. This is precisely the level of support Americans are asking for from their healthcare providers.
The TeleVox Healthy World report titled, “Technology Beyond the Exam Room,” found that 85% of United States healthcare consumers feel that high-tech engagement, from sources such as email, text messages and voicemails, is as helpful, if not more helpful, than in-person or phone conversations with their healthcare provider. More than 35% of patients who don’t follow exact treatment plans say that they would be more likely to follow directions if they received reminders from their doctors via email, voicemail or text.
Moving from simple appointment reminders to engaging patients at this level is where healthcare providers begin to feel crippled by compliance. Fortunately, when taking patient engagement up a notch, a little knowledge goes a long way toward remaining compliant. In the case of HIPAA regulations, the most important thing for healthcare providers to remember is that the same rules apply regardless of whether the communication is a text message reminding the patient of an upcoming appointment or an email intended to educate the patient about his health and encourage him to follow his treatment plan.
Healthcare providers don’t need to worry about non-compliance of HIPAA privacy and security when communications contain generic information. However, messages that reveal past or present health conditions can cause compliance concerns. The workaround is being diligent about capturing, documenting and using patient engagement preferences and permissions. With diligence comes a policy that enables compliance officers, in many cases nurses, to quickly and easily approve and deliver patient engagement communications based on the patient’s unique preferences and permissions. A policy should provide communications guidelines that include clear examples of messages or pre-approved scripts by the healthcare professional. It also should include examples of messages that may require a closer compliance review prior to delivery.
It’s also a good idea to have a formal procedure for capturing and documenting patient engagement preferences. It could be as simple as having the patient complete an electronic questionnaire on a tablet while waiting to be greeted by the doctor. This intake form should ask patients to share their preferences for receiving various types of communications. The way patients prefer to receive communications from their provider will likely change based on the information being delivered. For example, patients often want their doctors to email educational tips or information that will help them live a more healthy life, but they may prefer to receive a phone call to remind them about an upcoming appointment.
[Activating positive patient behaviors requires providers not only understand what information their patients require to stay on track, but how their patients want that communication to be delivered --- via voice, automated messages, text or email.]
Activating improved health outcomes
With the industry’s movement toward accountable care, it’s no longer enough to prescribe a treatment plan. It’s increasingly important for healthcare providers to focus on encouraging patients to follow treatment plans. This requires ongoing reminders and alerts to take medication, check blood sugars, eat right, and exercise. In fact, research shows patients welcome activation emails, text messages and voicemails from their healthcare providers that tell them to do something specific, such as take medication, schedule a routine medical screening, or get a flu shot. Almost half of American adults are currently treating a disease or chronic illness, such as a heart problem, diabetes or cancer. That’s more than 100 million opportunities for healthcare providers to deliver communications that drive patients to follow their treatment plans.
In the near future, two-way communication between patients and providers will be the norm. So, overcome the compliance challenge today by putting the power of preference in the hands of the patient.
This article is intended to provide general information about the subject matter covered. It is not intended to provide legal advice, opinions, or serve as a substitute for counsel by licensed legal professionals.
About the author: Rebekah Johnson, CIPP/US, is a senior compliance manager for West Corporation. In this role, she develops and maintains compliance operations concerning the privacy and security of client information, including personally identifiable information, PHI, sensitive and financial data. Rebekah’s experience also includes managing West Notification, Inc.’s U.S.-European Union Safe Harbor certification.
 “2012 Performances and Practices of Successful Medical Groups,” Medical Group Management Association, 2012.
 “Implementing Strategies to Encourage Patient Accountability”, www.kevinmd.com/blog, January 2012.
 “Technology Beyond the Exam Room: How Digital Media is Helping Doctors Deliver the Highest Level of Care, TeleVox Software, December 2012.
 “Chronic Diseases: The Leading Causes of Death and Disability in the United States,” Centers for Disease Control and Prevention, 2012.
June 18, 2014 1:53 PM
Posted by: adelvecchio
, Data storage
, Health care analytics
Guest post by Roberta Katz, director, healthcare solutions, EMC Corporation, @Roberta_Katz, @EMCHealthcare
The online data we produce will grow 40% per year into the next decade, according to IDC’s new report, “The Digital Universe of Opportunities: Rich Data and the Increasing Value of the Internet of Things.” For healthcare organizations, this data will expand the number of opportunities to include smarter medical devices and innovative sensors to track and manage critical health indicators in real time. Caregivers can employ advanced analytics on the data coming from these devices to help reduce inpatient complications and avoidable readmissions, deliver personalized medicine, identify genetic markers, improve clinical trial safety, and more.
This increase in data places more responsibility on organizations to strengthen their IT department by leveraging the latest technologies and advancements for the security, privacy, and continuous availability of protected health information, (PHI) with a particular focus on patient identification and the reliability of information being collected.
The digital universe — what’s to come
Imagine for a minute the sheer volume of the world’s digital data in 2014, cited in the Digital Universe report — which could fill a stack of iPad Air tablets extending two-thirds of the distance to the moon. By 2020, this stack would extend from the earth to the moon 6.6 times, meaning that the digital universe is doubling every two years. In 2013, the digital universe contained 4.4 trillion gigabytes, and by 2020, that figure will grow to 10 times that number — to 44 trillion gigabytes. For healthcare organizations, the real question is not what to do with this data, but how to make use of it to accelerate clinical effectiveness and time to treatment.
- Data growth is largely due to the explosion of the Internet of Things, thanks to wearable technology and machine to machine applications that may help improve clinical workflows and outcomes. The use of health tracking devices for disease prevention and management is an emerging trend. There are new tools that remotely monitor patient physiological measures, aging in place, and smart pills that report proper adherence with medications. Analyst firm IDC estimates that the number of computerized things is approaching a staggering 200 billion, with 7% of all computerized objects wired and communicating on the Internet.
- To leap ahead, organizations are adopting cloud, IT as a Service, and software defined technologies. These next generation IT models offer new ways to improve caregiver collaboration and interactions with patients.
- The percentage of “target rich” data is expected to more than double by 2020, compared to the 5% available in 2013, as organizations take advantage of new big data analytics technologies. IDC defines target rich data as data that is accessible, available in real time, and can be properly analyzed and acted upon.
- For healthcare organizations, this means leveraging automated tools to aggregate, manage, and analyze useful data from across the healthcare ecosystem to gain patient care insights.
Is big data the cure?
A recent MeriTalk study, “The Big Data Cure,” reveals the impact of growing data sets on the healthcare industry and its ability to improve drug trial safety, disease surveillance, prescribed treatments, and overall patient outcomes. Emerging technologies including mHealth and machine to machine will be driving forces behind this change. However, to reap these benefits, healthcare organizations must take the first steps now, so the technology can deliver real returns later.
To ensure preparedness, healthcare organizations should:
Plan: Embrace an enterprise-wide trusted IT approach that integrates security, backup and recovery, and availability solutions for improved efficiency and stronger protection.
Automate: With ever-growing volumes of PHI, security, data protection, and disaster recovery procedures should be automated to meet 24/7 patient care requirements.
Manage compliance: Verify and test trusted IT environments often to ensure compliance with HIPAA and HITECH rules and to meet recovery time objective and recovery point objective goals.
For healthcare organizations, success in this digital universe will depend on taking the right steps today to build an IT infrastructure that can manage and take advantage of the data deluge. As uncovered in The Big Data Cure, 59% of Federal executives working in agencies with a healthcare-related mission say that in five years, fulfilling their agency’s mission objectives will depend on successfully leveraging big data. But, the report also highlights that fewer than one out of five respondents say their agency is very prepared to work with big data today. So, what’s the takeaway? Consider the healthcare data that is coming as well as the target-rich data in hand. Act now to benefit long-term patient care down the road.
June 11, 2014 11:06 AM
Posted by: adelvecchio
, byod security
Guest post by Jon Jansen, CTO, Doc Halo
Though the question whether or not healthcare organizations should adopt bring your own device (BYOD) policies for physicians and staff members still crops up, there’s probably not much choice at this point.
Two years ago, 85% of hospitals were already allowing BYOD. In organizations that prohibit the practice, chances are it’s happening anyway, given the popularity of smartphones and tablets among doctors.
It’s a subject that makes healthcare executives nervous. BYOD can feel like too much of an IT security risk in an industry where data breaches hurt both the bottom line and your reputation. With the right tools, BYOD can boost healthcare efficiency without sacrificing patient privacy. Technology such as secure texting apps — including the one developed by Doc Halo — control BYOD by combining security with ease of use.
The advantages of BYOD start with physicians and other staff members, who are likely already carrying their preferred devices, with no desire to add a hospital-assigned smartphone to the mix. Healthcare organizations also stand to gain in terms of improved workflows and cost savings on devices. For health IT departments, the instinct is often to lock things down in hopes of avoiding HIPAA violations and other issues.
A key way to protect patients’ health information has been to limit which devices can access it. That approach made sense when computers stayed on desks. But now that we carry one or more of them with us everywhere we go in the form of mobile devices, it’s not as practical.
Much of the advice on BYOD in healthcare deals with rules and boundaries. The idea is to reduce the chance of problems by building layers of security, limiting what users can do from their devices and monitoring usage and access. Of course, it pays to have reasonable security. Federal rules that took effect last year mean it’s more important than ever to keep protected health information safe — or face fines of $50,000 or more per violation.
But if protocols get in the way of clinicians doing their jobs, then BYOD doesn’t accomplish anything. Users either won’t take advantage of what mobility can bring to healthcare, or they’ll find workarounds, putting your organization at even greater risk.
Healthcare needs tools, such as secure texting, that let physicians and other providers work without thinking much about security. The tools, not complicated processes or lists of dos and don’ts, should prevent protected health information (PHI) exposure. From the user’s point of view, secure texting doesn’t feel much different from regular texting, which most people do every day. However, a variety of features work together to make sure conversations stay private.
For example, a good secure texting solution encrypts PHI at all levels — database, transmission and on the app — according to federally validated standards. It also deletes messages from your app and the receiver’s app based on the time period of your choosing and has a remote wipe option in case the phone is lost. None of these security measures require time or effort from healthcare providers. The only difference that physicians are likely to notice when they start using the app is that communication is more efficient. HIPAA is here to stay, but so is BYOD. The most successful healthcare organizations are adopting tools that meet the requirements of both.
Jon Jansen is CTO and partner in Doc Halo which specializes in secure text messaging. He brings an extensive knowledge of programming secure interfaces between hospitals, EMRs and physicians’ data. He has been through the entire life-cycle of HIPAA and secure texting from its beginnings and brings the needed experience to navigate this complex topic. He formerly owned a software company which specializes in business and medical communication as well as Web-based portals for remote data access.
Jon’s role on the Doc Halo team is to coordinate all of the behind-the-scenes programming and database creation and optimization using his more than two decades of experience in this area.
May 21, 2014 4:18 PM
Posted by: adelvecchio
mobile device management
, Mobile devices
Guest post by Tracy Crowe, director of product marketing, NetMotion Wireless
For several years the Seattle-based Puget Sound Blood Center has used NetMotion Wireless’s Mobility — an enterprise mobility management product to manage mobile workforce productivity, security and control — on many of its 350 corporate laptops, while others were equipped with a different product from Citrix. After evaluating the two solutions in both mobile and office settings, the Puget Sound Blood Center (PSBC) team found that Citrix users reported regular connectivity problems while Mobility users did not. As a result, the not-for-profit decided to standardize its entire workforce on the NetMotion product. The full-scale rollout planned for 2014 includes all laptops, tablets and handheld scanners.
After comparing the two mobile workforce connectivity solutions side by side, PSBC ultimately selected NetMotion Wireless Mobility® as the software on which to standardize. The NetMotion software is now providing all of Puget Sound’s workers with a secure, reliable, and fast connection to its mission-critical Blood Establishment Computer System (BECS).
Connectivity brings time savings to live-saving effort
PSBC’s 20 mobile blood drive units are constantly canvassing the Seattle metropolitan area for life-saving blood donors. However, not all donations can be accepted. For instance, if potential donors have given blood recently, they may not be eligible to donate again so soon. Before they can accept a donation, mobile blood drive workers must access the organization’s BECS to perform a database query to determine if the donor is an approved candidate.
Having dependable, fast and seamless connectivity as they travel is a must in order to perform this process as efficiently as possible. A lost connection means having to log back in and start the process all over again — a tedious waste of work hours that often translates into time not spent collecting precious pints of blood.
“If we don’t have the connection, we can’t access that donor record information, causing delays or wasting critical time for our donors and staff,” said Tony Sheehan, network services manager at PSBC.
Testing two of the market’s most popular solutions for mobile workforces, the organization gained the confidence and motivation to standardize on the more successful product.
Standardizing was a no-brainer
NetMotion Mobility provides PSBC with a secure and reliable mobile virtual private network tunnel that ensures workers always stay linked to the BECS. Even in cellular or Wi-Fi dead zones, the solution creates a persistent connection to keep the mobile applications active rather than disconnect them. Another benefit they discovered is when laptops are closed and reopened, the connection is immediately reestablished without the user having to do anything.
The reliability and persistence of the connection provided by NetMotion stood in stark contrast to what was experienced by those PSBC workers who relied on the other product.
“There was really no contest between the two solutions,” added Sheehan. “Mobility showed it was far and away the better solution for workers that need to get and stay connected from wherever they are working.” As a result, the team decided to roll out the product to more than just the mobile workers, but also to the growing number of office staff who often bring their laptops on the road or home with them.
Sheehan attributed PSBC’s selection of NetMotion to an increasing number of complaints from employees who found it difficult to connect from home using the Citrix product. In particular, he would hear that laptops would routinely disconnect from one of the organization’s central, shared map drives.
“There’s a certain amount of bandwidth that is required to maintain a map drive over Citrix,” said Sheehan. “That was causing a huge problem because while workers have the bandwidth at the main office, they might not have that level of bandwidth at home to allow it to work. No one’s ever lost a map drive working at home using NetMotion, no matter how fast or slow the connection was.”
In addition to laptops, blood drive workers also use tablets to create donor-specific labels that are affixed to a patient’s sample and paperwork. Handheld scanners are then used to verify that these items correlate to the correct donor. Both these devices require a constant connection to the BECS and thus will be part of the new full-scale implementation.
The NetMotion Mobility software has made a difference in the usability of the organization’s handhelds and reduced the workload of IT staff. Previously, when a connection was disrupted, an oversized error message would appear on the device’s tiny screen, obscuring the instructions for how to reconnect. “Mobility has flat out stopped this type of help desk call, which could take as long as 30 minutes to resolve,” said Sheehan.
Simplicity, consistency, security
The move to standardize on NetMotion will offer several significant benefits for PSBC. First and foremost, having a single, enterprise-wide solution will simplify the task of managing and administering the company’s mobile workforce and provide users with consistency. Sheehan noted that standardization is a key component of PSBC’s 5S methodology of IT management.
Ease of use is another big plus. “Workers that previously used Citrix have found their Mobility devices are much easier to connect to the network when they’re off-site,” added Sheehan. “I use it at home all the time and find it to be so effortless. I can open up my laptop and it automatically connects to the network and I didn’t do anything.”
The solution also comes with built-in security features that allow IT or central management to selectively control which employees have access to sensitive health data. Such protections are necessary in order to ensure that the PSBC is in full compliance with the privacy policies of both HIPAA and the FDA.
In short, NetMotion’s solution has provided PSBC with a transfusion of efficiency and reliability, allowing the organization’s mobile workers to fulfill their life-saving mission uninterrupted.
May 14, 2014 1:16 PM
Posted by: adelvecchio
copy and paste
, healthcare fraud
Guest post by Charles Settles, content writer, TechnologyAdvice
No medical professional enjoys data entry. One of the most-cited frustrations with electronic medical records software is “double-charting,” or having to enter the same data in multiple places. Copying and pasting EHR data has become the solution for many physicians, albeit a dangerous one. According to a 2013 AHIMA report, as many as 90% percent of physicians use copy and paste in their EHR programs.
After a full day of patient encounters, it’s no surprise that physicians don’t look forward to hours of paperwork. While copy and paste encounter data may save time, it can lead to serious errors, and call a physician’s true intentions into question.
According to a Department of Health and Human Services report, copy and paste functionality can contribute to healthcare fraud. Healthcare fraud, according 2009 figures from the Center for Medicare and Medicaid Services, costs taxpayers and insurers between $75 and $250 billion a year. “Upcoding,” or using increased documentation to justify billing Medicare or insurers at higher rates, can be easily done by copying and pasting previous visit information or a template of generic information to satisfy the increased documentation requirements. A few clicks can generate a pages-long note that’s not only difficult for other physicians to decipher, but for regulators as well.
Fraud may be the primary concern for the government and insurers, but even more troubling is the potential for inaccurate data to be included in a patient’s health record.
Inaccurate data could result in embarrassing yet harmless mistakes — like a male patient being scheduled for a pap smear — or it might have a much more serious and life-threatening outcome, such as an allergic reaction to a medication.
In addition to fraud and patient harm, misuse of copy and paste could result in a patient’s privacy being compromised. Imagine a situation where a physician copies information from one patient file and mistakenly pastes it into another patient file. Of course there’s potential for physical harm to the patient whose file received the inaccurate data, but the patient whose data was mistakenly copied could have information revealed about him that could allow his identity to be compromised or stolen.
Unfortunately, there are few options to combat the misuse of copying and pasting EHR data. Most viable solutions require EHR vendors to modify their software, which many companies hesitate to do. The solutions that don’t require software modification can create almost as many problems as they solve. Increased oversight by supervising physicians could help curb the misuse of copy and paste. Physicians are already required to review nurses’ input; having them read each note and correct inaccurate data instead of rubber-stamping entries would solve the problem of inaccurate data, but would lengthen the time-consuming process of data entry and review. The problem then becomes: who watches the watchers?
The most promising option would be to require programs to highlight copied and pasted information, and link it back to the original entry. Insurers and the government could then easily audit records to discover patterns of fraud due to copy and paste misuse, and supervising physicians could quickly see which physicians (or nurses) were overusing the feature. Disallowing links between separate patient records could prevent one patient’s data from being copied into another patient’s record. Whether or not this solution will come to pass is up to EMR companies and regulatory agencies.
Charles Settles is a content writer at TechnologyAdvice. He frequently covers topics related to health IT, gamification, and other emerging tech trends. Connect with Charles via Google+
May 1, 2014 11:29 AM
Posted by: adelvecchio
, mHealth applications
, Mobile applications
Guest post by: Brent Lang, president and CEO of Vocera Communications, Inc.
In a busy hospital setting, being able to reach the right person at the right time can save lives. When a clinician can instantly locate the resources and information they need, they can prevent treatment delays, reduce medical errors and spend more time on patient care.
Today’s hospital workforce needs to be more mobile and collaborative than ever before. However, due to the use of open-loop, unsecure communication technologies such as pagers that don’t integrate with a hospital’s existing clinical system, quickly communicating with the right physician or nurse is an ongoing challenge. Nurses often spend precious minutes shuffling back and forth from the central nurses’ station waiting for a response from a physician — time that could be better spent at a patient’s bedside. As a result, patients’ safety and their experience may be negatively affected.
In a fast-paced setting, where every second matters, hospital communication technology must enable busy staff to securely connect from anywhere to give approvals, answer questions and respond to emergencies. While various communication technologies already exist, hospitals should look for products that provide a suite of services in one easy-to-use application. Mobile applications must be sensitive to user communication preferences and should be accessible on any device. This allows hospital staff to communicate whether they’re inside or outside of the facility. Additionally, a mobile application that encompasses a suite of services will eliminate the uncertainty of paging, and the need to switch applications depending on the mode of communication desired.
The application should be intuitive and HIPAA-compliant, and should allow staff to reach each other instantaneously whether they are calling by name, job function, or group. For greater visibility, the application should also give users the ability to determine who is logged on and available at a moment’s notice and gain access to outside contacts, groups and distribution lists if they need to be reached in an emergency situation.
Providing hospital staff with an application that streamlines communication across the care continuum allows clinicians to make decisions in a timely manner and will dramatically increase staff collaboration. With the right mobile hospital communication technology, healthcare workers will not only increase efficiency and care quality, but also improve the patient experience, reduce unnecessary readmissions, and may help save lives.
April 23, 2014 12:10 PM
Posted by: adelvecchio
, mobile device management
, Mobile devices
Guest post by Jonathan Foulkes, vice president of mobile product management at Kaseya
Few industries have been affected by the proliferation of mobile devices as much as the healthcare sector. The industry is known for its forward thinking with regards to adoption of technology in order to support initiatives to reduce care disparities and improve quality. An example of this is that many hospitals and clinics were using tablet computing devices years before the iPad was introduced. In recent years, the move to consumer mobile devices in the workplace has continued to grow throughout every type of industry.
Mobile devices are a natural fit for the healthcare environment. Physicians, nurses and technicians are frequently on the move within and between facilities, going from patient rooms to offices to laboratories and other facilities. The ability to easily access clinical applications or data — whether it’s information about patients, conditions, drugs, treatment techniques or other data — from multiple locations is a huge benefit for healthcare personnel. With EHRs emerging as a key part of the process of treating patients and maintaining healthcare records, mobile access to information is even more critical for healthcare providers.
Devices, such as smartphones and tablets can also lead to greater collaboration among healthcare professionals. Physicians can easily share visual or graphical information about patients and conditions with other medical specialists. They can also quickly exchange ideas about treatment options by accessing resources around the world. This expanded access to information and enhanced collaboration can help increase the productivity of medical professionals. More importantly, it can potentially help improve the treatment patients receive and save lives.
Challenges for healthcare IT
IT executives face a number of challenges related to BYOD. Their main concern is striking a healthy balance between managing devices and managing information. They must work to ensure that information is secure and that personal devices pose no threats or risks to their organization. Most healthcare data, such as patient records is extremely sensitive. Hospitals, clinics and other facilities must make sure that this information is protected from intrusions and unwanted exposure. Aside from assuring patients that their privacy is protected, healthcare institutions must comply with regulations such as HIPAA.
Protecting company-owned smartphones and tablets against security threats such as hackers, viruses, and breaches must also be a high priority. Organizations need to determine how they can best enforce security policies regarding mobile devices that move in and out of the network. They must establish whether policies should differ depending on the roles of users, what should be done when a device is lost or stolen, and whether they have the procedures and technologies in place to recover or remotely wipe a missing device.
A winning strategy
To address these challenges, healthcare IT departments need to ensure they are effectively managing the growing and complex mobile environment. A traditional approach has been to apply device management, but that conflicts with BYOD users’ desire to control their own device, creating tension between users and IT departments.
There are new solutions that eliminate device management requirements by using “containers” to segregate enterprise information and applications in personal devices. With containerization, people are free to use their smartphones and tablets as they are accustomed to. They are also able to access corporate information without putting corporate assets at risk. In the event that a device is lost or stolen, containers can be wiped remotely without wiping the device of any personal assets or altering personal data or usage in any way. By housing enterprise assets in a secure encrypted data store within the device, containers represent an excellent BYOD solution for mobile computing in healthcare settings.
Containerization lets employees use their own tablets and smartphones in the work environment and access corporate information via a suite of secure containers that provide security, manageability and isolation from personal data. This preserves the employee’s freedom to use their device as they see fit, yet provides the IT department a means of fully controlling who and what devices can access sensitive information.
The best BYOD solutions provide a secure communication channel to the container applications. This eliminates dealing with virtual private network configurations or exposing the network to any malware hosted on a user device. Keeping devices off the network also reduces the need for device management and makes it more practical to deploy on third-party managed devices, such as those carried by physicians for whom enforcing device-level controls might be impractical or impossible.
Containerization delivers the isolation between personal and corporate assets, while preserving the “personal” nature of a device. Healthcare workers can access internal applications via a secure browser, documents via a secure document manager and use the secure mail container for sensitive communications. IT departments are fond of this approach because it enables them to focus on what is most critical: the information. When it comes to BYOD, you should manage the data, not the device.
The proliferation of smartphones and tablets is transforming the way healthcare professionals work, how they access data, communicate and collaborate with colleagues, and interact with patients. Mobile technology has the potential to increase productivity, reduce costs and improve the level of patient care. The growth of mobile devices and the advent of BYOD can introduce new challenges for health IT. Healthcare organizations that proactively address the challenges and deploy a BYOD-friendly container strategy will likely increase their ability to succeed while accommodating these fast-growing technologies.
About the author:
Jonathan Foulkes is the vice president of Mobile Product Management at Kaseya, and was previously the CEO and co-founder of Rover Apps, a mobile solutions provider acquired by Kaseya in July of 2013. Jonathan has more than 25 years of experience in technical leadership and executive roles at companies such as Reed Business Information, Clinical Solutions, DoubleClick (Google) and DCA / Attachmate, with a track record of success in delivering leading solutions in highly competitive markets.
April 9, 2014 10:58 AM
Posted by: adelvecchio
, EHR Adoption
, EHR implementation
Guest post by Charles Settles, content writer, TechnologyAdvice
An ever-increasing number of physicians, hospitals, and clinics are implementing electronic health record systems. Providers are scrambling to choose the right software as deadlines for meaningful use approach.
To qualify for meaningful use incentives in 2013, providers who accept Medicare/Medicaid are required to attest and demonstrate meaningful use of an EHR system no later than March 31, 2014. In 2015, all incentives end and penalties will be handed out to those physicians who have not begun their initial three-month attestation period by September 30, 2014. Qualifying for incentives and avoiding penalties should be enough motivation to begin the EHR adoption process. In order to ensure a successful implementation, providers must first consider how an EHR will affect their practice.
William Stewart, M.D., a Tennessee-based otolaryngologist, has purchased three separate EHR programs and worked with several others. His experience provided him with valuable insights to offer to anyone considering EHR adoption. Below he shares the seven keys to successful EHR implementation.
1. Do your homework
According to Stewart, providers need to “do [their] homework,” and document every aspect of their daily workflow. This is especially important for a first time EHR adopter, as the most minor of details can affect implementation. The more you know at the start of the process, the less likely it is that you’ll have to repeat it.
2. Map out your workflow
According to Stewart, providers must “know what is important to [them]” when considering cost, features, integrations, etc. First time adopters might have some difficulty with this, so it’s helpful to cross-reference your workflow to determine your needs. A provider switching EHRs should seek input from a panel of stakeholders. This is especially important at the hospital level. Failing to seek input from nurses, IT staff, physicians, technicians, and other daily users will also likely end in replacing the EHR system.
3. Try before you buy
Stewart advises anyone shopping for an EHR to “seek out multiple EHR programs and ask for an online demo.” Online EHR reviews are available as a starting point, but with hundreds in the marketplace, narrowing down the options is valuable.
If possible, attend a health IT convention. EHR sellers often set up demo booths, and a savvy shopper can experiment with several different EHRs in an afternoon.
4. Look at more than price
“Don’t believe that you get what you pay for,” warns Stewart, “A higher price does not necessarily indicate higher quality.” Some of the worst-reviewed EHR software is also some of the most expensive. Alternately, some EHRs with a low initial cost are generic and need extensive custom programming. Without someone on staff to make the necessary changes, the customer must turn to the vendor or an outside consultant to perform the work at a significant hourly cost.
5. Check for templates
Stewart advises anyone purchasing an EHR to make sure it has customizable template functionality for progress notes and other input-heavy tasks. Without templates, physicians can drown in “tedious and encyclopedic…check-boxes and drop-down menus that increase the time required” for each office visit.
Once the templates are written and the provider becomes fluent in their use, an EHR “dramatically speeds up how fast you can see patients,” even compared paper charting, he said. In contrast, a poorly designed EHR programcan “decrease efficiency even after fluency,” so customization is essential in order to prevent duplicate data entry or other mistakes.
6. Don’t settle for less (than HL7)
Don’t consider an EHR that doesn’t follow Health Level Seven (HL7) protocol standards for messaging, interoperability, and data exchange. This is especially important if data ever needs to be transferred from one EHR to another.
Stewart called his last EHR migration “very painless” thanks to HL7. Without it, transferring data between EHRs can be both frustrating and time consuming. One EHR company even held patient records hostage when a hospital group switched to a rival system.
7. Keep a paper copy
EHR programs are supposed to help medicine become paperless, but the lack of interoperability between different programs at separate providers’ offices is holding this back. Unless physicians are working on the same program within the same building, information exchange is “all still done via paper,” says Stewart. Someday, EHR programs may allow a primary care physician to electronically forward charts, histories, and other documents along with a referral. Until such interoperability standards become commonplace, it’s wise to keep your fax machine.
Rushing to a decision about EHR software can result in an expensive mistake. Choosing the best EHR for your practice will take time, and require due diligence on features, limitations, and workflows. While this can be a tedious process, implementing the wrong EHR will ultimately cost more in the long run.
Charles Settles is a content writer at TechnologyAdvice. He writes about health IT, business intelligence, and other emerging trends. Connect with him on Google+.
April 2, 2014 11:18 AM
Posted by: adelvecchio
Accountable Care Organizations
, population health management
Guest post by Greg Chittim, senior director, Arcadia Healthcare Solutions
It’s no secret that healthcare is changing. Traditional fee-for-service payment models are going away, and new capitated, quality-based payment models are here to stay. The challenge for providers is to position themselves for success under these new models. Now more than ever, it is critical for healthcare organizations to align their care delivery systems and payment models to support population health management to ensure they are delivering the highest value of proactive care to individual patients and patient populations.
The purpose of population health management is to create a mutually beneficial environment that incentivizes both plans and providers to manage the health of their patients by stratifying the population based on risk, engaging high-risk patients, and proactively improving the health of the overall population. Proactive management of high-risk patients has shown to drastically reduce costs by driving down the number of costly emergency department (ED) visits.
With this transition comes many challenges. New technologies, laws and regulations, lack of expertise, and the inherent difficulties of change management are causing all players supporting the transformation to be spread thin. To be successful in the healthcare industry of tomorrow, change is required today. More and more organizations are beginning to engage with accountable care organizations (ACOs) and other capitated quality-centric contracts, implement tools and technology that support population health, and break ground on initiatives that will better position them for success in the new era of healthcare. The industry is realizing that population health is not a fad — it is the future of healthcare.
At Arcadia Healthcare Solutions, we define population health management as a provider’s ability to answer the following three questions with certainty, and have the data to support those answers:
- Who are my patients?
- How sick are my patients?
- Am I effectively caring for my patients?
Below are steps organizations can take to address these questions.
Step 1: Provider-patient attribution
Maintaining a high degree of precision around defining a patient population has never been as important as it is now. Historically, patients scheduled visits, came in for their appointments, and follow-ups were conducted as necessary. With new payment and delivery models — such as ACOs and patient centered medical homes (PCMH) — provider reimbursements are increasingly dependent on the quality of care delivered and overall risk of their patient population. Providers are now forced to better manage the health of their patient population by proactively engaging their highest risk patients, while appropriately managing the health of the rest of their population. They must also support their better health management practices with high quality data from their EHR. As a result, the ability for health plans or other communities (such as health information exchanges) to successfully attribute patients to their primary care provider (PCP), and all parties having an answer to the question, “Who are my patients?” is absolutely critical.
In theory, this seems like a simple task; assign patients to a PCP, document it, and reconcile as needed — what’s the big deal? But of course, the devil is in the details. With the disconnected nature of healthcare and the numerous parties involved in the attribution process, aligning this data and creating a single source of truth is actually extremely challenging. We recently came across an example of this at an organization who thought they had a good handle on attribution — around 70-80% by their estimation. Upon initial analysis between their EHR and health plan membership files, we discovered that attribution rates were actually hovering around 13%, creating a barrier for future population health and quality improvement initiatives.
Attribution is where all data analytics, quality improvement, and PCMH transformation projects should begin. The most effective way to do this is by integrating clinical and demographic data from EHRs with claims and eligibility data. We do this by tapping into the back end of the EHR, pulling claims data, and loading all data into a centralized data warehouse. Data is then scrubbed and merged utilizing a master patient index, creating a single record for all patients. This rich view of a patient’s activity gives providers the level of detail captured in the EHR, as well as the breadth of data from claims. This allows them to see patient activity across the entire care continuum.
The initial attribution process involves reconciling conflicts between a provider’s perception of attribution (from EHR data) and a plan’s perception (from claims data). This inevitably requires some degree of manual intervention by both payers and providers, but only needs to happen once. A recurring, automated process — requiring far less manual intervention — is implemented after the initial attribution process is complete. We have seen this process improve attribution by upwards of 80% in as few as 90 days, and maintain sustainable attribution rates upwards of 90%.
Once an attribution process is in place, the value of any reporting, quality improvement, PCMH transformation, or overall population health initiative will increase dramatically. Providers will have transparency into their patient population, creating the foundation to begin tackling the challenges that will position them for success in the new era of healthcare.
Of the patient population you identified, how many of these patients are diabetic? Hypertensive? How many are at risk for becoming hypertensive? Are you certain that you can properly identify all of them?
Being able to answer these questions and having the data to back up your answers is crucial. Doing so is more difficult than you may think. First, it is important to be able to identify patients with chronic or other high-risk conditions so you can proactively manage those conditions. Second, new fee-for-value reimbursement models are directly dependent on the level of risk associated with your patient population. By not identifying high-risk patients, reimbursement dollars are left on the table. Finally, you must be able to prove the scope and beneficial impact of the interventions you deliver.
Traditionally, tools used to stratify the population and calculate risk have been primarily based on claims data. High-risk patients were identified based on the diagnosis codes for chronic or high-risk conditions. Outreach and engagement strategies leveraged this data to proactively manage these conditions. However, claims data does not always tell the whole story. What if the condition was not relevant to the visit or was not properly coded? What if the patient has not been in for a visit in that calendar year? What if the patient is at risk for becoming hypertensive but that risk is only captured in specific lab results or diagnostic values? These are all examples of cases where claims data may not tell the whole story. Each of these situations present missed opportunities to both improve quality of care and maximize risk reimbursement.
So, how do you fix this issue? How do you identify these patients, and how do you ensure that you are maximizing your risk reimbursement? One effective way to do this is by leveraging EHR data. Integrating claims with EHR data gives you a richer view of the patient population. Things EHR data can tell you that claims will often miss include the following things.
Vitals signs — Who are patients that have not yet been diagnosed, but are at high risk for becoming hypertensive?
Medical history — Who are patients that may not have had a visit in the last year, but are considered to be high-risk?
Transitions of care — Have any of your patients recently been to the ED?
These are only a few of the questions an integrated data set can answer, but the value of this information is sizable. This level of transparency allows providers to proactively manage their high-risk patients, as well as manage those on the brink of the ‘high-risk’ category. Internal studies conducted by Arcadia have revealed that millions of dollars in risk reimbursement opportunities have been missed due to the incomplete picture presented by claims data.
Although alternative strategies may exist that give you the transparency you need to measure the health of your population, an integrated, data-driven approach is crucial to doing this effectively at scale.
Step 3: Intervene and track
Are you doing what you need to do to effectively care for your patient population? You may be, but do you have the data to back it up? An integrated, high quality data set gives you the data required to support your answer to this question, and gives you the foundational tools needed to identify opportunities and drive improvement.
Once your patient population has been identified, the health and quality of care has been measured, and the population has been stratified based on risk, providers and care teams can begin driving more effective population health and quality improvement initiatives. Visibility into the specific needs of a patient population allows providers to begin providing preventative care to manage the health of their high-risk patients, and engage patients that are in danger of becoming high-risk. Combined, these tools allow providers to maximize the value of their ambulatory networks by aligning delivery models with fee-for-value payment models, and managing costs by providing proactive care, as opposed to costly ED visits or, reactive care.
Although tackling certain quality improvement issues in this model is obvious, others aren’t as apparent. For this purpose, we built a platform that delivers a library of best practice blueprints that can be deployed to drive quality improvement programs. This solution allows you to track the progress of that intervention, and can attribute the results to the intervention. A good change process is usually iterative, but this tool can take some of the iterative cycles and guesswork out of the process. Ultimately, it is designed to drive rapid, sustainable results from quality improvement initiatives.
As provider organizations begin to transform and adopt population health-based tools and methodologies, the improved level of visibility into the organization and patient population will fuel opportunities to drive sustainable change and improvement. With the shift from fee-for-service to fee-for-value payment models, the topic of population health is getting more and more attention. There is optimism about the effect that this shift will have on the industry, as our clients are already yielding positive outcomes in the early phases of the transformation.