Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

HIPAA May be the Least of Your Compliance Worries

Posted on November 21, 2017 I Written By

The following is a guest blog post by Mike Semel from Semel Consulting.  Check out all of Mike Semel’s EMR and HIPAA blog posts.

What requirements have you hidden away?

I visited a new healthcare client last week, and asked if anything in particular made them call us for help with their HIPAA compliance. They surprised me by saying that their insurance company had refused to sell them a cyber-liability/data breach insurance policy, after they saw the answers on our client’s application.

When was the last time you heard about an insurance company not selling a policy? That’s like McDonalds looking you over, and then refusing to sell you a Big Mac.

Our client was scared that they would have to risk the full financial burden of a data breach, which, based on the number of medical records they have, could exceed $10 million.

Everyone knows that HIPAA is a compliance requirement. But it isn’t the only one you should focus on. Use my definition of Compliance, which is, simply, having to do things required by OTHERS.

We personally deal with compliance requirements all the time. We stop at traffic lights. We have our car inspected. We fasten our seat belts. We empty our pockets at airport security. We pay our bills on time. At work, we wear an ID badge, show up on time, and park in an approved space. At home, we take our dirty shoes off before walking on the carpet. There are risks associated with NOT doing each of these things.

It can be a big mistake to focus so much on HIPAA that you forget other compliance requirements, including:

  • Other Federal and State Laws
  • Industry Requirements
  • License Requirements
  • Contractual Obligations
  • Insurance Requirements
  • Lawsuits

You should not take the narrow HIPAA approach, like buying a policy manual, using an online ‘We Make HIPAA Easy’ service, or think hiring out a Security Risk Analysis is going to make you compliant.

When we work with our clients, before we get started we help you identify all your compliance requirements.

OTHER FEDERAL REGULATIONS

Depending on the services you offer, you may be required to comply with other federal regulations, like Title 42, governing substance abuse treatment.

The Federal Trade Commission has come down hard on data breaches, including the controversial closure of a small medical lab. The FTC looks at patients as consumers, and considers a data breach to be an Unfair Business Practice because the organization losing the data failed to protect its consumers, and is in violation of its Notice of Privacy Practices.

STATE LAWS

Forty-eight states, plus DC and Puerto Rico, have data breach laws. Most states protect Personally Identifiable Information (PII), including driver’s license and Social Security numbers. Some states cover medical records, no matter who has them, while HIPAA only covers medical records held by certain types of organizations. Some of the state laws change the reporting requirements after a breach of patient records. For example, California requires patient notification within 15 days, instead of the 60-day maximum permitted by HIPAA.

Most states have separate laws requiring confidentiality of mental health, HIV, substance abuse, or STD treatment records. State attorneys general are willing to cross their state lines to protect the confidentiality of their voters.

We work with our clients to identify the states where your patients come from, not only where you are located. We build an Incident Management program that includes each applicable notification and reporting requirement.

INDUSTRY REQUIREMENTS

Industry requirements include PCI-DSS, the data security standards protecting credit card information. PCI stands for the Payment Card Industry. While not a law, if you don’t comply with PCI you can be prevented from accepting credit cards. What would that do to your bottom line and patient satisfaction?

LICENSING

Licensing requirements protecting patient confidentiality go back long before HIPAA, which became law in 1996. In 1977, 19 years before HIPAA, I became an Emergency Medical Technician (EMT). The first class I took was about maintaining confidentiality. After that, I knew that violating a patient’s confidentiality could cost me my license.

Think about your license, your certifications, even the Code of Ethics in your professional association. If I really wanted to get back at someone for violating my confidentiality, my first complaint would be to their licensing board, even before I submitted a complaint to their employer or the federal government. Losing your license may kill your career, and being investigated by your licensing board will certainly get your attention.

When you are justifying the costs related to Security and Compliance, be sure to quantify the effect on your income, lifestyle, and retirement, if you were to lose your license.

CONTRACTS

Many of our clients have signed contracts with other organizations, that include cyber security requirements as a contractual obligation to do business together. These contracts are often reviewed by attorneys, signed by executives, and then filed away. The requirements are not always communicated to the people on the front lines.

In 2012, Omnicell, a drug cart manufacturer, breached the records of 68,000 patients when an employee’s unencrypted laptop was stolen. The health systems – clients of Omnicell –  announced that Omnicell’s contract with them included a requirement that patient data would only be stored on encrypted devices. The loss of the laptop became a breach of contract discussion, not just a simple data breach.

My guess is that the contract was signed, and then just filed away. I don’t think Omnicell’s purchasing department was told it was supposed to order encrypted laptops for its field technicians. I don’t think its IT department knew it had a contractual obligation to install encryption on all laptops, and I doubt the field tech knew he was violating a contract when he transferred patient data to his unencrypted computer. Worse, no one who was aware of the contract requirements was auditing the company’s compliance.

During a recent client visit, I asked if our client had signed any contracts with their clients. She went through a list that included one of the top health systems in the country. I’m not a lawyer, but I asked to see the contract, because I knew the health system had included cyber security requirements as a contractual obligation with our other clients.

After a few minutes, she returned with the file folder containing the contract. I found the cyber security section, and read it to her. I asked if her company was meeting the requirements in the contract. She said no. I asked her what the future of her business would look like if they lost the business of one of the country’s leading health systems, because they breached their contract. She replied that her business probably would not survive.

We focused our project around meeting the specific requirements of their contract, not the vague and flexible requirements in HIPAA.

INSURANCE

Cyber Liability (also known as Data Breach) Insurance is a popular line of revenue for insurance companies. Unlike malpractice insurance, which assumes you will make a mistake, cyber insurance may only protect you if you are doing all the things you included on your insurance application. It may pay a claim only if you are doing everything correctly, and still suffer a breach. What you answer on the application may come back to haunt you.

In 2013, Cottage Health’s IT vendor accidently published a file server to the Internet, exposing patient information. Patients Googling themselves got back their medical records. The patients filed a class action suit, so Cottage Health brought in Columbia Casualty, their cyber liability insurance provider, to provide legal representation, and settle the claim.

The lawsuit was settled for $4.1 million, which was paid by Columbia Casualty. Columbia told Cottage Health that, even though it was making the payment, it still reserved its rights and would continue investigating the case.

Columbia Casualty then sued its own client, Cottage Health, to get the $ 4.1 million back. It said it determined that Cottage Health had made misstatements when it answered questions on the original policy application, including that it regularly maintained security patches on its devices. Columbia also said it should be excluded from losses because Cottage Health failed to continuously maintain the level of security stated on its application.

The lawsuit said that it did not matter if Cottage Health was mistaken, or had intentionally lied on the application.

As part of our assessments, we review insurance applications. When we work with our clients, we help you implement consistent programs to maintain the level of security you claim on your application.

LAWSUITS

While you don’t comply with a lawsuit, watching court cases can help you understand your risks and how to protect your organization.

Many people think that a HIPAA Notice of Privacy Practices is just a basic brochure you have to include with new patient paperwork. A patient is suing her doctor for negligence after her information was shared without her authorization. She claimed that the practice did not follow its Notice of Privacy Practices, and the Connecticut Supreme Court upheld that HIPAA can be used as a Standard of Care in a negligence suit.

Walgreen’s lost $1.44 million in a lawsuit after a pharmacist breached a customer’s confidentiality. Walgreens proved its pharmacist had received HIPAA training and had signed a confidentiality agreement. The company said it had done everything possible to prevent the breach. The jury disagreed.

By looking at law suits you can see that attorneys are using compliance requirements as the basis for claims. That can be scarier compared to the likelihood is that the federal government will make the effort to go after you.

LESSONS LEARNED

It’s really easy to focus just on HIPAA and think you are compliant. It’s also a mistake.

HIPAA is vague. It is flexible, giving you a lot of freedom to choose how to comply with the regulation. The ‘HIPAA-in-a-Box’ solutions can give you a false sense of Security and Compliance, because they are so narrowly focused.

The Federal Trade Commission can assess stronger penalties than the OCR, the federal agency that enforces HIPAA. The FTC has put businesses on 20-year monitored compliance programs. When we work with our clients, we help you create written evidence that your security policies and procedures are working.

State laws can change your patient reporting requirements. They also protect confidential information you have for your workforce members. Your Incident Management program can’t just focus on HIPAA.

Industry requirements can be very serious. Can you risk not accepting credit cards? Contact the merchant service that processes your cards to make sure you are complying with PCI-DSS.

Verify the reporting requirements of the entities that license your staff. You may have an obligation to report a breach to them, instead of waiting for someone to file a complaint.

Review the contracts you have in your files for cyber security requirements, and note any in new contracts you are about to sign. Make sure everyone in your organization who must comply with the contract requirements know about them.

You can’t buy insurance instead of doing the right things to protect data. However, if you do things right insurance may save you millions of dollars. You should review your policy application every quarter, and demand evidence from your IT department or vendor that you are in compliance with the policy requirements. Too much work? Would you rather have your insurance company fail to pay a multi-million-dollar claim?

Keep repeating to yourself, “Compliance isn’t just about HIPAA” and uncover the rest of your compliance requirements.

About Mike Semel

Mike Semel is a noted thought leader, speaker, blogger, and best-selling author of HOW TO AVOID HIPAA HEADACHES . He is the President and Chief Security Officer of Semel Consulting, focused on HIPAA and other compliance requirements; cyber security; and Business Continuity planning. Mike is a Certified Business Continuity Professional through the Disaster Recovery Institute, a Certified HIPAA Professional, Certified Security Compliance Specialist, and Certified Health IT Specialist. He has owned or managed technology companies for over 30 years; served as Chief Information Officer (CIO) for a hospital and a K-12 school district; and managed operations at an online backup company.

LTPAC – A Vibrant Hidden World

Posted on November 20, 2017 I Written By

Colin Hung is the co-founder of the #hcldr (healthcare leadership) tweetchat one of the most popular and active healthcare social media communities on Twitter. Colin speaks, tweets and blogs regularly about healthcare, technology, marketing and leadership. He is currently an independent marketing consultant working with leading healthIT companies. Colin is a member of #TheWalkingGallery. His Twitter handle is: @Colin_Hung.

PointClickCare, makers of a cloud-based suite of applications designed for long-term post acute care (LTPAC), recently held its annual user conference (PointClickCare SUMMIT) in sunny Orlando, Florida. The conference quite literally shone a light on the LTPAC world – a world that is often overlooked by those of us that focus on the acute care side of healthcare. It was an eye-opening experience.

This year’s SUMMIT was the largest in the company’s history, attracting over 1,800 attendees from skilled nursing providers, senior living facilities, home health agencies and Continuing Care Retirement Communities. Over the three days of SUMMIT I managed to speak to about 100 attendees and every one of them had nothing but praise for PointClickCare.

“I couldn’t imagine doing my work without PointClickCare. I wouldn’t even know where to start if I had to use paper.”

“I don’t want to go back to the days before we had PointClickCare. We had so much paperwork back then and I used to spend an hour or two after my shift just documenting. Now I don’t have to. I track everything in the system as I go.”

“PointClickCare lets us focus more on the people in our care. We have the ability to do things that would have been impossible if we weren’t on an electronic system. We’re even starting to share data with some of our community partners.”

Contrary to what many believe, not every skilled nursing provider and senior living facility operates with clipboards and fax machines. “That’s one of the biggest misconceptions that people have of the LTPAC market,” says Dave Wessinger, Co-Founder and CTO at PointClickCare. “Almost everyone assumes that LTPAC organizations use nothing but paper or a terrible self-built electronic solution. The reality is that many have digitized their operations and are every bit as modern as their acute care peers.”

According to a recent Black Book survey, 19 percent of LTPAC providers have now adopted some form of an Electronic Health Record (EHR) system. In 2016, Black Book found the adoption rate was 15 percent. The Office of the National Coordinator recently published a data brief that showed adoption of EHRs by Skilled Nursing Facilities (SNFs) had reached 64% in 2016.

Although these numbers are low compared to the +90% EHR adoption rate by US hospitals, it does indicate that there are many pioneering LTPAC providers that have jumped into the digital world.

“It’s fun to be asked by our clients to work with their acute care partners,” explains BJ Boyle, Director of Product Management at PointClickCare. “First of all, they are surprised that a company like PointClickCare even exists. They are even more surprised when we work with them to exchange health information via CCD.”

Boyle’s statement was one of many during SUMMIT that opened my eyes to the innovative technology ecosystem that exists in LTPAC. Further proof came from the SUMMIT exhibit hall where no less than 72 partners had booths set up.

Among the exhibitors were several that focus exclusively on the LTPAC market:

  • Playmaker. A CRM/Sales solution for post-acute care.
  • Hymark. A technical consultancy that helps LTPAC organizations implement and optimize PointClickCare.
  • Careserv. A LTPAC cloud-hosting and managed services provider.

And some with specialized LTPAC offerings:

  • Care.ly. An app that helps families coordinate the care of their elderly loved ones with senior care facilities.
  • McBee Associates. Financial and revenue cycle consultants that help LTPAC organizations.

I came away from SUMMIT with a newfound respect for the people that work in LTPAC. I also have a new appreciation for the innovative solutions being developed for LTPAC by companies like PointClickCare, Care.ly and Playmaker. This is a vibrant hidden world that is worth paying attention to.

Note: PointClickCare did cover travel expenses for Healthcare Scene to be able to attend the conference.

Measuring the Vital Signs of Health Care Progress at the Connected Health Conference (Part 3 of 3)

Posted on November 17, 2017 I Written By

Andy Oram is an editor at O’Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space.

Andy also writes often for O’Reilly’s Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O’Reilly’s Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The previous segment of this article covered one of the crucial themes in health care today: simplifying technology’s interactions with individuals over health care. This segment finishes my coverage of this year’s Connected Health Conference with two more themes: improved data sharing and blockchains.

Keynote at Connected Health Conference

Keynote at Connected Health Conference

Improved data sharing
The third trend I’m pursuing is interoperability. If data collection is the oxygen that fuels connected health, data sharing is the trachea that brings it where it’s needed. Without interoperability, clinicians cannot aid patients in their homes, analysts cannot derive insights that inform treatments, and transitions to assisted living facilities or other environments will lead to poor care.

But the health care field is notoriously bad at data sharing. The usual explanation is that doctors want to make it hard for competitors to win away their patients. If that’s true, fee-for-value reimbursements will make them even more possessive. After all, under fee-for-value, clinicians are held accountable for patient outcomes over a long period of time. They won’t want to lose control of the patient. I first heard of this danger at a 2012 conference (described in the section titled “Low-hanging fruit signals a new path for cost savings”).

So the trade press routinely and ponderously reports that once again, years have gone by without much progress in data sharing. The US government recognizes that support for interoperability is unsatisfactory, and has recently changed the ONC certification program to focus on it.

Carla Kriwet, CEO of Connected Care and Health Informatics at Philips, was asked in her keynote Fireside Chat to rate the interoperability of health data on a scale from 0 to 10, and chose a measly 3. She declared that “we don’t believe in closed systems at all” and told me in an interview that Philips is committed to creating integrated solutions that work with any and all products. Although Philips devices are legendary in many domains, Kriwet wants customers to pay for outcomes, not devices.

For instance, Philips recently acquired the Wellcentive platform that allows better care in hospitals by adopting population health approaches that look at whole patient populations to find what works. The platform works with a wide range of input sources and is meant to understand patient populations, navigate care and activate patients. Philips also creates dashboards with output driven by artificial intelligence–the Philips IntelliVue Guardian solution with Early Warning Scoring (EWS)–that leverages predictive analytics to present critical information about patient deterioration to nurses and physicians. This lets them intervene quickly before an adverse event occurs, without the need for logging in repeatedly. (This is an example of another trend I cover in this article, the search for simpler interfaces.)

Kriwet also told me that Philips has incorporated the principles of agile programming throughout the company. Sprints of a few weeks develop their products, and “the boundary comes down” between R&D and the sales team.

I also met with Jon Michaeli, EVP of Strategic Partnerships with Medisafe, a company that I covered two years ago. Medisafe is one of a slew of companies that encourage medication adherence. Always intensely based on taking in data and engaging patients in a personalized way, Medisafe has upped the sophistication of their solution, partly by integrating with other technologies. One recent example is its Safety Net, provided by artificial intelligence platform Neura. For instance, if you normally cart your cell phone around with you, but it’s lying quiet from 10:00 PM until 6:00 AM, Safety Net may determine your reason for missing your bedtime dose at 11:00 PM was that you had already fallen asleep. If Safety Net sees recurring patterns of behavior, it will adjust reminder time automatically.

Medisafe also gives users the option of recording the medication adherence through sensors rather than responding to reminders. They can communicate over Bluetooth to a pill bottle cap (“iCap”) that replaces the standard medicine cap and lets the service know when you have opened the bottle. The iCap fits the vast majority of medicine bottles dispensed by U.S. pharmacies and costs only $20 ($40 for a pack of 2), so you can buy several and use them for as long as you’re taking your medicine.

On another level, Mivatek provides some of the low-level scaffolding to connected health by furnishing data from devices to systems developed by the company’s clients. Suppose, for instance, that a company is developing a system that responds to patients who fall. Mivatek can help them take input from a button on the patient’s phone, from a camera, from a fall detector, or anything else to which Mivatek can connect. The user can add a device to his system simply by taking a picture of the bar code with his phone.

Jorge Perdomo, Senior Vice President Corporate Strategy & Development at Mivatek, told me that these devices work with virtually all of the available protocols on the market that have been developed to promote interoperability. In supporting WiFi, Mivatek loads an agent into its system to provide an additional level of security. This prevents device hacking and creates an easy-to-install experience with no setup requirements.

Blockchains
Most famous as a key technological innovation supporting BitCoin, blockchains have a broad application as data stores that record transactions securely. They can be used in health care for granting permissions to data and other contractual matters. The enticement offered by this technology is that no central institution controls or stores the blockchain. One can distribute the responsibility for storage and avoid ceding control to one institution.

Blockchains do, however, suffer from inherent scaling problems by design: they grow linearly as people add transactions, the additions must be done synchronously, and the whole chain must be stored in its entirety. But for a limited set of participants and relatively rate updates (for instance, recording just the granting of permissions to data and not each chunk of data exchanged), the technology holds great promise.

Although I see a limited role for blockchains, the conference gave considerable bandwidth to the concept. In a keynote that was devoted to blockchains, Dr. Samir Damani described how one of his companies, MintHealth, planned to use them to give individuals control over health data that is currently held by clinicians or researchers–and withheld from the individuals themselves.

I have previously covered the importance patient health records, and the open source project spotlighted by that article, HIE of One, now intends to use blockchain in a manner similar to MintHealth. In both projects, the patient owns his own data. MintHealth adds the innovation of offering rewards for patients who share their data with researchers, all delivered through the blockchain. The reward system is quite intriguing, because it would create for the first time a real market for highly valuable patient data, and thus lead to more research use along with fair compensation for the patients. MintHealth’s reward system also fits the connected health vision of promoting healthy behavior on a daily basis, to reduce chronic illness and health care costs.

Conclusion
Although progress toward connected health comes in fits and starts, the Connected Health Conference is still a bright spot in health care each year. For the first time this year, Partners’ Center for Connected Health partnered with another organization, the Personal Connected Health Alliance, and the combination seems to be a positive one. Certain changes were noticeable: for instance, all the breakout sessions were panels, and the keynotes were punctuated by annoying ads. An interesting focus this year was wellness in aging, the topic of the final panel. One surprising difference was the absence of the patient advocates from the Society for Participatory Medicine whom I’m used to meeting each year at this conference, perhaps because they held their own conference the day before.

The Center for Connected Health’s Joseph Kvedar still ran the program team, and the themes were familiar from previous years. This conference has become my touchstone for understanding health IT, and it will continue to be the place to go to track the progress of health care reform from a technological standpoint.

The Power of Combining Clinical & Claims Data

Posted on November 16, 2017 I Written By

The following is a guest blog by Monica Stout from MedicaSoft

Whether the goal is to improve outcomes or increase efficiency, the healthcare industry finds itself searching for more and better data to support its efforts. Clinical data provides substantial details on patient encounters, but it is often difficult to assemble and integrate data from more than one healthcare provider. Claims data is better at following a patient across multiple care providers, but lacks information on patient health status and outcomes. Individually, both sets of data tell helpful stories, from chronicling the cost of care to reflecting how medicine is practiced. Together, clinical and claims data provide a fuller picture of a patient’s interactions with health care systems, the costs involved, and the results achieved. This larger picture provides the information that healthcare providers and insurers can use to guide their actions.

Assembling this data and making it available in a useful framework remains challenging. Data is not always available from providers and payers. When data is available, it is often not standardized (a particular issue with clinical data), making analysis difficult. So, how do organizations avoid investing time and money in efforts that fail to produce meaningful results? How do you make the data useful and improve patient satisfaction, care quality, and drive down system costs?

  1. Better data sharing agreements. Both providers and payers need more stringent data sharing agreements in place as well as insistence that they receive good data from plans.
  2. Address data quality issues head-on. Use real experts armed with specific tools to address any data quality issues within an organization.
  3. Use technology to help. Clinical data platforms can aggregate and integrate data into clinically relevant patient records, and claims data platforms extract relevant information from the complexity of the underlying claims data. Further, new advanced platforms help integrate clinical and claims data to support meaningful analytics.

Bringing together clinical data and claims data in a form that supports a variety of tools and analytics is key to the efforts of both healthcare providers and payers to improve outcomes, quality, and cost. This integrated data approach will yield better results than can be achieved with clinical or claims data alone. Stakeholders can and should leverage both policy and technology to develop solutions that produce meaningful results.

Are you combining clinical and claims data in your organization? What value have you gotten out of doing so? Why aren’t you doing it if you’re not?

About Monica Stout
Monica is a HIT teleworker in Grand Rapids, Michigan by way of Washington, D.C., who has consulted at several government agencies, including the National Aeronautics Space Administration (NASA) and the U.S. Department of Veterans Affairs (VA). She’s currently the Marketing Director at MedicaSoft. Monica can be found on Twitter @MI_turnaround or LinkedIn.

About MedicaSoft
MedicaSoft designs, develops, delivers, and maintains EHR, PHR, and UHR software solutions and HISP services for healthcare providers and patients around the world. MedicaSoft is a proud sponsor of Healthcare Scene. For more information, visit www.medicasoft.us or connect with us on Twitter @MedicaSoftLLC, Facebook, or LinkedIn.

Measuring the Vital Signs of Health Care Progress at the Connected Health Conference (Part 2 of 3)

Posted on November 15, 2017 I Written By

Andy Oram is an editor at O’Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space.

Andy also writes often for O’Reilly’s Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O’Reilly’s Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The first segment of this article introduced the themes of the Connected Health Conference and talked about the importance of validating what new technologies do using trials or studies like traditional medical advances. This segment continues my investigation into another major theme in health care: advanced interfaces.

Speaker from Validic at Connected Health Conference

Speaker from Validic at Connected Health Conference

Advanced interfaces
The compulsory picture of health care we’re accustomed to seeing, whenever we view hospital propaganda or marketing from health care companies, shows a patient in an awkward gown seated on an uncomfortable examination table. A doctor faces him or her full on–not a computer screen in site–exuding concern, wisdom, friendliness, and professionalism.

More and more, however, health sites are replacing this canonical photograph with one of a mobile phone screen speckled with indicators of our vital signs or thumbnail shot of our caregivers. The promise being conveyed is no longer care from a trusted clinician in the office, but instant access to all our information through a medium familiar to almost everyone everywhere–the personal mobile device.

But even touchscreen access to the world of the cloud is beginning to seem fusty. Typing in everything you eat with your thumbs, or even answering daily surveys about your mental state, gets old fast. As Dr. Yechiel Engelhard of TEVA said in his keynote, patients don’t want to put a lot of time into managing their illnesses, nor do doctors want to change their workflows. So I’m fascinated with connected health solutions that take the friction out of data collection and transmission.

One clear trend is the move to voice–or rather, I should say back to voice, because it is the original form of human communication for precise data. The popularity of Amazon Echo, along with Siri and similar interfaces, shows that this technology will hit a fever pitch soon. One research firm found that voice-triggered devices more than doubled in popularity between 2015 and 2016, and that more than half of Americans would like such a device in the home.

I recently covered a health care challenge using Amazon Alexa that demonstrates how the technology can power connected health solutions. Most of the finalists in the challenge were doing the things that the Connected Health Conference talks about incessantly: easy and frequent interactions with patients, analytics to uncover health problems, integration with health care providers, personalization, and so on.

Orbita is another company capitalizing on voice interfaces to deliver a range of connected health solutions, from simple medication reminders to complete care management applications for diabetes. I talked to CEO Bill Rogers, who explained that they provide a platform for integrating with AI engines provided by other services to carry out communication with individuals through whatever technology they have available. Thus, Orbita can talk through Echo, send SMS messages, interact with a fitness device or smart scale, or even deliver a reminder over a plain telephone interface.

One client of Orbita uses it platform to run a voice bot that talks to patients during their discharge process. The bot provides post-discharge care instructions and answers patients’ questions about things like pain management and surgery wound care. The results show that patients are more willing to ask questions of the bot than of a discharge nurse, perhaps because they’re not afraid of wasting someone’s time. Rogers also said services are improving their affective interfaces, which respond to the emotional tone of the patient.

Another trick to avoid complex interfaces is to gather as much data as possible from the patient’s behavior (with her consent, of course) to eliminate totally the need for her to manually enter data, or even press a button. Devices are getting closer to this kind of context-awareness. Following are some of the advances I enjoyed seeing at the Connected Health Conference.

  • PulseOn puts more health data collection into a wrist device than I’ve ever seen. Among the usual applications to fitness, they claim to detect atrial fibrillation and sleep apnea by shining a light on the user’s skin and measuring changes in reflections caused by variations in blood flow.
  • A finger-sized device called Gocap, from Common Sensing, measures insulin use and reports it over wireless connections to clinical care-takers. The device is placed over the needle end of an insulin pen, determines how much was injected by measuring the amount of fluid dispensed after a dose, and transmits care activity to clinicians through a companion app on the user’s smartphone. Thus, without having to enter any information by hand, people with diabetes can keep the clinicians up to date on their treatment.
  • One of the cleverest devices I saw was a comprehensive examination tool from Tyto Care. A small kit can carry the elements of a home health care exam, all focused on a cute little sphere that fits easily in the palm. Jeff Cutler, Chief Revenue Officer, showed me a simple check on the heart, ear, and throat that anyone can perform. You can do it with a doctor on the other end of a video connection, or save the data and send it to a doctor for later evaluation.

    Tyto Care has a home version that is currently being used and distributed by partners such as Heath Systems, providers, payers and employers, but will ultimately be available for sale to consumers for $299. They also offer a professional and remote clinic version that’s tailor-made for a school or assisted living facility.

A new Digital Therapeutics Alliance was announced just before the conference, hoping to promote more effective medical devices and allow solutions to scale up through such things as improving standards and regulations. Among other things, the alliance will encourage clinical trials, which I have already highlighted as critical.

Big advances were also announced by Validic, which I covered last year. Formerly a connectivity solution that unraveled the varying quasi-standard or non-standard protocols of different devices in order to take their data into electronic health records, Validic has created a new streaming API that allows much faster data transfers, at a much higher volume. On top of this platform they have built a notification service called Inform, which takes them from a networking solution to a part of the clinicians’ workflow.

Considerable new infrastructure is required to provide such services. For instance, like many medication adherence services, Validic can recognize when time has gone by without a patient reporting that’s he’s taken his pill. This level of monitoring requires storing large amounts of longitudinal data–and in fact, Validic is storing all transactions carried out over its platform. The value of such a large data set for discovering future health care solutions through analytics can make data scientists salivate.

The next segment of this article wraps up coverage of the conference with two more themes.

MACRA/MIPS: Chutes & Ladders 2.0 – #HITsm Chat Topic

Posted on November 14, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 11/17 at Noon ET (9 AM PT). This week’s chat will be hosted by Jim Tate (@jimtate) from EMR Advocate and MIPS Consulting on the topic of “MACRA/MIPS: Chutes & Ladders 2.0.”

As Meaningful Use fades into the sunset we witness the arrival of the MACRA/MIPS program. The most significant change in Medicare Part B reimbursement in a generation has arrived. Fueled by the shift to “pay for value”, this zero-sum legislation guarantees there will be winners and losers. I am reminded of the childhood board game, Chutes & Ladders, where you were either climbing up or sliding down.

Join us as we dive into this topic during this week’s #HITsm chat using the following questions.

Topics for This Week’s #HITsm Chat:

T1: Is MACRA/MIPS fair to providers? #hitsm

T2: How prepared are Eligible Clinicians for MACRA/MIPS? #hitsm

T3: What are the potential impacts of the MIPS Composite Performance Scores being made public? #hitsm

T4: Part B drugs will be included in MIPS eligibility and reimbursement calculations. What are the possible consequences? #hitsm

T5: Will MACRA/MIPS deliver better care at a lower cost? #hitsm

Bonus: If you had the power to change anything, what would you change with MACRA/MIPS? #HITsm

Upcoming #HITsm Chat Schedule
11/24 – Thanksgiving Break!
Show some gratitude on Thanksgiving by thanking someone in the #HITsm community!

12/1 – Using Technology to Fight EHR Burnout
Hosted by Gabe Charbonneau, MD (@gabrieldane)

12/8 – TBD
Hosted by Homer Chin (@chinhom) and Amy Fellows (@afellowsamy) from @MyOpenNotes)

12/15 – TBD
Hosted by David Fuller (@genkidave)

12/22 – Holiday Break

12/29 – Holiday Break

We look forward to learning from the #HITsm community! As always, let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

Measuring the Vital Signs of Health Care Progress at the Connected Health Conference (Part 1 of 3)

Posted on November 13, 2017 I Written By

Andy Oram is an editor at O’Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space.

Andy also writes often for O’Reilly’s Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O’Reilly’s Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Attendees at each Connected Health Conference know by now the architecture of health reform promoted there. The term “connected health” has been associated with a sophisticated amalgam of detailed wellness plans, modern sensors, continuous data collection in the field, patient control over data, frequent alerts and reminders, and analytics to create a learning health care system. The mix remains the same each year, so I go each time to seek out progress toward the collective goal. This year, I’ve been researching what’s happening in these areas:

  • Validation through clinical trials
  • Advanced interfaces to make user interaction easier
  • Improved data sharing (interoperability)
  • Blockchains

Panel at Connected Health Conference

Panel at Connected Health Conference

There were a few other trends of interest, which I’ll mention briefly here. Virtual reality (VR) and augmented reality (AR) turned up at some exhibitor booths and were the topic of a panel. Some of these technologies run on generic digital devices–such as the obsession-inducing Pokémon GO game–while others require special goggles such as the Oculus Rift (the first VR technology to show a promise for widespread adoption, and now acquired by Facebook) or Microsoft’s HoloLens. VR shuts out the user’s surroundings and presents her with a 360-degree fantasy world, whereas AR imposes information or images on the surroundings. Both VR and AR are useful for teaching, such as showing an organ in 3D organ in front of a medical student on a HoloLens, and rotating it or splitting it apart to show details.

I haven’t yet mentioned the popular buzzword “telehealth,” because it’s subsumed under the larger goal of connected health. I do use the term “artificial intelligence,” certainly a phrase that has gotten thrown around too much, and whose meaning is subject of much dissension. Everybody wants to claim the use of artificial intelligence, just as a few years ago everybody talked about “the cloud.” At the conference, a panel of three experts took up the topic and gave three different definitions of the term. Rather than try to identify the exact algorithms used by each product in this article and parse out whether they constitute “real” artificial intelligence, I go ahead and use the term as my interviewees use it.

Exhibition hall at Connected Health Conference

Exhibition hall at Connected Health Conference

Let’s look now at my main research topics.

Validation through clinical trials
Health apps and consumer devices can be marketed like vitamin pills, on vague impressions that they’re virtuous and that doing something is better than doing nothing. But if you want to hook into the movement for wellness–connected health–you need to prove your value to the whole ecosystem of clinicians and caretakers. The consumer market just doesn’t work for serious health care solutions. Expecting an individual to pay for a service or product would limit you to those who can afford it out-of-pocket, and who are concerned enough about wellness to drag out their wallets.

So a successful business model involves broaching the gates of Mordor and persuading insurers or clinicians to recommend your solution. And these institutions won’t budge until you have trials or studies showing that you actually make a difference–and that you won’t hurt anybody.

A few savvy app and device developers build in such studies early in their existence. For instance, last year I covered a typical connected health solution called Twine Health, detailing their successful diabetes and hypertension trials. Twine Health combines the key elements that one finds all over the Connected Health Conference: a care plan, patient tracking, data analysis, and regular check-ins. Their business model is to work with employer-owned health plans, and to expand to clinicians as they gradually migrate to fee-for-value reimbursement.

I sense that awareness is growing among app and device developers that the way to open doors in health care is to test their solutions rigorously and objectively. But I haven’t found many who do so yet.

In the next segment of this article continues my exploration of the key themes I identified at the start of this article.

Communication Strategies Must Include Caregivers, Too

Posted on November 9, 2017 I Written By

The following is a guest blog post by Chelsea Kimbrough from Stericycle Communication Solutions, as part of the Communication Solutions Series of blog posts. Follow and engage with them on Twitter: @StericycleComms

Chelsea KimbroughMillions of healthcare-centric communications occur every day between providers, doctors, professionals, patients, and caregivers. These communications are often focused on the patient. This is a great thing, as the patient is the individual in need of care. Frequently, however, communication strategies are developed to meet patients’ needs and don’t truly consider how to best engage caregivers.

At one point or another, most of us will act as a caregiver for a child, spouse, or parent. We may even be responsible for coordinating multiple patient journeys at once. And should that responsibility come, we’ll likely find the best experiences with healthcare organizations that not only provide excellent patient care, but convenient communications.

According to the National Alliance for Caregiving and AARP, 48 percent of caregivers are 18 to 49-years-old. And as this population ages and more young individuals step into the caregiver role, more caregivers will have been raised in homes with Internet access, smartphones, and more. In order to create caregiver-friendly experiences, healthcare organizations should ensure their communication strategies are mobile-optimized, technology-driven, and readily accessible.

Already, caregivers are seeking out ways to simplify communications with healthcare organizations. Instead of making a telephone call to schedule an appointment, many are opting to schedule appointments on behalf of patients online. By providing an easy-to-use online scheduling platform, healthcare organizations can not only ensure busy caregivers can quickly secure an appointment, they can help drive new patient acquisition.

Likewise, appointment reminders – especially those delivered via text message, which are read in the first three minutes by 90 percent of recipients – can be incredibly beneficial for both patients and healthcare organizations. By sending out a strategically timed reminder in a way caregivers are sure to see, healthcare organizations can decrease no-show rates. Here at Stericycle Communication Solutions, we’ve seen no-show rates drop by as much as 80 percent once our appointment reminder solution was implemented – a figure that impacted both the organization’s population and financial health.

A few other ways healthcare organizations can ensure they are ready to meet caregivers’ evolving needs include:

  • Implementing a website that is mobile-friendly and up-to-date
  • Communicating the same information no matter the tool, technology, department, or professional someone may interact with
  • Ensuring the entities listed above have access to the information they need to provide consistent, reliable experiences
  • Answering all phone calls with a live, friendly voice prepared to meet their every need

Caregivers and patients alike want predictable and repeatable experiences no matter the communication channel they choose to interact with. Dubbed “omnichannel” experiences across commercial sectors, healthcare organizations should implement communication strategies and infrastructure that can keep pace with evolving technology and communication preferences. Healthcare organizations that are readily able to introduce new communication channels will be best positioned to secure loyalty and success.

To learn more about how consumer-minded patients are driving the need for omnichannel experiences in the healthcare industry, check out our recent e-book, OmniWhat?!

The Communication Solutions Series of blog posts is sponsored by Stericycle Communication Solutions, a leading provider of high quality telephone answering, appointment scheduling, and automated communication services. Stericycle Communication Solutions combines a human touch with innovative technology to deliver best-in-class communication services. Connect with Stericycle Communication Solutions on social media: @StericycleComms

Optimization Dominates CHIME17 Discussions

Posted on November 8, 2017 I Written By

Colin Hung is the co-founder of the #hcldr (healthcare leadership) tweetchat one of the most popular and active healthcare social media communities on Twitter. Colin speaks, tweets and blogs regularly about healthcare, technology, marketing and leadership. He is currently an independent marketing consultant working with leading healthIT companies. Colin is a member of #TheWalkingGallery. His Twitter handle is: @Colin_Hung.

“Our EHR Implementation is done”

“We completed our EHR roll-out last year”

“The last EHR module has gone live”

With these words, CIO presenters at the recent CHIME Fall CIO Forum (CHIME17) ushered in a new era in Healthcare IT. Instead of EHR implementations dominating the discussion, optimization was the hot topic of discussion at the event.

“It’s clear to us that CIOs are dedicating more time and energy towards optimizing their systems rather than just implementing them”, says Ed Rucinski, Senior Vice President Worldwide Healthcare Sales at Nuance and CHIME17 attendee. “Our clients, for example, are looking for ways to simplify the documentation physicians have to do in their EHRs so that they can focus their attention back on helping patients.”

Finding ways to better utilize the EHR infrastructure was the subject of many CHIME17 sessions. In one, Sallie Arnett, Vice President Information Systems and Chief Information Officer at Licking Memorial Health Systems, presented how her organization is leveraging EHR and patient monitoring data to detect the early signs of sepsis. Over 62 lives were saved through the work of Arnett and the staff at Licking Memorial.

These results would not have been possible without the investments made in EHR implementations and other digitization efforts.

Several sessions at CHIME17 were centered on the changing role of CMIOs. For the past several years CMIOs have been synonymous with EHR implementations. Now with EHRs up and running, CHIME presenters spoke about how CMIOs were morphing into CHIOs – Chief Health Information Officers – charged with extracting clinical value from the data within the hospital’s systems. This shift in focus is further evidence that healthcare is beginning to move beyond implementation and that we are entering a time of EHR optimization.

The new focus on optimization is a welcome development. It signifies that we are finally near the end of the road-building phase of the inudstry’s EHR journey and we are getting to the phase where we start building things to make the roads useful (like gas stations, diners and cars).

Personally I am looking forward to what the next few years will bring. It will be exciting to see how decision support tools, predictive analytics, artificial intelligence, personalized medicine applications and population health systems will leverage the data that is accumulating in EHRs. The next few years will be truly interesting for CIOs.