Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Being Honest About Your Reasons For Cybersecurity Decisions

Posted on August 16, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

This week, a team of McAfee researchers released a paper outlining a terrifying exploit. The paper describes, in great technical detail, how a malicious attacker could flip a cardiac rhythm display from 80 beats per minute to zero within less than five seconds.

This might not lead to severe harm or death, but it’s possible that other very negative outcomes could occur, notes Shaun Nordeck, MD, who’s quoted in the report. “Fictitious cardiac rhythms, even intermittent, could lead to extended hospitalization, additional testing, and side effects from medications prescribed to control heart rhythm and/or prevent clots,” he notes.

The paper does point out that if the bedside monitor is working normally, nurses have access to other accurate data, which could diminish the impact of such disruptions to some extent. However, the potential for adverse events is clearly higher than normal if someone scrambles a patient’s vitals.

Unfortunately, this is far from the only attack which wasn’t possible before connected devices became the norm. At various points, we’ve seen that pacemakers, insulin pumps and even MRIs can be hacked externally, particularly if their operating systems aren’t patched as required or haven’t put even basic security protections in place. (Think using “password” as a password.)

But while these vulnerabilities are largely known at this point, some healthcare organizations haven’t begun to tackle them. Solving these problems takes work, and costs money, The best-intentioned CIO might not get the budget to fix these problems if their CEO doesn’t see them as urgent.

Or let’s say the budget is available to begin the counterattack. Even if everyone agrees to tackle connected device vulnerabilities, where do we begin the counterattack? Which of these new connected health vulnerabilities are the most critical?  On the one hand, hacking individual pacemakers doesn’t seem profitable enough to attract many cybercriminals. On the other, if I were a crook I might see the threat of meddling with a hospitals’ worth of patient monitors to be a great source of ransom money.

And this brings us to some tough ethical questions. Should we evaluate these threats by how many patients would be affected, or how many of the sickest patients?  How do we calculate the clinical impact of vital signs hacking vs. generating inaccurate MRI results? To what extent should the administrative impact of these attacks be a factor in deciding how to defeat these challenges, if at all?

I know you’re going to tell me that this isn’t an all or nothing proposition, and that to some extent standard network intrusion detection techniques and tools will work. I’m not disputing this. However, I think we need to admit out loud that these kinds of attacks threaten individual lives in a way that traditional cyberattacks do not. For that reason, we need to get honest about who we need to protect — and why.

More Than 3 Million Patient Records Breached During Q2 2018

Posted on August 15, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A new study by data security vendor Protenus has concluded that more than 3 million patient records were breached during the second quarter of 2018, in a sharp swing upward from the previous quarter with no obvious explanation.

The Protenus Breach Barometer study, which drew on both reports to HHS and media disclosures, found that there were 143 data breach incidents between April and June 2018, affecting 3,143,642 million patient records. The number of affected records has almost tripled from Q1 of this year, when 1.13 million records were breached.

During this quarter, roughly 30% of privacy violations were by healthcare organizations that had previously reported a data breach. The report suggests that it is because they might not have identified existing threats or improved security training for employees either. (It could also be because cyberattackers smell blood in the water.)

Protenus concluded that among hospital teams, an investigator monitors around 4,000 EHR users, and that each was responsible for an average of 2.5 hospitals and 25 cases each. The average case took about 11 days to resolve, which sounds reasonable until you consider how much can happen while systems remain exposed.

With investigators being stretched so thin, not only external attackers but also internal threats become harder to manage. The research found that on average, 9.21 per 1,000 healthcare employees breached patient privacy during the second quarter of this year. This is up from 5.08 employee threats found during Q1 of this year, which the study attributes to better detection methods rather than an increase in events.

All told, Protenus said, insiders were responsible for 31% of the total number of reported breaches for this period. Among incidents where details were disclosed, 422,180 records were breached, or 13.4% of total breached patient records during Q2 2018. The top cause of data breaches was hacking, which accounted for 36.62% of disclosed incidents. A total of 16.2% of incidents involved loss or theft of data, with another 16.2% due to unknown causes.

In tackling insider events, the study sorted such incidents into two groups, “insider error” or “insider wrongdoing.” Its definition for insider error included incidents which had no malicious intent or could otherwise be qualified as human error, while it described the theft of information, snooping in patient files and other cases where employees knowingly violated the law as insider wrongdoing.

Protenus found 25 publicly-disclosed incidents of insider error between April and June 2018. The 14 of which for which details were disclosed affected 343,036 patient records.

Meanwhile, the researchers found 18 incidents involving insider wrongdoing, with 13 events for which data was disclosed. The number of patient records breached as a result of insider wrongdoing climbed substantially over the past two quarters, from 4,597 during Q1 to 70,562 during Q2 of 2018.

As in the first quarter, the largest category of insider-related breaches (71.4%) between April and June 2018 was healthcare employees taking a look at family members’ health records. Other insider wrongdoing incidents including phishing attacks, insider credential sharing, downloading records for sale and identity theft.

The Cost Savings Opportunities on the Business Side of Healthcare – #HITsm Chat Topic

Posted on August 14, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 8/17 at Noon ET (9 AM PT). This week’s chat will be hosted by Don Lee (@dflee30) and @CAQH on the topic of “The Cost Savings Opportunities on the Business Side of Healthcare“.

Progress on the Journey to Automate the Business of Healthcare

Next time you’re in the doctor’s office, take note of what the administrative staff is doing behind the reception desk.

For every patient, the staff needs to know if he or she has an active health insurance policy, if it will reimburse for the specific services the doctor provides and the deductibles or copays to determine the patient’s bill. After the patient leaves, the staff submits the claim and may continue to follow up to make sure it gets paid.

Complicating their job, not every patient has the same insurance plan, let alone the same insurance company. That makes it easy to imagine how the doctor’s office could become a chaotic logjam without some uniformity in how all these processes are accomplished from one health plan to another. But, all in all, this system works pretty well, doesn’t it?

This is because leaders on the business side of healthcare began collaborating more than 10 years ago to crack the code on interoperability. They hammered out rules of the road that, in combination with other efforts, have accelerated the use of automation and brought uniformity to routine processes — like figuring out if you owe a copay.

But the journey from slower and costlier manual processes – like phone, fax and mail – to interoperable, or automated, machine-to-machine processes is far from complete. We know this because our co-host, @CAQH, tracks the progress of this journey through the CAQH Index.

The most recent CAQH Index found that progress has not only slowed, but on some important measures the industry has actually lost ground and a savings opportunity of $11.1 billion remains. Since healthcare providers have historically been slower to implement and use automated processes than health plans, the vast majority of the savings is available to medical providers ($7.5 billion) and dentists ($2 billion).

The CAQH Index takes into account the cost of common business processes for each stakeholder and the number they conduct each year to determine the greatest savings opportunities for medical and dental health plans and providers. We’ll be talking about that in the #HITsm chat with co-host @dflee30, a Health IT expert who recently interviewed CAQH researchers about the report.

For a short time, there’s still time to participate in the 2018 CAQH Index study. Every data contribution helps to make the Index more complete. Email explorations@caqh.org for information on how your organization can help.

Download a complimentary copy of the 2017 CAQH Index or use the savings calculator to estimate your organization’s savings at www.caqhindex.org and check out Don’s recent podcast.

So, without further ado, here are the various topics and questions we’ll be discussing for this week’s #HITsm chat.

Topics for this week’s #HITsm Chat:
T1: #Healthcare administrative costs have been projected to reach $315 billion by this year. What are some of the sources of these excessive admin costs? #hitsm

T2: Why is it important to track progress related to admin costs? #hitsm

T3: What are some barriers the #healthcare industry faces in reducing admin costs? #hitsm

T4: What can the #healthcare industry do to overcome these barriers and achieve significant cost savings? #hitsm

T5: How is the emerging #valuebased payment model impacting #healthcare administration and operations? #hitsm

Bonus: What are other growing #healthcare administration and operations trends and how might they impact healthcare admin costs? #hitsm

Upcoming #HITsm Chat Schedule
8/24 – The Role of Technology in Chronic Disease Management
Hosted by Colton Ortolf (@ColtonOrtolf)

8/31 – TBD
Hosted by TBD

9/7 – TBD
Hosted by TBD

9/14 – TBD
Hosted by TBD

9/21 – Human Centered Design in Healthcare #PatientsMatter
Hosted by Jen Horonjeff (@jhoronjeff) from @Savvy_Coop

9/28 – How Does Interoperability Affect Technology Adoption in Healthcare?
Hosted by Niko Skievaski @niko_ski from @redox

10/5 – TBD
Hosted by TBD

We look forward to learning from the #HITsm community! As always, let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

Top 5 Ways to Create a Stellar Patient Experience

Posted on August 13, 2018 I Written By

The following is a guest blog post by Sarah Bennight, Marketing Strategist for Stericycle Communication Solutions, as part of the Communication Solutions Series of blog posts. Follow and engage with them on Twitter: @StericycleComms

Patient experience has always been something healthcare delivery organizations should strive to improve. However, in the past couple of years, patient experience has received a necessary focus as health consumers are presented with more choice, transparency, and data to navigate their healthcare journey. But with so many choices available, what can health providers do to drive loyalty?

I recently had to schedule a visit for my annual mammogram, a much dreaded experience for most women. I’m lucky to have many imaging options around me, making it easy to get in on a day that was convenient for me. However, the choice was very simple after the exemplary experience I received last year. One facility in particular made me into a loyal patient, and they did so in five key ways.

1. Convenience of access: Consumer-centric businesses like Amazon and Starbucks have made it so seamless and easy to get what you need from them when you need it, that it makes waiting in healthcare more painful than it used to be. Now, we expect to handle business transactions on our own terms and to receive immediate results. Even Amazon Prime’s two-day shipping wasn’t enough for us, and now we have Amazon Now. When it was time to schedule with the facility, it was simple to connect and get care when convenient for me. They offer online scheduling, which enabled me to browse open appointments and choose an option that fit my busy schedule. They have a phone number as well if you prefer to schedule that way, but I prefer doing most business transaction from my phone.

2. Patient-first in clinic experience: Everything at the facility was set up to make something no woman really wants to do, an enjoyable experience. I was greeted with a warm smile when I walked in and promptly taken back to the changing rooms. Their rooms are finely decorated with warm lighting and comfortable dressing rooms. I never sat idle for more than 10 minutes. They have even taken the extra step to provide lockers for your personal belongings with the names of famous amazing women so you can remember where your belongings are. I chose to be Eleanor Roosevelt one year, and Jane Austin this year.

3. Putting data in the patients’ hands: Both times I have been in for a screening, I receive my secure results within 24 to 48 hours and they send the results to both my OB/Gyn and my primary care provider. Armed with information contained in my profile, I can choose to have a more in depth conversation with my care providers regarding the risks and results, or I can keep them and compare year after year. Knowledge and education are the first two steps in patients having the ability to manage their health.

4. Proactive engagement in care: Patients can be very forgetful (especially when managing the care of four additional family members). If there is something I need to do in order to take better care of myself, it’s better to be proactive and ping me instead of assuming I’ve got it covered. This facility let me know several months in advance that it was time to reschedule. I knew the exact date I was eligible per my insurance, so it made it easy to take the best step to keep on top of my health.

5. Ease of doing business: No one wants to spend hours filling out paper forms. When looking for a repeat appointment for this year, I saw that there was a clinic closer to my office. I arrived a few minutes early to fill out the insurance forms since I scheduled online and there was no place for me to put the card information. When I walked in and gave my name at sign in, they had everything: my address, insurance, birthdate, records from the last visit at a different facility. This is imperative for healthcare organizations to prioritize as mergers and acquisitions mean multiple EHRs, billing systems, and contact centers. The experience and ease of doing business with your team before and after care will affect patient loyalty. Make it easier to do the small things, and watch your patient satisfaction increase.

The facility has gone to great lengths to ensure their patient experience is above par and their efforts have definitely paid off. And they will have my loyalty for it as long as they serve my area. Their mission states:

“Our promise is to provide an exceptional experience, exceptionally accurate results, and Peace of Mind to everyone we serve. Our purpose is to be the National Leader in Mammography and imaging services, helping patients achieve and maintain optimal health.”

What is your promise to your patients? Is your number one to provide an exceptional experience? Are you meeting the above five areas of the patient experience beyond the clinical face to face interaction? What are some additional ways you ensure the best experiences for everyone in your care?

The Communication Solutions Series of blog posts is sponsored by Stericycle Communication Solutions, a leading provider of high quality call center & telephone answering servicespatient access services and automated communication technology. Stericycle Communication Solutions combines a human touch with innovative technology to deliver best-in-class communication services.  Connect with Stericycle Communication Solutions on social media: @StericycleComms

Seema Verma Calls for the End of Fax in Healthcare – Here’s The Real Problem

Posted on August 10, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In case you missed it, CMS Administrator, Seema Verma challenged the audience at the Interop Forum hosted by ONC to “make every doctor’s office fax free by 2020.” Many in healthcare celebrated this challenge with statements like the following:

“It is inconceivable that providers still rely on technology that should have faded away at least 10 years ago.”

Statements like this make it seem like doctors and other healthcare leaders are luddites that are holding on to their fax machine out of some principal. They make it sound like healthcare professionals love their fax machines. Let me assure you that neither thing is the case. The reason faxes are so prominent in healthcare is a complex issue. However, the core problem is that there’s no better solution.

Everyone calls for the end of faxes in healthcare. The problem with this is that when you slam faxes, you’re slamming the most interoperable piece of healthcare. That’s sad, but true.

Faxes aren’t the problem. The lack of better solutions is the problem. So, instead of slamming fax machines, we should better understand the qualities that make faxes the interoperability choice of healthcare.

Here’s a look at why fax is so common in healthcare:
Faxes are HIPAA Compliant – The reality is that case law and other HHS comments have declared Faxes to be HIPAA compliant. That’s not to say that faxes are secure. We could talk over whether it’s secure or not and even edge cases where it’s still not HIPAA compliant. However, what’s clear to everyone in healthcare is that you can fax PHI and there’s no HIPAA violation. At least that’s the perception and how people treat it in action. This is a powerful idea that can’t be understated. Perceptions deeply influence people’s behaviors. Especially in risk-averse doctors’ offices.

Published Fax Numbers – Every practice has a fax machine and they all publish their fax number on their website. Thanks to Google, there’s basically an online directory where I can search any doctor and find their fax number.

Faxes Are Standard – Unlike so many other healthcare interoperability standards, every fax machine knows how to call and talk with another fax machine. There’s no need to ask what version or flavor of the fax standard you are using. There’s no need to ask where you’re storing certain information. Every fax uses the same standard and delivers the same result regardless of organization.

Every Practice Has a Fax Workflow In most cases, practices have their fax machines integrated directly into their EHR. Regardless, they all have some workflow that gets from the fax machine to the provider. Don’t underestimate the power of this workflow.

Faxes are Free – Ok, this has evolved a little over the years as healthcare organizations have moved to secure fax and fax servers which might charge a monthly fee. However, faxes are relatively cheap and have a known cost structure behind them. In many cases, it’s a cost that’s already been incurred. There’s no incremental cost to send more faxes.

That’s a pretty compelling feature set and I’m sure I’ve missed something. If healthcare provided a solution that offered all of these things, healthcare organizations would happily take this replacement. Plus, a replacement could and should do things that faxes don’t do like granular data.

However, direct messaging taught us a really important lesson about granular data which also highlights why fax machines are still so popular and direct messaging is not. Machines love granular data. That’s why machines are ok with a massive CCDA document that’s chock full of data. However, those CCDA documents are almost impossible for a human to read and cause doctors to say that CCDA is an abomination that doesn’t improve care. They’re right if you’re talking about a human reading a CCDA.

Humans need healthcare documentation designed for humans! Leave the XML health data files to machines.

When you understand this idea, it’s easy to see why doctors still love to receive faxed notes and hate CCDAs. Faxed notes are generally human-readable documents (EHR note bloat aside). CCDAs are not. The ideal solution is that we could have both. We just haven’t gotten there yet, but we could get there if we could overcome many of the other compelling fax features listed above.

What About Patients?
There’s a common problem we have when discussing technology in healthcare. Healthcare is so complex that we often confuse various uses of the same technology. The fax machine is a great example. All of the above analysis was how healthcare providers use a fax machine to communicate with other healthcare providers and other healthcare organizations. All of these entities have a fax machine and know how to use it. This is why the fax is a compelling option in healthcare. However, when you add the patient to the mix, it changes the equation.

Many of the people who want to ax the fax are talking about it from the perspective of a patient. That’s a totally different equation than the one described above. Many patients don’t have fax machines anymore and they’re unlikely to ever get one. It’s not unreasonable to say that healthcare should abolish trying to fax healthcare information to patients. A fax is rarely the best workflow for a patient. Healthcare providers should consider patient-friendly options.

When talking about faxing, we need to separate the discussion of patient interoperability and provider interoperability. They are very different beasts and not separating them confuses the discussion.

Conclusion
All in all, Seema Verma can call for the end of fax until she’s blue in the face. Until there’s an alternative that’s better than the fax, we’re not going to see faxes out of healthcare. It’s no inconceivable or even ridiculous that healthcare organizations continue to use the best workflow they can find for their organization. In many cases today that workflow is the fax. Once that equation changes, every healthcare provider I know will change. I’ve never met a single provider that’s nostalgic for faxes. They hate them as much as the next person but don’t see a better option.

Of course, as Ed Gaines pointed out on Twitter, Seema may want to start by taking a good look in the mirror. How about CMS stops using fax as the only option for some of the things they do? Once CMS abolishes faxes from their organization, that will give her a more powerful platform to call on the rest of healthcare to do the same. Unfortunately, I think Seema will quickly realize that there’s a reason that faxes are still so popular, there’s nothing better.

If Seema does away with faxes in healthcare, she’ll be doing away with the only form of nationwide healthcare interoperability that we have today. What’s going to replace it?

Regulatory Heat: Is Your BAA House in Order?

Posted on August 9, 2018 I Written By

The following is a guest blog post by Greg Waldstreicher, Founder and CEO of PHIflow.

Actions by the Office for Civil Rights (OCR) have clearly demonstrated stricter enforcement of HIPAA rules in recent years, specifically upping the ante on compliance with business associate agreements (BAAs). Much of this activity can be attributed to a grim outlook on security risks: globally, 70% of healthcare organizations have suffered a data breach, and a recent Ponemon Institute report found that the vast majority have experienced multiple security incidents involving protected health information (PHI).

BAAs play an important role in security as the framework by which an organization ensures that any vendor creating, receiving, maintaining or transmitting PHI complies with HIPAA. In recent years, these contracts have come under increased scrutiny amid high-level audits launched by OCR. Mismanagement of BAAs have thus far resulted in penalties ranging from $31,000 for simply not having a BAA in place to upwards of $5.5 million for more serious offenses.

While the stakes are high, healthcare organizations often lack effective oversight strategies for these important patient protection tools. In fact, it’s not uncommon for even the most basic information to elude the executive suite such as:

  • the number of BAAs that exist across an enterprise
  • where BAAs are located
  • the terms of each BAA

In an industry that has witnessed a significant uptick in security incidents and breaches in recent years, this current state of affairs is less than optimal. In truth, the reach of recent audit activity is still an unknown as the healthcare industry awaits full disclosure and recommendations from OCR. One of the latest OCR settlements —$3.5 million levied against Fresenuis Medical Care North America—resulted from multiple incidents that occurred in 2012, underscoring the lengthy timeframe associated with finalizing investigations and legal processes.

All told, current trends point to the need for better oversight and management of BAAs. While penalty activity subsided some in recent months as OCR went through internal transitions, industry legal experts expect that investigative momentum will continue to increase in proportion to heightened security risks across the healthcare landscape.

Unfortunately, healthcare organizations face notable roadblocks to getting their BAA house in order. Amid competing priorities, many simply lack the resources for tracking these agreements. Health systems are increasingly multi-faceted, and current trends associated with mergers, acquisitions and consolidations only exacerbate the challenge. The reality is that some large organizations have as many as 10,000 BAAs across the enterprise. Because these agreements are typically spread across multiple departments and facilities and have a multitude of different owners, managing them in a strategic way via manual processes is nearly impossible.

In tandem with the internal resource challenge, the language contained in BAAs has become significantly more complicated due to not only a fluid and evolving regulatory environment, but also the vital role they play in an overall security strategy. While a simple, cookie-cutter approach to these agreements was fitting a decade ago, BAAs are now intensely negotiated between covered entities and business associates and between business associates and sub-business associates, often involving HIPAA attorneys and resulting in requirements that go beyond HIPAA and HITECH. Subsequently, the terms of each BAA across an organization may vary, making efficient and effective management extremely difficult.

The good news is that there is a relatively simple solution—automated management of BAAs. The right technological framework can lay the foundation for timely access to all contracts across an enterprise, improving compliance and ensuring readiness for audits or breach response. Once consolidated, artificial intelligence can then be applied to BAAs to draw actionable insights in near real-time, informing key personnel of the key terms across all agreements.

The healthcare industry at large has drawn heavily on the promise of automation and data analytics in recent years to power more efficient and effective processes. Management of BAAs is no different and is an area ripe for improvement. Today’s healthcare executives need to consider the high stakes associated with ineffective management of BAAs and take action to shore up strategies amid greater security risks and a challenging regulatory environment.

About Greg Waldstreicher
Greg Waldstreicher is the founder and CEO of PHIflow, and the cofounder and former CEO of DoseSpot, where he worked at the forefront of the electronic prescribing (e-Prescribing) market for nine years. Under Greg’s leadership, DoseSpot licensed its SaaS e-Prescribing solutions to 175 healthcare software companies across the medical, dental, hospice and digital health markets. Greg received a B.S. from the University of Maryland College Park in Accounting and an M.S. from Northeastern University in Technological Entrepreneurship.

Lumeon Offers a Step Toward Usable Device Data in Health Care

Posted on August 8, 2018 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The health care field floats on oceans of patient data, but like the real oceans on our planet, patient data is polluted. Trying to ground evidence-based medicine on billing data is an exercise in frustration. Clinical data is hard to get access to, and has its own limitations. For instance, it is collected only when a patient visits the clinic or hospital. The FDA recently put 100 million dollars in its budget to get patient data from electronic health records (which the commissioner called “real-world experience”).

One of the paths toward better data for research and treatment lies in the data from medical devices: it’s plentiful, detailed, and accurate. But device data has mountains to climb before researchers and clinicians can use it: getting this data in the first place, normalizing and standardizing it, and integrating it with the systems used for analysis and treatment. That’s what excites me about a recent new direction taken by Lumeon, a platform for workflow management and treatment coordination in health care.

I covered Lumeon’s platform a few months ago. The company already lays out an enticing display of tools for clinicians, along with EHR integration. What’s new is the addition of medical devices, an enhancement that required nine months of working with medical device manufacturers. Recently I had another chance to talk to Rick Halton, Vice President of Marketing and Product for Lumeon.

Along with the measurements provided by devices, Lumeon has tools for patient engagement and the measurement of outcomes. These outcomes go beyond simple quantitative scores such as limb rotation. Lumeon creates for each patient a patient-specific functional score (PSFS). For one patient, it may be whether he can play outside with his kids. For another, it’s whether she can they go back to work, and for another, how far she can walk.

Lumeon asks, how can a device be used in a patient journey? It uses the routine information to help provide consistent care throughout this journey pathway, and measures outcomes throughout to generate feedback that promotes better long-term outcomes.

Device data is currently stored in a Lumeon platform that may be on the clinician’s site or in the cloud. Using an API, Lumeon’s output can be embedded within an EHR (they currently do this with Epic) so that the output can be displayed as part of the EHR display, and the clinician doesn’t even have to know that the results are being generated outside the EHR. In the future, the data may be integrated directly into the EHR. However, Lumeon’s direct customers are the providers, not the EHR vendors.

Data from devices was popular among providers at first for discharge planning and other narrow applications. Lumeon’s device integration is now getting more attention from providers who are experiencing a squeeze on reimbursements, a growing alertness among payers for outcomes, and a slow move in the industry toward fee-for-value. One leading device manufacturer is already using Lumeon for better treatment of cardiovascular care, bariatric surgery, and diabetes. Other applications include chronic disease, perioperative care (readiness for the OR and enhanced recovery), the digital patient experience on the web or in an app, and the patient centered medical home.

If Lumeon can turn device data into better treatment, other clinical institutions and health care platforms should be able to do so as well. It’s time for health care to enter the 21st century and use the Internet of Things (or Internet of Healthy Things, as termed by Dr. Joseph Kvedar) for the benefit of patients.

What Does It Take to Be a Successful Healthcare Entrepreneur? – #HITsm Chat Topic

Posted on August 7, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 8/10 at Noon ET (9 AM PT). This week’s chat will be hosted by Michael Dermer (@michaelgdermer) and Victoria Sherman (@VictoriaShrman) on the topic of “What Does It Take to Be a Successful Healthcare Entrepreneur?“.

Michael Dermer is an entrepreneur, speaker, lawyer and founder/author of The Lonely Entrepreneur. Michael is considered the founder of not only a company, but an industry – rewarding individuals for healthy behavior. Michael left a promising law career to start IncentOne, the first company to provide rewards for healthy behavior. At the time, rewards in healthcare were not only non-existent – they were offensive. He was told over and over “we will never reward people for things they should be doing to be healthy.”

After bootstrapping for a decade, his company received a large private equity investment on October 15, 2008. They had arrived. It should have been a time for celebration. Then the financial crisis hit. Ten years were gone in ten days. Bankrupt customers. Investment gone. Credit dead. Family dollars at risk. Angry investors. Family relationships on the brink. It would take two years of working 24 hours a day to save what took ten years to build. The perfect storm.

It was doomed. Or was it? Today, health rewards are everywhere, he sold IncentOne to industry innovator Welltok and his company is credited with creating the health rewards industry. What resulted was not only a business success, but the discovery of unique intelligence on how to thrive under the pressure, chaos and burden of being the entrepreneur. The Lonely Entrepreneur was born. It is now their mission is to unlock the potential of entrepreneurs worldwide by turning the passion and pressure we all feel into success.

So, without further ado, here are the various topics and questions we’ll be discussing for this week’s #HITsm chat.

Topics for this week’s #HITsm Chat:
T1: In today’s hypercompetitive world passion & grit aren’t enough, we must develop the skills and mindset to be a better entrepreneur each day. From managing the chaos to generating revenue to standing out from the crowd. What does it mean to be a successful entrepreneur? #HITsm

T2: Great products & services should be enough, you have to be adept at creating ‘leverage’ to make healthcare customers move quickly. Leverage is an important skill for winning business in healthcare. What are some of the ways to leverage winning in business? #HITsm

T3: You have to use your entrepreneurial creativity to find a niche, a ‘playground’ where you are the only one playing. How do you beat your competition by finding playgrounds where no one else is playing? #HITsm

T4: Health plans, health systems, pharma companies, employers are all very different animals. But chasing every customer means you’re bouncing all over without understanding your market. What are some of the unique value propositions for EACH of these healthcare entities? #HITsm

T5: The healthcare industry is full of well-entrenched, well-funded competitors. And buyers have little mindshare for the difference between products so you need to position your company in order to have success. Why is positioning more important than product and what are some ways to position your product/service? #HITsm

Bonus: If your company is struggling or not progressing as quickly as you would like, what are some of the things you can do to turn in around (i.e. pivot?) #HITsm

Upcoming #HITsm Chat Schedule
8/17 – The Cost Savings Opportunities on the Business Side of Healthcare
Hosted by Don Lee (@dflee30) and @CAQH

8/24 – The Role of Technology in Chronic Disease Management
Hosted by Colton Ortolf (@ColtonOrtolf)

We look forward to learning from the #HITsm community! As always, let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

HIPAA Security Infographic

Posted on August 6, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

There are a lot of nuances to HIPAA. Hopefully, you’ve addressed them as part of your security risk analysis and any mitigation work that’s required as part of that analysis. Unfortunately, even an organization that does a solid HIPAA security risk analysis often doesn’t communicate what was done in that analysis to the rest of the organization.

With this in mind, I found this HIPAA security infographic by eFax to be valuable for those that aren’t deep in the nuances of HIPAA, but that want a quick overview of some common HIPAA issues that they should know about.

Healthcare Security Humor – Fun Friday

Posted on August 3, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

After Mike Semel’s recent post on embarrassment, career suicide, or jail, it may seem a bit ironic to offer some healthcare security humor. That’s exactly why we think it’s good to share some healthcare security humor. We love irony and we often have to remember that what we do is extremely serious, but we shouldn’t take ourselves too seriously. Plus, humor can often get a point across in a way that is extremely memorable. That’s how I felt when I saw the healthcare security cartoon below:

This cartoon reminds me of the hospital CIO who told me “I’m most concerned with the 21,000 security vulnerabilities that existed in my organization. I’m talking about the 21,000 employees.” This is a real problem and one that many people don’t take serious enough in healthcare. It’s not something you can just put as a line item on a budget. It takes shaping the culture of your organization and that’s hard, but essential.