Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

GDPR and Why U.S. Healthcare Providers Should Care

Posted on April 19, 2018 I Written By

The following is a guest blog post by Steven Marco, CISA, ITIL, HP SA and President of HIPAA One®.

Steven Marco - HIPAA expertThe European Union (EU) has drafted guidance to give citizens more control over their personal data, so what does this mean for U.S. based healthcare providers?

On May 25, 2018, the EU will roll out General Data Protection Regulation (GDPR), a new set of rules that is similar in nature to HIPAA compliance for EU countries. The effort to create GDPR started years ago in January 2012, when the European Commission began working on plans to create data protection reform across the EU so that European countries would have greater controls in place to manage information in the digital age. Additionally, GDPR aims to simplify the regulatory environment for businesses so both European citizens and businesses can benefit from a digital economy.

Being that GDPR has not yet taken effect, there are aspects to this new framework that are difficult to fully understand and define at this time yet we do know that U.S. companies DO NOT need to have business operations in one of the 28-member states of the EU to be impacted by GDPR. The new set of rules will require organizations around the world that hold data belonging to individuals who live in the EU to a high level of protection and must be able to account for where every bit of data is stored.

The good news is a large majority of U.S. based healthcare providers will be relatively safe in terms of complying with GDPR. If your organization is not actively marketing your services in the EU or practicing in the EU, a data breach where an EU citizen’s PHI is compromised would most likely be your most realistic brush with GDPR.

For instance, a walk-clinic in New York City seeing many international tourists has a much higher chance of being impacted than say a rural clinic treating mostly local residents. Providers in larger cities with more diverse patient groups will need to be extra vigilant regarding their breach notification standards and security posture.

Want to learn more about how your healthcare organization can prepare for GDPR? Read this HIPAA One blog post to learn how your practice can prepare now for a more international data sharing climate.

About Steven Marco
Steven Marco is the President of HIPAA One®, leading provider of HIPAA Risk Assessment software for practices of all sizes.  HIPAA One is a proud sponsor of EMR and HIPAA and the effort to make HIPAA compliance more accessible for all practices.  Are you HIPAA Compliant?  Take HIPAA One’s 5 minute HIPAA security and compliance quiz to see if your organization is risk or learn more at HIPAAOne.com.

London Doctors Stage Protest Over Rollout Of App

Posted on April 18, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

We all know that doctors don’t take kindly to being forced to use health IT tools. Apparently, that’s particularly the case in London, where a group of general practitioners recently held a protest to highlight their problems with a telemedicine app rolled out by the National Health Service.

The doctors behind the protest are unhappy with the way the NHS structured its rollout of the smartphone app GP at Hand, which they say has created extra work and confusion among the patients.

The service, which is run by UK-based technology company Babylon Health, launched in November of last year. Using the app, patients can either have a telemedicine visit or schedule an in-person appointment with a GP’s office. Telemedicine services are available 24/7, and patients can be seen in minutes in some cases.

GP at Hand seems to be popular with British consumers. Since its launch, over 26,000 patients have registered for the service, according to the NHS.

However, to participate in the service, patients are automatically de-registered from their existing GP office when they register for GP at Hand. Many patients don’t seem to have known this. According to the doctors at the protest, they’ve been getting calls from angry former patients demanding that they be re-registered with their existing doctor’s office.

The doctors also suggest that the service gets to cherry-pick healthier, more profitable patients, which weighs down their practice. “They don’t want patients with complex mental health problems, drug problems, dementia, a learning disability or other challenging conditions,” said protest organizer Dr. Jackie Applebee. “We think that’s because these patients are expensive.” (Presumably, Babylon is paid out of a separate NHS fund than the GPs.)

Is there lessons here for US-based healthcare providers? Perhaps so.

Of course, the National Health Service model is substantially different from the way care is delivered in this country, so the administrative challenges involved in rolling out a similar service could be much different. But this news does offer some lessons to consider nonetheless.

For one thing, it reminds us that even in a system much different than ours, financing and organizing telemedicine services can be fraught with conflict. Reimbursement would be an even bigger issue than it seems to have been in the UK.

Also, it’s also of note that the NHS and Babylon Health faced a storm of patient complaints about the way the service was set up. It’s entirely possible that any US-based efforts would generate their own string of unintended consequences, the magnitude which would be multiplied by the fact that there’s no national entity coordinating such a rollout.

Of course, individual health systems are figuring out how to offer telemedicine and blend it with access to in-person care. But it’s telling that insurers with a national presence such as CIGNA or Humana aren’t plunging into telemedicine with both feet. At least none of them have seen substantial success in their efforts. Bottom line, offering telehealth is much harder than it looks.

The Power of Story – #HITsm Chat Topic

Posted on April 17, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 4/20 at Noon ET (9 AM PT). This week’s chat will be hosted by @DesignInHealth (led by Kijana-Knight Torres), Burt Rosen (@burtrosen), and the #WTFix team on the topic of “The Power of Story”.

We are within one month of What’s the Fix? happening on May 17, 2018. What’s the Fix? (#WTFix) is a movement and an event that Healthsparq started in 2017 to help the industry learn from people. Most health care conferences focus on industry insiders talking to each other. What’s the Fix? highlights real people with real stories of overcoming health care challenges and driving change to the system as a result. The conference is about being human, being empathetic, and using story telling as a way to drive change in an industry that really needs help.

For the 2018 event, we’re excited to be accredited by Patients Included and to welcome new partners the Design Institute for Health at Dell Medical School. You can join the conference virtually for free, and new this year, we’ll also offer workshops on May 16th. If you LOVE the topic of story and want to learn more… One of the workshops is led by Kijana-Knight Torres of the Design Institute for Health is: “Lead with the Story: How to capture hearts, change minds, and inspire action.”

So let’s talk about the power of story.

There are numerous ways to convince people of our ideas. Stories have the power to open hearts and minds. Stories move people to action. Stories can help us breathe our intention into others so that they see what we see and feel what we feel. Stories can move people from “I know” to “I understand”.

Everyone has a story – yes even you! Your experience is the key to creating movement and change. Crafting compelling stories can enable people to escape their comfort zones and share a new perspective.

Let’s talk about what makes good stories tick and how stories help make meaningful connections with others, and how stories have the power to transform healthcare – and health.

A few of our favorite references on storytelling:

Please join us for this week’s #HITsm chat as we discuss the following:

T1: What makes a story compelling for you? #HITsm

T2: Has a story ever changed your mind or your perspective – or your health? #HITsm

T3: What’s the most effective way to share really personal stories on social media? #HITsm

T4: What fears arise when telling your story? #HITsm

T5: How can patients share their stories in a way that providers listen? What role does HIPAA play in patient storytelling? #HITsm

Bonus: You have the ear of people who can make change, what experience would you most like to transform through the power of story? Do you have one of these stories to share? #HITsm

Upcoming #HITsm Chat Schedule
4/27 – TBD
Hosted by Erica Johansen (@thegr8chalupa)

5/4 – TBD
Hosted by TBD

5/11 – TBD
Hosted by TBD

5/18 – TBD
Hosted by Justin Campbell (@tjustincampbell) from @GalenHealthcare

We look forward to learning from the #HITsm community! As always, let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

Why Physician Practices Need a MIPS Expert on Staff

Posted on April 16, 2018 I Written By

The following is a guest blog post by Marina Verdara, Sr. Training Specialist for CMS Incentive Programs, Kareo.

Healthcare providers go to school to learn how to care for patients, and that’s what they do best. However, billing processes, performance-based payment adjustments, and payment incentives are typically not included in this education. Being responsible for today’s regulatory complexities and workload may not have been what providers envisioned for their career. And it’s taking a toll. Nearly half of physician practices spend more than $40,000 per full-time physician per year on complying with Medicare payment and incentive programs, according to an MGMA survey. These costs factor in loss of physician productivity and staff training needs, along with IT expenses.

Independent practices must find a way to streamline the CMS incentive program reporting process. One important way to do this is by designating a “MIPS expert” among your staff. This could be your lead clinician or another manager who has oversight of patient encounter documentation.  While 2017 reporting is done, now is the time to specify the MIPS expert so they can ensure compliance throughout all of 2018.  Don’t wait until 2018 is done to specify your MIPS expert.

MIPS Recap

In 2015, The Department of Health and Human Services (HHS) announced new goals for value-based payments in Medicare that changed your practice’s payment structure. The Medicare Access and CHIP Reauthorization Act (MACRA) and the Merit-based Incentive Payment System (MIPS) introduced a system where providers receive payment based on the value and quality of services provided, not the volume. These changes repealed the Sustainable Growth Rate Formula, streamlined multiple quality reporting programs into MIPS, and provided incentive payments for participation in Advanced Alternative Payment Models (APMs).

HHS made these changes as the first steps to creating a Medicare for healthier people. Their goals are to create a Medicare system that will be here for generations to come while also providing open, flexible, and user-centered health information.

Navigating The System

This sounds like a great plan, right? But, how do you keep up with the frequent MIPS changes and alerts while maintaining a successful private practice?

You need a MIPS expert.

You wouldn’t leave your busy practice in the hands of a mechanic, and you shouldn’t leave your billing and incentive payments in the hands of someone who doesn’t understand MACRA and MIPS. You need an internal staff member who is your MIPS champion. This is the person who can partner with your EHR vendor to ensure that the eligible providers in your practice earn the highest incentive available, as well as avoid any negative penalties. In my role of training practices on implementing a streamlined CMS reporting system, I can tell you that practices with a designated MIPS expert are much more successful and efficient in their MIPS reporting process—and these are the practices that are earning the highest possible score.

Invest in the education and training of your internal MIPS expert so you can be confident that your practice is among the highest earners.

3 Reasons You Need a MIPS Expert at Your Practice

1. A MIPS expert will help maximize your payments. MIPS is all about streamlining your practice to become more efficient in how you diagnose and improve patient outcomes. When you do this well and report your data, you increase your chances of earning a positive payment adjustment.  

Participating in MIPS earns you a payment adjustment according to evidence-based and practice-specific quality data. The better the quality of your data, the better your chances of earning a positive payment adjustment.  

Your MIPS expert will understand the details of the MIPS program. They should be familiar with the activities and measures that are most meaningful to your practice. Your MIPS expert can help your eligible clinicians select measures that best apply to the specialty to prove their performance and maximize their payments.

2. A MIPS expert will be your education partner. This staff member should stay educated and informed of the latest regulatory details. Here at Kareo, we notify eligible clinicians and the designated MIPS expert of ongoing education opportunities. These are offered on a set schedule and as needed with new changes to MACRA and MIPS.

3. A MIPS expert will mobilize your practice staff and clinicians. To successfully meet MIPS requirements, the entire practice needs to be engaged. The MIPS expert can partner up with your EHR vendor to ensure that eligible clinicians in your practice understand the MIPS requirements and know how to navigate through the system. In this process, your practice can identify areas where any given workflow should be modified to earn the highest possible score and receive maximum payment for the great care they deliver.

Resources for Your MIPS Expert

As we mentioned above, MIPS experts at independent practices must stay up to date on all MIPS alerts and resources available to you through the Quality Payment Program. They should take time to educate themselves, understand changes, and read all alerts provided by Medicare or by their EHR vendors.

Your MIPS expert should be able to find an education partner using one or both of these paths:   

  1. Your Regional Extension Center: Contact them to ask questions and get connected with a MIPS education partner.
  2. Your Electronic Health Record company: As an example, Kareo has MIPS training specialists who can partner with your MIPS expert to help maximize payments, stay up to date on the latest changes, and provide support. We have training sessions and ideas for implementation of new workflow processes.  

Don’t be intimidated by the complexity of MIPS. Take time to designate a MIPS expert on your staff and get them connected to their education partner today.

About Marina Verdara
Marina is a Sr. Training Specialist guiding Kareo customers to higher levels of success with their CMS Incentive Program reporting, including MIPS and Meaningful Use. Marina has over seven years of experience working directly with several hundred small practice clinicians on a variety of projects specializing on CMS Incentive programs such as Meaningful Use, PQRS, and MACRA. Kareo is a proud sponsor of Healthcare Scene.

Thoughts on Privacy in Health Care in the Wake of Facebook Scrutiny

Posted on April 13, 2018 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

A lot of health IT experts are taking a fresh look at the field’s (abysmal) record in protecting patient data, following the shocking Cambridge Analytica revelations that cast a new and disturbing light on privacy practices in the computer field. Both Facebook and others in the computer field who would love to emulate its financial success are trying to look at general lessons that go beyond the oddities of the Cambridge Analytica mess. (Among other things, the mess involved a loose Facebook sharing policy that was tightened up a couple years ago, and a purported “academic researcher” who apparently violated Facebook’s terms of service.)

I will devote this article to four lessons from the Facebook scandal that apply especially to health care data–or more correctly, four ways in which Cambridge Analytica reinforces principles that privacy advocates have known for years. Everybody recognizes that the risks modern data sharing practices pose to public life are hard, even intractable, and I will have to content myself with helping to define the issues, not present solutions. The lessons are:

  • There is no such thing as health data.

  • Consent is a meaningless concept.

  • The risks of disclosure go beyond individuals to affect the whole population.

  • Discrimination doesn’t have to be explicit or conscious.

The article will now lay out each concept, how the Facebook events reinforce it, and what it means for health care.

There is no such thing as health data

To be more precise, I should say that there is no hard-and-fast distinction between health data, financial data, voting data, consumer data, or any other category you choose to define. Health care providers are enjoined by HIPAA and other laws to fiercely protect information about diagnoses, medications, and other aspects of their patients’ lives. But a Facebook posting or a receipt from the supermarket can disclose that a person has a certain condition. The compute-intensive analytics that data brokers, marketers, and insurers apply with ever-growing sophistication are aimed at revealing these things. If the greatest impact on your life is that a pop-up ad for some product appears on your browser, count yourself lucky. You don’t know what else someone is doing with the information.

I feel a bit of sympathy for Facebook’s management, because few people anticipated that routine postings could identify ripe targets for fake news and inflammatory political messaging (except for the brilliant operatives who did that messaging). On the other hand, neither Facebook nor the US government acted fast enough to shut down the behavior and tell the public about it, once it was discovered.

HIPAA itself is notoriously limited. If someone can escape being classified as a health care provider or a provider’s business associate, they can collect data with abandon and do whatever they like (except in places such as the European Union, where laws hopefully require them to use the data for the purpose they cited while collecting it). App developers consciously strive to define their products in such a way that they sidestep the dreaded HIPAA coverage. (I won’t even go into the weaknesses of HIPAA and subsequent laws, which fail to take modern data analysis into account.)

Consent is a meaningless concept

Even the European Union’s new regulations (the much-publicized General Data Protection Regulation or GDPR) allows data collection to proceed after user consent. Of course, data must be collected for many purposes, such as payment and shipping at retail web sites. And the GDPR–following a long-established principle of consumer rights–requires further consent if the site collecting the data wants to use it beyond its original purpose. But it’s hard to imagine what use data will be put to, especially a couple years in the future.

Privacy advocates have known from the beginning of the ubiquitous “terms of service” that few people read before the press the Accept button. And this is a rational ignorance. Even if you read the tiresome and legalistic terms of service (I always do), you are unlikely to understand their implications. So the problem lies deeper than tedious verbiage: even the most sophisticated user cannot predict what’s going to happen to the data she consented to share.

The health care field has advanced farther than most by installing legal and regulatory barriers to sharing. We could do even better by storing all health data in a Personal Health Record (PHR) for each individual instead of at the various doctors, pharmacies, and other institutions where it can be used for dubious purposes. But all use requires consent, and consent is always on shaky grounds. There is also a risk (although I think it is exaggerated) that patients can be re-identified from de-identified data. But both data sharing and the uses of data must be more strictly regulated.

The risks of disclosure go beyond individuals to affect the whole population

The illusion that an individual can offer informed consent is matched by an even more dangerous illusion that the harm caused by a breach is limited to the individual affected, or even to his family. In fact, data collected legally and pervasively is used daily to make decisions about demographic groups, as I explained back in 1998. Democracy itself took a bullet when Russian political agents used data to influence the British EU referendum and the US presidential election.

Thus, privacy is not the concern of individuals making supposedly rational decisions about how much to protect their own data. It is a social issue, requiring a coordinated regulatory response.

Discrimination doesn’t have to be explicit or conscious

We have seen that data can be used to draw virtual red lines around entire groups of people. Data analytics, unless strictly monitored, reproduce society’s prejudices in software. This has a particular meaning in health care.

Discrimination against many demographic groups (African-Americans, immigrants, LGBTQ people) has been repeatedly documented. Very few doctors would consciously aver that they wish people harm in these groups, or even that they dismiss their concerns. Yet it happens over and over. The same unconscious or systemic discrimination will affect analytics and the application of its findings in health care.

A final dilemma

Much has been made of Facebook’s policy of collecting data about “friends of friends,” which draws a wide circle around the person giving consent and infringes on the privacy of people who never consented. Facebook did end the practice that allowed Global Science Research to collect data on an estimated 87 million people. But the dilemma behind the “friends of friends” policy is how inextricably it embodies the premise behind social media.

Lots of people like to condemn today’s web sites (not just social media, but news sites and many others–even health sites) for collecting data for marketing purposes. But as I understand it, the “friends of friends” phenomenon lies deeper. Finding connections and building weak networks out of extended relationships is the underpinning of social networking. It’s not just how networks such as Facebook can display to you the names of people they think you should connect with. It underlies everything about bringing you in contact with information about people you care about, or might care about. Take away “friends of friends” and you take away social networking, which has been the most powerful force for connecting people around mutual interests the world has ever developed.

The health care field is currently struggling with a similar demonic trade-off. We desperately hope to cut costs and tame chronic illness through data collection. The more data we scoop up and the more zealously we subject it to analysis, the more we can draw useful conclusions that create better care. But bad actors can use the same techniques to deny insurance, withhold needed care, or exploit trusting patients and sell them bogus treatments. The ethics of data analysis and data sharing in health care require an open, and open-eyed, debate before we go further.

Why I Didn’t Choose Your Healthcare Organization

Posted on April 12, 2018 I Written By

The following is a guest blog post by Chelsea Kimbrough from Stericycle Communication Solutions, as part of the Communication Solutions Series of blog posts. Follow and engage with them on Twitter: @StericycleComms

Chelsea Kimbrough

I recently had a bad healthcare experience. I received functional care, but I wasn’t cared for. As in, I’m fairly certain my doctor didn’t know my name when she walked into the room or when she left it. To her, I was another patient in a crowded schedule. To me, it was a rushed, impersonal experience that left me with absolutely no desire to trust my wellbeing in her hands.

As someone who is familiar with the healthcare space, I’m the first to admit that finding a new provider is hard work – and finding one that meets each of your communication expectations is even harder. But after that appointment, I was more than up for the challenge.

It’s important to note that I’m a proud millennial who is accustomed to the service and support provided in other industries. When I wanted to make a dinner reservation last night, I did it via a mobile app. When I needed a great blazer to wear to a conference, I requested one in my clothes subscription box. I am an all-access-at-all-hours type of person. So when it came time to schedule an appointment, I turned to the place where I, the consumer, felt I had the most power: the internet.

But first, I needed to find a new doctor. I leveraged a process that went something like this:

  1. I opened multiple review-focused sites.
  2. I searched for what I needed (i.e. ‘family practitioner within 10 miles of my zip code’).
  3. I filtered results to ensure my search only displayed doctors with the rating and characteristics I prefer.
  4. I began the tedious process of cross referencing their profiles on different sites.
  5. When I thought I found a keeper, I scoured their organization’s website for more information.
  6. And then, I dug into any information I could find online to learn more about the doctor.

This process eliminated doctors who had poor reviews, who lacked information available online, and who had questionable posts on social media. (Seriously, everything is available online these days – and digitally-savvy patients like me will find it.)

In the end, I narrowed my search to a handful of local, highly-rated doctors and organizations. But what I was searching for wasn’t just someone with a great online rating and an office close to my front door, I was looking for someone who:

  • Communicates information quickly via text message
  • Calls patients to communicate more important messages
  • Offers online scheduling that doesn’t require a formal login
  • Keeps average wait times down
  • Creates genuine connections with their patients

In short, I wanted to find an organization that provides exceptional in-person care, prompt telephone support, and convenient technology-based tools. Anyone who seemed lacking was unceremoniously crossed off my ‘potential new doctor’ list.  And I’m not the only one who goes to these lengths: in today’s digitally-empowered world, there are more healthcare consumers than ever flexing their online search superpowers before entrusting their care to any healthcare professional.

Unfortunately, the process isn’t perfect. Bad experiences happen, and when they do, patients like me may choose to look elsewhere for care. On the other hand, when we find a healthcare organization that does provide all of the above, we receive a more seamless, enjoyable experience. And when met with a better experience, we are less likely to choose a different provider, facility, or organization to provide future care.

Want to learn more about consumer-minded patients’ healthcare journeys? Check out our patient journey infographic here!

The Communication Solutions Series of blog posts is sponsored by Stericycle Communication Solutions, a leading provider of high quality telephone answering, appointment scheduling, and automated communication services. Stericycle Communication Solutions combines a human touch with innovative technology to deliver best-in-class communication services. Connect with Stericycle Communication Solutions on social media: @StericycleComms

How to Evolve Healthcare Conferences in the 21st Century – #HITsm Chat Topic

Posted on April 11, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 4/13 at Noon ET (9 AM PT). This week’s chat will be hosted by Steve Sisko (@shimcode) on the topic of “How to Evolve Healthcare Conferences in the 21st Century”.

The general purpose of a conference is to bring people together in one place where they can discover and share information, insight and ideas on a specific theme. And then, hopefully, leave the event with energy and focus. Our brains can only take in a limited number of stimuli at any given time. With 1000’s and even 10’s of 1000’s of attendees – and 100’s or as many as 1,000 exhibitors at some events – today’s conference attendee can easily end up leaving a conference exhausted and overwhelmed.

But what really makes a good conference? Is it the content itself? The people who present the content? The location and venue of the conference? The atmosphere of the conference? The social events and opportunities for networking? Or something else?

Like with everything in life, different individuals have different needs and wants. And with advancements in presentation, collaboration and communication technologies, there are new options for enhancing and extending the conference experience. With an ever-increasing number of conferences, forums and events throughout the year, conference organizers MUST evolve if they want their events to remain relevant.

The purpose of this tweetchat is to share information and personal experience as to what constitutes a ‘good conference’ and offer ideas for addressing and improving the various elements that make up a conference.

A Little Reference Material

  1. Top Event Tech Trends for 2018: http://www.tsnn.com/blog/top-event-tech-trends-2018
  2. How Technologies Shape the Future of Medical Conferences: http://medicalfuturist.com/how-technologies-shape-the-future-of-medical-conferences/
  3. How to Plan and Run A Great Conference Experience: https://www.smashingmagazine.com/2014/08/plan-and-run-a-great-conference
  4. 7 Secrets of Awe-Inspiring Events: https://www.studionorth.com/wp-content/uploads/2017/10/7-Secrets-of-Awe-Inspiring-Events.pdf

Note: For the purpose of this chat, “content” means any and all materials created, curated or otherwise originating from the organizers of a conference and the vendor exhibitors, speakers, panelists and others involved with a conference event.

Please join us for this week’s #HITsm chat as we discuss the following:

T1: What can conference organizers do to provide tangible value to conference registrants – and those considering registering for the conference – BEFORE the event starts? #HITsm

T2: What are some of the most interesting and useful ways you’ve seen conference speakers and panelists share information to, or interact with, conference attendees? #HITsm

T3: What technology-based approaches can conference organizers and exhibitors use to create new or enhance existing opportunities for content identification, acquisition, and dissemination? #HITsm

T4: How can those physically attending a conference and those ‘following along remotely’ originate, share and/or discuss conference-related content? #HITsm

T5: What can conference organizers and exhibitors do to provide additional value to conference attendees and others AFTER the conference is over? #HITsm

Bonus: What are some of worst examples of a conference organizer ‘dropping the ball’ that you’ve ever experienced or heard about? #HITsm

Upcoming #HITsm Chat Schedule
4/20 – The Power of Story
Hosted by @DesignInHealth (led by Kijana-Knight Torres), Burt Rosen (@burtrosen), and the #WTFix team

4/27 – TBD
Hosted by Erica Johansen (@thegr8chalupa)

We look forward to learning from the #HITsm community! As always, let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

Should Apps with Personal Health Information Be Subject to HIPAA?

Posted on April 10, 2018 I Written By

The following is a guest blog post by Erin Gilmer (@GilmerHealthLaw).

With news of Grindr’s sharing of user’s HIV status and location data, many wonder how such sensitive information could be so easily disclosed and the answer is quite simply a lack of strong privacy and security standards for apps.  The question then becomes whether apps that store personal health information should be subject to HIPAA? Should apps like Grindr have to comply with the Privacy and Security Rules as doctors, insurance companies, and other covered entities already do?

A lot of people already think this information is protected by HIPAA as they do not realize that HIPAA only applies to “covered entities” (health care providers, health plans, and health care clearininghouses) and “business associates” (companies that contract with covered entities).  Grindr is neither of these. Nor are most apps that address health issues – everything from apps with mental health tools to diet and exercise trackers. These apps can store all manner of information ranging simply from a name and birthdate to sensitive information including diagnoses and treatments.

Grindr is particularly striking because under HIPAA, there are extra protections for information including AIDS/HIV status, mental health diagnoses, genetics, and substance abuse history.  Normally, this information is highly protected and rightly so given the potential for discrimination. The privacy laws surrounding this information were hard fought by patients and advocates who often experienced discrimination themselves.

However, there is another reason this is particularly important in Grindr’s case and that’s the issue of public health.  Just a few days before it was revealed that the HIV status of users had been exposed, Grindr announced that it would push notifications through the app to remind users to get tested.  This was lauded as a positive move and added to the culture created on this app of openness. Already users disclose their HIV status, which is a benefit for public health and reducing the spread of the disease. However, if users think that this information will be shared without explicit consent, they may be less likely to disclose their status. Thus, not having privacy and security standards for apps with sensitive personal health information, means these companies can easily share this information and break the users’ trust, at the expense of public health.

Trust is one of the same reasons HIPAA itself exists.  When implemented correctly, the Privacy and Security Rules lend themselves to creating an environment of safety where individuals can disclose information that they may not want others to know.  This then allows for discussion of mental health issues, sexually transmitted diseases, substance use issues, and other difficult topics. The consequences of which both impact the treatment plan for the individual and greater population health.

It would be sensible to apply a framework like HIPAA to apps to ensure the privacy and security of user data, but certainly some would challenge the idea.  Some may make the excuse that is often already used in healthcare, that HIPAA stifles innovation undue burden on their industry and technology in general.  While untrue, this rhetoric holds sway with government entities who may oversee these companies.

To that end, there is a question of who would regulate such a framework? Would it fall to the Office for Civil Rights (OCR) where HIPAA regulation is already overseen? The OCR itself is overburdened, taking months to assess even the smallest of HIPAA complaints.  Would the FDA regulate compliance as they look to regulate more mobile apps that are tied to medical devices?  Would the FCC have a roll?  The question of who would regulate apps would be a fight in itself.

And finally, would this really increase privacy and security? HIPAA has been in effect for over two decades and yet still many covered entities fail to implement proper privacy and security protocols.  This does not necessarily mean there shouldn’t be attempts to address these serious issues, but some might question whether the HIPAA framework would be the best model.  Perhaps a new model, with new standards and consequences for noncompliance should be considered.

Regardless, it is time to start really addressing privacy and security of personal health information in apps. Last year, both Aetna and CVS Caremark violated patient privacy sending mail to patients where their HIV status could be seen through the envelope window. At present it seems these cases are under review with the OCR. But the OCR has been tough on these disclosures. In fact, in May 2017, St. Luke’s Roosevelt Hospital Center Inc. paid the OCR $387,200 in a settlement for a breach of privacy information including the HIV status of a patient. So the question is, if as a society, we recognize the serious nature of such disclosures, should we not look to prevent them in all settings – whether the information comes from a healthcare entity or an app?

With intense scrutiny of privacy and security in the media for all aspects of technology, increased regulation may be around the corner and the framework HIPAA creates may be worth applying to apps that contain personal health information.

About Erin Gilmer
Erin Gilmer is a health law and policy attorney and patient advocate. She writes about a range of issues on different forums including technology, disability, social justice, law, and social determinants of health. She can be found on twitter @GilmerHealthLaw or on her blog at www.healthasahumanright.wordpress.com.

The Importance of Marketing in Healthcare IT

Posted on April 9, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I spent last week in New Orleans at the Healthcare IT Marketing and PR Conference and enjoyed mixing and mingling with the amazing marketing and PR professionals found in that community. It’s a truly unique conference where attendees collaborate, share, and sincerely care for each other’s success. I feel privileged to be a member of the community.

I was lucky to kick off this year’s event and I started with this slide:

I imagine many people reading this might not agree. However, marketing in and of itself is not evil. Sure, everything can be evil. Technology can be good or evil. People can be good or evil. Healthcare organizations can be good or evil. However, that doesn’t mean that just because something can be used for evil that it is evil. That’s true for marketing which can get a bad rap. As they say, one rotten apple spoils the bunch.

The reality is that healthcare needs more effective healthcare IT marketing.

One of the biggest problems I see when I talk to people in healthcare IT is that many healthcare IT professionals don’t know the available tools, technologies, solutions, and vendors that are out there. They don’t know how these different companies can help them solve their most pressing problems. There’s a lot of health IT professionals that are doing the best they can with what they have, but they don’t have an easy way to know what solutions they really need. Most are so busy with the operational challenges of their job that they don’t have time to understand how a new technology or other solution could make their lives easier and improve their healthcare organization as well.

Many of the healthcare IT vendors who attended the 2018 Healthcare IT Marketing and PR conference have solutions which can improve efficiency, lower costs, and increase revenue. However, not enough healthcare organizations know about their solutions. That’s where marketing comes in.

This is also why we decided to create a sister conference called Health IT Expo. While some solutions come from a vendor, a lot of solutions can also come from your peers. We don’t do enough peer sharing in healthcare IT. Health IT Expo is the perfect venue for healthcare IT professionals to come together to share ideas, resources, solutions, and even commiseration when there is no clear solution. There’s a power in creating these types of deep connections at a conference. Especially when they carry after the conference. (Note: A little birdey told me there are a few free passes left for HIT professionals at provider organizations)

One of the biggest goals we have at Healthcare Scene is to improve healthcare providers’ discovery of the latest and greatest healthcare technology that truly improves care, lowers costs, increases effiency, and benefits your organization. If you have ideas on how we can do this better for you, please reach out to us with your ideas. We also have a few things we’ll be announcing shortly that will hopefully help bridge this gap as well.

What approaches do you take to knowing the latest technology trends in healthcare? Share your ideas and experiences in the comments.

Hospital Recycling Bins May Contain Sensitive PHI

Posted on April 6, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A group of Canadian researchers studying hospitals information security practices found that hospital recycling bins contained a substantial amount of PHI.

The researchers, who summarized their findings in a letter published in JAMA, spent two years collecting materials from the recycling bins at five teaching hospitals in Toronto. The “recycling audit,” which took place November 2014 and May 2016, included­­­­ data for inpatient and outpatient care settings, emergency departments, physician offices and ICUs.

When they did their audit, the researchers found more than 2,600 items which contained personally identifiable information, including 1,885 items related to medical care. The majority of the items containing PHI (65%) had been created by medical groups.

Their audit also found that the most common locations at which they found particularly sensitive patient-identifiable information for physician offices (65%) and inpatient wards (19%).

The most commonly-found items included patient-identifiable information included clinical notes, medical reports (30%), followed by labels and patient identifiers (14%). Other items which contained PHI included diagnostic test results, prescriptions, handwritten notes, requests and communications, and scheduling materials.

According to the researchers, each of the five hospitals they audited had policies in place to protect PHI, along with secure shredding containers for packaging up private information. That being said, they guessed that as the hospitals transitioned to EHRs, they were discarding a high volume of paper records and losing control of how they were handled.

I don’t know what the EHR adoption rate is in Canada, but nearly all U.S. hospitals already have an EHR in place, so on first glance, it might appear that this couldn’t happen here. After all, once a hospital has digitized records, one would think the only way hospitals would expose PHI would be when someone deliberately steals data.

But the truth is, a great deal of hospital business still gets done on paper, and it seems likely that one could find a significant number of documents with PHI on them in U.S. recycling bins. (If someone was willing to do the dirty work, there might be a meaningful amount of PHI found in regular garbage cans as well.)

What I take away from this is that hospitals need to have stiffer policies in place to protect against paper-based security breaches. It may be time for hospital administrators to pay closer attention to this problem.