Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Do We Underestimate the Power of Smart Phones in Healthcare? – Fun Friday

Posted on July 29, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Smart phones have become a serious societal addiction. In some ways that is bad and no doubt there are plenty of studies that will come out about the negative impacts from cell phone addiction. However, the fact that people always have their cell phone is also a tremendous opportunity for healthcare to really engage their patient. This is what came to mind when I saw these funny cartoons about our addiction to our cell phones.

Cell Phone Addiction - Social Science Research Cartoon

Cell Phone Addiction Cartoon

Thanks Eric Topol for sharing these cartoons.

A List Of Must-Have EMR Features

Posted on July 28, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

When a doctor tells you what features they believe need to be in an EMR, it’s worth a listen. And when that doctor has personally managed the ongoing development of their own EMR, I find their ideas to be even more interesting.

Such informed recommendations are just what Hayward Zwerling, MD, has to offer. Zwerling is a practicing physician, and also the creator of the ComChart ambulatory EMR, which he launched in 1990 and kept on the market until 2015. Zwerling recently published a list of features which, he argues, should be in virtually every EMR. Below, here’s a sampling of his suggestions:

Lab features:

  • Provide a button displaying all abnormal lab results, and make the resulting list sortable by test name, test date or any other available parameter.
  • Allow the physician to display any subset of the patient’s lab results, and offer an option to omit individual results and resort the displayed data. Also, allow doctors to export the data in cvs or Excel format.
  • Permit doctors to create lab test charts on the fly, including any combination of tests from the patient’s existing lab work. In addition, make it possible to incorporate this chart into a Progress Note approved up to chart for the patient.
  • Make it easy for the doctor to create an association between incoming test results and specific medicines. (For example, if a cholesterol test result appears, include the name of any statin the patient currently takes.) And make it possible to create lab charts which include concurrent medication information, with just one click.
  • Clearly display who ordered a test and to whom a copy of the test was distributed.

Progress Notes:

  • Allow physicians to create test result charts from within the Progress Notes section.
  • Permit physicians to add selected free text from the Progress Notes to the problem list, medicine list, allergy list, family history or old problem list by highlighting the data and clicking a single button.
  • Create a free text field on the Progress Note layout allowing doctors to enter information that is not an official part of the patient’s chart. For example, the clinician might write a note such as “Daughter wants issue of her mother’s depression to be discussed at the mother’s next visit, and daughter does not want to be identified.”
  • Allow doctors to search free text Progress Notes for a word or phrase. Also, make it possible to search some or all of the entire EMR’s free text Progress Notes in this matter.

Zwerling goes on at much greater length in his post on The Health Care Blog, so much so that his suggestions spill over into a separate blog entry. But this subset of suggestions make the point on their own. He clearly believes — quite reasonably — that doctors should have access to simple, easy-to-understand tools when they use EMRs, and that there should be no need to refer to a manual or attend training classes.

He sums it up thusly: “The feature should be presented to the user in a manner which make it intuitively obvious how to utilize the feature.” Really, don’t we all agree with him? And if so, why are so few EMRs organized this way?

E-Patient Update:  When EMRs Didn’t Matter, But Should Have

Posted on July 27, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The other day I went to an urgent care clinic, suffering from a problem which needed attention promptly. This clinic is part of the local integrated health system’s network, where I’ve been seen for nearly 20 years. This system uses Epic everywhere in its network to coordinate care.

I admittedly arrived rather late and close to when the clinic was going to close. But I truly didn’t want to make a wasteful visit to the ED, so I pressed on and presented myself to the receptionist. And sadly, that’s where things got a bit hairy.

The receptionist said: “We’ve already got five patients to see so we can’t see anyone else.” Uncomfortable as I was, I fought back with what seemed like logic to me: “I need help and a hospital would be a waste. Could someone please check my medical records? The doctors will understand what I need and why it’s urgent.”

The receptionist got the nurse, who said “I’m sorry, but we aren’t seeing any more patients today.” I asked, “But what about the acuity of a given case, such as mine for example? Can’t you prioritize me? It’s all in my medical records and I know you’re online with Epic!”  She shook her head at me and walked away.

I sat in reception for a while, too irritated to walk out and too uncomfortable to let go of the issue. Man, it was no fun, and I called those folks some not-nice things in my mind – but more than anything else, wondered why they wouldn’t look at data on a well-documented patient like me for even a moment.

About 20 minutes before the place officially closed for the night, a nurse practitioner I know (let’s call him Ed) walked out into the waiting room and asked me what I needed. I explained in just a few words what I was after. Ed, who had reviewed my record, knew what I needed, knew why it was important and made it happen within five minutes. Officially, he wasn’t supposed to do that, but he felt comfortable helping because he was well-informed.

Truthfully, I realize this story is relatively trivial, but as I see it, it brings an important issue to the fore. And the issue is that even when seeing chronically-ill patients such as myself, whose comings and goings are well documented, providers can’t or won’t do much to exploit that data.

You hear a lot of talk about big data and analytics, and how they’ll change healthcare or even the world as we know it. But what about finding ways to better use “small data” produced by a single patient? It seems to me that clinicians don’t have the right tools to take advantage of a single patient’s history, or find it too difficult to do so. Either way, though, something must be done.

I know from personal experience that if clinicians don’t know my history, they can’t treat me efficiently and may drive up costs by letting me get sicker. And we need more Eds out there making the save. So let’s make the chart do a better job of mining patient’s data. Otherwise, having an EMR hardly matters.

Health Plans Need Your Records: Know What’s Driving Requests and How to Be Prepared

Posted on July 26, 2016 I Written By

The following is a guest blog post by Craig Mercure, Chief Operating Officer of Payer Solutions at CIOX Health.
Craig Mercure
Audits. Reviews. HEDIS. Stars Ratings. No matter what, health plan record requests are growing by leaps and bounds each year. And the stakes are high for health plans to ensure they receive medical records in a timely way. What we also know – the large volume of requests and submission deadlines can put a drain on provider resources.

High volumes of medical record requests make it more important than ever for providers and health plans to work cooperatively and collaboratively. Here’s some helpful background on what’s driving the request for medical records and how providers can be prepared.

There are three primary health plan reviews that receive the most focus: Medicare Risk Adjustment, HEDIS Reviews, and Affordable Care Act (ACA) Medical Records Retrieval (MRR). While there are also other ad hoc requests related to fraud, waste and abuse (e.g., Risk Adjustment Data Validation (RADV), Medicaid, etc.), these three health plan reviews cause the most provider abrasion. Medical practices are getting hammered by them.

Say, for example, that a provider chooses 10 health plans. That provider is going to receive requests from each plan for all three of the main reviews, as well as the ad hoc requests. This has a major influence on record release and all other staff members that are impacted by it. The operational impact of receiving, verifying and fulfilling these requests is growing every year.

Here’s how the top three health plan reviews break down:

Medicare Risk Adjustment (MRA) reviews documentation and diagnosis codes to ensure proper reimbursement from the Centers for Medicare and Medicaid Services (CMS). Most records are retrieved from the primary care physician (PCP), specialty doctors, and in-patient stays—wherever the true value of a particular chart may reside. The MRA reviews typically begin in June and goes through early January.

Volumes have skyrocketed to 18 million record requests over the past several years. Plans are prioritizing Medicare Advantage plans and want to research every member. Therefore, depending on the percentage of Medicare Advantage patients seen by an organization, this review can hit providers hard. Medicare Risk Adjustment reviews are most prevalent in late summer and early fall with the end date for all plans to submit all 2015 diagnoses by January 31, 2017.

Two of the primary pain points for health plans are revenue and quality of care. Consider this hypothetical scenario. A healthy Medicare Advantage member has a score of zero. However, if that member develops diabetes within a given year, the score grows to 2.8. The health plan would receive 2.8 times the normal Medicare expenditure to care for that patient. While demographics and regional data also contribute to determining true ratings, this example is very realistic.

From a quality perspective, the health plan’s purpose for medical record reviews is to identify patients with chronic disease before they fall through the cracks. Plans attempt to effectively communicate with members and secure PCP visits before more costly encounters such as emergency or acute inpatient care occur.

Healthcare Effectiveness Data and Information Set (HEDIS) Reviews are driven by the National Committee for Quality Assurance (NCQA), a 501(c)(3) not-for-profit organization dedicated to improving the quality of health care so patients can make informed decisions about which plan they want to choose. HEDIS collects measures from plans, PPOs, physicians, and other organizations which is fed into a 5-star rating system. This rating system has become a marketing tool to help patients find the best health plans. It’s intended to allow patients to make “apples to apples” comparisons of health plans, similar to how you might shop for a car. The review season is typically February to mid-May.

Affordable Care Act (ACA) Medical Records Retrieval (MRR) is in its first year. These reviews are conducted during the same time frame as HEDIS. ACA-MRR has adopted similar risk methodologies as Medicare Advantage.

For providers, dealing with these reviews has become part of doing business with health plans. However, the amount of operational planning and time required to keep up with all the various requests can be monumental. Each provider site is configured differently in terms of medical record systems and IT security. Many providers outsource the chart retrieval (also called release of information—ROI) function to relieve the burden.

Gathering data in the trenches

Information to fulfill the health plan request may come from PCPs, acute-care hospitals, extended and rehabilitation facilities—wherever the health plan determines that the chart holds the most value. Also, caregivers provide medical records to health plans in a variety of ways. These include, but are not limited to: remote access, portals, secure FTP, CDs, mail, flash drives, emails, scans, and the old-fashioned standard—printed paper. While paper is dwindling, some still exists.

The majority of Medicare Advantage and ACA reviews are at the provider level. Sometimes thousands of records are involved. This can be a huge burden on physicians. Most health plan reviewers are interested in documents describing face-to-face interactions between clinician and member, such as progress notes and encounter notes based on specific dates of service.

For health plans and chart retrieval companies, the goal is always to obtain the necessary information with a minimal amount of provider abrasion. Two specific technology capabilities help smooth the process.

Electronic documentation embedded within the provider’s EMR

Various EMR systems and provider sites capture patient encounter notes differently. Some locations might not capture or maintain the encounter and progress information that is needed in an easy-to-retrieve electronic format.

Remote connectivity to retrieve information

Remote connectivity allows real-time access for the data needed by the health plan or chart retrieval service, mitigating the need for labor-intensive processes and onsite technicians.

An experienced chart retrieval service, like CIOX Health, satisfies the information demands of health plans while also reducing operational workload for providers. They’re responsible for securely linking both sides of the health plan review equation.

Experience eases chart retrieval

A chart retrieval service that repeatedly contracts with a specific health plan for reviews gains a year-over-year advantage. They’ve already connected to all the various provider systems and obtained security clearance. Every year they spend in the trenches, they learn and gain experiential data—giving them a head start for next year’s audit season.

Providers want to be fully compliant with health plan requests. They want to honor the request as quickly and efficiently as possible. Provider preference is to work with one chart retrieval service versus multiple ones over several health plans.

A single service can also field calls and inquiries from all the various health plans. Health plans want records to meet their review requirements, and they can be aggressive if records are past due. An experienced chart retrieval service helps both stakeholders move efficiently through the process—including remote connectivity—to meet health plan deadlines.

Finally, a centralized health information management (HIM) department is another way to ease the burden for providers. With centralization, all records and requests are aggregated. While centralized HIM is common practice in hospitals and health systems, it is not always feasible for physician practices and medical groups.

Cooperative steps must be taken to support health plan reviews while also reducing provider abrasion and operational costs. By working together, both plans and providers remain satisfied and smooth the process for everyone involved.

About Craig Mercure
Craig oversees all aspects of business development, including strategic planning, sales, client services, marketing, product development, finance and communications. He also leads the infrastructure development of the company as it grows, which includes: systems, processes, pipeline management, trade support, marketing, facilities, personnel recruitment and development. Over the past 15 years, Craig has worked in executive leadership positions within the electronic medical record and medical documentation industry.

2.7 Million Reasons Cloud Vendors and Data Centers ARE HIPAA Business Associates

Posted on July 25, 2016 I Written By

The following is a guest blog post by Mike Semel, President of Semel Consulting.
Cloud backup
Some cloud service providers and data centers have been in denial that they are HIPAA Business Associates. They refuse to sign Business Associate Agreements and comply with HIPAA.

Their excuses:

“We don’t have access to the data so we aren’t a HIPAA Business Associate.”

“The data is encrypted so we aren’t a HIPAA Business Associate.”

Cloud and hosted phone vendors claim “We are a conduit where the data just passes through us temporarily so we aren’t a HIPAA Business Associate.”

“We tell people not to store PHI in our cloud so we aren’t a HIPAA Business Associate.”

Wrong. Wrong. Wrong. And Wrong.

2.7 million reasons Wrong.
Lawsuit
Oregon Health & Science University (OHSU) just paid $2.7 million to settle a series of HIPAA data breaches “including the storage of the electronic protected health information (ePHI) of over 3,000 individuals on a cloud-based server without a business associate agreement.”

Another recent penalty cost a medical practice $750,000 for sharing PHI with a vendor without having a Business Associate Agreement in place.

The 2013 changes to HIPAA that published in the Federal Register (with our emphasis) state that:

“…we have modified the definition of “business associate” to generally provide that a business associate includes a person who “creates, receives, maintains, or transmits” protected health information on behalf of a covered entity.

…an entity that maintains protected health information on behalf of a covered entity is a business associate and not a conduit, even if the entity does not actually view the protected health information.  We recognize that in both situations, the entity providing the service to the covered entity has the opportunity to access the protected health information.  However, the difference between the two situations is the transient versus persistent nature of that opportunity.  For example, a data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate, even if the entity does not view the information or only does so on a random or infrequent basis.” 

A cloud service doesn’t need access to PHI – it just needs to manage or store it– to be a Business Associate. They must secure PHI and sign Business Associate Agreements.

The free, consumer-grade versions of DropBox and Google Drive are not HIPAA compliant. But, the fee-based cloud services, that utilize higher levels of security and for which the vendor will sign a Business Associate Agreement, are OK to use. DropBox Business and Google Apps cost more but provide both security and HIPAA compliance. Make sure you select the right service for PHI.
Encrypted
Encryption
Encryption is a great way to protect health information, because the data is secure and the HIPAA Breach Notification Rule says that encrypted data that is lost or stolen is not a reportable breach.

However, encrypting data is not an exemption to being a Business Associate. Besides, many cloud vendors that deny they have access to encrypted data really do.

I know because I was the Chief Operating Officer for a cloud backup company. We told everyone that the client data was encrypted and we could not access it. The problem was that when someone had trouble recovering their data, the first thing our support team asked for were the encryption keys so we could help them. For medical clients that gave us access to unencrypted PHI.

I also know of situations where data was supposed to be encrypted but, because of human error, made it to the cloud unencrypted.

Simply remembering that Business Associates are covered in the HIPAA Privacy Rule while encryption is discussed in the Breach Notification Rule is an easy way to understand that encryption doesn’t cancel out a vendor’s status as a Business Associate.
27864148 - it engineer or consultant working with backup server. shot in data center.
Data Centers
A “business associate” also is a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another business associate.

Taken together, a cloud vendor that stores PHI, and the data centers that house servers and storage devices, are all HIPAA Business Associates. If you have your own servers containing PHI in a rack at a data center, that makes the data center a HIPAA Business Associate. If you use a cloud service for offsite backups, or file sharing, they and their data centers are Business Associates.

Most data centers offer ‘Network Operations Center (NOC) services,’ an on-site IT department that can go to a server rack to perform services, so you don’t have to travel (sometimes across the country) to fix a problem.  A data center manager was denying they had access to the servers locked in racks and cages, while we watched his NOC services technician open a locked rack to restart a client server.

Our client, who had its servers containing thousands of patient records housed in that data center, used the on-site NOC services when their servers needed maintenance or just to be manually restarted.
37388020 - pushing cloud computing button on touch screen
Cloud-Based and Hosted Phone Services
In the old days, a voice message left on a phone system was not tied to computers. Faxes were paper-in and paper-out between two fax machines.

HIPAA defines a conduit as a business that simply passes PHI and ePHI through their system, like the post office, FedX, UPS, phone companies and Internet Service Providers that simply transport data and do not ever store it. Paper-based faxing was exempt from HIPAA.

One way the world has changed is that Voice Over Internet Protocol (VOIP) systems, that are local or cloud-based, convert voice messages containing PHI into data files, which can then be stored for access through a portal, phone, or mobile device, or are attached to an e-mail.

Another change is that faxing PHI is now the creation of an image file, which is then transmitted through a fax number to a computer system that stores it for access through a portal, or attaches it to an e-mail.

Going back to the Federal Register statement that it is the persistence of storage that is the qualifier to be a Business Associate, the fact that the data files containing PHI are stored at the phone service means that the vendor is a Business Associate. It doesn’t matter that the PHI started out as voice messages or faxes.

RingCentral is one hosted phone vendor that now offers a HIPAA-compliant phone solution. It encrypts voice and fax files during transit and when stored, and RingCentral will sign a Business Associate Agreement.

Don’t Store PHI With Us
Telling clients not to store PHI, or stating that they are not allowed to do so in the fine print of an agreement or on a website, is just a wink-wink-nod-nod way of a cloud service or data center denying they are a Business Associate even though they know they are maintaining PHI.

Even if they refuse to work with medical clients, there are so many other types of organizations that are HIPAA Business Associates – malpractice defense law firms, accounting firms, billing companies, collections companies, insurance agents – they may as well give it up and just comply with HIPAA.

If they don’t, it can cost their clients if they are audited or through a breach investigation.

Don’t let that be you!

About Mike Semel
Mike Semel is the President of Semel Consulting, which specializes in healthcare and financial regulatory compliance, and business continuity planning.

Mike is a Certified Security Compliance Specialist, has multiple HIPAA certifications, and has authored HIPAA courseware. He has been an MSP, and the CIO for a hospital and a K-12 school district. Mike helped develop the CompTIA Security Trustmark and coaches companies preparing for the certification.

Semel Consulting conducts HIPAA workshops for MSPs and has a referrals program for partners. Visit www.semelconsulting.com for more info.

Attackers Try To Sell 600K Patient Records

Posted on July 22, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

New research has concluded that attackers recently infiltrated U.S. healthcare institutions and stole at least 600,000 patient records, then attempted to sell more than 3 TB of associated data. The attacks, which were discovered by security firm InfoArmor, targeted not only hospitals, but also private clinics and vendors of medical equipment and supplies such as orthopedics, eWeek reports.

According to InfoArmor, the attacker gained access to the patient data by exploiting weak user credentials, and hacked Remote Desktop Protocol connections on some servers with static external IP addresses. The data thief also used a local privilege escalation exploit to access system files for added patching and backdooring, InfoArmor chief intelligence officer Andrew Komarov told eWeek.

And sadly, some healthcare institutions made it pretty easy for intruders. In some cases, data thieves were able to exfiltrate data stored in Microsoft Access desktop databases without any special user access segregation or rights control in place, Komarov told the magazine.

Future exploits may emerge through medical device connections, as many institutions aren’t paying enough attention to device security, he warns.”[Providers] think that the medical device is just a device for their specific function and sometimes they don’t [have] knowledge of misconfigured devices in their networks,” Komarov said.

So what will become of the data?  Many things, and none of them good. Some cyber criminals will sell Social Security numbers and other scammers will use to sell fraudulent healthcare services,. Cyber-grifters who steal a patient’s history of illness and their biography can use them to take advantage of consumers, he pointed out. And to sharpen their con, such criminals can even buy select data focused on geographic regions, Komarov noted in a follow-up chat with me.

To address exploits engineered by remote access sessions, one consulting firm is pitching technology allowing administrators to go over remote sessions with a fine-toothed comb.

Balazs Scheidler, CTO of security vendor BalaBit, notes that while remote access to internal IT resources is common, using protocols such as Microsoft Remote Desktop or Citrix ICA, IT managers don’t always have enough visibility into who’s accessing systems, when they are logging in and from where systems are being accessed. BalaBit is pitching a system which offers “CCTV-like” recording of user sessions, including screen contents, mouse movements, clicks and keystrokes.

But the truth is, regardless of what approach providers take, they simply have to step up security measures across the board. If attackers can access your data through a vulnerable Microsoft Access database, clearly something is out of order. And in fact many cases, it’s just that easy for attackers to get into your network.

Lessons Learned from Practice Fusion’s FTC Charges and Settlement

Posted on July 21, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Almost 3 years ago I wrote an article about Practice Fusion violating some physicians’ trust in sending millions of emails to their patients. It’s still shocking to me to read through the physicians’ reaction to having emails unknowingly sent out in their name to their patients. I spent about a month researching that story. That’s longer than I’ve done for any other article by a significant margin. What I discovered was just that compelling.

When I first was told about the story, it seemed possible that each of those emails (we estimated 9 million) was a HIPAA violation. However, as we researched the story more and talked with multiple experts, it seemed like only a small subset could have possibly been considered a HIPAA violation. Practice Fusion had done a pretty reasonable job on the HIPAA front in our opinion. We all learned a lot about HIPAA and patient emails from the experience. Not to mention the importance of physician trust in your EHR product.

With that said, Forbes read my articles and decided to write an article that extended on the research that I’d done for the story along with a follow up article that looked at some of the things patients were posting publicly in these physician reviews. Forbes didn’t link to my article since I was pretty cautious with the whole thing after Practice Fusion had threatened sending their lawyers my way. I didn’t have a bevy of lawyers behind me like Forbes. Plus, some other crazy things happened like people trying to discredit me in the comments from the same IP address in San Francisco and a fabricated blog post to try and discredit what I’d written. Needless to say, it was quite the experience.

There were some people encouraging me to take it much further and to expose some of the crazy things that went down. That wasn’t my interest. I’d told an important story that needed to be told in what I believed was a fair an accurate way. I didn’t have any other goals despite some people insinuating that I might have other intentions.

Three years after I wrote that story it’s interesting to see that the FTC finally published the complaint against Practice Fusion (they also shared an analysis) and the Settlement agreement. I guess our government does work as slow as we all imagine.

I’m not going to dive into the details of the settlement here, but I did discuss the lessons we can learn from Practice Fusion’s FTC complaint and settlement with Shahid Shah and from our discussion I came up with these important lessons that apply to any company working in healthcare IT.

Healthcare Needs to Worry About More Than HIPAA and OCR
I think that many healthcare IT organizations only worried about HIPAA and OCR (which enforces HIPAA) when developing their products and implementing them in healthcare. This example clearly illustrates that the FTC is interested in what you do in healthcare and they’re not just going to defer to OCR to ensure that things are going right. This is particularly true as healthcare becomes more and more consumer oriented. This advice is also timely given ONC’s report to congress about health data oversight beyond HIPAA.

Healthcare Interoperability and Public Disclosure Might Be Worse
One challenge with the FTC settlement is that it could cause many other healthcare IT vendors to use it as an excuse not to take the next step in engaging patients, sharing health information where it’s needed, and other things that will help to improve healthcare. The fear of government condemnation could cause many to balk at progressive initiatives that would benefit patients.

While I do think healthcare IT companies should be cautious, fear of the FTC shouldn’t be used as an excuse to do nothing. The reality of the Practice Fusion case wasn’t that they shouldn’t have built the product they did, it was just that they needed to better communicate what they were doing to both doctors and patients. If they had done so I wouldn’t have had an article to write and the FTC wouldn’t have had any issue with what they were doing.

Communicate Properly to Patients
Reading the FTC claim was interesting to me. In the month I spent researching the story, I felt that Practice Fusion had done a great job in their privacy notice saying that the patient’s review would be posted publicly. It stated as much in their policy and I found no fault in their posting the patient reviews in public. That’s why I didn’t write about them in my articles. Certainly they could have made it more clear to patients, but I put the responsibility on the patient to read the privacy policy. If the patient chooses not to read the privacy policy when sharing really intimate personal details in an online form, then I don’t have much sympathy for them.

Of course, I’m not a lawyer and the FTC found very different. The FTC thought that the disclosure to the patient should have reached out and grabbed consumers and that the key facts shouldn’t be buried in a hard-to-understand privacy policy. A good lawyer can help an organization find the balance of effectively meeting the FTC requirements, but also not scaring patients away from participating. Although, it can certainly be a challenge.

If You Can Identify Private Information You Should
There are some obvious things that we all know shouldn’t be posted publicly. These days with technologies like NLP (natural language processing), you can identify many of these obvious pieces of private data and ensure they’re hidden and never go public. These technologies aren’t perfect, but having them in place will show that you’ve made a best effort to ensure that consumers health data is kept as private as possible.

Communicate Better with Doctors
This might be the biggest thing I learned from the experience. I find it interesting that the FTC complaint barely even talks about it (maybe it’s not under the FTC’s purview?). However, what came through loud and clear from this experience is that you need to effectively communicate what you’re doing to the doctor. This is particularly true if you’re doing something in the doctors name. If not, you’re going to lose the trust of doctors.

The FTC has a blog post up which has more lessons for those of us in the healthcare industry. They’re worthy of consideration if you’re a health IT company that’s working with patients (yes, that’s pretty much all of you).

P.S. I find it interesting that the Patient Fusion website still lists 30,061 doctors on patient fusion, 181,818 appointments today, 1,844718 reviews, and 98% doctors recommended. The same numbers that were listed back in 2013:

I guess that page isn’t a real time feed. I also looked at the Patient Fusion website today to see how they showed reviews now. I didn’t scour the whole website, but it appears that they now only show the quantitative review score and not the qualitative review.

Is Your Organization Ready for EHR Adoption? – Breakaway Thinking

Posted on July 20, 2016 I Written By

The following is a guest blog post by Heather Haugen, PhD, Managing Director and CEO at The Breakaway Group (A Xerox Company). Check out all of the blog posts in the Breakaway Thinking series.
Heather Haugen
What is the most significant barrier to Electronic Health Record (EHR) adoption for clinicians?  This question was the foundation of our research published in Beyond Implementation: A Prescription for Lasting EMR Adoption in 2010. The answer wasn’t surprising then and won’t surprise you now, but let’s consider how your leaders are doing in the face of enormous change in healthcare (think telemedicine, high pharmaceutical costs, rising medical costs, medical ID theft). It’s more important than ever to focus on technology adoption in today’s healthcare climate.

The one factor that formed a pattern across every organization struggling with EHR adoption was a lack of engagement by those leading the effort, and this still holds true today. For many reasons, this is a hard pill to swallow. First, it places responsibility back on the earliest champions: those who decided to fund and move the entire organization into an EHR implementation or upgrade. Second, it requires already overworked executive and clinical leaders to make adoption a daily priority. Effective leadership is an antecedent to adoption.

There is no greater barrier to the adoption of a complex IT application in an ever-changing healthcare environment than believing we can simply pile this effort on top of the other priorities and expect success. Organizations with disengaged, part-time, and/or overworked leaders at the helm of an EHR effort will struggle and may never achieve full adoption. In contrast, organizations with leaders who are fully invested in the daily march toward adoption will not only reach the early stages of adoption, but will enjoy a reinforced cycle of meaningful clinical and financial outcomes. Leadership must take five steps to succeed in moving their organization toward EHR adoption.

Develop a “stop doing” list: Establishing a new leadership agenda requires freeing up time for those leading and working on the effort. Without reprioritizing daily tasks, EHR adoption receives inadequate time and attention. Leaders currently in charge of EHR adoption need to understand what they are going to stop doing and focus on maintaining the courage to follow through on their decision.

Create a positive tone at the top of the organization: One of the most challenging aspects of leading an EHR adoption is transforming the project into a compelling and meaningful effort for everyone. When people, especially clinicians, believe in a cause, they will go to extraordinary lengths to ensure a successful outcome. Creating a common message with purpose and constancy is not easy, and sustaining the message is even more difficult. But when leaders create the right tone for the EHR adoption message, it will be powerful and help maintain momentum to create change.

Connect to clinical leadership: The key to provider adoption of EHRs is engagement. A governance system will engage clinicians through responsibilities and accountabilities and create clinician champions – the most highly-respected and well-networked clinicians. A high level of provider engagement can ameliorate or even overcome the common barriers to adoption, including resistance to abandoning the previous charting method, the investment of time required to learn the new system and the initial drop in productivity until users attain proficiency.

Empower decision-makers and reinforce their spheres of influence: Implementing or upgrading an EHR requires thoughtful consideration of the policies and procedures that will govern the use of the system.  There are many stakeholders with a myriad of opinions and often competing interests that can dramatically slow adoption of the EHR. Adhering to a well-defined governance process ensures that the right people are involved at the right time with the right information. The lack of governance allows the wrong people to endlessly debate decisions, ignore standards and often conclude by making the wrong decisions. Leaders must establish strong governance processes that define expectations around adoption of the EHR, involve the right stakeholders to make decisions, establish policies and best practices and ultimately evaluate performance against expectations. Governance must also be flexible enough to evolve over time.

Relentlessly pursue meaningful clinical and financial metrics: The payoff for adopting an EHR comes in the form of clinical and financial outcomes. If results are neither tracked nor realized, the effort is truly a waste of time and money. Our expectations need to be realistic, but it really is the leaders who are accountable for the relentless pursuit of positive outcomes. Leaders must incent the right people to collect, analyze, and report on the data. Similar to engaging clinicians, this requires some finesse. The good news is that clinicians are generally interested in these metrics and may find the numbers compelling enough to change processes enough to impact the outcomes. Identify several key metrics that are easy to collect, work to improve them and then measure again.

Now is the time to create a new leadership agenda to drive EHR adoption and ultimately improve patient care – which is the goal we all share!

Xerox is a sponsor of the Breakaway Thinking series of blog posts. The Breakaway Group is a leader in EHR and Health IT training.

Has Technology Changed The Way We Interact With Each Other, Our Healthcare Providers And Healthcare Organizations?

Posted on July 19, 2016 I Written By

The following is a guest blog post by Brittany Quemby,  Marketing Manager of Stericycle Communication Solutions as part of the Communication Solutions Series of blog posts. Follow and engage with them on Twitter: @StericycleComms
Brittany Quemby - Stericycle

In this blog series, we have talked a lot about healthcare consumerism, the importance of communication in the patient/provider relationship and how embracing technology can lead to an increased patient experience. Today I want to talk about how technology is changing the way we interact with each other in the healthcare industry.

The other day I tried to book a doctor’s appointment with my family physician.  I looked up my family physician’s phone number online and called in. After about 25 rings, 20 minutes on hold and a cranky voice on the other end, I hung up the phone feeling extremely frustrated and couldn’t event remember the time of my appointment.

This left me thinking. Everyday we rely and crave the use of technology to help us be more efficient and to simplify our lives.  I would argue, even more so, when it comes to our health. Approximately 58% of patients believe that technology leads to better care.  Technology has truly transformed the way patients want to interact with providers.  And to be fair, a lot of healthcare organizations and clinicians have been quick to adopt as they see the efficiency and patient experience benefits – so what was the hold up with my family physician?  I think perhaps they just weren’t aware of the facts.

So let’s take a look at them:

Fact 1 – Mobile Health

The truth hurts.  Many of us are addicted to our phone and are guilty of driving home when we were almost at work to retrieve it. When it comes to mobile health, the addiction is just as strong. Over 50% of smartphone owners, have used their phone to look up health or medical information.  A staggering 80% of patients want the option of using their smartphone to interact with healthcare providers.  Traditional methods of inquiring about our health and interacting with healthcare providers are long gone. Today’s technology makes it much more convenient for both physicians and patients to connect, research and communicate right from their smartphone.

Fact 2 – Online Health

Face it! Most of us have gone down the rabbit hole of searching a particular ailment online.  At least 35% of U.S. adults say they have gone online to try to figure out what medical condition they or someone else might have. Research indicates that 77% of online health seekers began their last session at a search engine such as Google, Bing, or Yahoo.  The presence of the internet has given patients easy access to information and has empowered them to make more informed choices about their health. It has also allowed physicians to easily update new information and build interactive treatment plans that can increase patient adherence and retention.

Fact 3 – Online Scheduling

Truth be told, I did scream when I got off the phone with doctor’s office.  Why was calling in to book my doctor’s appointment the most painful thing I had done all week? I am not alone, 77% of consumers think that the ability to book, change or cancel healthcare appointments online is important. Technology has us conditioned to want the quickest and easiest way of getting things done.  It is much quicker and convenient to go online to book the next available appointment than the 8.1 minutes it takes for a patient to complete a scheduling call.  Online scheduling helps to satisfy a patient’s need for quick gratification and alleviates the significant amount of time staff spend scheduling appointments.

Fact 4 – Digital Communication Platforms

The fact that I couldn’t remember the time of my appointment the moment I got off the phone was a bit embarrassing. But let’s face it, we’ve become so reliant on technology telling us where we need to be and what time we need to be there that our brains begin to ignore certain timelines. The truth is, the sticky note no longer holds the top spot in patient’s minds. A whopping 85% of consumers say that they would welcome digital appointment reminders, medication reminders and general health tips.   This type of technology is a win-win for both patients and clinicians.  Patients receive a simple reminder that can be added into their calendar allowing them to show up and be better prepared and clinicians receive appointment confirmations allowing them to increase their operational efficiencies, revenue and better manage their daily schedule.

Fact 5 – Tracking Health

Tracking health is not a new concept, but the exchanges and the method patients are tracking their health has revolutionized with newer technology. When recommended by a doctor, 3 in 4 consumers followed advice to wear technology to track their health. Over 20% of patients track their health indicators with the use of technology.  Technologies that assist in tracking one’s health have allowed for higher patient engagement which can lead to better monitoring and increased outcomes.  Both US consumers (77%) and doctors (85%) agree that using wearables helps a patient engage in their own health.

As technology evolves, so will our interactions as patients, providers and healthcare organizations.   It’s imperative to capitalize on the many benefits healthcare technology has given us to ensure we expand our connectivity, grow our data, increase our health outcomes and continuously improve our communication and collaboration. However, and unfortunately, in the meantime while we wait for everyone to catch up some of us will suffer from the frustration of expecting technology and not getting it. #Siricantyoujustrunmylife

The Communication Solutions Series of blog posts is sponsored by Stericycle Communication Solutions, a leading provider of high quality telephone answering, appointment scheduling, and automated communication services. Stericycle Communication Solutions combines a human touch with innovative technology to deliver best-in-class communication services.  Connect with Stericycle Communication Solutions on social media:  @StericycleComms

Telus Health Continues EMR M&A Strategy – Acquires Nightingale Informatix

Posted on July 18, 2016 I Written By

Colin Hung is the co-founder of the #hcldr (healthcare leadership) tweetchat one of the most popular and active healthcare social media communities on Twitter. Colin speaks, tweets and blogs regularly about healthcare, technology, marketing and leadership. He is currently an independent marketing consultant working with leading healthIT companies. Colin is a member of #TheWalkingGallery. His Twitter handle is: @Colin_Hung.

Telus Health, a Canadian based healthcare technology and services firm that is a division of one of Canada’s largest telco operators (Telus Communications), recently announced the acquisition of Nightingale Informatix for $14 Million CDN (approximately $10.4M USD).

You can read the announcement here.

This is the latest in a string of acquisitions that Telus has made over the past 5 years in the Canadian ambulatory EMR space. Med Access, Wolf Medical Systems, Kinlogix, MD Physician Services, Medesync and now Nightingale are all part of Telus Health’s product portfolio. With these acquisitions Telus is now by far the most dominant player in the Canadian ambulatory market. There are only a handful of vendors remaining – the largest of which is Vancouver’s QHR Technologies.

EMR consolidation in Canada was inevitable. The small market size could not sustain the more than 50 EMR vendors that cropped up in the heyday of adoption. As well, unlike in the US, the government in Canada did not pour billions of dollars to encourage physicians to adopt EMR technologies. The incentive programs in Canada were handled by the provinces and were much smaller in scale. Thus the Canadian market was ripe for consolidation and Telus has been aggressively seizing these opportunities.

It is a little surprising that none of the US EMR vendors have looked north of the border for growth opportunities. With a single payer system and unique patient identifiers, you would think the Canadian market would be enticing. However, no US ambulatory EMR has made significant in-roads.

Missed opportunity? or perhaps a wise decision to focus at home?

*Disclosure – This writer was VP of Marketing at Nightingale Informatix from 2012-2014.

[CORRECTION – July 19, 2016 2:11pm ET – The original post erroneously reported that Telus had acquired Healthscreen, EMIS and Clinicare EMRs. These three EMRs were in fact acquired by QHR Technologies and not Telus. This post was updated with a corrected list of Telus acquisitions]