Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

How to Build an Effective Rural Virtual Care and Telehealth Strategy

Posted on October 10, 2018 I Written By

The following is a guest blog post by Lee Horner, CEO of Synzi.

Rural healthcare organizations are increasingly interested in implementing virtual care and telehealth solutions in order to better meet the needs of their facilities, staff, and patient population. In danger of closing their doors, rural hospitals are struggling to survive and thrive in a healthcare environment with razor-thin margins.

iVantage’s 2017 Rural Relevance Study reports that 41 percent of rural hospitals operate at a negative margin. Poor financial performance is impacting these hospitals’ ability to keep their doors open and serve rural communities. In fact, the National Rural Health Association (NRHA) reported that the number of rural hospital closures has risen to 87 in the last 8 years.

A rural hospital closure has significant impact to its community. These facilities provide fundamental healthcare services to nearly 57 million people across the country and are often an integral part of the local economy, providing jobs and a tax base for the community. John Henderson, CEO of the Texas Organization of Rural and Community Hospitals (TORCH) stated that hospitals are a critical element of a town’s survival: “Hospitals, schools, churches. It’s the three-legged stool. If one of those falls down, you don’t have a town.”

Virtual care technology can be a viable delivery option for healthcare facilities and residents in rural communities. To best build an effective virtual care strategy, rural healthcare organizations should short-list solutions which solve for limited bandwidth in rural areas, patient preference for mobile devices and communications, an organization’s current infrastructure and workflow, and security concerns.

Addressing Bandwidth Issues: Rural healthcare organizations may initially think that limited Wi-Fi and broadband availability will restrict telehealth adoption by a facility, a medical practice and/or the patients themselves. However, rural healthcare organizations can identify and implement solutions which work across any level of connectivity (whether cellular or Wi-Fi) to ensure that the providers and the patients can use the solution without issues. Various entities are actively pushing for continued investment in our nation’s broadband infrastructure and rural communities are a priority for future build-out.

Reflecting Patient Preferences: Patients are already using many devices – including smartphones, tablets, and/or computers – which also provide them with more convenient access to healthcare without requiring significant travel time and costs. Moving forward, rural healthcare organizations should prioritize solutions which are device-agnostic and should also ensure their patient communications work across any type of modality. Providers and patients already own many of these devices; a flexible virtual care platform will help organizations and individuals reap more benefits out of the investments they have already made in technology.

Optimizing Current Workflows: Healthcare organizations have ongoing clinical workflows, and may be wary of technology’s role in automating these processes. However, rural healthcare organizations’ existing workflows can be optimized by using a virtual care platform which ensures that the virtual care protocols are consistent with in-person protocols in terms of engaging at-home patients and/or reaching offsite specialists for a needed consult. The ideal solution should be intuitive and easy to use; providers will then be able to quickly incorporate virtual care into their practices.

Addressing Security Concerns: When exploring new technology, most healthcare organizations will initially question if a net-new solution meets safety and privacy standards. Rural healthcare organizations should prioritize solutions which are HIPAA-compliant and HITRUST-certified to ensure security, privacy and compliance. Although rural health providers will immediately understand the need to adopt a virtual care platform, IT departments and champions will also need to realize that the adoption of this new technology will benefit providers, patients, and ultimately, the sustainability of the healthcare organization. Virtual care technology is essential to rural healthcare as it helps close the time and distance gap in terms of providing patients with the care they need, when they need it – regardless of where the patients or the providers are located.

The rural population has noted gaps in both access and quality. An estimated one in five Americans live and work in rural areas across the nation, yet, there are 2,157 Health Professional Shortage Areas in rural areas compared to 910 in urban areas. Moreover, the Rural Health Information Hub reports that 19.5 percent of rural adults describe their health status as fair/poor vs. 15.6 percent of their urban counterparts. Virtual care technology can help address the gap in care by providing access to additional physicians and needed specialists at the click of a button. By leveraging external and/or associated hospitals and physician groups, rural hospitals strengthen their care within the vast populations and geographies they support.

Top 5 Ways Healthcare Applications Slow Down and What To Do About It

Posted on October 4, 2018 I Written By

The following is a guest blog post by Jeff Garbus and  Alvin Chang from Soaring Eagle Consulting.

We spend a lot of our lives tuning applications that people complain are too slow. In no particular order, here are some of our findings.

Poor indexing #1 – Unused Indexes, Missing Indexes can cause problems

While I’ve said, “in no particular order,” I do have to say this one is usually first. When applications go through Q/A / Stress test, there is often a lot more horsepower than there is data. As a result, the memory and CPU combination mask the otherwise bad performance. Once the application hits production, larger volumes of data are not managed as effectively.

On the plus side, you can almost always add an index (or indexes) without causing other application side effects.

Warning: Do NOT automatically add indexes as recommended by a DBMS’ tuning advisor; they often miss opportunities, and also often significantly over index by recommending multiple similar indexes rather than one enveloping one.

Be wary of overindexing as too many indexes can also create overhead that will cause processes to slow.

Bad queries #2 – Too much data returned by a query

Sometimes you are simply bringing too much data back from the database to the front end. I saw a search recently that brought about a half million rows of data back to the end user. I asked, “What is the user going to do with that much data?” Answer: “They are going to look at the first few rows and refine the search.”

This unnecessarily stresses the disk CPU, memory, and the network.

Easiest solution: Bring back only the data the user is going to work with. Perhaps the first few hundred rows. Save time, disk resources, and network resources.

Bad queries #3 – Overuse of temporary tables

Many applications use temporary tables incorrectly or are wasteful with them. For example, they are used

  • When the programmer wants to avoid joins (which the server is very good at!);
  • Are filled with lots of data, then rows are deleted (why load them in the first place?);
  • Or too many columns are used (why select * when the columns aren’t being used?) – this increases network bandwidth, as well as making the table unnecessarily big
  • Joining temp tables is another way developers often misuse server resources. Without indexes, this is very costly

Avoid temporary tables

Bad Queries #4 – Attempting to do it all in one Giant Query. 

Sometimes the opposite can also be true. When attempting to write a query for a process, Developers can get stuck in the mindset that a single query can solve all possible conditions of a query.  This leads to large complicated queries that in addition to being difficult to decipher. Can also generate excessive numbers of worktables as it attempts to place large subsets of data into worktables.

Large Reports #5 Combine reporting and transactional activity

It is very common to allow reporting off highly transactional databases. The problem is that reporting creates shared locks on resources, and transactions can not modify the data while the locks are held. In addition, reports are often ad hoc, so that the load on the server is unpredictable.

Easy solution: replicate production data to a reporting server. If replication or other high availability is unavailable, use dump/load to keep day old data for reporting purposes (this is often sufficient).

Allow direct downloads of data

Some companies allow “super users” (also sometimes called “analysts”) to download production data, real time, to applications like Microsoft Access. In addition to being a likely security violation, this also creates blocking issues for the online users.

Solution: Data replication, as above.

If you’d like to learn more about how to improve slow applications, sign up for our webinar “Are your Servers, Apps, and EHR systems ready for a spike in website traffic?

About Jeff Garbus and Alvin Chang
Jeff Garbus founded Soaring Eagle Consulting 20 years ago, and Alvin has been his right hand for almost 30 years now. Together they have authored or coauthored 20 books and dozens of articles on Database Management. Soaring Eagle Consulting is an On Shore HIPPA and PCI compliant remote database management company that is available for projects and consulting work on Architecture, Performance and Tuning, Scalability, application development, migrations and 24×7 full operational support. Do your DBAs need a best friend? Jeff, Alvin, and the On Shore GURU level database team are here to help you!

Soaring Eagle is a proud sponsor of Healthcare Scene.

HIPAA Breach Investigations – What You Should Know

Posted on September 5, 2018 I Written By

The following is a guest blog post by Moazzam Adnan Raja, Vice President of Marketing at Atlantic.Net.

Correctly handling a HIPAA breach recovery will benefit from a well-prepared and systematic approach. Investigation is one of a few key elements to consider, alongside speed, notification, and risk assessment. The specific issue of time deserves closer examination, as does the incorporation of risk management and auditing processes.

4 pillars of HIPAA breach response

Here are four key elements or pillars of a strong HIPAA breach response, a framework provided by Brach Eichler healthcare attorney Lani M. Dornfeld, that can be helpful in guiding your own response, as well as setting expectations with your healthcare hosts and other business associates:

Speed – Moving rapidly in response to a breach is fundamental to limiting the damage. Put together an investigation and response team, which should include the HIPAA security officer and HIPAA privacy officer, along with an attorney as necessary. You may want to standardly include your attorneys, along with members of a HIPAA compliance committee, if your organization is larger and requires more sophisticated oversight. The board of trustees and board of directors could also be included.

Investigation – The way that an investigation is conducted will depend heavily on the nature and scope of the breach. There is, of course, the issue of responsibility to patients but also liability to the organization. For the latter, Dornfeld noted, “If cloaking the investigation in the attorney-client privilege will be to your strategic advantage, then you will need to be counseled about how to manage the flow of information to maintain the privilege.” Breaches often occur because of internal errors by your staff, such as disclosure without proper authorization (e.g., telling a friend confidential patient information) or accidental disclosure to the incorrect party (e.g., sending a letter to the wrong address). Incredibly, insiders are responsible for more than half (58%) of healthcare breaches impacting electronic protected health information (ePHI), per a study released in March by Verizon. When breaches occur due to the insider threat, at the minimum, you want to conduct private interviews with relevant parties, with another person there to assist in asking questions and determining perceived honesty. Beyond what you are able to glean from interviews, it will also help to get any supporting evidence – which may include copies of social media posts, letters, or emails, as well as information from the data system. (Related to investigation, see the discussion of time below.)

Notification – Letting all pertinent parties know about healthcare data breaches is critical. Notification should occur quickly and always within 60 days of breach discovery (unless advised by law enforcement that notification would problematize its own investigations), per the Breach Notification Rule. When you notify patients or others that ePHI has been exposed, your communications should be clearly worded. They should mention the specific data involved (such as lab results or Social Security numbers) and the steps the company is taking toward investigation and mitigation. It should also let the patient know what protective steps they can personally take, along with how to get further details or ask questions.

Risk assessment – After the investigation is finished, you and the legal team can use the insight from it, along with whatever you have already done toward mitigation, to conduct a HIPAA-compliant risk assessment. The risk analysis parameters from the HHS explain that a full assessment should be conducted related to any threats to the availability, integrity, and confidentiality of health data. The HHS notes that the risk analysis is an important basis of information since it can be used to guide what is considered a “reasonable and appropriate” step (the determining factor for a HIPAA-compliant approach). While HIPAA is flexible on many parameters, it mandates that risk assessments be performed routinely (related to all ePHI systems) when contracting with new business associates (related to that specific information), and when security incidents occur (related to that specific information). Any access to ePHI that is disallowed by the Privacy Rule’s subpart E must be disallowed. Any time at which health data is accessed or used in a way that is noncompliant with those guidelines will be assumed breaches – except if your risk assessment can show that there is, in fact, low likelihood of a compromise. (Related to risk assessment, see the section on risk management and audits below.)

The specific issue of time

Time should be central to investigations, as indicated by Mayer Brown healthcare attorney Laura Hammargren. There is disagreement over whether the moment of discovery of a breach should be considered the moment when you reveal a potential breach or the moment when you have finished assessing the situation and understand what occurred.

While there may still be some debate related to discovery, the law is clear at least on the parameter of 24 hours. Discovery of a breach of ePHI occurs “as of the first day on which the breach is known to the organization, or, if exercising reasonable diligence would have been known to the organization,” noted Dornfeld.

Security events are common in which it is unclear if data was compromised or not. It can take a significant amount of time to confirm whether a breach occurred, and exactly how it might have occurred. Some means of assault are incredibly complex. Attackers may make it extraordinarily challenging to track their moves – in which case it can be a painstaking task to find out the data that they possibly accessed and removed.

Another concern of a HIPAA breach investigation is figuring out the length of time the intruder had access, which can have a huge influence on the breadth of the breach.

Risk management & audits

The risk assessment is part of the larger picture of risk management. When you are approaching a healthcare data breach investigation, you will benefit from comprehensive risk management and auditing processes. Through these safeguards, you will be much readier to send out notifications promptly, as well as to give clear information to police and other law enforcement officials.

Risk management is simplified when you have strong business associate agreements (BAAs), through which your standards can extend to third parties. By working with established, next-generation, HIPAA compliant cloud storage provider, you will have peace-of-mind that risks are properly controlled, backed by third-party certifications and audits.

Atlantic.Net is a proud sponsor of EMRandHIPAA.com. Atlantic.Net provides HIPAA compliant hosting, backed by 100% uptime guarantee.

About Moazzam Adnan Raja
Moazzam Adnan Raja has been the Vice President of Marketing at Atlantic.Net for 14 years. During Raja’s tenure, the Orlando-based, privately held hosting company has grown from having a primarily regional presence to garnering and developing attention nationwide and internationally. In collaboration with a skilled and dedicated team, Raja has successfully led a full spectrum of marketing campaigns, as well as handling PR work with major news outlets and the formation of key strategic alliances.

A Caregiver’s Perspective on Patient Engagement

Posted on August 20, 2018 I Written By

The following is a guest blog post by Michael Archuleta, Founder and CEO of ArcSYS, where he shares his experience as a caregiver for his father trying to navigate the healthcare system.

My dad is 99 years old. Having moved him to Utah 6 months ago into a retirement home, our first step was to get an appointment with a new primary care physician. I brought along a list of his medications and watched the nurse tediously look up and enter each into the EHR. Dad and the doctor got along great on that first visit. She assured us that she could help manage his medications. There was nothing realistically that could be done to really improve quality of life. When you’re 99, you’re stuck.

Around the middle of March Dad noticed blood and clots in his urine. Off to the primary care provider we went. They took a sample of urine, tested it, and there was no sign of an infection. Maybe we should look up a specialist in urology. A referral was given and a few days later the urology practice contacted us to make an appointment. Dad declined.

He didn’t want to see another doctor. Period. But day by day, the blood was always present in the urine. He started to worry and finally relented to going to the urologist. Off to the new doctor. Oh, yes, I brought along the list of medications and watched another nurse go to the process of keying them in.

The next day, I got an email via Updox saying there was a message from Dad’s doctor. Updox?? Really?? That was pretty cool. After being on the front end where our EMR system (Red Planet) uploads everything, this was interesting to see how another EMR system was employing Updox. Sure enough, there was the urologist’s note that had been completed 3 hours after the appointment. But, as I read it, I couldn’t help feel a little disappointed. A boilerplate. Since I had been in the room, I knew what was asked. Some questions were never asked and obviously inferred. Maybe a minor point, but I knew it. Anyway, the recommendation was to get an ultrasound. Off to another provider!

Within one day another message alert came from Updox. On logging into the Updox account, there was the report from radiology. Good news, nothing out of the ordinary.

A week passed and it was back to the urologist for a cystoscopy. I was in the room with Dad while the doctor performed the procedure. “Want to see this tumor?” the doctor asked me. “Sure.” I replied. Through the scope I could see a dark mass on the wall of the bladder. The recommendation was to perform surgery to remove the mass and biopsy it.

Another alert came through within a day via Updox. Still the same boilerplate style with default answers. Oh well, if nothing else it was timely.

On May 21 the procedure was done at an outpatient surgical facility. This time I was lucky: No one had to enter the list of medications. From here, unfortunately, things started to go downhill. Dad was left with a catheter and a bag which became his (our) buddy for 10 days. The unfortunate thing was being confined to his room. He could (would) not walk to the dining room at the retirement facility for his meals. So the meals were brought to him each day in a white clam shell styrofoam container. One piece of good news was delivered via Updox, the biopsy was benign.

Once the catheter was removed, he could be mobile, but was too weak to walk. He languished in his room. I coaxed him to try walking. No result. Others in my family encouraged him with the same non-result. I finally took him back to the primary care doctor. One look at him, and she noticed that the spark of life had been extinguished. She took me aside and asked if she needed to play hard ball with him. “You bet” was my response. In a firm way she told Dad that if he didn’t start walking he was going to be dead in 3 months.

That was the trick. Dad was furious that a doctor would be so “unprofessional” as to say anything like that. As soon as we arrived at the retirement home he pushed his walker half way down the hallway just to prove he could walk just fine, thank you. (Mission accomplished.)

But when you’re 99, the body just doesn’t really get better. There was still blood and clots, but were told that would be expected. A couple of weeks later he calls me to say he was in excruciating pain and can’t pee. By the time I arrive the pain was so bad I need to get a hold of the paramedics. They show up in 5 minutes and whisk him to the ER.

Fortunately, the ER has his list of medications so I’m spared having to go through that process. The doctor on call briefly examined him and turned control over to the nurse. A few hours later we have our “friends” the catheter and bag and head home. At least he was committed to walking to the dining room.

A couple of weeks pass and I received a phone call from the paramedics who inform me that Dad had a fall on his way to breakfast. They are transporting him to the ER. He was diagnosed at the ER with a bladder infection and they are concerned about his cardiac functions. Lab results also indicate e. coli and sepsis. Since they don’t have an on-site cardiologist, he was transferred to another hospital and admitted. And, yes, we have to go through the whole list of medications there because they don’t have access to that information? Go figure.

He hated the hospital. There was no rest. Every hour someone was taking vitals, getting him up, doing this, doing that. He was desperate for sleep and rest. At discharge, the cardiologist gave me explicit verbal instructions to take him off his Furosemide. She also gave orders for home nursing and physical therapy.

Whew. He was back home but again too weak to walk to the dining room. The Updox report came through and the written instructions by the cardiologist tell him to continue all meds including Furosemide. Really? Did she forget what she told me. Did she not take her own notes? The nurse showed up at his apartment, took lots of notes, asked lots of questions and examined him. Hmm. Concerned about the swelling in his feet and ankles. It was bad. We confer and decided the Furosemide needed to be restarted. The nurse reached out to the PCP who concurred.

Over the next 3 weeks the swelling slowly receded. The nurse and physical therapist helped him but the improvement was ever so slow.

What I have experienced was a medical world of silos. Each health care provider focused on just what they do. The urologist was pleased with surgery and how well it turned out. But he didn’t have to deal with 3 months of bags, styrofoam meals, ER visits, depression and hospitalizations. None of the doctors conferred with each other about the best treatment. The number of times I filled out past medical histories was finger-numbing. The written documentation didn’t accurately match what took place or what was verbally instructed. The cardiologist was adamant about the meds which would be best for his heart. Within each silo the people were very kind, compassionate, caring and professional. But, the EHR systems just seemed to get in the way of real care. Yes, INDIVIDUALLY, everything was working, but PEOPLE and their SYSTEMS were not interacting to solve the problem.

On the up-side, not one out-of-pocket penny was spent by way of the Medicare Advantage plan. Insurance and billing performed flawlessly. A little over $65,000 was billed and $12,000 was paid.

Clearly, providing health care is not easy. Maybe things should have been done differently. This was a relatively simple issue, but there was no clear direction. Will any healthcare administrator ever be aware of this situation? Probably not. Will any insurance company ever study this case? Doubtful. In hindsight, it would have been just as easy for me to pass out copies of medications and histories and have people tape them to the wall. A few phone calls between providers would certainly have come up with a better solution. But here we are down the road and Dad is not a happy camper.

Is anybody listening?

Top 5 Ways to Create a Stellar Patient Experience

Posted on August 13, 2018 I Written By

The following is a guest blog post by Sarah Bennight, Marketing Strategist for Stericycle Communication Solutions, as part of the Communication Solutions Series of blog posts. Follow and engage with them on Twitter: @StericycleComms

Patient experience has always been something healthcare delivery organizations should strive to improve. However, in the past couple of years, patient experience has received a necessary focus as health consumers are presented with more choice, transparency, and data to navigate their healthcare journey. But with so many choices available, what can health providers do to drive loyalty?

I recently had to schedule a visit for my annual mammogram, a much dreaded experience for most women. I’m lucky to have many imaging options around me, making it easy to get in on a day that was convenient for me. However, the choice was very simple after the exemplary experience I received last year. One facility in particular made me into a loyal patient, and they did so in five key ways.

1. Convenience of access: Consumer-centric businesses like Amazon and Starbucks have made it so seamless and easy to get what you need from them when you need it, that it makes waiting in healthcare more painful than it used to be. Now, we expect to handle business transactions on our own terms and to receive immediate results. Even Amazon Prime’s two-day shipping wasn’t enough for us, and now we have Amazon Now. When it was time to schedule with the facility, it was simple to connect and get care when convenient for me. They offer online scheduling, which enabled me to browse open appointments and choose an option that fit my busy schedule. They have a phone number as well if you prefer to schedule that way, but I prefer doing most business transaction from my phone.

2. Patient-first in clinic experience: Everything at the facility was set up to make something no woman really wants to do, an enjoyable experience. I was greeted with a warm smile when I walked in and promptly taken back to the changing rooms. Their rooms are finely decorated with warm lighting and comfortable dressing rooms. I never sat idle for more than 10 minutes. They have even taken the extra step to provide lockers for your personal belongings with the names of famous amazing women so you can remember where your belongings are. I chose to be Eleanor Roosevelt one year, and Jane Austin this year.

3. Putting data in the patients’ hands: Both times I have been in for a screening, I receive my secure results within 24 to 48 hours and they send the results to both my OB/Gyn and my primary care provider. Armed with information contained in my profile, I can choose to have a more in depth conversation with my care providers regarding the risks and results, or I can keep them and compare year after year. Knowledge and education are the first two steps in patients having the ability to manage their health.

4. Proactive engagement in care: Patients can be very forgetful (especially when managing the care of four additional family members). If there is something I need to do in order to take better care of myself, it’s better to be proactive and ping me instead of assuming I’ve got it covered. This facility let me know several months in advance that it was time to reschedule. I knew the exact date I was eligible per my insurance, so it made it easy to take the best step to keep on top of my health.

5. Ease of doing business: No one wants to spend hours filling out paper forms. When looking for a repeat appointment for this year, I saw that there was a clinic closer to my office. I arrived a few minutes early to fill out the insurance forms since I scheduled online and there was no place for me to put the card information. When I walked in and gave my name at sign in, they had everything: my address, insurance, birthdate, records from the last visit at a different facility. This is imperative for healthcare organizations to prioritize as mergers and acquisitions mean multiple EHRs, billing systems, and contact centers. The experience and ease of doing business with your team before and after care will affect patient loyalty. Make it easier to do the small things, and watch your patient satisfaction increase.

The facility has gone to great lengths to ensure their patient experience is above par and their efforts have definitely paid off. And they will have my loyalty for it as long as they serve my area. Their mission states:

“Our promise is to provide an exceptional experience, exceptionally accurate results, and Peace of Mind to everyone we serve. Our purpose is to be the National Leader in Mammography and imaging services, helping patients achieve and maintain optimal health.”

What is your promise to your patients? Is your number one to provide an exceptional experience? Are you meeting the above five areas of the patient experience beyond the clinical face to face interaction? What are some additional ways you ensure the best experiences for everyone in your care?

The Communication Solutions Series of blog posts is sponsored by Stericycle Communication Solutions, a leading provider of high quality call center & telephone answering servicespatient access services and automated communication technology. Stericycle Communication Solutions combines a human touch with innovative technology to deliver best-in-class communication services.  Connect with Stericycle Communication Solutions on social media: @StericycleComms

Regulatory Heat: Is Your BAA House in Order?

Posted on August 9, 2018 I Written By

The following is a guest blog post by Greg Waldstreicher, Founder and CEO of PHIflow.

Actions by the Office for Civil Rights (OCR) have clearly demonstrated stricter enforcement of HIPAA rules in recent years, specifically upping the ante on compliance with business associate agreements (BAAs). Much of this activity can be attributed to a grim outlook on security risks: globally, 70% of healthcare organizations have suffered a data breach, and a recent Ponemon Institute report found that the vast majority have experienced multiple security incidents involving protected health information (PHI).

BAAs play an important role in security as the framework by which an organization ensures that any vendor creating, receiving, maintaining or transmitting PHI complies with HIPAA. In recent years, these contracts have come under increased scrutiny amid high-level audits launched by OCR. Mismanagement of BAAs have thus far resulted in penalties ranging from $31,000 for simply not having a BAA in place to upwards of $5.5 million for more serious offenses.

While the stakes are high, healthcare organizations often lack effective oversight strategies for these important patient protection tools. In fact, it’s not uncommon for even the most basic information to elude the executive suite such as:

  • the number of BAAs that exist across an enterprise
  • where BAAs are located
  • the terms of each BAA

In an industry that has witnessed a significant uptick in security incidents and breaches in recent years, this current state of affairs is less than optimal. In truth, the reach of recent audit activity is still an unknown as the healthcare industry awaits full disclosure and recommendations from OCR. One of the latest OCR settlements —$3.5 million levied against Fresenuis Medical Care North America—resulted from multiple incidents that occurred in 2012, underscoring the lengthy timeframe associated with finalizing investigations and legal processes.

All told, current trends point to the need for better oversight and management of BAAs. While penalty activity subsided some in recent months as OCR went through internal transitions, industry legal experts expect that investigative momentum will continue to increase in proportion to heightened security risks across the healthcare landscape.

Unfortunately, healthcare organizations face notable roadblocks to getting their BAA house in order. Amid competing priorities, many simply lack the resources for tracking these agreements. Health systems are increasingly multi-faceted, and current trends associated with mergers, acquisitions and consolidations only exacerbate the challenge. The reality is that some large organizations have as many as 10,000 BAAs across the enterprise. Because these agreements are typically spread across multiple departments and facilities and have a multitude of different owners, managing them in a strategic way via manual processes is nearly impossible.

In tandem with the internal resource challenge, the language contained in BAAs has become significantly more complicated due to not only a fluid and evolving regulatory environment, but also the vital role they play in an overall security strategy. While a simple, cookie-cutter approach to these agreements was fitting a decade ago, BAAs are now intensely negotiated between covered entities and business associates and between business associates and sub-business associates, often involving HIPAA attorneys and resulting in requirements that go beyond HIPAA and HITECH. Subsequently, the terms of each BAA across an organization may vary, making efficient and effective management extremely difficult.

The good news is that there is a relatively simple solution—automated management of BAAs. The right technological framework can lay the foundation for timely access to all contracts across an enterprise, improving compliance and ensuring readiness for audits or breach response. Once consolidated, artificial intelligence can then be applied to BAAs to draw actionable insights in near real-time, informing key personnel of the key terms across all agreements.

The healthcare industry at large has drawn heavily on the promise of automation and data analytics in recent years to power more efficient and effective processes. Management of BAAs is no different and is an area ripe for improvement. Today’s healthcare executives need to consider the high stakes associated with ineffective management of BAAs and take action to shore up strategies amid greater security risks and a challenging regulatory environment.

About Greg Waldstreicher
Greg Waldstreicher is the founder and CEO of PHIflow, and the cofounder and former CEO of DoseSpot, where he worked at the forefront of the electronic prescribing (e-Prescribing) market for nine years. Under Greg’s leadership, DoseSpot licensed its SaaS e-Prescribing solutions to 175 healthcare software companies across the medical, dental, hospice and digital health markets. Greg received a B.S. from the University of Maryland College Park in Accounting and an M.S. from Northeastern University in Technological Entrepreneurship.

5 Practical Use Cases Anchoring Blockchain in Healthcare

Posted on August 1, 2018 I Written By


The following is a guest blog post by David Houlding MSc CISSP CIPP, Principal Healthcare Industry Lead at Microsoft Health working specifically on the Azure Team.

The hardest thing about blockchain is not the technology. To be clear, there are many technical challenges that must be addressed to be successful with blockchain, and these are not trivial. However, even harder is building the network of healthcare organizations and trust to a point where they are willing to participate, connect, and transact.

Existing B2B Healthcare Networks

It is faster to apply blockchain to an existing B2B network of healthcare organizations than to build a new network around a new use case from scratch. This is why blockchain is first taking hold in healthcare in existing B2B networks where healthcare organizations already transact around a use case, albeit with a conventional “hub-and-spoke”, centralized architecture with a trusted intermediary. In some cases, these existing B2B networks are looser, with healthcare organizations collaborating ad-hoc as needed, even via antiquated technologies such as faxes, rather than fully automated and integrated systems.

Cost Reduction Value Prop

These business value propositions are driving blockchain forward in healthcare:

  1. Improving patient outcomes
  2. Reducing healthcare costs
  3. Improving patient experience, and engagement
  4. Improving healthcare worker experience

Amongst these, those that have a strong cost reduction value proposition have the most interest from healthcare organizations—most want to see a strong near-term ROI justification for participation.

Leading Use Cases for Blockchain in Healthcare

In this article I highlight 5 practical use cases—plus one emerging use case—where blockchain is taking hold. Here are the ways that blockchain is adding value in these networks:

  • Decentralization, avoiding the need for a central hub (and associated costs, delays, and single point of failure).
  • Improving trust through a shared immutable ledger.
  • Mitigating fraud through transparency of transactions.
  • Improving performance and efficiency.
  • Paving the way for new levels of automation and collaboration around smart contracts and DAOs (Decentralized Autonomous Organization).

1. Health Information Exchange

Currently, the healthcare industry experiences major inefficiencies due to diverse, uncoordinated and unconnected data sources and systems. Effective care collaboration is vital to improve healthcare outcomes. With digitized health data, the exchange of healthcare information across healthcare organizations is required.

Grapevine World is one of the leaders in the application of blockchain technology. They make use of the IHE methodology for interoperability, and multiple blockchains for tracking data provenance and providing a crypto token as means of exchange within their ecosystem.

2. Provider Directory

Healthcare organizations, including payers, must maintain directories of healthcare providers, or doctors. Today this is done redundantly across multiple organizations. Further, if these directories get out of sync, it can lead to issues such as claims bouncing. Through blockchains, provider directories can be maintained by various healthcare organizations in a shared, decentralized ledger. This reduces redundancies and inconsistencies, and thereby improves operational efficiencies (including around claims adjudication).

Optum is one of the leaders in applying blockchain technology to the directory use case.

3. Provider Credentialing

Doctors, nurses, and other healthcare workers must have credentials to provide healthcare. These credentials must be validated by every healthcare organization they practice at, and periodically thereafter, usually every two years. This creates a huge amount of redundant effort and cost, and often delays a doctor’s ability to practice at a new facility. Blockchain provides a way for healthcare organizations in a consortium to update doctors’ credentials. That includes the validations of those credentials, helping to eliminate redundant effort. Doctors will be able to practice at new facilities with minimal delay.

ProCredEx and Hashed Health are leaders in the application of blockchain technology to the provider credentialing use case.

4. Drug Supply Chain

Medications must be tracked from manufacturers (such as the big pharmaceuticals), through distributors, to dispensaries (such as pharmacies). This enables the pharmacist, patient, or family caregiver to verify the authenticity, provenance, and safety of the product. It helps reduce drug counterfeiting and enables improved operational efficiencies, with associated cost reductions. Blockchain is particularly well suited to applications that require tracking of items across organizations. Regulations such as DSCSA also require tracking of drugs through the supply chain. And compliance with these regulations provides an additional incentive, or forcing function for the adoption of blockchain.

Adents and the C4SCS (Center for Supply Chain Studies) are leaders in the application of blockchain technology to the drug supply chain use case.

5. Medical Device Track and Trace

This is another example of a supply chain use case; except medical devices are being tracked, rather than drugs. Devices can range from implantables to MRI machines. The idea is to track these across the supply chain and throughout their life cycles, or even multiple life cycles as they are resold and reused. Such tracking enables fast response to recalls, thereby improving patient safety and operational efficiency. It enables one to monitor the maintenance of these devices over their lifetime—which can also help improve quality, and patient  outcomes.

Spiritus Partners is a leader in the application of blockchain technology to the medical device track and trace use case in healthcare.

Emerging: Anti-Fraud

Anti-fraud is another use case that is starting to take hold in healthcare. It is interesting both as a stand-alone use case (of particular interest to healthcare payers), and as a more general business value enabled by blockchain. Fraud prevention is attractive across most other use cases for blockchain in healthcare. For example, blockchain can help mitigate counterfeiting fraud in the drug supply chain use case. Blockchain has major potential to block fraud through:

  • Immutability (transactions cannot be altered)
  • Improving detection through transparency
  • Advancing artificial intelligence used for anti-fraud

For more on this use case and fundamental value of blockchain see Blockchain as a Tool for Anti-Fraud.

What other use cases do you see blockchain being applied to in healthcare? Welcome any comments, questions, or feedback you may have below. Blockchain in healthcare is fast evolving. I post updates extensively for blockchain in healthcare. Reach out to me on LinkedIn or Twitter.

About David Houlding
David Houlding is the Worldwide Healthcare Industry Leader on the Microsoft Azure Industry Experiences Team. David has more than 24 years of experience in healthcare spanning provider, payer, pharmaceutical, and life sciences segments worldwide, and has deep experience and expertise in blockchain, privacy, security, compliance, and AI / ML, and cloud computing. David also currently serves as Chair of the HIMSS Blockchain in Healthcare Task Force, a group of 50+ leaders from across healthcare worldwide, collaborating to advance blockchain in healthcare.

EMR Integration Paying Dividends For All Types of Healthcare Practitioners

Posted on July 17, 2018 I Written By

The following is a guest blog post from the team at Fullscript, a proud sponsor of Healthcare Scene. Follow and engage with them on Twitter: @FullscriptHQ

It would not be a stretch to say that EMRs have been both a blessing and curse for healthcare practitioners. There is no doubt that EMRs have improved the safety of care and the mountain of data that has been collected is now powering the renaissance of Artificial Intelligence in healthcare. However, EMRs have also increased the workload on clinicians which in turn has negatively impacted the overall patient experience and has contributed to burnout. It would not be a stretch to say that EMRs have been both a blessing and curse for healthcare practitioners. There is no doubt that EMRs have improved the safety of care and the mountain of data that has been collected is now powering the renaissance of Artificial Intelligence in healthcare. However, EMRs have also increased the workload on clinicians which in turn has negatively impacted the overall patient experience and has contributed to burnout.

To help practitioners, HealthIT vendors need to ensure their products can be:

  • Tightly integrated with EMRs so that data can be shared easily
  • Seamlessly incorporated into existing workflows
  • Tuned to fit the specific needs of the practice

Fullscript, an online e-prescribing platform helps integrative medical practitioners dispense supplements without the need for physical inventory. This saves valuable office space and improves the overall safety of practices. The company offers over 20,000 professional-grade supplements. Key to the company’s success has been the integration of their platform with existing EMRs coupled with their user-friendly workflow features.

Dr. J. E. Williams, a highly respected integrative medicine clinician who treats and revitalizes patients across a spectrum of illness, implemented Fullscript in order to provide his patients with a streamlined experience and to improve the performance of his practice.

Prior to Fullscript, Dr. Williams, used a non-integrated e-prescribing system. That system was difficult to use and his patients frequently complained at how confusing it was. The result was that patients were not filling their scripts and were not following the prescribed regimen. After switching to Fullscript, Dr. Williams could seamlessly e-prescribe what his patients need, directly from within his EMR. In addition, the easy-to-use nature of the system has made it less confusing for patients. The net result is that Dr. Williams has experienced 100% patient compliance by using Fullscript through his EMR.

“I can write a recommendation when a patient is in front of me, or immediately afterwards. ​Patients want to see their recommendation in their inbox right away, and that’s what Fullscript provides. My patients love it.” – Dr. J.E. Williams

Dr Williams is on a mission to bridge complementary as well as alternative therapies with evidence-based clinical science. Although some would see this as controversial, Dr. Williams firmly believes that there is growing evidence of improved patient outcomes when melding ancient wisdom with modern science. The ultimate goal is to use the most efficient therapies with the least side effects for patients.

The success of Dr Williams demonstrates the power of tight integration with EMRs for all types of clinicians. Gone are the days when clinicians had to tolerate clunky stand-alone systems. Today, they can and should expect their HealthIT partners to provide systems that seamlessly integrate with their existing applications.

Fullscript embraces this vision and has worked with over a thousand practitioners just like Dr Williams to provide the ability to e-prescribe nutraceuticals in as little as 4 weeks.

To learn more about Fullscript’s EMR integration or to read more about Dr. Williams, click here.

Alleviating “Pregnancy Brain” With Appointment Reminders

Posted on July 12, 2018 I Written By

The following is a guest blog post by Brittany Quemby, Marketing Strategist for Stericycle Communication Solutions, as part of the Communication Solutions Series of blog posts. Follow and engage with them on Twitter: @StericycleComms

Brittany Quemby - Stericycle

Picture this: I’m standing on the tradeshow floor watching as people try to grab as much swag as possible. I’m speaking to someone who really isn’t listening to my spiel because they are only in it for the free pen. Then, I get someone who is fairly interested in our appointment reminder service. Thinking I’ve hooked, lined and sunk them, I am met with a familiar objection: “We don’t need an appointment reminder service for our OBGYN clinic because women, especially pregnant women, don’t forget when their appointments are.”

Thinking back, I wish I knew then what I know now and could have countered that argument with some cold hard facts.

You may have heard about little bouts of forgetfulness during pregnancy. According to most experts, pregnancy does not change a woman’s brain, but some women don’t feel as sharp as usual when they’re pregnant. Although the science is still out on whether “pregnancy brain” is truly myth or reality, being seven months pregnant, I can testify that I am definitely not at the top of my game.

I have to check that I’ve locked the door three times. I forget simple words. I have a hard time remembering anything if I don’t write it down. Of course, I remember that I am due at the doctor once a month (I’m not an animal) and enter the date and time of future appointments into my phone. But between work meetings, presentations, ultrasounds, and other appointments, I inevitably forget when I’m supposed to go in and begin to question myself. Did I write down the date correctly? Did I already miss my appointment?

Every month, this confusion and second guessing always leads me to call my doctor’s office before my appointment to check the appropriate date and time.

What I do know is that this seconding guessing and additional effort could be completely eliminated if my clinic were to provide more patient-focused engagement before my appointments with the help of simple appointment reminders. With so many other things to worry about, I have come to appreciate these gentle reminders from places like my hair stylist, masseuse, and even prenatal class instructor, all of who send me a quick note including the following:

  • Appointment date
  • Appointment time
  • Location
  • Preparation instructions and,
  • Any additional “need to knows.”

Although it may seem like pregnant women would never forget an appointment that has to do with something as pivotal as bringing a child into this world, I can firmly say it happens. And something as simple as an appointment reminder goes a long way to ease a patient’s mind and elevate their overall patient experience. Now if only I could remember the name of the OBGYN clinic from that tradeshow I was at…..

Click here, to learn more about how Stericycle Communication Solutions is helping to create the optimal patient experience through our customized automated messaging solutions.

The Communication Solutions Series of blog posts is sponsored by Stericycle Communication Solutions, a leading provider of high quality answering services, online scheduling solutions, and messaging solutions. Stericycle Communication Solutions combines a human touch with innovative technology to deliver best-in-class communication services. Connect with Stericycle Communication Solutions on social media: @StericycleComms

How e-Prescribing Features Improve Your Practice Life

Posted on July 9, 2018 I Written By

The following is a guest blog post by Dr. Tom Giannulli, CMIO at Kareo.

e-Prescribing, the process of electronically fulfilling a medication prescription directly from your practice, is far from new. In fact, this service has been around long enough that the majority of patients have come to expect the convenience that accompanies it.

Most private practices are using some type of medical software that aids in the e-Prescribing process. Some may have incorporated said software because they felt obligated, but others have realized that an integrated software solution can do more than help meet the requirements for the meaningful use electronic health record (EHR) initiative.

They recognize that it may also help to improve their practice.

As the clinical leader for an electronic health record (EHR) vendor serving independent practices, I can attest that Kareo’s cloud-based software is designed with the intent to improve the unique needs of the private practice. The changes in regulations and requirements might mean you should change the way you practice, but it doesn’t have to reduce the personal connection between patients and their providers.

Improve Upon Value-Based Care

Value-based care is driven by data and has required practices to become more efficient and effective in order to reduce overall healthcare costs.

Without the automated support that accompanies e-prescribing, compiling the number of required reports could become overwhelming and significantly reduce your efficiency. Our software can make compiling this data with accurate reports both simple and manageable, which saves you valuable time. It makes tracking the quality metrics related to drug compliance much easier, but it’s also tracking quality by:

  • Helping to reduce your liability with legible prescriptions
  • Improving upon prescription accuracy
  • Reducing medication errors
  • Improving upon patient compliance
  • Monitoring fraud and abuse from duplicate prescriptions

Having an automated perspective on drug interactions and prescription history at your fingertips allows you to focus on measures that improve preventative care. This global perspective on each patient’s individual treatment can potentially reduce abuse and readmissions.

Leverage a “Heads Up” Philosophy

You won’t hear many, if any, physicians state that they chose medicine for the abundance of paperwork.

The time EHR can save on administrative tasks provides the physician with more time to do what they enjoy—care for their patients. Patients often choose a practice because they want that personal connection with their physician. Someone who knows their story, and is aware of their health history. Most patients don’t enjoy waiting while the physician is writing notes, asking them to repeat their medical history, or trying to find the correct button on the computer. This won’t help to increase patient satisfaction, and gain patient loyalty. With the information right in front of you, you have more time to devote to quality communication, which gains your patient’s trust.

There are several secondary key benefits to practicing “Heads Up” Medicine with e-prescribing that help improve the patient experience by devoting your attention to your patient, not your computer. You’re still getting the essential information with an easy method of information collection by pointing and clicking.

  • Reviewing key points and a simple question and answer interview can help you build your narrative.
  • Your EHR is accessible on a mobile device, such an IPad, and not just on a website
  • You don’t have to spend the extra time typing the narrative in each time and starting from scratch.

Save Significant Time

Time is valuable to you, and your patients. The time saved with automated support does more than make your patients happy by getting them in and out of their visit quicker, it also shows that you respect their time.

Less time waiting and more time with their providers often results in better patient satisfaction. Word of mouth is often the most effective form of marketing and satisfied patients refer new patients to help you continue to grow your business.

Our software takes care of the bulk of your work with chart, bill and fill to reduce administrative tasks and improve your workflow. It helps you write the note, ensures that you get the billing codes correct and fills the prescription and orders lab work. This allows you to improve your workflow by:

  • Getting the billing done quickly and accurately to expedite payment
  • Allowing you to see more patients in the same amount of time
  • Helping you gain a better balance between your work and personal life to reduce the risk of burnout
  • Making sure your patients don’t leave because of extended wait times

Maintain a Personal Connection

Engaging more with your clients can foster patient satisfaction and loyalty to your practice. Your patients want compassionate care provided and human interaction, and you can leverage this “heads up” philosophy with the simple solutions offered in EHR software to manage the bulk of your administrative work.

Seek out technology and service solutions to improve your practice, increase patient satisfaction and provide you with more time to focus on priorities to aid in the growth of your practice, rather than being burdened with administrative tasks. Because you chose to work in private practice for the patients, not the paperwork.

About Tom Giannulli, MD, MS
Tom Giannulli, MD, MS, is the chief medical information officer at Kareo, a proud sponsor of Healthcare Scene. He is a respected innovator in the medical technology arena with more than 15 years of deep experience in mobile technology and medical software development.