Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

HIT for HIEs

Posted on October 17, 2017 I Written By

The following is a guest blog by Mike O’Neill, CEO at MedicaSoft. This is the third blog in a three-part sponsored blog post series focused on new HIT for integration. Each month, a different MedicaSoft expert will share insights on new and innovative technology and its applications in healthcare.

Health Information Exchanges (HIEs) have been in the news lately, and for good reason. With major hurricanes devastating Texas, Florida, the British Virgin Islands, and Puerto Rico, accessibility of patient health information rapidly became a major concern. Electronic Health Record adoption has led to most patient data being in electronic form, but it hasn’t necessarily made that data available when and where care is delivered. HIEs can help make that data available; during the recent storms two HIEs were able to spring to action to help clinicians provide care for patients. The ability of the Houston and San Antonio-area HIEs (Greater Houston Healthconnect (GHHC) and Healthcare Access San Antonio (HASA) to exchange information allowed patient records to be accessed remotely – which was absolutely critical during this natural disaster.

If you were on the fence about “the cloud,” this is the perfect case study in its effectiveness. More than ever, HIEs are called upon to assist by making health records available during critical care encounters. HIEs need modern technology to best serve their communities in these instances, going beyond basic connectivity and interoperability to deliver tangible value using the wealth of data they collect –

  1. Organize the data into meaningful health records. HIEs often have access to years of raw data. They may need help organizing it into a clinical data repository, matching patients, and providing a health record that is clinically useful. This is one way we assist HIEs in using the data they’ve collected.
  2. Provide valuable alerts & notifications. These are useful, especially in a crisis, to locate patients, but they can also give patients notice on events they need to follow-up on. This is another layer we build onto HIEs’ data foundation.

Health records that are useful go a long way – beyond individual hospitals, and regions and state lines. To be useful, health records must go where the patients go, wherever that may be.

An emerging approach to meet this need is the Strategic Health Information Exchange Collaborative (SHIEC’s) Patient-Centered Data Home (PCDH) concept among HIEs. PCDH helps providers access real-time health information across regional and state lines, wherever the patient is seeking care. Regardless of where the clinical data originates, it becomes part of the patient’s longitudinal patient record – the PCDH – giving patients control of their data.

About Mike O’Neill
Mike is the CEO at MedicaSoft. He came to MedicaSoft from the U.S. Department of Veterans Affairs (VA) where he was a Senior Advisor and member of the founding team of the VA Center for Innovation. Mike serves as the Chairman of the Board of Directors of the Open Source Electronic Health Record Alliance (OSEHRA). Prior to VA, Mike was involved in the commercialization of new products and technology in startups and large companies. He is a die-hard Virginia Tech Hokie.  

About MedicaSoft
MedicaSoft designs, develops, delivers, and maintains EHR, PHR, and UHR software solutions and HISP services for healthcare providers and patients around the world. For more information, visit www.medicasoft.us or connect with us on Twitter @MedicaSoftLLC, Facebook, or LinkedIn.

Alexa Can Truly Give Patients a Voice in Their Health Care (Part 1 of 3)

Posted on October 16, 2017 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The leading pharmaceutical and medical company Merck, together with Amazon Web Services, has recently been exploring the potential health impacts of voice interfaces and natural language processing (NLP) through an Alexa Diabetes Challenge. I recently talked to the five finalists in this challenge. This article explores the potential of new interfaces to transform the handling of chronic disease, and what the challenge reveals about currently available technology.

Alexa, of course, is the ground-breaking system that brings everyday voice interaction with computers into the home. Most of its uses are trivial (you can ask about today’s weather or change channels on your TV), but one must not underestimate the immense power of combining artificial intelligence with speech, one of the most basic and essential human activities. The potential of this interface for disabled or disoriented people is particularly intriguing.

The diabetes challenge is a nice focal point for exploring the more serious contribution made by voice interfaces and NLP. Because of the alarming global spread of this illness, the challenge also presents immediate opportunities that I hope the participants succeed in productizing and releasing into the field. Using the challenge’s published criteria, the judges today announced Sugarpod from Wellpepper as the winner.

This article will list some common themes among the five finalists, look at the background about current EHR interfaces and NLP, and say a bit about the unique achievement of each finalist.

Common themes

Overlapping visions of goals, problems, and solutions appeared among the finalists I interviewed for the diabetes challenge:

  • A voice interface allows more frequent and easier interactions with at-risk individuals who have chronic conditions, potentially achieving the behavioral health goal of helping a person make the right health decisions on a daily or even hourly basis.

  • Contestants seek to integrate many levels of patient intervention into their tools: responding to questions, collecting vital signs and behavioral data, issuing alerts, providing recommendations, delivering educational background material, and so on.

  • Services in this challenge go far beyond interactions between Alexa and the individual. The systems commonly anonymize and aggregate data in order to perform analytics that they hope will improve the service and provide valuable public health information to health care providers. They also facilitate communication of crucial health data between the individual and her care team.

  • Given the use of data and AI, customization is a big part of the tools. They are expected to determine the unique characteristics of each patient’s disease and behavior, and adapt their advice to the individual.

  • In addition to Alexa’s built-in language recognition capabilities, Amazon provides the Lex service for sophisticated text processing. Some contestants used Lex, while others drew on other research they had done building their own natural language processing engines.

  • Alexa never initiates a dialog, merely responding when the user wakes it up. The device can present a visual or audio notification when new material is present, but it still depends on the user to request the content. Thus, contestants are using other channels to deliver reminders and alerts such as messaging on the individual’s cell phone or alerting a provider.

  • Alexa is not HIPAA-compliant, but may achieve compliance in the future. This would help health services turn their voice interfaces into viable products and enter the mainstream.

Some background on interfaces and NLP

The poor state of current computing interfaces in the medical field is no secret–in fact, it is one of the loudest and most insistent complaints by doctors, such as on sites like KevinMD. You can visit Healthcare IT News or JAMA regularly and read the damning indictments.

Several factors can be blamed for this situation, including unsophisticated electronic health records (EHRs) and arbitrary reporting requirements by Centers for Medicare & Medicaid Services (CMS). Natural language processing may provide one of the technical solutions to these problems. The NLP services by Nuance are already famous. An encouraging study finds substantial time savings through using NLP to enter doctor’s insights. And on the other end–where doctors are searching the notes they previously entered for information–a service called Butter.ai uses NLP for intelligent searches. Unsurprisingly, the American Health Information Management Association (AHIMA) looks forward to the contributions of NLP.

Some app developers are now exploring voice interfaces and NLP on the patient side. I covered two such companies, including the one that ultimately won the Alexa Diabetes Challenge, in another article. In general, developers using these interfaces hope to eliminate the fuss and abstraction in health apps that frustrate many consumers, thereby reaching new populations and interacting with them more frequently, with deeper relationships.

The next two parts of this article turn to each of the five finalists, to show the use they are making of Alexa.

Health Data Standardization Project Proposes “One Record Per Person” Model

Posted on October 13, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

When we sit around the ol’ HIT campfire and swap interoperability stories, many of us have little to do but gripe.

Is FHIR going to solve all of our interoperability problems? Definitely not right away, and who knows if it ever will? Can we get the big EMR vendors to share and share alike? They’ll try, but there’s always a catch. And so on. There’s always a major catch involved.

I don’t know if the following offers a better story than any of the others, but at least it’s new one, or at least new to me. Folks, I’m talking about the Standard Health Record, an approach to health data sharing doesn’t fall precisely any of the other buckets I’m aware of.

SHR is based at The MITRE Corporation, which also hosts virtual patient generator Synthea. Rather than paraphrase, let’s let the MITRE people behind SHR tell you what they’re trying to accomplish:

The Standard Health Record (SHR) provides a high quality, computable source of patient information by establishing a single target for health data standardization… Enabled through open source technology, the SHR is designed by, and for, its users to support communication across homes and healthcare systems.

Generalities aside, what is an SHR? According to the project website, the SHR specification will contain all information critical to patient identification, emergency care and primary care along with background on social determinants of health. In the future, the group expects the SHR to support genomics, microbiomics and precision medicine.

Before we dismiss this as another me-too project, it’s worth giving the collaborative’s rationale a look:

The fundamental problem is that today’s health IT systems contain semantically incompatible information. Because of the great variety of the data models of EMR/EHR systems, transferring information from one health IT system to another frequently results in the distortion or loss of information, blocking of critical details, or introduction of erroneous data. This is unacceptable in healthcare.

The approach of the Standard Health Record (SHR) is to standardize the health record and health data itself, rather than focusing on exchange standards.

As a less-technical person, I’m not qualified to say whether this can be done in a way that will be widely accepted, but the idea certainly seems intuitive.

In any event, no one is suggesting that the SHR will change the world overnight. The project seems to be at the beginning stages, with collaborators currently prototyping health record specifications leveraging existing medical record models. (The current SHR spec can be found here.)

Still, I’d love for this to work, because it is at least a fairly straightforward idea. Creating a single source of health data truth seems like it might work.

Where Patient Communications Fall Short?

Posted on October 12, 2017 I Written By

The following is a guest blog post by Sarah Bennight, Marketing Strategist for Stericycle Communication Solutions, as part of the Communication Solutions Series of blog posts. Follow and engage with them on Twitter: @StericycleComms

We are constantly switching devices to engage in our daily lives. In fact, in the last ten minutes I have searched a website on my desktop computer, answered a phone call, and checked several text messages and emails on my cellphone. Our ability to seamlessly jump from one device to the next affects our consumer behavior when interacting with places of business.

Today, we can order coffee and groceries online, web chat with our internet service company, and research store offerings before ever physically walking into a building. Traditionally, healthcare consumers had mainly phone support until the 2014 Meaningful Use 2 rule dictated messaging with a physician and patient portal availability. Recently, online scheduling and urgent care check in has been an attractive offering for consumers of health wanting to take control of their calendars and wait times.

Healthcare is certainly expanding functionality and communication channels to meet consumer demand. But where are we falling short? The answer may be relatively simple: data integration. Much like the clinical side of the healthcare business, integration is a gap we must solve. The key to turning technological convenience into optimal experience is evolving multichannel patient interactions into omnichannel support.

Omnichannel means providing a seamless experience regardless of channel or device. In the healthcare contact center, this means ensuring live agents, scheduling apps, chat bots, messaging apps, and all other interaction points share data across channels. It removes the individual information silos surrounding the patient journey, and connects them into one view from patient awareness to care selection, and again when additional care is needed.

In 2016, Cisco Connect cited four key reasons a business should invest in omnichannel consumer experiences, but I believe this resonates in the healthcare world as well:

  1. A differentiated patient and caregiver experience which is personal and interactive. Each care journey is unique, and their initial experiences should resonate and instill confidence in your brand. We now communicate with several generations who have different levels of comfort with technology and online resources. Offering multiple channels of interaction is crucial to success in the competitive healthcare space. But don’t stop there! Integrated channels connecting the data points along the journey into and beyond the walls of the care facility will create lasting loyalty.
  2. Increased profit and revenue. The journey to finding a doctor or care facility begins long before a patient walks in your door. Most of these journeys begin online, by interviewing friends, and checking online reviews. Once an initial decision is made to visit your organization, you can extend your marketing budget by targeting patients who might actually be interested in your services. When you know what your patients’ needs are, there is a greater focus and a higher chance of conversion.
  3. Maintain and contain operating costs. Integrating with EMRs is not always the easiest task. However, your scheduling and reminder platforms must be able talk to each other not only for the optimal experience, but also for efficient internal process management. For example, if a patient receives a text reminder about an appointment and realizes the timing won’t work, they can request to reschedule via text. Real time communication with the EMR enables agents currently on the phone with other patients to see the original appointment open up and grab the slot. Imagine the streamlining with the patient as well in an integrated platform. Go beyond the ‘request to reschedule’ return text and send a message says “We see that you want to reschedule your appointment. Here are some alternative times available”. Take it one step further with a one-step click to schedule process. With this capability, the patient could immediately book without a follow-up phone call reminder or staff having to hunt them down to book.
  4. Faster time to serve the patient. When systems and people communicate pertinent data, faster issue resolution is possible. Healthcare can be scary, and when you address patient and caregiver needs in a timely manner, trust in your organization will grow. In omnichannel experiences, a patient can search for care in the middle of the night online, and when they don’t find an appointment opening a call could be made. Imagine the value of already knowing that a patient was searching for a sick visit for tomorrow morning with Dr. X. With this data in mind, you are able to immediately offer alternatives and keep that patient in your system before they turn to a more convenient option.

You can see how omnichannel experiences are going to pave the way for the future of the contact center. Right now, the interactions with patients before and after treatment provide an enormous opportunity to build trust and further engagement with your organization. By integrating the data and allowing cross-channel experiences that build on each other, the contact center will extend into the main hub of engagement in the future. The time to build that integrated infrastructure is now, because in the near future new channels of engagement will be added and expected. Are you ready to deliver an omnichannel experience?

The Communication Solutions Series of blog posts is sponsored by Stericycle Communication Solutions, a leading provider of high quality call center & telephone answering servicespatient access services and automated communication technology. Stericycle Communication Solutions combines a human touch with innovative technology to deliver best-in-class communication services.  Connect with Stericycle Communication Solutions on social media: @StericycleComms

Role of Provider Engagement for Improving Data Accuracy – #HITsm Chat Topic

Posted on October 10, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 10/13 at Noon ET (9 AM PT). This week’s chat will be hosted by @CAQH on the topic of “Role of Provider Engagement for Improving Data Accuracy.”

Healthcare provider data forms the foundation of many important processes in the nation’s healthcare system, whether referring a patient to a specialist, paying insurance claims, credentialing providers or maintaining accurate provider directories. Yet access to accurate, timely provider data has remained elusive.

A lack of authoritative and reliable sources has resulted in a costly, piecemeal approach to acquiring and maintaining provider information. The commercial healthcare industry spends at least $2.1 billion annually on inefficient processes to maintain the data, according to a recent CAQH white paper.

While healthcare providers are important contributors of their professional and practice information, the task of submitting frequent updates to different organizations, through different channels, has created a significant administrative challenge.

Join @CAQH in a discussion about the role of provider engagement in improving data accuracy. Topics will cover strategies for collaboration and enhanced communication to ease the burdens on providers and users of provider data.

Reference Materials:

Topics for This Week’s #HITsm Chat:

T1: Stakeholders define provider data differently. How do you use provider data & in what role, i.e. payer, provider, consumer? #hitsm

T2: How does the shifting definition of “provider” (e.g. emerging provider types) impact data management? #hitsm

T3: How can the industry empower providers to participate more actively in data accuracy? #hitsm

T4: What can industry stakeholders do to reduce the administrative burden on providers? #hitsm

T5: What strategies would help providers and payers hold each other accountable for high-quality provider data? #hitsm

BONUS: What is the biggest opportunity you see for improving the quality of provider data right now? #hitsm

Upcoming #HITsm Chat Schedule
10/20 – Community Sharing Chat
Hosted by the #HITsm Community

10/27 – Aggregating the Patient Perspective and Incorporating It Into Software to Change Healthcare
Hosted by Lisa Davis Budzinski (@lisadbudzinski)

We look forward to learning from the #HITsm community! As always, let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

FDA Announces Precertification Program For Digital Health Tools

Posted on October 5, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The FDA has recruited some the world’s top technology and medical companies to help it pilot test a program under which digital health software could be marketed without going through the through the agency’s entire certification process.

The participants, which include Apple, Fitbit, Johnson & Johnson, Samsung and Roche, will give the agency access to the measures they’re using to develop, test and maintain their software, and also how they collect post-market data.

Once armed with this information, the FDA will leverage it to determine the key metrics and performance indicators it uses to see if digital health software meets its quality standards.

Companies that meet these new standards could become pre-certified, a status which grants them a far easier path to certification than in the past. This represents a broad shift in the FDA’s regulatory philosophy, “looking first at the software developer digital health technology developer, not the product,” according to a report previously released by the agency.

If the pilot works as planned, the FDA is considering making some significant changes to the certification process. If their processes pass muster, pre-certified companies may be allowed to submit less information to the FDA than they currently must before marketing a new digital health tool.  The agency is also considering the more radical step of allowing pre-certified companies to avoid submitting a product for premarket review in some cases. (It’s worth noting that these rules would apply to lower-risk settings.)

The prospect of pre-certifying companies does raise some concerns. In truth, the argument could be made that digital health software should be regulated more tightly, not less. In particular, the mobile healthcare world is still something of a lawless frontier, with very few apps facing privacy, security or accuracy oversight.

The fact is, it’s little wonder that physicians aren’t comfortable using mobile health app data given how loosely it can be constructed at times, not to mention the reality that it might not even measure basic vital signs reliably.

It’s not that the healthcare industry isn’t aware of these issues. about a year ago, a group of healthcare organizations including HIMSS, the American Medical Association and the American Heart Association came together to develop a framework of principles dressing app quality. Still, that’s far short of establishing a certification body.

On the other hand, the FDA does have a point when it notes that a pre-certification program could make it easier for useful digital health tools to reach the marketplace. Assuming the program is constructed well, it seems to me that this is a good idea.

True, it’s pretty unusual to see the FDA loosen up its certification process – a fairly progressive move for a stodgy agency – while the industry fails to self-regulate, but it’s a welcome change of style. I guess digital health really is changing things up.

 

After Death Data Donation – A #hITsm Halloween Horror Chat

Posted on October 3, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 10/6 at Noon ET (9 AM PT). This week’s chat will be hosted by Regina Holliday (@ReginaHolliday), Founder of #TheWalkingGallery on the topic of “After Death Data Donation.”

Since this month is October (which is heavily associated with death and horror in western cultures) and this week is National HIT week, I thought we would combine the two and talk about death and data donation. Since the 1970’s the autopsy rate in the US has plummeted to less than 10%. When the results of the autopsies are evaluated, in 30% cases the cause of death on the death certificate is a misdiagnosis.

In EHR data collection, the system is designed to capture data of a live patient and data collection stops once a patient dies. Let’s explore these topics in this week’s #hITsm Twitter chat.

References:

Here are the questions that will serve as the framework for this week’s #HITsm chat:
T1: How can we create a system that provides more access to autopsies? #HITSM

T2: How do we collect autopsy data through the EHR for quality control and public health? #HITsm

T3: How do we change a status quo that is willing to look the other way when faced with the reality of poor data about death? #HITsm

T4: How can we make after death data donation a reality for patient families? #HITsm

T5: Some states still have their autopsy data in paper systems. Does ONC need a meaningful use for a meaningful death? #HITsm

Bonus: The CDC did a great job reminding folks about disaster preparedness with their Zombie campaign. Can the do something like that to highlight the need for cause of death data? #HITsm

Upcoming #HITsm Chat Schedule
10/13 – Role of Provider Engagement for Improving Data Accuracy
Hosted by @CAQH

10/20 – Community Sharing Chat
Hosted by the #HITsm Community

10/27 – Aggregating the Patient Perspective and Incorporating It Into Software to Change Healthcare
Hosted by Lisa Davis Budzinski (@lisadbudzinski)

We look forward to learning from the #HITsm community! As always, let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

Top Five Challenges of Healthcare Cloud Deployments and How to Solve Them

Posted on October 2, 2017 I Written By

The following is a guest blog post by Chad Kissinger, Founder of OnRamp.

According to the HIMSS 2016 Survey, 84 percent of providers are currently using a cloud service, showing security and compliance issues are not preventing organizations from deploying cloud environments. Despite growing adoption rates, breaches and security incidents continue to rise. Cloud deployments and ongoing environment management errors are to blame. 

Cloud services offer clear benefits—performance, cost savings, and scalability to name a few—so it’s no wonder healthcare organizations, like yours, are eager to take advantage of all that the cloud has to offer. Unfortunately, vulnerabilities are often introduced to your network when you adopt new technology. Let’s discuss how to identify and overcome common challenges in secure, compliant cloud deployments so you can opportunistically adopt cloud-based solutions while remaining on the right side of the law.

1. Ambiguous Delegation of Responsibilities
When technology is new to an organization, the responsibility of finding and managing that solution is often unclear. You must determine who owns your data. Is it your IT Department? Or perhaps your Security Department? It’s difficult to coordinate different people across departments, and even more difficult to communicate effectively between your organization and your provider. The delegation of responsibilities between you and your business associate will vary based on your service model—i.e. software as a service, infrastructure as a service, etc.

To prevent these issues, audit operational and business processes to determine the people, roles, and responsibilities for your team internally. Repeat the process for those services you will outsource to your cloud provider. Your business associate agreement should note the details of each party’s responsibilities, avoiding ambiguity and gaps in security or compliance. Look for provider credentials verified by third-party entities that demonstrate security levels at the data center level, such as HITRUST CSF and SSAE 16 SOC 2 Type 2 and SOC3.

2.    Lack of Policies, Standards, and Security Practices
If your organization doesn’t have a solid foundation of policies, standards, and security practices, you will likely experience one or more of the security-related issues outlined below. It’s necessary to not only create policies, but also ensure your organization is able to enforce them consistently.

  • Shadow IT. According to a recent HyTrust Cloud Survey of 51 organizations, 40% of cloud services are commissioned without IT input.
  • Cloud Portability and Mobility. Mitigating risks among many endpoints, from wearables to smart beds, becomes more difficult as you add more end points.
  • Privileged User Access. Divide your user access by work role and limit access to mitigate malicious insider attacks.
  • Ongoing Staff Education and Training. Your team needs to be properly trained in best practices and understand the role that they play in cybersecurity.

Proper security and compliance also involves the processes that safeguard your data and the documentation that proves your efforts. Such processes include auditing operational and business processes, managing people, roles and identities, ensuring proper protection of data and information, assessing the security provisions for cloud applications, and data decommissioning.

Communicate your security and compliance policies to your cloud provider to ensure their end of the operations falls in line with your overall plan.

3. Protecting Data and Meeting HIPAA Controls
The HIPAA Privacy Rule, the HIPAA Security Rule, and HITECH all aim to secure your electronic protected health information (ePHI) and establish the national standards. Your concern is maintaining the confidentiality, availability, and integrity of sensitive data. In practice, this includes:

  • Technology
  • Safeguards (Physical & Administrative)
  • Process
  • People
  • Business Associates & Support
  • Auditable Compliance

Network solution experts recognize HIPAA compliant data must be secure, but also needs to be readily available to users and retain integrity across platforms. Using experienced cloud solution providers will bridge the gap between HIPAA requirements, patient administration, and the benefit of technology to treat healthcare clients and facilitate care.

Seek the right technology and implement controls that are both “required and addressed” within HIPAA’s regulations. When it comes to security, you can never be too prepared. Here are some of the measures you’ll want to implement:

  • Data encryption in transit and at rest
  • Firewalls
  • Multi-factor Authentication
  • Cloud Encryption Key Management
  • Audit logs showing access to ePHI
  • Vulnerability scanning, intrusion detection/prevention
  • Hardware and OS patching
  • Security Audits
  • Contingency Planning—regular data backup and disaster recovery plan

The number one mistake organizations make in protected data in a cloud deployment is insufficient encryption, followed by key management. Encryption must be FIPS 140-2 compliant.

4.    Ensuring Data Availability, Reliability, and Integrity
The key to service reliability and uptime is in your data backups and disaster recovery (DR) efforts. Data backup is not the same as disaster recovery—this is a common misconception. Data backup is part of business continuity planning, but requires much more. There’s a gap between how organizations perceive their track records and the reality of their DR capabilities. The “CloudEndure Survey of 2016” notes that 90% of respondents claim they meet their availability, but only 38% meet their goals consistently, and 22% of the organizations surveyed don’t measure service availability at all. Keep in mind that downtime can result from your cloud provider—and this is out of your control. For instance, the AWS outage earlier this year caused a ruckus after many cloud-based programs stopped functioning.

5.    Ability to Convey Auditable Compliance (Transparency)
Investors, customers, and regulators cannot easily discern that your cloud environment is compliant because it’s not as visible as other solutions, like on-premise hosting. You will have to work closely with your cloud provider to identify how to document your technology, policies, and procedures in order to document your efforts and prove auditable compliance.

Putting It All Together
The cloud provides significant advantages, but transitioning into the cloud requires a thorough roadmap with checkpoints for security and compliance along the way. Remember that technology is just the first step in a secure cloud deployment—proper security and compliance also involves the processes that protect your sensitive data and the documentation that proves your compliance efforts. You’ll want to identify resources from IT, security and operations to participate in your cloud deployment process, and choose a cloud provider that’s certified and knowledgeable in the nuances of healthcare cloud deployments.

For more information download the white paper “HOW TO DEPLOY A SECURE, COMPLIANT CLOUD FOR HEALTHCARE.”

About OnRamp

OnRamp is a HITRUST-certified data center services company that specializes in high security and compliant hybrid hosting and is a proud sponsor of Healthcare Scene. Our solutions help organizations meet compliance standards including, HIPAA, PCI, SOX, FISMA and FERPA. As an SSAE 16 SOC 2 Type 2 and SOC 3, PCI-DSS certified, and HIPAA compliant company, OnRamp operates multiple enterprise-class data centers to deploy cloud computing, colocation, and managed services. Visit www.onr.com or call 888.667.2660 to learn more.

Condition Management vs. Episodic Care Management – #HITsm Chat Topic

Posted on September 26, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 9/29 at Noon ET (9 AM PT). This week’s chat will be hosted by Brian Eastwood (@Brian_Eastwood) from @ChilmarkHIT on the topic of “Condition Management vs. Episodic Care Management.”

The status quo of episodic care management – static care plans that rely heavily on high-touch interventions – is unsustainable if the healthcare industry truly intends to lower costs and improve outcomes. In response, the industry has seen growing interest in digital chronic condition management programs that take a more holistic and individualized approach to care. By and large, these programs use short but frequent interventions that aim to address the root causes of a condition, rather than just the symptoms themselves, in an effort to help program participants manage their condition(s) and improve their quality of life.

Given the current market, health insurers and employers are more interested in adopting condition management programs that provider organizations. This isn’t surprising – employers and insurers have clear “skin in the game” to cut costs, and providers do not – but it is nonetheless disappointing. This week’s #HITsm chat will discuss what it will take for condition management programs to gain the interest of those who deliver care, not just those who pay for care.

References:

  • Assessing the Growing Market for Condition Management Solutions: Blog post and webinar
  • Condition Management: A Healthcare Disruption That Just Might Stick: Blog post

Here are the questions that will serve as the framework for this week’s #HITsm chat:
T1: What are the key drawbacks to static condition mgmt. (both tech and workflow)? #HITsm

T2: What does holistic condition mgmt. do that episodic care mgmt. doesn’t? #HITsm

T3: How can condition mgmt. show that it’s not just a “wellness program” in new clothes? #HITsm

T4: Aside from payment reform, what will it take for provider orgs to pivot to condition mgmt.? #HITsm

T5: Where do you see the market for holistic condition mgmt. in the next 3 years? #HITsm

Bonus: Which vendors or orgs are getting condition mgmt. right? #HITsm

Upcoming #HITsm Chat Schedule
10/6 – After Death Data Donation – A #hITsm Halloween Horror Chat
Hosted by Regina Holliday (@ReginaHolliday), Founder of #TheWalkingGallery

10/13 – Role of Provider Engagement for Improving Data Accuracy
Hosted by @CAQH

10/20 – Community Sharing Chat
Hosted by the #HITsm Community

10/27 – Aggregating the Patient Perspective and Incorporating It Into Software to Change Healthcare
Hosted by Lisa Davis Budzinski (@lisadbudzinski)

We look forward to learning from the #HITsm community! As always, let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.