Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Despite Privacy Worries, Consumers Trust Apple With Their Health Data

Posted on August 14, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

These days, everyone seems to want access to consumer health data. We’re talking not just about healthcare companies, but also financial firms, insurance companies and technology giants like Apple, Google and Amazon.

Consumers have every reason to be concerned how their data is used, as companies outside of the healthcare realm, in particular, might use it in ways that make them uncomfortable. After all, these health-related companies may not have to follow HIPAA rules. Not only that, laws that govern data collection of any kind are still evolving on the state and federal level. It’s just not clear where privacy rules for health data are going.

Troubling ambiguities like these may be why 37% of the 1,000-plus people responding to a new Twitter poll said they wouldn’t share their data with anyone. Perhaps they’ve begun to realize that companies like Google could do a lot of harm if they act recklessly with the health data they’re accumulating.

Nonetheless, there’s at least one company they trust more than others with their PHI, according to the poll, which was conducted by a CNBC writer. That company is Apple, says columnist Christina Farr. When asked which companies they trust with the health data, 41% picked Apple. Meanwhile, Google and Amazon came in at 14% and 8% respectively. That’s a pretty big gap.

Why do consumers trust Apple more than other technology companies?  It’s far from clear. But Andrew Boyd, a professor of biomedical and health information sciences at the University of Illinois, suggests that it’s because Apple has taken steps to foster trust. “Apple has done a big push around health and privacy to breed familiarity and comfort,” Boyd told CNBC.

He noted that Apple has announced plans to make aggregated health information available on smartphones. Next, it plans to integrate other medical data, such as lab results, which usually aren’t part of an integrated health record, Farr points out. Apple has also promised users that it won’t sell health data to advertisers or third-party developers.

Ideally, other companies should be following in Apple’s footsteps, suggests health data privacy expert Lucia Savage, who responded to the Twitter poll.

Savage, who is currently serving as chief privacy and regulatory officer at Omada Health, believes that any company that collects health data should at least provide consumers with a summary of the data they collect on their users and promise not to sell it. (She didn’t say so directly, but we know most non-healthcare firms can’t be bothered with such niceties.)

I think we all look forward to the day when every company takes health data privacy seriously. But giants like Google, with effectively infinite resources, are still pushing the envelope, and we can only expect its competitors to do the same thing. Unless consumers mount a massive protest, or there’s a radical change in federal law, I suspect most non-healthcare firms will keep using health data however they please.

Healthcare Blockchain Use Case

Posted on August 3, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

There’s been a lot of talk about using blockchain in healthcare. While I don’t think that it’s the end all be all solution that many make it out to be, I do think that healthcare could benefit in a lot of ways from blockchain.

David Chou recently shared this healthcare use case for blockchain which it looks like he got from Deloitte:

I’d be interested to hear blockchain experts thoughts on this use case. Is this reasonable? Could this be reasonably achieved with blockchain? Are there risks to implementing this use case?

We all know about the major challenges associated with interoperability in healthcare. Blockchain itself doesn’t solve a lot of these interoperability problems. It can’t because most of the interoperability problems in healthcare are business problems and not technology problems. However, I wonder if we can make data sharing in healthcare so simple that it would be embarrassing not to do it. Then, we might be on to something.

Other thoughts on blockchain in healthcare? I still have a lot to learn about this new technology.

A Hospital CIO Perspective on Precision Medicine

Posted on July 31, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

#Paid content sponsored by Intel.

In this video interview, I talk with David Chou, Vice President, Chief Information and Digital Officer with Kansas City, Missouri-based Children’s Mercy Hospital. In addition to his work at Children’s Mercy, he helps healthcare organizations transform themselves into digital enterprises.

Chou previously served as a healthcare technology advisor with law firm Balch & Bingham and Chief Information Officer with the University of Mississippi Medical Center. He also worked with the Cleveland Clinic to build a flagship hospital in Abu Dhabi, as well as working in for-profit healthcare organizations in California.

Precision Medicine and Genomic Medicine are important topics for every hospital CIO to understand. In my interview with David Chou, he provides the hospital CIO perspective on these topics and offers insights into what a hospital organization should be doing to take part in and be prepared for precision medicine and genomic medicine.

Here are the questions I asked him, if you’d like to skip to a specific topic in the video or check out the full video interview embedded below:

What are you doing in your organization when it comes to precision medicine and genomic medicine?

Cost of a Breach, Proper Medical Record Disposal, and Delayed Breach Notifications

Posted on June 22, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Time for a quick roundup of HIPAA related tweets from around the Twittersphere. Check out these tweets and we’ll add in a bit of our commentary.


Matt’s correct that it’s not all avoidable, but at $380 per record that’s expensive. Breaches are expensive everywhere, but especially in healthcare. When you look at how insecure various industries are, my guess is that healthcare would be near the top of the list as well. That’s a problem.


I’m with Danika Brinda as well. I have no idea why this is still happening. Are people really that uneducated and naive when it comes to disposal of paper medical records? Hire a company with a great reputation if you’re not sure how to do it properly yourself.


Happens all the time. The fine for the delay is more than the damage of the breach itself. There should be no reason organization’s delay in their efforts to notify patients of a breach. Doing so can be a very expensive prospect. Plus, it’s the right thing to do for the patients.

E-Patient Update:  Changing The Patient Data Sharing Culture

Posted on May 19, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

I’ve been fighting for what I believe in for most of my life, and that includes getting access to my digital health information. I’ve pleaded with medical practice front-desk staff, gently threatened hospital HIT departments and gotten in the faces of doctors, none of whom ever seem to get why I need all of my data.

I guess you could say that I’m no shrinking violet, and that I don’t give up easily. But lately I’ve gotten a bit, let me say, discouraged when it comes to bringing together all of the data I generate. It doesn’t help that I have a few chronic illnesses, but it’s not easy even for patients with no major issues.

Some these health professionals know something about how EMRs work, how accurate, complete health records facilitate care and how big data analysis can improve population health. But when it comes to helping humble patients participate in this process, they seem to draw a blank.

The bias against sharing patient records with the patients seems to run deep. I once called the PR rep at a hospital EMR vendor and complained casually about my situation, in which a hospital told me that it would take three months to send me records printed from their EMR. (If I’d asked them to send me a CCD directly, the lady’s head might have exploded right there on the phone.)

Though I didn’t ask, the vendor rep got on the phone, reached a VP at the hospital and boom, I had my records. It took a week and a half, a vendor and hospital VP just to get one set of records to one patient. And for most of us it isn’t even that easy.

The methods providers have used to discourage my data requests have been varied. They include that I have to pay $X per page, when state law clearly states that (much lower) $Y is all they can charge. I’ve been told I just have to wait as long as it takes for the HIM department to get around to my request, no matter how time-sensitive the issue. I was even told once that Dr. X simply didn’t share patient records, and that’s that. (I didn’t bother to offer her a primer on state and federal medical records laws.) It gets to be kind of amusing over time, though irritating nonetheless.

Some of these skirmishes can be explained by training gaps or ignorance, certainly. What’s more, even if a provider encourages patient record requests there are still security and privacy issues to navigate. But I believe that what truly underlies provider resistance to giving patients their records is a mix of laziness and fear. In the past, few patients pushed the records issue, so hospitals and medical groups got lazy. Now, patients are getting assertive, and they fear what will happen.

Of course, we all have a right to our medical records, and if patients persist they will almost always get them. But if my experience is any guide, getting those records will remain difficult if attitudes don’t change. The default cultural setting among providers seems to be discomfort and even rebellion when they’re asked to give consumers their healthcare data. My protests won’t change a thing if people are tuning me out.

There’s many reasons for their reaction, including the rise of challenging, self-propelled patients who don’t assume the doctor knows best in all cases. Also, as in any other modern industry, data is power, and physicians in particular are already feeling almost powerless.

That being said, the healthcare industry isn’t going to meet its broad outcomes and efficiency goals unless patients are confident and comfortable with managing their health. Collecting, amassing and reviewing our health information greatly helps patients like me to stay on top of issues, so encumbering our efforts is counter-productive.

To counter such resistance, we need to transform the patient data sharing culture from resistant to supportive. Many health leaders seem to pine for the days when patients could have the data when and if they felt like it, but those days are past. Participating happily in a patient’s data collection efforts needs to become the norm.

If providers hope to meet the transformational goals they’ve set for themselves, they’ll have to help patients get their data as quickly, cheaply and easily as possible. Failing to do this will block or at least slow the progress of much-needed industry reforms, and they’re already a big stretch. Just give patients their data without a fuss – it’s the right thing to do!

AMIA Shares Recommendations On Health IT-Friendly Policymaking

Posted on April 17, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The American Medical Informatics Association has released the findings from a new paper addressing health IT policy, including recommendation on how policymakers can support patient access to health data, interoperability for clinicians and patient care-related research and innovation.

As the group accurately notes, the US healthcare system has transformed itself into a digital industry at astonishing speed, largely during the past five years. Nonetheless, many healthcare organizations haven’t unlocked the value of these new tools, in part because their technical infrastructure is largely a collection of disparate systems which don’t work together well.

The paper, which is published in the Journal of the American Medical Informatics Association, offers several policy recommendations intended to help health IT better support value-based health, care and research. The paper argues that governments should implement specific policy to:

  • Enable patients to have better access to clinical data by standardizing data flow
  • Improve access to patient-generated data compiled by mHealth apps and related technologies
  • Engage patients in research by improving ways to alert clinicians and patients about research opportunities, while seeing to it that researchers manage consent effectively
  • Enable patient participation in and contribution to care delivery and health management by harmonizing standards for various classes of patient-generated data
  • Improve interoperability using APIs, which may demand that policymakers require adherence to chosen data standards
  • Develop and implement a documentation-simplification framework to fuel an overhaul of quality measurement, ensure availability of coded EHRs clinical data and support reimbursement requirements redesign
  • Develop and implement an app-vetting process emphasizing safety and effectiveness, to include creating a knowledgebase of trusted sources, possibly as part of clinical practice improvement under MIPS
  • Create a policy framework for research and innovation, to include policies to aid data access for research conducted by HIPAA-covered entities and increase needed data standardization
  • Foster an ecosystem connecting safe, effective and secure health applications

To meet these goals, AMIA issued a set of “Policy Action Items” which address immediate, near-term and future policy initiatives. They include:

  • Clarifying a patient’s HIPAA “right to access” to include a right to all data maintained by a covered entity’s designated record set;
  • Encourage continued adoption of 2015 Edition Certified Health IT, which will allow standards-based APIs published in the public domain to be composed of standard features which can continue to be deployed by providers; and
  • Make effective Common Rule revisions as finalized in the January 19, 2017 issue of the Federal Register

In looking at this material, I noted with interest AMIA’s thinking on the appropriate premises for current health IT policy. The group offered some worthwhile suggestions on how health IT leaders can leverage health data effectively, such as giving patients easy access to their mHealth data and engaging them in the research process.

Given that they overlap with suggestions I’ve seen elsewhere, we may be getting somewhere as an industry. In fact, it seems to me that we’re approaching industry consensus on some issues which, despite seeming relatively straightforward have been the subject of professional disputes.

As I see it, AMIA stands as good a chance as any other healthcare entity at getting these policies implemented. I look forward to seeing how much progress it makes in drawing attention to these issues.

E-Patient Update:  Is Technology Getting Ahead Of Medical Privacy?

Posted on December 9, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

I don’t know about y’all, but I love, love, love interacting with Google’s AI on my smartphone. It’s beyond convenient – it seems to simply read my mind and dish out exactly the content I needed.

That could have unwelcome implications, however, when you bear in mind that Google might be recording your question. Specifically, for a few years now, Google’s AI has apparently been recording users’ conversations whenever it is triggered. While Google makes no secret of the matter, and apparently provides directions on how to erase these recordings, it doesn’t affirmatively ask for your consent either — at least not in any terribly conspicuous way — though it might have buried the request in a block of legal language.

Now, everybody has a different tolerance for risk, and mine is fairly high. So unless an entity does something to suggest to me that it’s a cybercrook, I’m not likely to lose any sleep over the information it has harvested from my conversations. In my way of looking at the world, the odds that gathering such information will harm me are low, while the odds collection will help me are much greater. But I know that others feel much differently than myself.

For these reasons, I think it’s time to stop and take a look at whether we should regulate potential medical conversations with intermediaries like Google, whether or not they have a direct stake in the healthcare world. As this example illustrates, just because they’re neither providers, payers or business associates doesn’t mean they don’t manage highly sensitive healthcare information.

In thinking this over, my first reaction is to throw my hands in the air and give up. After all, how can we possibly track or regulate the flow of medical information falls outside the bounds of HIPAA or state privacy laws? How do we decide what behavior might constitute an egregious leak of medical information, and what could be seen as a mild mistake, given that the rules around provider and associate behavior may not apply? This is certainly a challenging problem.

But the more I consider these issues, the more I am convinced that we could at least develop some guidelines for handling of medical information by non-medical third parties, including what type of consumer disclosures are required when collecting data that might include healthcare information, what steps the intermediary takes to protect the data and how to opt out of data collection.

Given how complex these issues are, it’s unlikely we would succeed at regulating them effectively the first time, or even the fourth or fifth. And realistically, I doubt we can successfully apply the same standards to non-medical entities fielding health questions as we can to providers or business associates. That being said, I think we should pay more attention to such issues. They are likely to become more important, not less, as time goes by.

Ignoring the Obvious: Major Health IT Organizations Put Aside Patients

Posted on November 18, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Frustrated stories from patients as well as health care providers repeatedly underline the importance of making a seismic shift in the storage and control of patient data. The current system leads to inaccessible records, patients who reach nursing homes or other treatment centers without information crucial to their care, excess radiation from repeated tests, massive data breaches that compromise thousands of patients at a time, and–most notably for quality–patients excluded from planning their own care.

A simple solution became available over the past 25 years with the widespread adoption of the Web, and has been rendered even easier by modern Software as a Service (SaaS): storing the entire record over the patient’s lifetime with the patient. This was unfeasible in the age of patient records, but is currently efficient, secure, and easy to manage. The only reason we didn’t switch to personal records years ago is the greed and bad faith of the health care institutions: keeping hold of the data allows them to exploit it in order to market treatments to patients that they don’t need, while hampering the ability of other institutions to recruit and treat patients.

So I wonder how the American Health Information Management Association (AHIMA) can’t feel ridiculous, if not a bit seamy, by releasing a 3000-word report on the patient data crisis this past October without even a hint at the solution. On the contrary: using words designed to protect the privileges of the health care provider, they call this crisis a “patient matching” problem. The very terminology sets in stone the current practice of scattering health records among providers, with the assumption that selective records will be recombined for particular treatment purposes–if those records can be found.

A reading of their report reveals that the crisis outpaces the tepid remedies suggested by conventional institutions. In a survey, institutions admitted that up to eight percent of their patients have duplicate records in the institutions own systems (six percent of the survey respondents reported this high figure). Institutions also report spending large efforts on mitigating the problems of duplicate records: 47 percent do so during patient registration, and 72 percent run efforts on a weekly basis. AHIMA didn’t even ask about the problems caused by lack of access to records from other providers.

To pretend they are addressing the problem without actually offering the solution, AHIMA issues some rather bizarre recommendations. Along with extending the same processes currently in use, they suggest using biometrics such as fingerprints or retinal scans. This has a worrisome impact on patient privacy–it puts out more and more information that is indelibly linked to persons and that can be used to track those persons. What are the implications of such recommendations in the current environment, which features not only targeted system intrusions by international criminal organizations, but the unaccountable transfer of data by those authorized to collect it? We should strenuously oppose the collection of unnecessary personal information. But it makes sense for a professional organization to seek a solution that leads to the installation of more equipment, requires more specialized staff, tightens their control over individuals, and raises health care costs.

There’s nothing wrong with certain modest suggestions in the AHIMA report. Standardizing the registration process and following the basic information practices they recommend (compliance with regulations, etc.) should be in place at any professional institution. But none of that will bring together the records doctors and other health care professionals need to deliver care.

Years ago, Microsoft HealthVault and Google Health tried to bring patient control into the mainstream. Neither caught on, because the time was not right. A major barrier to adoption was resistance by health care providers, who (together with the vendors of their electronic health records) disallowed patients from downloading provider data. The Department of Veterans Affairs Blue Button won fans in both the veterans’ community and a few other institutions (for instance, Kaiser Permanente supported it) but turned out to be an imperfect standard and was never integrated into a true patient-centered health system.

But cracks in the current system are appearing as health care providers are shoved toward fee-for-value systems. Technologies are also coalescing around personal records. Notably, the open source HIE of One project, described in another article, employs standard security and authentication protocols to give patients control over what data gets sent out and who receives it.

Patient control, not patient “matching,” is the future of health care. The patient will ensure that her doctors and any legitimate researchers get access to data. Certainly, there are serious issues left, such as data management for patients who have trouble with the technical side of the storage systems, and informed consent protocols that give researchers maximum opportunities for deriving beneficial insights from patient data. But the current system isn’t working for doctors or researchers any better than it is for patients. A strong personal health record system will advance us in all areas of health care.

Health Plans Need Your Records: Know What’s Driving Requests and How to Be Prepared

Posted on July 26, 2016 I Written By

The following is a guest blog post by Craig Mercure, Chief Operating Officer of Payer Solutions at CIOX Health.
Craig Mercure
Audits. Reviews. HEDIS. Stars Ratings. No matter what, health plan record requests are growing by leaps and bounds each year. And the stakes are high for health plans to ensure they receive medical records in a timely way. What we also know – the large volume of requests and submission deadlines can put a drain on provider resources.

High volumes of medical record requests make it more important than ever for providers and health plans to work cooperatively and collaboratively. Here’s some helpful background on what’s driving the request for medical records and how providers can be prepared.

There are three primary health plan reviews that receive the most focus: Medicare Risk Adjustment, HEDIS Reviews, and Affordable Care Act (ACA) Medical Records Retrieval (MRR). While there are also other ad hoc requests related to fraud, waste and abuse (e.g., Risk Adjustment Data Validation (RADV), Medicaid, etc.), these three health plan reviews cause the most provider abrasion. Medical practices are getting hammered by them.

Say, for example, that a provider chooses 10 health plans. That provider is going to receive requests from each plan for all three of the main reviews, as well as the ad hoc requests. This has a major influence on record release and all other staff members that are impacted by it. The operational impact of receiving, verifying and fulfilling these requests is growing every year.

Here’s how the top three health plan reviews break down:

Medicare Risk Adjustment (MRA) reviews documentation and diagnosis codes to ensure proper reimbursement from the Centers for Medicare and Medicaid Services (CMS). Most records are retrieved from the primary care physician (PCP), specialty doctors, and in-patient stays—wherever the true value of a particular chart may reside. The MRA reviews typically begin in June and goes through early January.

Volumes have skyrocketed to 18 million record requests over the past several years. Plans are prioritizing Medicare Advantage plans and want to research every member. Therefore, depending on the percentage of Medicare Advantage patients seen by an organization, this review can hit providers hard. Medicare Risk Adjustment reviews are most prevalent in late summer and early fall with the end date for all plans to submit all 2015 diagnoses by January 31, 2017.

Two of the primary pain points for health plans are revenue and quality of care. Consider this hypothetical scenario. A healthy Medicare Advantage member has a score of zero. However, if that member develops diabetes within a given year, the score grows to 2.8. The health plan would receive 2.8 times the normal Medicare expenditure to care for that patient. While demographics and regional data also contribute to determining true ratings, this example is very realistic.

From a quality perspective, the health plan’s purpose for medical record reviews is to identify patients with chronic disease before they fall through the cracks. Plans attempt to effectively communicate with members and secure PCP visits before more costly encounters such as emergency or acute inpatient care occur.

Healthcare Effectiveness Data and Information Set (HEDIS) Reviews are driven by the National Committee for Quality Assurance (NCQA), a 501(c)(3) not-for-profit organization dedicated to improving the quality of health care so patients can make informed decisions about which plan they want to choose. HEDIS collects measures from plans, PPOs, physicians, and other organizations which is fed into a 5-star rating system. This rating system has become a marketing tool to help patients find the best health plans. It’s intended to allow patients to make “apples to apples” comparisons of health plans, similar to how you might shop for a car. The review season is typically February to mid-May.

Affordable Care Act (ACA) Medical Records Retrieval (MRR) is in its first year. These reviews are conducted during the same time frame as HEDIS. ACA-MRR has adopted similar risk methodologies as Medicare Advantage.

For providers, dealing with these reviews has become part of doing business with health plans. However, the amount of operational planning and time required to keep up with all the various requests can be monumental. Each provider site is configured differently in terms of medical record systems and IT security. Many providers outsource the chart retrieval (also called release of information—ROI) function to relieve the burden.

Gathering data in the trenches

Information to fulfill the health plan request may come from PCPs, acute-care hospitals, extended and rehabilitation facilities—wherever the health plan determines that the chart holds the most value. Also, caregivers provide medical records to health plans in a variety of ways. These include, but are not limited to: remote access, portals, secure FTP, CDs, mail, flash drives, emails, scans, and the old-fashioned standard—printed paper. While paper is dwindling, some still exists.

The majority of Medicare Advantage and ACA reviews are at the provider level. Sometimes thousands of records are involved. This can be a huge burden on physicians. Most health plan reviewers are interested in documents describing face-to-face interactions between clinician and member, such as progress notes and encounter notes based on specific dates of service.

For health plans and chart retrieval companies, the goal is always to obtain the necessary information with a minimal amount of provider abrasion. Two specific technology capabilities help smooth the process.

Electronic documentation embedded within the provider’s EMR

Various EMR systems and provider sites capture patient encounter notes differently. Some locations might not capture or maintain the encounter and progress information that is needed in an easy-to-retrieve electronic format.

Remote connectivity to retrieve information

Remote connectivity allows real-time access for the data needed by the health plan or chart retrieval service, mitigating the need for labor-intensive processes and onsite technicians.

An experienced chart retrieval service, like CIOX Health, satisfies the information demands of health plans while also reducing operational workload for providers. They’re responsible for securely linking both sides of the health plan review equation.

Experience eases chart retrieval

A chart retrieval service that repeatedly contracts with a specific health plan for reviews gains a year-over-year advantage. They’ve already connected to all the various provider systems and obtained security clearance. Every year they spend in the trenches, they learn and gain experiential data—giving them a head start for next year’s audit season.

Providers want to be fully compliant with health plan requests. They want to honor the request as quickly and efficiently as possible. Provider preference is to work with one chart retrieval service versus multiple ones over several health plans.

A single service can also field calls and inquiries from all the various health plans. Health plans want records to meet their review requirements, and they can be aggressive if records are past due. An experienced chart retrieval service helps both stakeholders move efficiently through the process—including remote connectivity—to meet health plan deadlines.

Finally, a centralized health information management (HIM) department is another way to ease the burden for providers. With centralization, all records and requests are aggregated. While centralized HIM is common practice in hospitals and health systems, it is not always feasible for physician practices and medical groups.

Cooperative steps must be taken to support health plan reviews while also reducing provider abrasion and operational costs. By working together, both plans and providers remain satisfied and smooth the process for everyone involved.

About Craig Mercure
Craig oversees all aspects of business development, including strategic planning, sales, client services, marketing, product development, finance and communications. He also leads the infrastructure development of the company as it grows, which includes: systems, processes, pipeline management, trade support, marketing, facilities, personnel recruitment and development. Over the past 15 years, Craig has worked in executive leadership positions within the electronic medical record and medical documentation industry.

Joint Commission Now Allows Texting Of Orders

Posted on May 17, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

For a long time, it was common for clinicians to share private patient information with each other via standard text messages, despite the fact that the information was in the clear, and could theoretically be intercepted and read (which this along with other factors makes SMS texts a HIPAA violation in most cases). To my knowledge, there have been no major cases based on theft of clinically-oriented texts, but it certainly could’ve happened.

Over the past few years, however, a number of vendors have sprung up to provide HIPAA-compliant text messaging.  And apparently, these vendors have evolved approaches which satisfy the stringent demands of The Joint Commission. The hospital accreditation group had previously prohibited hospitals from sanctioning the texting of orders for patient care, treatment or services, but has now given it the go-ahead under certain circumstances.

This represents an about-face from 2011, when the group had deemed the texting of orders “not acceptable.” At the time, the Joint Commission said, technology available didn’t provide the safety and security necessary to adequately support the use of texted orders. But now that several HIPAA-compliant text-messaging apps are available, the game has changed, according to the accrediting body.

Prescribers may now text such orders to hospitals and other healthcare settings if they meet the Commissioin’s Medication Management Standard MM.04.01.01. In addition, the app prescribers use to text the orders must provide for a secure sign-on process, encrypted messaging, delivery and read receipts, date and time stamp, customized message retention time frames and a specified contact list for individuals authorized to receive and record orders.

I see this is a welcome development. After all, it’s better to guide and control key aspects of a process rather than letting it continue on underneath the surface. Also, the reality is that healthcare entities need to keep adapting to and building upon the way providers actually communicate. Failing to do so can only add layers to a system already fraught with inefficiencies.

That being said, treating provider-to-provider texts as official communications generates some technical issues that haven’t been addressed yet so far as I know.

Most particularly, if clinicians are going to be texting orders — as well as sharing PHI via text — with the full knowledge and consent of hospitals and other healthcare organizations — it’s time to look at what it takes manage that information more efficiently. When used this way, texts go from informal communication to extensions of the medical record, and organizations should address that reality.

At the very least, healthcare players need to develop policies for saving and managing texts, and more importantly, for mining the data found within these texts. And that brings up many questions. For example, should texts be stored as a searchable file? Should they be appended to the medical records of the patients referenced, and if so, how should that be accomplished technically? How should texted information be integrated into a healthcare organization’s data mining efforts?

I don’t have the answers to all of these questions, but I’d argue that if texts are now vehicles for day-to-day clinical communication, we need to establish some best practices for text management. It just makes sense.