Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Online Medical Visits Using Google Helpouts

Posted on November 8, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

As most of you probably know, I’ve been a big fan of the Google Plus hangout. In fact, I’ve been doing a series of video interviews with leading Healthcare IT thought leaders using the Google Plus hangout technology.

Google recently announced a twist on the Google Plus hangout technology that they’re calling Google Helpouts. These Helpouts are “real help from real people in real time” as it says on the website. Some of the help is Free and in other cases you have to pay a fee to get help. Why am I talking about this on a mobile health website?

The answer is simple. One Medical Group is one of the first partners to work with Google Helpouts. You’ll see on that page that if you’re a One Medical Group member in one of their cities, then you can get Free Medical Advice on the Google Helpout. Pretty cool, except for the fact that I’m not a member or in any of those cities, so I can’t try it out. They do offer Health and Wellness Coaching and Nutrition Counseling for $30 per helpout and $65 per helpout respectively.

My first question after seeing this was, “Are Google Helpouts HIPAA compliant?” The answer is probably that it depends. If I as a patient give permission to do it, then it’s fine. Although, if I’m One Medical Group, I wonder if they were able to get Google to sign a business associates agreement. Considering Google’s track record with Google Health, I’ll be really surprised if they did. Although, they should.

This should be of interest to all those people in the Telehealth world. Obviously, One Medical Group has a unique care model that makes this possible. However, once you start giving patients something like this, it’s hard to take it away. Plus, other patients start getting jealous of their friends and start wanting the service as well.

Hopefully these Google Helpout medical visits will help to crack this open and make the e-Visit a reality.

How to Be HIPAA Compliant in the Cloud, in Five Steps

Posted on September 10, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The following is a guest post by Gilad Parann-Nissany, Founder and CEO of Porticor.

The Health Insurance Portability and Accountability Act (HIPAA) is the legal framework for keeping private health information – private. HIPAA protects personal health information from being exposed, and in particular – in the IT world – HIPAA defines how Electronic Personal Health Information (EPHI) should be protected. It imposes rules and also penalties.

A central goal for cloud-based health systems should be to achieve “Safe Harbor.” This means that your data is so well protected, even if bad things happen, you can reasonably show that EPHI was not exposed. This is HIPAA nirvana.

Some could say that HIPAA compliance is complex. Spoiler: they would be right. However, as Lao Tzu, founder of Chinese Taoism once said: “The journey of a thousand miles begins with one step.” Or, in our case, five steps.

1.     Investigate
Scope out your system, people and procedures
Start by studying your system architecture and your procedures and deciding where sensitive data resides and which procedures are relevant.

Nowadays, it is very popular to use cloud infrastructure for building out systems – rightly so, given the operational advantages. Cloud systems can be made HIPAA compliant. Start by making sure that all cloud accounts, cloud servers, cloud network segments and cloud storage – that will contain or process sensitive EPHI – are on your list.

Make sure you’ve also considered procedures and even people – they need to be part of your scope. Also consider which people should not see cloud-based EPHI – for example cloud provider employees and other cloud service providers you use.

2.     Analyze Risks
Discover where your Electronic Personal Health Information could get compromised
Go over everything on your list, whether a person, organization or a technical entity, and analyze where they get in contact with EPHI and the degree of risk involved. Document these risks carefully – they are the basis of your HIPAA compliance.

At this point, also consider possible mitigations to risks. Encryption and solid management of cloud encryption keys is one of the most important tools in your toolbox – if you encrypt data properly and keep the keys safe, you may enjoy “safe harbor,” and mitigate many of the penalties and risks of HIPAA.

3.     Define Policies
Establish procedures for security and privacy
HIPAA compliance is not just about doing things well, but also all about properly documenting that you have done them well. Going over your scoping list from step 1, you should identify the policies and procedures for each item, person or organization – that would ensure EPHI never leaks. Another set of documents should define your privacy policies.

Again, this is an important place to consider mitigations. As you go over the list and construct your procedures, pay attention to things that could go wrong. In the real world, something always goes wrong. Build in mitigations so that even if bad things happen – you will still enjoy “safe harbor.”

Ask your cloud service providers for a Business Associate Agreement, which ensures that they too have gone through a similar process – and are responsible for the service they provide you and its implications for HIPAA compliance.

4.     Train your people
Educate your employees and make sure your service providers are trained!
This is an obvious point, yet one of the most important ones. Trained staff make all the difference.

And yes, as always in HIPAA, it is not enough to train the staff, but also document the training. Require these proofs also from your service providers.

5.     Prepare for a breach
Be ready in case disaster strikes
Bad stuff happens. How will you deal with it? You need to plan this ahead of time, and – as always – also document your planning.

Our entire approach is based on achieving “safe harbor” – when you go through your “bad stuff” checklist, think carefully how each point can be mitigated. Often solid encryption will help, and one of the first things you want to check in the event of a breach – was the data encrypted and the keys kept safe? Make this part of your procedures.

HIPAA compliance in the cloud is within reach
By taking the right approach, thinking carefully through safe harbor possibilities, and covering the entire scope of your project – you can achieve proper HIPAA compliance and protect patient privacy. This is also a major competitive advantage for your business.

About the Author
Gilad Parann-Nissany, Founder and CEO of Porticor, is a cloud computing pioneer. Porticor infuses trust into the cloud with secure, easy to use, and scalable solutions for data encryption and key management. Porticor enables companies of all sizes to safeguard their data, comply with regulatory standards like PCI DSS, and streamline operations.

Mobile Apps Pose Security Risks

Posted on July 11, 2013 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Mobile apps that share files via the cloud may be popular, but they pose risks in a clinical setting, according to a study reported by FierceMobileHealthcare.

The study, which was conducted by the Ponemon Institute, concluded that many health organizations aren’t taking the steps needed to guard protected health information on mobile devices and in the cloud.  In fact, more than half of respondents (54 percent) reported having an average of five data breaches involving the loss or theft of a mobile device containing  PHI, according to FierceMobileHealthcare.

About 33 percent of Ponemon respondents said they need to access PHI to do their work. That being said, only 15 percent of survey respondents were aware of HIPAA’s security requirements for regulated data on mobile devices.  This was the case despite the fact that 33 percent of respondents were part of a HIPAA-covered entity.

Meanwhile, 40 percent of respondents weren’t sure if their organization’s policies on employee access and use of regulated data on mobile devices were HIPAA-compliant. Twelve percent said they were compliant, 31 percent were partially compliant and 17 percent said they were noncompliant.

While healthcare organizations may be playing it a bit fast and loose where use of the cloud via mobile is concerned, they’re still being very cautious where other  uses of the cloud are concerned, FierceMobileHealthcare notes.

According to a recent survey by technology vendor CDW, healthcare organizations ranked seventh out of eight industries studied when it came to adoption of cloud computing.  According to CDW, healthcare leaders cited security concerns about proprietary data and applications as reasons they’d been reluctant to adopt cloud technology.

mobileStorm Launches First HIPAA-Compliant, Cloud-based mHealth Communication Platform; Announces Humana as a Beta Client

Posted on May 27, 2011 I Written By

So I don’t usually like posting full press releases, but this one is significant enough all by itself that I feel like it can stand on it’s own feet.  It does have huge implications though so I may very well write something more on it later.

mobileStorm, an 11-year veteran of mobile messaging, announces “mobileStorm for Healthcare,” a patent-pending platform for Healthcare Payers, Providers, Software Solutions and Mobile App Developers, enabling the secure sending of PHI to smart phones.

San Diego, CA, May 11, 2011 – mobileStorm, Inc. (www.mobilestorm.com) announced today at the WLSA Convergence Summit the official release of “mobileStorm for Healthcare,” a secure mobile messaging platform that allows HIPAA-compliant transmission of PHI (Protected Health Information) to members and patients via mobile devices and smart phones.  mobileStorm has developed this capability in response to the healthcare industry’s need to control escalating expenses in the U.S., which totaled $2.5 trillion, or 17.3% of our national GDP, in 2009 alone. Recent widespread technological adoptions such as EMRs (Electronic Medical Records) are assisting healthcare organizations by bringing their processes into the modern age. The mobileStorm for Healthcare platform can “mobile-enable” any system. The communication tools that mobileStorm provides improve the efficiency of treatment and improve the outcomes for providers, while reducing costs to the health plans through lower utilization.  The key to reducing utilization is through adoption of wellness programs and prescription adherence.

mobileStorm for Healthcare is a straightforward solution, allowing any developer or IT department to integrate with the mobileStorm for Healthcare API (Application Programming Interface) which can power secure communication between systems such as EHR, EMR, and disease/appointment management tools. The API automates the delivery of AppMail™ messages which utilize AES-256 encryption. AppMail™ can deliver individual health notifications (presentable HTML or plain text) in a one-to-one or one-to-many fashion. In addition, the API delivers real-time analytics on important metrics such as who has read a message and for how long. AppMail™ is delivered to a secure inbox that can quickly be created using mobileStorm for Healthcare’s SDK (Software Development Kit).

The API also enables transmission of Push Notifications and SMS messages in order to utilize cross-channel communication strategies that drive higher response rates. mobileStorm for Healthcare takes a member-centric approach by allowing people to log into any web-connected device containing the organization’s mobile app or mobile site and securely access their inboxes and PHI messages. For organizations without a mobile app or site, mobileStorm offers custom solutions.

“We have been providing communication solutions for over 11 years and in the healthcare vertical for the last three years. We firmly believe that mHealth technology represents the most important social, cultural, and business impact that mobile technology has produced to date,” said Jared Reitzin, Founder & CEO of mobileStorm. “As a Communication Service Provider (CSP), we have worked with thousands of clients in hundreds of different industries which has given us a unique perspective of how mobile affects an individual’s behavior. All of us are patients as well as members, so it’s exciting to see the healthcare industry realize the massive impact that mobile can have on our behavior.”

As part of the official launch of mobileStorm for Healthcare, Humana has agreed to become a Beta customer in order to strengthen their efforts to help Humana members achieve lifelong well-being. Christopher Nicholson, Humana’s director of strategic communications, says “Humana is excited about the messaging capabilities that the secure mobile messaging center will bring us.  This partnership will allow us to deliver on multi-channel goals where we have not had a solution in the past. The ability to reach members ‘where they are’ with relevant, personalized and proactive communications is critically important.  mobileStorm is a wonderful mHealth vendor who truly wants to help us succeed.”

Mr. Reitzin continues, “mobileStorm for Healthcare represents the culmination of our experience, and we are confident that it is the most advanced HIPAA-compliant mobile platform available. Our company’s mission is to help our clients communicate with as much relevancy as possible, and with this new offering, I believe we are one step closer to completing our mission.”

mobileStorm for Healthcare is being unveiled and demonstrated at the WLSA Convergence Summit in San Diego, California, on May 12, 2011.  For more information on this event or to schedule a meeting with a mobileStorm representative, visit www.mobilestorm.com/wlsa.

To find out more about mobileStorm’s patent-pending mHealth platform or HIPAA compliance, which will be complete in June 2011, please visit www.mobilestorm.com/healthcare.

About mobileStorm

Based in Los Angeles, California, with more than a decade of email and mobile messaging experience, mobileStorm has delivered billions of messages on behalf of thousands of premier customers such as Humana, NASCAR, American Idol, Kaiser Permanente, and Ashley Furniture HomeStore. As a Communication Service Provider (CSP), mobileStorm’s mission is to help companies communicate with as much relevancy as possible, allowing everyone to win, from the ISP or carrier who delivers a message to the consumer who desperately wants to engage with content that matters. mobileStorm backs up their web-based technology with expert advice and legendary customer service that drives ROI for its customers.

About Humana

Humana Inc., headquartered in Louisville, Kentucky, is one of the nation’s largest publicly traded health and supplemental benefits companies, with approximately 10.2 million medical members, 7.1 million specialty members, and operates more than 300 medical centers and 260 worksite medical facilities. Humana is a full-service benefits and well-being solutions company, offering a wide array of health, pharmacy and supplemental benefit plans for employer groups, government programs and individuals, as well as primary and workplace care through its medical centers and worksite medical facilities.

Over its 50-year history, Humana has consistently seized opportunities to meet changing customer needs. Today, the company is a leader in consumer engagement, providing guidance that leads to lower costs and a better health plan experience throughout its diversified customer portfolio.