The holidays will soon be here and there may be the need for a little something for a family member, hostess or perhaps a gift for your boss or co-workers. Finding just the right thing can be challenging. However, if the recipient is a healthcare professional, embraces technology, is innovative and forward thinking, a book on social media and technologies might be just the thing you are looking for this holiday season. If so, consider one of the following two books by yours truly. The newest one, published by HIMSS is a collection of case studies and best practices. The second, is a high level overview of social tools published by ACHE.
If you have read either or both already, feel free to leave a comment with your feedback!
Over the years I've contributed articles to several publications, and often repeatedly, because we have built up a mutually beneficial relationship. As a writer, I think any of them will tell you I produce on time and the continuing invites seem to indicated my writing skills are good and there is something to what I have to say.
The latest of these partnerships is Multibriefs and my contributions to newsletters for several healthcare administration associations. (Perhaps you are a member of one of the associations and have already seen one of these articles.) One result of writing for someone else is that it cuts into the time I have for my own blog... thus you may have noticed recent infrequent posts.
By sharing links to my first four articles for Multibriefs, I hope that I will continue to maintain your interest until I re-balance and can acclimate to my new obligations. I also believe each has the possibility to stimulate some new ideas.
HHS has released a new security risk assessment tool to help providers, and perhaps business partners, uncover potential weaknesses in their security policies, processes and systems. Using the tool, providers will be guided as they address risk and security practices and failures such as:
defining and managing access
technical and physical security
In addition to helping providers manage their risks and comply with the HIPAA Security Rule, I believe the tool is also helpful with business continuity planning efforts. Think about it - will the organization be able to survive if there is a breach or if security weaknesses become widely known? How does security change during a disaster?
The May issue of Health Management Technology includes a great infograpic represending data from a new IBM study finding the vast majority of CFOs(82%) see the value of integrating enterprise-wide data, but only 24% think their team is up to the task. This is a 205% increase in the gap between the importance of data and the ability to exploit its value since the question was first asked in 2005, showcasing a critical divide in the skills and capabilities for today’s finance teams.
The study, entitled “Pushing the Frontiers,” is based on findings from face-to-face conversations with 576 CFOs from around the world.
Way back in 2005 when I was still getting started as a blogger and was active in the world of EHR adoption, I wondered about their impact on malpractice rates. I asked a malpractice carrier friend of mine what he thought and the answer was it would be years before anyone could really tell.
So here we are in 2014 and the information is starting to flow; first with an October 2013 post and now with an article in PSQH about an analysis of malpractice claims that confirms the risk of EHRs. The top issues are identified in the table below.
This list of risks points to the ongoing need for staff awareness and education, user centric design and aggressive identification and correction of technology issues. It also highlights a fear I've had for some time around what I've seen to be weaknesses in ambulatory care settings. Ambulatory settings (and even some small hospitals) may not have the resources -- technical expertise or safeguards needed -- to minimize these risks. Unfortunately, this is resulting in them having 56% of the malpractices claims in this study.
I've posted on data security and breaches for the last few years and know that many healthcare providers have struggled to make sense of the warnings. The latest warnings come from a report that hightlights new security threats to patient health information:
unproven security in the health insurance marketplaces, created as a result of the Affordable Care Act
unsecured mobile devices (smartphones, laptops, and tablets)
Patient records are vulnerable to both insider and outsider threats because of the value of the information to criminals. These records contain personally identifiable information (PII) and protected health information (PHI). When combined, this information represents highly sensitive “regulated data,” which is tightly controlled by federal laws, including HIPAA and GLBA, as well as numerous state breach notification laws.
Employee negligence, such as a lost laptop, continues to be at the root of most data breaches in this study. However, there is also an uptick in criminal attacks on hospitals, which have increased a staggering 100% since the first study four years ago. The combination of insider-outsider threats presents a multi-level challenge, and healthcare organizations are lacking the resources to address this reality.
Key Findings of the Research
Data breaches have declined slightly, though remain high.
Data breaches now cost healthcare organizations $5.6 billion annually, slightly lower than past years. Ninety percent of respondents had at least one data breach over the past two years, while 38 percent have had more than five data breaches in the same time period. While the total number of data breaches in healthcare has declined slightly—indicating that healthcare organizations are making some progress—the threats to patient data remain high. Many organizations remain overwhelmed and struggle with incident management and compliance with the myriad of regulations.
Affordable Care Act increases risks to millions of patients and their information.
Nearly 70 percent of respondents believe the Affordable Care Act has increased or significantly increased the risk to millions of patients, because of inadequate security. The concerns include insecure exchanges between healthcare providers and government (75 percent), insecure databases (65 percent), and insecure websites for patient registration (63 percent). One-third of organizations surveyed say they do not plan to become a member of a Health Information Exchange (HIE); 72 percent are not confident or only somewhat confident in the security and privacy of patient data shared on HIEs.
Negligent employees and unsecured devices in the workplace remain a big security threat.
Seventy-five percent of organizations cite employee negligence as their biggest security worry, as they increase exposure to sensitive data by the growing use of their personal unsecured devices (smartphones, laptops and tablets). Bring Your Own Device (BYOD) is not a new phenomenon but is a new risk, as personal devices have become harder to manage, control, and secure. In fact, 88 percent of organizations permit employees and medical staff to use their own mobile devices to connect to their organization’s networks or enterprise systems such as email, with access to patient information. Similar to last year’s study, more than half of organizations are not confident that the personally owned mobile devices are secure. Yet, 38 percent of organizations don’t take steps to ensure these devices are secure or prevent them from accessing sensitive information.
Healthcare organizations don’t trust their third parties (Business Associates) with sensitive patient information.
“Business Associates” are third-party companies that work with healthcare organizations. They have access to patient information and are still struggling to comply with the HIPAA Final Rule, a federal law intended to safeguard sensitive information. Seventy-three percent of organizations are not confident or only slightly confident that their third parties are able to detect a security incident, perform an incident risk assessment and notify them in the event of a data breach. Only 30 percent of organizations are confident that their business associates are appropriately safeguarding patient information as required by the federal HIPAA Final Rule. According to those surveyed, the Business Associates that present the greatest risks to patient information are IT service providers, claims processors, and benefits management.
Patching Holes is Overwhelming for Organizations
While there has been progress towards complying with federal privacy and security guidelines and better safeguarding patient information, the threats and risks are shifting and this requires healthcare organizations to be in a constant state of catch up. Think of it as a bucket filled with water, with holes in it. The water keeps spurting out, and every time you patch one hole, a new hole forms. The process of patching old and new holes is overwhelming, and this new data validates that issue.
Still have questions?
If you are interested in more information, consider participating in a free webinar, ACA Impacts on Patient Data Security—with Dr. Larry Ponemon, Ponemon Institute, and Rick Kam, CIPP/US, ID Experts— on Tuesday, April 8, 2014, at 11:00 a.m./2:00 p.m. ET. To register, visit http://bit.ly/1ih2fqi.
Health Finance News has a great list of reasons for the decline in hospital inpatient volumes and most of these are indicative of what we will also see in the future. Hospital administration has entered a whole new world and its leaders will need to be truly innovative and creative in order to survive.
The decrease in "face time" with our patients also reinforces the need to engage and support them outside of the hospital walls. Yet another reason we will see Health IT, telehealth and emerging technologies like portals, mobile, social and more taking on a more significant role in care processes.
1. Elective admissions dropped during recession and have been slow to recover.
2. Health reform brought pressure on hospital readmissions and also avoidable admissions.
3. The growth of observation status.
4. The long-term continuing movement towards outpatient models of care with less use of beds overall.
5. Hospital shifts towards fee-for-value away from fee-for-service - building clinically integrated networks and care models.
6. The growth of technology, particularly when it comes to imaging, surgery and anesthesia.
My latest book addresses social media and the underlying technologies and the ebook is now available - just in time for HIMSS14. Several chapter authors contributed to this HIMSS book just like the one released in 2007 on RHIOs (HIEs). While there is a bit of what I have to say on the subject, mostly setting the stage, the real work was the contribution of stories and advice from a variety of exceptional healthcare professionals representing hospitals, health systems, government, clinics, private practices and most importantly, the patient. The chapters and contributing authors are:
Foreword - The Future of Social Media in Healthcare by Stephen C. Schimpff, MD, FACP
There is a new expansion to CMS' new reimbursement for transitional care services to include health professional shortage areas (HPSA) located in rural census tracts of metropolitan statistical areas, which makes it more consistent with other telehealth reimbursement regulations.
However, early last year I posted on this program and highlighted the non-face-to-faceaspect, because I see a role for social tools. I'm pleases to see that "electronic" communications continues to be highlighted because it is indicitiative of the regulations being written in a way to be accommodating emerging technologies.
For those of you needing the specific language for the services added to the list of Medicare telehealth services for CY 2014, it is:
• CPT code 99495: Transitional Care Management Services with the following required elements: Communication (direct contact, telephone, electronic) with the patient and/or caregiver within 2 business days of discharge Medical decision making of at least moderate complexity during the service period Face-to-face visit, within 14 calendar days of discharge.
• CPT Code 99496: Transitional Care Management Services with the following required elements: Communication (direct contact, telephone, electronic) with the patient and/or caregiver within 2 business days of discharge Medical decision making of high complexity during the service period Face-to-face visit, within 7 calendar days of discharge. This policy will allow the required face-to-face visit component of both services to be furnished through telehealth.
On Wednesday, December 11, 2013 11AM-1PM CT, HIMSS will host a free Virtual Briefing that will explore social business tools and best practices being used successfully by health systems.
I'll present some of my favorite examples of social applications to improve patient outcomes and the health of populations in a variety of settings. My co-presenters will highlight what is trending on social channels and share an open-source sentiment analysis application for healthcare.
I hope you will join us during this virtual event!
More engaged consumers and patients are those who are more knowledgeable. Given the increasing role of digital processes in healthcare, that means a new component of patient education is needed for health literacy.
Interoperability is when two or more systems can exchange information and then use the information that has been exchanged. The infographic below explains how it works!
Teleophthalmology is one of my favorite telemedicine applications because it often brings access to screenings to those who might otherwise not receive them. And it helps improve the experience of care and limit costs for patients. Since November is National Diabetes Awareness Month, I thought I'd share some advice for those with the disease from the National Eye Institute.
Diabetic reinopathy is the most common form of the disease; affecting about 28.5% of Americans with diabetes age 40 and older. That’s more than 7 million people, and the number is expected to reach more than 11 million by the year 2030.
If you have diabetes, your doctors most likely have told you to keep your blood sugar under control through diet, exercise, and proper medication. But did you know that you also need a dilated eye exam at least once a year? A dilated eye exam is when an eye care professional dilates, or widens, the pupil to check the retina in the back of the eye for signs of damage. All people with diabetes, type 1 and 2, are at risk for vision loss, but certain groups are at higher risk: African Americans, American Indians/Alaska Natives, and Hispanics/Latinos.
The longer a person has diabetes, the greater the risk of diabetic eye disease, which includes the following: • Cataract (Clouding of the lens of the eye) • Diabetic Retinopathy (Damage to the retina) • Glaucoma (Damage to the optic nerve)
In November, when National Diabetes Month is observed in the United States, the National Eye Health Education Program (NEHEP) of the National Eye Institute (NEI) recommends that all people who have diabetes reduce the risk of vision loss from the disease by having a comprehensive dilated eye exam at least once a year.
“Half of all people with diabetes don’t get annual dilated eye exams. People need to know that about 95 percent of severe vision loss from diabetic retinopathy can be prevented through early detection, timely treatment, and appropriate follow-up,” said Dr. Suber Huang, chair of the Diabetic Eye Disease Subcommittee for NEHEP.
“Diabetic eye disease often has no early warning signs but can be detected early and treated before vision loss occurs,” said Paul A. Sieving, M.D., Ph.D., director of NEI. “Don’t wait until you notice an eye problem to have a dilated eye exam, because vision that is lost often cannot be restored.” In fact, diabetic retinopathy, the most common form of diabetic eye disease, is the leading cause of blindness in American adults ages 20–74. According to NEI, 7.7 million people ages 40 and older have diabetic retinopathy, and this number will likely increase to approximately 11 million people by 2030.
If you have diabetes, get a comprehensive dilated eye exam at least once a year. NEHEP also recommends you keep your health on track by— • Taking your medications. • Reaching and maintaining a healthy weight. • Adding physical activity to your day. • Controlling your blood sugar, blood pressure, and cholesterol. • Kicking the smoking habit.
These steps will help you keep your diabetes under control and help protect against diabetic eye disease.
For more information on diabetic eye disease, financial assistance for eye care, and how you can maintain healthy vision, visit www.nei.nih.gov/diabetes or call NEI at 301–496–5248.
Early in my blogging career, I wondered about the impact of EHRs on malpractice rates. I even spoke to a couple of friends who worked for carriers, but at the time it was a bit too early for anyone to really know where the risk would arise.
Fast forward from 2005 to 2013 and Health Data Management has a wonderful article in their October issue titled The Weight of the IT Evidence: Why EHRs won't reduce your malpractice premiums. The article is full of great advice that will help risk managers and providers better assess their risk. It covers plaintiff attorney strategies, provider shortcuts that create problems, limitations in the technology, e-discovery challenges. I can't repeat all of the details here, so please read the entire article.
This year's HIMSSNational Health IT Week Blog Carnival is being hosted by Health IT expert and social mover and shaker, Brian Ahier. This is a great opportunity for bloggers who are passionate about the value of Health IT to contribute their voic to the national coversation and possibly generate some new traffic to their own blog
The #NHITWeek theme this year is the value of health IT. If you will participate, answer the question "What is the value of Health IT?" in a post between Monday, September 16 and Thursday, September 19 and send a link to you post to HIMSS@shiftcomm.com. As host, Brian will review each submission and publish round up posts on his blog Ahier.net throughout #NHITWeek.
When I first started blogging, one of my favorite topics was on health information exchange and RHIOs. It made sense because had been working with RHIOs and data exchange projects and there were still many questions among my peers about the exact definition, how to set one up and overcoming the challenges. One of my blogger friends even referred to me as the RHIO Queen and someone who reviewed my blog said I probably had a bit too much on RHIOs. But, I had written the book on establishing a RHIO.
Since then I've explored applications of other technologies and my path has taken me through telehealth, mhealth, portals and social. Today, some might say I have too many posts on social media.
So, it is with great pleasure that I return to my Health IT roots with this video on Medical Neighborhoods and the key role of health information exchange. What I like most is the blending of the tools that are needed for the future.
This powerful video provides an overview of an app beign used by the Loyola Recovery Center in upstate New York with veterans in outpatient recovery. It combines patient generated data, telehealth, mobile, GPS monitoring, social media and personalized interventions for more effective and timely patient engagement.
The Office of the National Coordinator for Health Information Technology has released the Health IT Patient Safety Action and Surveillance Plan. It builds on recommendations of the 2011 Institute of Medicine (IOM) report, Health IT and Patient Safety: Building Safer Systems for Better Care, and provides a roadmap for increasing knowledge of health IT safety and ensuring that health IT is used to actually make care safer.
The plan leverages existing authorities to strengthen patient safety efforts across government programs and the private sector—including health care providers, health IT developers, patient safety organizations (PSOs), and accrediting and oversight bodies. Key partners and responsibilities include::
ONC will make it easier for clinicians to report health IT-related incidents and hazards through the use of certified electronic health record technology (CEHRT).
The Agency for Healthcare Research and Quality (AHRQ) will help operationalize the plan through::
Collaboration with PSOs, providers, and developers to add a focus of health IT to their collection, aggregation, analysis, and mitigation of providers’ adverse event reports. AHRQ will also provide guidance to PSOs on how they can work with EHR developers to identify and mitigate health IT risks.
Provide tools and resources to help providers identify, describe, and report health IT-related events and hazards.
Supporting the research and development of tools and guidance for using health IT to improve safety and mitigate health IT safety risks.
Beginning development of Common Formats for ambulatory care that will enhance reporting of health IT events outside the hospital.
The Centers for Medicare & Medicaid Services (CMS) will encourage the use of the standardized reporting forms in hospital incident reporting systems, and train surveyors to identify safe and unsafe practices associated with health IT.
Working through a public-private process, ONC will develop priorities for improving the safety of health IT. ONC and CMS will consider adopting safety-related objectives, measures, and capabilities for CEHRTs through the Medicare and Medicaid EHR Incentive Programs and ONC’s standards and certification criteria.
Guidance has also been issued to clarify that ONC-Authorized Certification Bodies will be expected to verify whether safety-related capabilities work properly in live clinical settings in which they are implemented.
ONC has contracted with The Joint Commission to better detect and proactively address potential health IT-related safety issues across a variety of health care settings. The Joint Commission will expand its capacity to investigate the role of health IT as a contributing cause of adverse events and will identify high priority areas for expected types of health IT-related events.
A few weeks ago I was asked by SearchHealthIT to contribute some tips and I chose to focus in on leveraging portal technologies and recognizing some of the more subtle risks. Links to both articles are below, but I'm also including some of the highlights here for those who ask for "Just the facts, Ma'am."
Soon I'll be heading back to the HIMSS Southern California Annual Health IT Conference - April 10th in Los Angeles. This is a special event for me because my presentations over the years have followed my expeditions across technologies: RHIOs, Telehealth/Telemedicine, HIE, mHealth, Social Media
This year's theme is healthcare consumerism and I've been invited to participate in a panel to discuss
Social Media in Healthcare: Promoting Patient Empowerment and Engagement, Healthcare Value, and Patient Centered Care
My TOWER colleagues, Sue and Megan, will join a panel discussion on
PHRs and Patient Portals: Realizing Patient Empowerment and Personalized Healthcare
Take a look at the entire agenda and register to join us at this event. We hope to see you there!
Researchers at the Boston University Medical Center (BUMC) developed and tested Re-Engineered Discharge (RED); which has proven to be effective at reducing readmissions and posthospital emergency department (ED) visits. The AHRQ and BUMC have levereged this research and developed a RED toolkit to assist hospitals, particularly those that serve diverse populations. The major tools are:
I'm fortunate to have been invited to participate in a think tank hosted by Dell with some healthcare social media icons. On Tuesday follow the live stream of the event on the widget below or on Twitter use the hashtag #DoMoreHIT. You won't want to miss the first session from 10:30 to 11:15 am on the subject of empowering caregivers and consumers.
Other participants include:
my old blogger buddies @ShahidNShah, @boltyboy and @techguy @ehrandhit.
newer social friends @ahier and @HealthcareWen
new connections @DrAndyLitt, @norabelcher, @jloveloc, @2healthguru, @lsaldanamd and @egpierro - all of whom I look forward to getting to know.
The 600ish pages of theHIPAA Final Omnibus Rule (published in January) affects nearly every aspect of patient privacy and data security and encompases the:
HIPAA Privacy, Security and Enforcement Rules
Breach Notification Rule
Genetic Information Discrimination Act
idExperts boiled down the new rule in a new whitepaper and includes their recommendations for managing the risks. The most significant clarification is that patients now have the right to get electronic copies of all of their electronic medical records upon request. In addition, new categories of PHI may be used or disclosed for fundraising for better targeted efforts.
Covered entities will be required to change their notice of privacy practices to reflect these new rulings. They should also:
Conduct and document annual privacy and security risk assessments (the HVA of Emergency Management)
Identify, manage and document compliance of business associates and their downstream contractors
Define and document your method for the security incident risk assessments; determining whether an incident is a breach or not.
Document your policies and processes for complying with the limiting of access to patient information when a patient can restrict access.
Encrypt PHI according to NIST specifications to take advantage of the safe-harbor provision regarding notifications in the event of a breach.
Keep in mind, the compliance deadline is September 23rd and it will be here before you know it.