Data Security Protocols for an Increasingly Mobile Healthcare System

Guest post by Pawan Sharma, director of operations for healthcare at Chetu.

Pawan Sharma
Pawan Sharma

Healthcare is quickly adapting to the digital environment by leveraging web-based technologies, electronic health records (EHR) and mobile devices to facilitate the movement of information. With innovative software technology comes great responsibility. One of the unfortunate downsides to increasing the use of technology for data sharing in the healthcare world is the risk of data falling into the wrong hands. Full measures need to be put in place to protect patient’s Protected Health Information (PHI). The Health Insurance Portability and Accountability Act (HIPAA) mandates that all PHIs be secured. Any breach, if not handled appropriately under established procedures, can lead to grave consequences including heavy penalties, jail time, or both. Needless to say that proper mechanisms need to be implemented to secure data while it is stored, transmitted and consumed.

Understanding Regulatory Standards

Knowledge is power. It is paramount that software providers look for back-end development partners that have Healthcare IT experience. This includes extensive knowledge and proficiencies with federal regulations like American Recovery and Reinvestment Act (ARRA), meaningful use stage 1 and 2, Accountable Care Act, etc. Also, regulatory health information exchange (HIE) standards such as Health Level 7 (HL7), Health Information Exchange Open Source (HIEOS), Fast Healthcare Interoperability Resources (FHIR), Consolidated-Clinical Document Architecture (C-CDA), Continuity of Care (CCD/CCR) as well as clinical and financial work flows.


With information traveling over a network it may be subject to interference. Hence, it is important that data be encrypted in transit. Vendors must include encryption technology to prevent disclosure of patient health information while data is communicated between the application and the server. Web traffic must be transmitted through a secure connection using only strong security protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS). SSL/TLS certificates are light weight data files that are purchased and installed directly onto the server. Once implemented, a user will be able to connect to the web-based application server via a secure tether with an internet browser.

Code Hardening

Organizations have been keen on securing networks and internal infrastructure from external threats. With this in mind, malicious entities are looking to breach data at the application level. Healthcare software proprietors must protect their application from security threats by employing hardening tactics, which shields bugs and vulnerabilities in the coding. This technique primarily includes code obfuscation. Code obfuscation is the act of intentionally creating obscure source code to make it difficult for entities to decipher. Properly employing this tactic hinders a threats ability to reverse engineer and tamper with an application to facilitate a breach.

Continue Reading

How Healthcare is Using Cloud

Guest post by Ali Din, CMO, dinCloud

Ali Din
Ali Din

Can you remember how you operated without a cell phone at your disposal 24/7? If you’re like most people today, braving the outside world without a cell in hand probably gives you palpitations. The healthcare industry has seen a comparable shift as a result of technology innovation over the past couple decades. So much so that healthcare practitioners who are somewhat new to the industry may not be accustomed to the manual practices that were in use just a few years ago.

As for today, we know that healthcare companies are using cloud. Perhaps most prominently, electronic health records (EHR) are widely adopted. In fact, the Healthcare Information and Management Systems Society (HIMSS) reports that a majority (83 percent) of healthcare organizations are using cloud services today. With adoption spanning nearly the entire industry, cloud technology has transformed how healthcare is administered.

Given the scale of cloud adoption, a few questions remain. Namely, how is healthcare using cloud today? Now that the industry has adopted the cloud, what does the future hold?

How Is Healthcare Using Cloud?

To start, let’s explore one specific use case. Medicalodges, a post-acute healthcare organization based in Kansas, was looking to get away from managing its own infrastructure. By moving to the cloud, it was able to improve collaboration, security, and set up a business continuity/disaster recovery (BC/DR) solution. Today, the organization has virtualized its servers with dinCloud’s Hosted Virtual Server (dinServer) solution. As a result, Medicalodges reports benefits including: improved collaboration, security, disaster recovery, cost savings, and scalability. Looking ahead, Medicalodges has future plans to run a mix of browser-based thin clients and continue to expand its cloud infrastructure.

Moving to larger scale trends: Tech Target sums up current use of cloud in healthcare with the following applications: storage of protected health information, software as a service (SaaS), platforms as a service (PaaS), digital imaging, and clinical research.

In its 2014 Analytics Cloud Survey, HIMSS found that 43.6 percent of surveyed healthcare organizations are currently hosting clinical applications and data. Meanwhile, 35.1 percent are using the cloud for BC/DR, 14.9 percent have virtualized servers, and 8.1 percent are using hosted virtual desktops (HVDs). In another case, a medical organization needed to run several versions of a specific testing application. However, they could not run it on the same computer because of compatibility conflicts of running the same application in multiple instances. They leveraged application publishing from dinCloud to virtualize the application. The application sits in the cloud and can be opened in multiple instances on the same computer now.

Continue Reading

Big Data Creates Big Improvements in Healthcare

From financial services, to technology, to telecommunications, retail and more, big data has made a meaningful impact across industries. In healthcare specifically, big data is being used to create a more efficient, effective and personal approach to providing care.

The statistics speak for themselves: As the $2.8 trillion industry continues to evolve, big data could add as much as $300 million per year.

But big data for healthcare is about more than revenue growth.

As the healthcare industry shifts towards a world of value-based and proactive patient care, big data offers health systems the ability to improve patient quality of life, increase preventable care and enhance patient engagement. Furthermore, big data has the ability to provide actionable insights in hospital settings while saving time, and ultimately costs, by allowing healthcare systems to operate more efficiently and effectively.

Learn more in the infographic below on how big data potential creates improvements in healthcare.

Big Data and Healthcare

Reducing the Negative Side of Prior Authorization

Guest post by Robert S. Oscar, R.Ph. CEO and president, RxEOB.

Robert Oscar
Robert Oscar

Prior authorization exists to reduce drug costs, to manage appropriate brand medication prescribing, and to curb medication abuse. Despite its good intentions, this extra step to determine whether or not a drug is appropriate for a patient’s symptoms has gained a reputation of inconvenience for both physicians and consumers.

In a 2013 study by SUNY Upstate Medical University, it was revealed that U.S. primary care physicians and their office staff have experienced significant increases in time consumption as a result of prior authorization and its associated requirements. For consumers, hours can be wasted waiting to find out whether or not they are allowed a particular prescription under the conditions of their health plan.

Reducing this negative aspect of prior authorization is paramount for the betterment of overall health costs and medication adherence. By streamlining the time spent between medical record lookup and prescription delivery, healthcare organizations and consumers can begin to experience more efficient prior authorization. If efforts made toward better big data advancements, mobile health (mHealth) and health IT are prioritized, doctors can confirm drug eligibility faster to help their patients recover faster.

Below are five reductions that can come from implementing electronic prior authorization (e-PA):

Reduced Labor Costs: When a doctor pulls up a patient’s medical records he must sift through numerous data points to determine which drugs are approved and which drugs are going to require prior authorization. The hours spent processing this data is costly for healthcare staffing, but lost time can be reduced by moving the process online and implementing electronic methods. This can allow physician offices and PBMs the ability to review, submit and determine authorization almost immediately.

Reduced Consumer Delays: A consumer will typically experience the unattractive side of prior authorization at the pharmacy. If a doctor issues a prescription without knowing the patient’s medication history or pushes a popular name brand drug without suggesting a generic, the consumer will likely get sidelined with prior authorization processing at the point of sale. Having an e-PA process that can review and determine which drugs a patient is already approved for before they head to the pharmacy can reduce customer wait times and greatly increase consumer satisfaction.

Continue Reading

Worldwide Health Outcomes: Smart Healthcare Spenders

The data displayed in this infographic is sourced from the Economist Intelligence Unit’s “Healthcare Outcomes Index 2014.” This report took into account a number of diverse and complex factors to produce a ranking of the world’s best-performing countries in health outcomes.

The EIU used basic factors like life expectancy and infant mortality rates alongside weighted factors, such as Disability-Adjusted Life Years (DALYs) and Health-Adjusted Life Expectancy (HALEs), while also taking aging populations and adult mortality rates into consideration to produce a rounded set of outcome rankings.

The EIU also provided an overview of the expenditure per capita of each country on healthcare, using data from the World Health Organization (WHO). By plotting the EIU’s outcome rankings against spending rankings for each country, we are able to develop a global overview of how effectively countries use their healthcare budgets.

This image is an excellent opportunity to dig into the weeds of outcomes worldwide, based on the finances of healthcare per country and region. According to this data, the US doesn’t stack up so well in the spend-to-return ratio, which is much discussed and often the subject of much debate. While these facts remain well know, the following infographic paints a pretty vivid picture of the truth of the situation and allows us to see healthcare spending a bit more clearly.

What does it say that most of the world’s “developed” countries have worse outcomes than those of the developing world? Specifically Europe as a whole is ranked below much of Africa and the US is listed as far worse that, say, Cuba.

Continue Reading

Health IT Startup: Gauze

GauzeWith a powerful database of more than 20,000 hospitals, Gauze helps employees, students and staff find the exact medical facility for their healthcare needs just when they need it. Search by an array of criteria, such as international hospital accreditations and certifications, that demonstrate adherence to global quality standards; medical specializations such as oncology, trauma, or endocrinology to direct you to the hospital with services to match your needs; or even whether a facility is publicly or privately funded which may dictate if they offer emergency or trauma services in the first place. Stop looking for a needle in a haystack—search Gauze to find the right healthcare provider for your emergency and basic healthcare needs while away from home.

Elevator pitch

You’ve got Montezuma’s Revenge in Mexico. Or, having a heart attack in Hamburg. Perhaps you’re simply sick in Seoul. You don’t speak the language. You might be scared. And, you don’t know where to go. We do. We’re Gauze and we’re transforming the way people connect with healthcare around the world. Gauze uses proprietary information and disruptive technology to connect the 1.1 billion international travelers around the world with any healthcare facility outside the United States right when they need it, according to their specific medical needs and geographic location.

Inspiration for origin

Suzanne Garber
Sue Garber

I (CEO Sue Garber) became ill while visiting the Middle East and, like many other travelers, waited until I got home to receive care. Turns out, I needed open heart surgery to fix a congenital heart defect I never knew I had. My situation was pretty dire and sickness affects all of us regardless of our current location. I had worked in international healthcare and medical assistance for several years and knew that getting appropriate tools, information and resources into the hands of those who are outside their home countries would facilitate access to quality healthcare no matter where you find yourself.

How your company differentiates itself from the competition

There is currently no company offering such an immediate, accurate and technology-based solution such as Gauze. Medical assistance companies rely on telephonic communication to physically speak with a person prior to referring them to an appropriate medical facility. This can be costly with international roaming rates coming into play, not to mention the time-cost factor of waiting for a phone representative to tend to your needs. Gauze removes the middle man by giving immediate access to valuable healthcare information in virtually any country around the globe. Gauze covers the world, protecting you.

Marketing/promotion strategy

Gauze offers B2B services for multi-national organizations who send out international travelers and expatriates, universities that offer study-abroad programs to students and faculty, and nonprofit organizations that are sending out charity and missionary workers to some of the most remote places on earth. As such, Gauze participates in a wide variety of thought leadership, social media and speaking platforms across a broad spectra of professional and industry associations who are geared toward keeping travelers and expatriates healthy while abroad.

Market opportunity

The international medical assistance community is relatively tight knit with many employees from one organization making their rounds through the various players. These options include Medex, HTH Worldwide, Global Rescue, ISOS and OnCall International. There’s a number of smaller operators as well that earn less than $50 million and it’s estimated that the entire industry nets around $3 billion. With only a fraction of the 1.1 billion travelers actively utilizing these services, there is room for expansion–particularly via disruptive technology that facilitates interaction across a more mobile and technologically connected audience.

Continue Reading

Releasing the Power of Big Data through Proper De-Identification

Guest post by Lucy Doyle, Ph.D., vice president, data protection, information security and risk management, McKesson, and Karen Smith, J.D.,CHC, senior director, privacy and data protection, McKesson.

Today there are opportunities and initiatives to use big data to improve patient care, reduce costs and optimize performance, but there are challenges that must be met. Providers still have disparate systems, non-standard data, interoperability issues and legacy data silos, as well as the implementation of newer technologies. High data quality is critical, especially since the information may be used to support healthcare operations and patient care. The integration of privacy and security controls to support safe data handling practices is paramount.

Meeting these challenges will require continued implementation of data standards, processes, and policies across the industry. Data protection and accurate applications of de-identification methods are needed.

Empowering Data Through Proper De-Identification

Healthcare privacy and security professionals field requests to use patient data for a variety of use cases, including research, marketing, outcomes analysis and analytics for industry stakeholders. The HIPAA Privacy Rule established standards to protect individuals’ individually identifiable health information by requiring safeguards to shield the information and by setting limits and conditions on the uses and disclosures that may be made. It also provided two methods to de-identify data, providing a means to free valuable de-identified patient level information for a variety of important uses.

Depending on the methodology used and how it is applied, de-identification enables quality data that is highly useable, making it a valuable asset to the organization. One of the HIPA- approved methods to de-identify data is the Safe Harbor Method. This method requires removal of 18 specified identifiers, protected health information, related to the individual or their relatives, employers or household members. The 18th element requires removal of any other unique characteristic or code that could lead to identifying an individual who is the subject of the information. To determine that the Safe Harbor criteria has been met, while appearing to be fairly straightforward and to be done properly, the process requires a thorough understanding of how to address certain components, which can be quite complex.

The second de-identification method is the expert method. This involves using a highly skilled specialist who utilizes statistical and scientific principles and methods to determine the risk of re-identification in rendering information not individually identifiable.

We need to encourage and support educational initiatives within our industry so more individuals become proficient in these complex techniques. At McKesson, we are educating our business units so employees can better understand and embrace de-identification and the value it can provide. This training gives them a basic understanding of how to identify and manage risks as well as how to ensure they are getting quality content.

Embracing Social Media and New and Improved Technologies

One of the challenges we face today in de-identifying data is adapting our mindset and methodologies to incorporate new emerging technologies and the adoption of social media. It is crucial to understand how the released data could potentially be exposed by being combined with other available data. New standards are needed.

Closing Thoughts

While de-identifying data can be challenging and complex, the task is made easier when we remember and adhere to our core directive to safeguard data. With this in mind incorporating new technologies is part of an ongoing process of review.

When done properly, de-identification enables high quality, usable data, particularly when the expert method is used. De-identification should not be viewed as an obstacle to data usage, but rather as a powerful enabler that opens the door to a wealth of valuable information.

The Comprehensive ESRD Care Model: The First Disease-Specific ACO Program

Guest post by Ken Perez, vice president of healthcare policy, Omnicell.

Ken Perez
Ken Perez

Under the authority of Section 3021 of the Affordable Care Act (ACA), the Centers for Medicare and Medicaid Services (CMS) has launched a variety of accountable care organization (ACO) initiatives, including the Pioneer ACO Model, the Medicare Shared Savings Program (MSSP), the Advance Payment ACO Model, and the Next Generation ACO Model. ACOs continue to be the most aggressive of the healthcare delivery reforms mandated by the ACA.

Notably, none of the aforementioned ACO models has a disease-specific focus. During the past few years, DaVita Inc., the nation’s second-largest dialysis provider, lobbied CMS diligently for a renal-specific ACO or at least creation of a framework that would allow for a disease-specific approach. DaVita formed the Accountable Kidney Care Collaborative to prepare the nephrology community to participate broadly in general ACOs and/or in disease-specific renal ACOs.

An ACO Program Focused on Renal Disease

On Oct. 7, 2015, the Center for Medicare and Medicaid Innovation (the Innovation Center) made a groundbreaking announcement, launching the Comprehensive ESRD Care (CEC) Model, with its sole focus on end-stage renal disease (ESRD), also known as kidney failure. This disease afflicts more than 600,000 Americans. These individuals require life-sustaining dialysis treatments several times each week. In 2012, ESRD beneficiaries comprised 1.1 percent of the Medicare population and accounted for $26 billion or 5.6 percent of total Medicare spending.

The CEC Model’s first three-year agreement period began on Oct. 1, 2015, with 13 ESCOs in 11 states: Arizona, California, Florida, Illinois, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, and Texas. All except one of the 13 ESCOs are owned by a large dialysis organization (LDO), defined as an organization that owns 200 or more dialysis facilities. Dialysis Clinic, Inc. (DCI), the nation’s largest non-profit dialysis provider, owns three of the ESCOs, as does DaVita. Fresenius, the largest dialysis provider, owns six of the ESCOs. The lone non-LDO is the Rogosin Institute in New York City.

As with all Medicare ACO programs, the CEC Model has both quality measures and expenditure-reduction targets which impact the model’s payment arrangements.

Quality Measures

The CEC Model features 26 quality measures—14 outcome and 12 process—for both LDOs and non-LDOs. The quality measures span five domains: patient safety, person- and caregiver-centered experience and outcomes, communication and care coordination, clinical quality of care, and population health.

Continue Reading

Transparency, Collaboration, Innovation Key to Achieving Nationwide Interoperability

Guest post by Jitin Asnaani, executive director, CommonWell Health Alliance.

Jitin Asnaani
Jitin Asnaani

For decades, the use of paper medical records was the “norm” and the sharing of those records with another provider typically involved a photocopier and a briefcase for the patient to carry them to the next doctor. Today, electronic medical records are becoming the standard, but the exchange of health data between disparate networks and software systems has remained elusive.

While some data exchange is taking place in health care today, it’s only occurring in isolated pockets, typically within one region or health system, making it largely ineffective. Solving this challenge requires transparency, collaboration and innovation for continued success–attributes CommonWell Health Alliance embodies.

Transparency across the Industry

Competition in almost every sector thrives on keeping information separate and technologies proprietary. However, for many industries – like banking, telecom and internet, working across competitor lines to exchange data has enriched and expanded their reach. Health care needs to take a lesson from these industries.

Working in data silos will not improve the exchange of health data; rather, it will create friction in the industry. Patients expect their doctors to have the information they need to provide them with the best treatment. Doctors struggle to access this important data outside their four walls. The industry has an opportunity to step up and make it possible for providers to access a three-dimensional view of the patient’s health history, and in turn, create a new wave of opportunities for the health IT industry.

Collaboration among Health IT Industry Players

Collaboration throughout the IT industry is essential to creating a ubiquitous nationwide interoperable Health IT Infrastructure. This focus on infrastructure will drive standard adoption and open up the gates to national record sharing. Electronic health record (EHR) vendors offering services across the healthcare continuum are a key piece of this puzzle, which is why CommonWell formed to join forces with all health IT stakeholders dedicated to the vision that patient data should be accessible no matter where care occurs.

Collaboration with the public sector is also crucial. The government plays a strong role in narrowing the technical standards in health IT, but the bar must be raised on leveraging real-world data exchange. Additional ONC activities are complementary to the existing Federal Advisory Committees (FACAs) as noted below:

Continue Reading

ResearchKit: A Valuable tool for Researchers, but with Limitations

Guest post by Kalisha Narine, technical architect, Medullan.

Kalisha Narine
Kalisha Narine

In March 2015, Apple announced the next big thing for the scientific community: ResearchKit. According to Apple, the new application would help researchers gather more data, more frequently, and more accurately than ever before, all by utilizing the more than 94 million iPhones in use in the U.S. today as a strategized recruitment channel.

In a nutshell, ResearchKit makes it easier for researchers to create iOS apps for their own research, focusing on three key things: consent, surveys, and active tasks. ResearchKit provides communication and instruction for the study, in addition to pre-built templates for surveys that can be used to collect Patient Reported Outcomes. Plus, ResearchKit can collect sensor data (objective patient activated outcomes) on fitness, voice, steps, and more, all working seamlessly within Apple’s HealthKit API, too, which many users have on their devices already. This allows researchers to access relevant health and fitness data (passive patient outcomes).

ResearchKit-powered apps like MyHeart Counts, Share the Journey, Asthma Health, GlucoSuccess and mPower have shown us that people want to do their part in advancing medical research by sharing their data with researchers committed to making life-changing discoveries that benefit us all.

Five months after its launch, I’d say, in no exaggerated terms, that ResearchKit has proven to be game-changing for researchers, leapfrogging patient reported outcome studies into a “mobile first” world. However, the current framework certainly doesn’t cover the full gamut of what is needed to build a patient-centered, engaging, scaleable digital outcomes solution. If you’re planning piloting a solution around ResearchKit, here’s what you need to know:

ResearchKit offers up important benefits for medical researchers, especially when it comes to recruitment capability and the speed at which researchers can acquire insightful data to speed medical progress.

The MyHeart Counts app has been arguably the most successful example of ResearchKit use to date — it’s a great example of the recruitment capabilities provided by ResearchKit. In just 24 hours, the researchers from MyHeart Counts were able to enroll more than 10,000 patients in the study. Then they clocked an unprecedented 41,000 consented participants in less than six months (even before entering UK and Hong Kong markets). As most researchers know, recruitment can be one of the biggest challenges in building a study. But with ResearchKit, scientists are able to grow their number of participants into the thousands very quickly; it would have taken the MyHeart Counts researchers a year and 50 medical centers around the country to get to 10,000 participants.

Additionally, ResearchKit also increases the speed at which researchers are able to find the insights they’re looking for. This is mostly because people use their mobile devices constantly (most Americans clock more than two hours per day), which means that the accumulation of mass amounts of subjective (surveys), objective (sensors/active tasks) and passive (background) data happens quickly. The Asthma Health app is a great example of this, as it combines data from a phone’s GPS with information about a city’s air quality and a patient’s outcomes data, all to help patients adhere to their treatment plans and avoid asthma triggers — study participants told researchers that the app was also helping them better understand and manage their condition. The app is also assisting providers in making personalized asthma-care recommendations.

Continue Reading