Guest post by Kim Lennan, Director of Healthcare Markets at Sensage
Healthcare organizations of every size face a growing number of threats and regulations associated with patient data management. Pharmacies must be on the lookout for falsified prescriptions issued to employee family members. Hospitals must track access to patient records, from both inside and out, to identify individuals trying to gain health details about a celebrity, a neighbor or family member. Network connections must be analyzed to pinpoint situations when passwords have been compromised or mobile devices have fallen in the wrong hands. Finally, meaningful use Stage 1 requires the identification of devices, systems and applications that are dormant or redundant.
To address these scenarios, IT teams must establish monitoring capabilities around a disparate set of systems and activities. This leads to incredibly manual, risk-prone event data collection, correlation and analysis processes across clinical and non-clinical sources, which discourages most IT teams from even taking the first step.
A successful event data management initiative provides three important benefits, which are often overlooked:
The ability to understand patterns and establish baselines by which risk can be measured against. When you know what “secure” activities look like, you can create alerts when an unusual activity exceeds acceptable boundaries or thresholds. For example, if you know a set of workstations are not used during the hours of 11 p.m. to 4 a.m., you can easily set up a notification when a flurry of activity takes place on one of them during that period.
The much-needed context to drive better policy creation and compliance. If you are able to demonstrate events that create risk, you are more likely to drive understanding with users and influence appropriate behaviors. For example, correlate data from your time management system with log-out details on a shared workstation to identify high-risk individuals who fail to log out when they go off duty, leaving that system open to compromise.
The valuable insight needed to investigate a breach or establish compliance with internal or external regulations and policies. All too often, the data that can tell the story was either not collected or is impossible to analyze after the fact. In cases where an incident or breach spanned more than 90 days, most organizations have no historical perspective to review, which could prove a non-event.
For greatest success, security practitioners, auditors and compliance teams will need to align around processes that aid their shared efforts and actions. Here are some must-haves that need to be in place — or at minimum discussed:
Collect and centrally store all event data, even if you don’t think you need it. This is especially important since you don’t always know what you have—or what you will need—in the way of historical data analysis.
Establish basic measurements, understand them, then expand. Start somewhere … anywhere … to establish a metric and then work to make that metric useful or replace it with a better one that you’ve discovered in the process. Don’t just poke around or take a whack-a-mole approach to your discovery process — prioritize your effort so that you can accumulate and maintain a portfolio of metrics that maximize the value of your initiative.
Be consistent or face the consequences. Don’t spend a month on analysis then move on if nothing pops up. Maintaining consistent vigilance is the key to spotting trends or variance. Erratic monitoring and analysis leads to a false sense of security and reduces your ability to continuously reflect and refine based on known patterns.
Be ready to change. There is a tendency to take a finding, create a counter-measure around it, and then never look back. Be intellectually honest when you make new discoveries, particularly if they show a need to change an established rule, alert or policy. While flexibility and change seemingly conflict with “be consistent,” get comfortable with the idea that you will often learn something new which will require a policy or process change.
Engage experts and ignite managers. The dynamic nature of attacks may also lead you to integrate data from systems you didn’t initially consider using to drive critical correlations. As you think about what data to analyze, solicit input from teams who know the systems, devices, people or information associated with all areas of infrastructure. They may shed light on interdependencies or relationships that are critical to better metric definition. Leverage “the truth” established with the experts to ignite the support needed from managers.
A healthy, sustainable data management initiative starts with a single version of the truth. When everyone is looking at the same data, there is an increased likelihood that anomalies will be spotted and risks can be detected more rapidly. Here are some of the capabilities to look for:
A data management solution that makes event data collection from any source a simple task.
A scalable system that gives you the ability to collect and store vast amounts of data without ever-increasing hardware or maintenance costs.
Correlation capabilities that leverage a standards-based event taxonomy so analysis is possible across all data, regardless of source, without additional work from you.
Flexible analysis options that address the needs of every user – from standard reports to customizable dashboards and ad-hoc querying.
There is much we are learning every day when it comes to protecting patient data, and – to evolve – we must adopt new disciplines and continuous improvement around risk monitoring. We applaud Cerner, our innovative partner, and customers like Adventist Health Systems, who are breaking new ground with the “science of risk management” and developing a centralized approach to the systematic inspection across their clinical and non-clinical landscape.
HIMSS is one of the most exciting events on the health IT calendar. An annual parade of the pomp and circumstance, the mighty and the meek; the somewhat great equalizer for everyone in attendance (perhaps not measured by booth size but by mere participation).
HIMSS is the place to be seen as it holds a certain stature, like being invited to the hottest party in town or attending an industry’s red-carpet event. As such, there’s a level of elitism for those that make the journey as all that enter the grounds can claim that they’ve reached a certain stature in their careers.
There are the parties and toasts, educational and informational, evangelists and doomsdayers walking the same halls, shaking the same hands, seeking the same solutions and securing similar aspirations. As if a city of its own, HIMSS thrives upon its own economies and its communities, its own crooks and its own saints; it is the world in which we live, and great things tend to happen here, despite the few inevitable hiccups that happen along the way.
From the sessions to the show floor, the whole thing is a carnival. Like in the real world, everyone in attendance has their tribe and the land in which they’ve staked is the land in which they occupy.
I’ve done my time in the booth; standing at the edges of the territorial carpet, scanning the horizon, taking in the tourists and judging the competition for their various faults — from the poorly dressed sales folks to the vendors vying for supremacy from the land of the largest booth.
Sometimes, we cross the isle, make nice and say hello to a neighboring tribe. Others times we invade, stealing chachkis, and water and the occasional free massage.
We smile and make nice, and for a minute we’re friends, but then we remember that we come from the other side of the isle so we slither back to our tents and to our carnival barker duties. After all, it’s the show they love — the folks walking by – who window shop their way through the maze of capitalists.
We’re their entertainment, in our pressed shirts, standing in our corner smiling. We make passersby pass the time between sessions, but we understand our role. Even though we’re there to show some product and educate some minds, it’s a time for us all to come together and to celebrate the best that is healthcare, its technology and all its related parts.
For a few short days, we’re united and (somewhat) sincere with each other. Like a high school graduation party where everyone can come together even after years of disagreement or opposing views and think grand things about the future even though we know the roads we’ll travel will take us down very different paths.
And when it’s all over and life settles down, after the tent cities are razed and we’re back in our offices, we’ll remember the time we had where we came together and we’ll long for those time once again.
“There’s always next year,” some of us will say to ourselves, but we know it will never last forever.
Despite the good times we had round the hotel bar, in the ballroom or conference center board room, we realize that even the best of times must end and, ultimately, we pretend to know “it” (read: interoperability) could never work in the “real” world so we settle for and embrace the short-term relationships we’ve made knowing “we’re just not right for each other.”
Truth is, in the end, when the show is over, we’ll simply return to our silos and shut the door. Lights out, and once again we’ll be alone.
By the time the market is ready to move, the technology they’ve been told to move to won’t exist as it has been depicted.
This is much the same thing as technology that has been developed that upon its arrival has been pronounced dead. An example of this was the iPad. Before it hit the market analysts and naysayers said the technology – which I don’t have to tell you is essentially a hand-held, touch screen computer – was worthless. No one had a need for PC that one could carry about wherever they went; we had laptops after all. But they failed to see the upside.
For example, iPads are the ideal technology for busy physicians (as you well know) making rounds jumping from patient to patient throughout a practice, as well as have had a profound effect on the treatment and education of individuals with autism and other developmental disabilities.
For example, tablet devices have opened the door for children with special needs, many of whom use them easily and effectively. Not only have they become a learning tool for many of these children, they have also become communication devices. According to Mashable, students using an iPad advance more quickly than those who did not use them. Even in education, there are currently more than 2 million tablets, like iPads, being used and the number will increase dramatically as the technology becomes more accessible and affordable.
As of December 2012, there are more than 20,000 apps for mobile devices that teach communication, speech, language, motor skills, social skills, academic skills, behavioral skills and more than 900 apps for students with disabilities, including autism.
I believe something similar will happen to the patient portal market. Heavily pushed on physicians by EHR vendors for the last three years, this has led to their increased popularity. Meaningful use hasn’t hurt either.
However, by the time the market adjusts to their availability and the reasons for their existence – bill administration, appointment scheduling, viewing records (in some cases) and communicating securely with physicians – the technology as we now know it will no longer exist.
Monique Levy, vice president of research for Manhattan Research recently made an interesting point about the future use of patient portals and I think it’s hard to disagree with her: Today, patient portals are most commonly used for scheduling appointments, viewing medical results and sending messages to doctors or nurses, Levy says. But many more advanced features are not only possible, but are available and waiting to be implemented. This includes access to video chat with a healthcare professional, pre- or post-operative care instruction videos and consolidation of all of a patient’s medical data from multiple sources in one place.
For instance, mobile health technologies will feed patient data directly to the patient portal to improve care and treatment options.
In a lot of ways, this sounds a lot like a Hootsuite interface that used to collate and track all of our social media channels. For example, I can track my Twitter feeds and Facebook pages as well as can interact, post and broadcast content through it. Patient portals are likely moving in this direction and will end up being so much more than the base model systems currently being implemented.
Most likely, the standard bi-directional portals that current vendors produce are likely going to be passé in short order and new systems and interfaces are likely to crop up and take over the market, changing the landscape once again.
Simply stated, perhaps it’s best not to believe all that we’re being told. It may benefits us to think about where our decisions regarding technology investments take us.
To follow the belief that the stale portals of today will match what in the future will most likely be vibrant interfaces may be similar to denying the viability and importance of devices like tablet PCs in healthcare and beyond, though, many thought them worthless at the point of issue.
Guest post by Stein Soelberg, director of marketing, KORE Telematics
As a provider of machine-to-machine (M2M) wireless networking services specifically designed for connecting mHealth solutions, KORE is approached every day with new use-case scenarios where telemedicine can provide life-saving or quality-of-life improving solutions for patients.
Currently, there are many health conditions that are being positively affected by the growth of mHealth applications; however, the top five health conditions for telemedicine treatment are active heart monitoring, blood pressure, diabetes, prescription compliance and sleep apnea.
1. Active heart monitoring. For at-risk patients, wireless heart monitoring devices have already proven to reduce hospitalization through early detection of heart failure. In addition, these devices are able to limit the time that physicians spend looking at data that is not pertinent, since they only send notifications with information that is outside an acceptable range.
2. Blood pressure. Wireless sensor nodes have become cost-effective, compact and energy efficient, which allows for continuous cycle reporting and electronic dispatch in urgent situations. It is important, however, to distinguish in this category between “critical monitoring” and “convenience monitoring.” The former are able to account for stress, eating habits and other external triggers more completely and pinpoint life-or-death issues. The latter are iPhone Apps for the health conscious consumer.
3. Diabetes. Wireless glucose monitoring devices can send alerts to patients and doctors alike when values move outside an acceptable range. These devices can also monitor for dietary intake to help impact a patient’s lifestyle choices.
4. Prescription compliance. On the surface this is an easy one. Patient health risks — and the risk of hospital admission — get greatly reduced by patients taking their medications as directed. But there is also a need to ensure that people take entire drug courses and eliminate the potential for re-prescribing. Literally billions of dollars each year reach their expiration date in patient’s medicine cabinets. Additional intangible benefits include fewer provider phone calls, and even shorter wait times in provider offices, by eliminating visits from improper prescription utilization.
5. Sleep Apnea. The thing that is really interesting about telemedicine devices for sleep apnea is that they can handle both investigatory and direct treatment. The two-way nature of the device can report on sleep patterns, body position and breathing to refine research and treatment course for any given patient. There is a direct cost saving here as well, since the devices directly eliminate the need for expensive Polysomnography exams and limit the need for overnight hospital stays, on an ongoing basis.
These mHealth applications are helping to promote more efficient use of medical equipment and resources, ensuring that devices and medication are being used as prescribed, improving patient outcomes by providing real-time data, improving patient quality of life, decreasing treatment costs and minimizing travel to and from offices and hospitals to allow for ease in care. Overall, the rise of mHealth/telemedicine will drastically and positively affect the lives of patients with a wide variety of health conditions.
Stein leads a team whose responsibility is to own the branding, advertising, customer engagement, loyalty, partnership and public relations initiatives designed to propel KORE into the 21st century. With more than 15 years of technology marketing experience in the business to business software, Internet services and telecommunications industries, Stein brings a proven track record of launching successful MVNOs and building those brands into leaders.
In a recent conversation with Steve Ferguson, vice president of Hello Health, he described how the company is identifying new revenue sources for practices while working to engage patients. Even though the company’s business model is one that sets it apart and helps it rival other free EHRs, like Practice Fusion, I left the conversation with him wondering why more venodrs weren’t trying the same thing as Hello Health: trying something no one in the market is trying to see, if by change, a little innovation helps pump some life into the HIT market.
Along the same lines, myself and thousands of others in HIT have wondered why systems are not interoperable and, for the most part, operate in silos that are unable to communicate with competing systems.
Certainly, there’s a case to be made for vendors protecting their footprints, and for growing them. In doing so, they like to keep their secrets close; it’s the a business environment after all and despite the number of conversations taking place by their PR folks, improving patient health outcomes comes in only second (or third) to making money.
However, let’s move closer to my point. Given the recent rumors that Cerner and McKesson are working on a joint agreement to enable cross-vendor, national health information exchange, I’m wondering: Why don’t other vendors partner now and begin to build interoperable systems.
According to the rumors, the deal, if completed, could shift the entire interoperable landscape for hospitals, physicians and patients. It would position Cerner, which has more EHR users, and McKesson, which has a strong HIE product in RelayHealth with a loyal user base, to take on Epic Systems, a leading EHR vendor.
An announcement is expected at HIMSS13.
Here’s why this is important news: Interoperability mandates are coming. Like most things, it’s really just a matter of time. Systems will be forced to communicate with other, competing systems. They should already. It’s actually a bit shocking that given the levels of reporting required of care givers, the push for access to information through initiatives like Blue Button and patient’s access to information through mobile technology that there’s not more openness in the market.
The Cerner/McKesson news is incredibly refreshing and worth a look. Two major competitors may be realizing that by partnering they’ll be better able to take on each company’s biggest competitor: Epic.
Imagine connected systems exchanging data. The thought alone would be marketable across several sectors of the healthcare landscape and the move worthy of reams of coverage, which would lead to great brand awareness for each and the change to do what all EHR companies aim for: To create thought leaders; to stand out; to set the market on its heels.
If nothing else the partner vendors would stand ahead of the pack when future interoperability mandates are enacted and will be seen as experts in the exchange game. Tongue and cheek aside, the idea really is a good one and with no one currently doing it, it’s a great opportunity for a couple of HIT companies to actually move change forward and create an environment where information can be easily exchanged across practices, across specialties and across borders.
Then, perhaps, we’ll see a real commitment to improved patient health outcomes rather than them simply trying to improve bottom lines.