In a great new white paper, “Essential Enterprise Mobile Security Controls,” sponsored by Blackberry and posted by Tech Target, mobile device security is the feature show. As it continues to be the main event for mobile technology, mobile devices will continue to be used to carry high-value personal and company information, as expected.
When personal devices are disconnected from company networks, security risks were relatively low, according to the report, but as the technology permeates and its use becomes even more closely connected to the work environment, the risks to security increase significantly.
Apparently things have been pretty slow until now, but that’s not likely to last. The turning point is here and hackers are on the move, including on iPhones, as well as the Android market place. Given these continual threats, and the importance of the data healthcare organizations protect, the need for improved mobile security controls an imperative for any organization looking to leverage mobility for competitive advantage.
According to the report, “A key challenge for improving mobile security is to understand what tools are available and how they can be leveraged.”
The following is a list of must-have mobile device security controls to protect workers and organizations, again according to Blackberry:
Device security. Remote lock, wipe and backup/recovery can help reduce the risk associated with lost or stolen devices. According to SearchSecurity.com, lost and stolen devices rank among organizations’ top mobile security concerns, and for good reason: “The easiest way to lose data via a mobile device is to lose the device itself. Every enterprise sanctions (or doesn’t prohibit) BYOD must ensure that any supported device can be locked and erased remotely, and that valuable data is backed up to a location under the organization’s control.”
Network security. The increased number of smartphones and other devices that are carried into the enterprise by end users increases the threat to corporate networks.” Attackers have started seeking ways to use unsecured mobile devices as a means to leapfrog into otherwise protected areas of the network, including databases.
Malware defense. The oncoming wave of mobile malware requires protection, like antivirus, personal firewalls, Web filtering and anti-spam. “It’s becoming necessary to invest in mobile add-ons from traditional antimalware vendors, or consider a mobile device management (MDM) product that can, among other things, facilitate the extension of anti-malware to a variety of mobile devices.”
Threat intelligence. Large enterprises should invest in threat monitoring tools and research teams, and train them on how to not only identify mobile threats, but enable rapid response. These functions can be closely tied to existing log analysis and security information and event management (SIEM) processes. “The most important tactic here is to develop a baseline of “normal” mobile device activity and use analytics and real-time monitoring to spot deviations that may be a sign of an attack.”
Centralized management. Central management tools provide a “single pane of glass” to set and enforce policies and perform many other security-related functions across all mobile devices. This is becoming an increasingly important capability in organizations where multi-platform support is essential.
Data encryption. Files, contacts and email need to be encrypted on mobile devices in the event of loss or theft. Each platform comes with different encryption challenges, some requiring additional encryption application for the data that lives on the device. While the market for mobile encryption for data in motion is immature, new options are emerging all the time.
Over-the-air capabilities. Mobile security requires over-the-air provisioning and configuration to ensure that workers always have the latest security capabilities without burdening IT, forcing them to physically touch each device. As demand grows for an increasingly diverse landscape of mobile devices, this feature is crucial for enterprises that need to scale their mobile security provisioning efforts.
According to the report, and this is a nice summation of the report (and I quote): “Mobile security is still in its infancy, but the trends around connectivity, device evolution and worker mobility means organizations must start planning their mobile security strategy now, and that process begins with assessing what mobile security controls are needed and developing a plan to put those controls into action.”
There’s a special place in my heart for electronic health records. Having worked with one of the largest vendors (at the time; the company has since shed about 20,000 of its physician users) I understand their capabilities and how they can benefit a practice beyond just how they are marketed. EHRs are one of the reasons I started this blog, in fact. If I could spend more time on them and keep people interested in this site, I would, but not everyone feels that way I do about them so I’m forced to broaden my horizons and cover a variety of other topics.
Alas, I also feel we’re entering their final days glory days. I believe 2013 will be the year of transition in which we as a market decide that EHRs are foundational and that other, new technologies are emerging that will either make EHRs better or render them essentially useless. Until then, though, I’ll allow myself to continue to focus on them from time to time and hopefully you’ll find the information relevant, which brings me to today.
Found an interesting piece in Executive Insight magazine by Meditab’s VP of Marketing, Kirk Treasure. Though Treasure makes the claim (like most EHR vendors continue to do) that EHRs are increasingly important to the continued streamlining and delivery of patient services, but he says, because of a recent KLAS report, that practices and health systems are becoming dissatisfied with their EHR vendors and their systems.
This really comes as no surprise and has been expected. Some of this has to do with vendors trying to get by on the status quo while some of this has to do with crippling meaningful use regulation. Some of it has to do with promises not kept or promising too much (which is usually the case), but again, there’s nothing surprising here. It’s where we are in the market.
According to Treasure, there are two reasons for this wave of provider dissatisfaction.
One: “Many physicians are basing their decision primarily on cost factors, not realizing that cheaper is not necessarily better.”
Two: “Many practices are not 100 percent comfortable with their own internal processes, and as a result, purchase an EHR system that does not satisfy their needs.”
Treasure warns those in the market for an EHR to take their time to evaluate their needs and future goals of the practice then look at what they can realistically afford to invest in a system. “It’s important to weigh out whether or not a perceived expensive initial cost will save you money in the long-run,” he said.
“Next, analyze your workflow to see which processes you would like to maintain and what areas you would like to improve,” he added. “This will help in cultivating efficiency and organization throughout the practice, while ensuring that your EHR system supports your goals.”
Treasure continues his golden advice. Vendors need to look for systems that meet the specific requirements of their practice and to understand that there is no “one-size-fits-all solution,” even within the same medical specialty. Once a list of vendors has been narrowed down, check references (this is an absolute must) and try to speak with several clients that have been using the system for at least a year. According to Treasure, “They can tell you about any obstacles encountered during the implementation, their support experience and the benefits from making the switch.”
Here are some other suggestions to purchase the right EHR system for your practice and avoid a costly mistake, from Treasure:
• Understand the total cost of ownership of each vendor’s pricing structure. For example, some cloud-based vendors provide EHR services on a subscription basis. Paying $400-$600 a month for a five-year contract period would result in a $30,000 commitment plus the initial investment for implementation and training. Alternatively, the total cost of ownership for a server-based office system with a $10,000 upfront cost and a $200 monthly maintenance would only be $22,000.
• Look for hidden costs in the contract, such as additional fees for in-person training, document management services, EDI setup, or annual maintenance fees in addition to the monthly support costs. Also, watch for provisions that allow the vendor to increase fees during the course of the contract.
• Ask the vendor if the system will accommodate any potential changes in your practice model. This could include, for example, joining an accountable care organization (ACO), adding telemedicine services or expanding upon the practice concentration in the future (i.e. bariatric, weight management, etc.).
• Consider the EHR system from the point of view of the patient, as well as the physician and office staff. For example, is the EHR system easy to use in the examination room? Does it provide reports on waiting times or other service delivery issues?
• Be sure that you “own” the data under the terms of the contract. Some vendors charge a fee for exporting the data to a new system before the contract expiration date.
• See if there are provisions that would allow you to get out of a contract after six months or a year. This is essential if the system ends up not working for you.
• Finally, be sure you are comfortable with the vendor. In many cases, a smaller or mid-size company can provide a higher level of personal service. That’s an important consideration in helping physicians and office staff take advantage of the many potential benefits of deploying an EHR system customized to the needs of the practice.
Guest post by: Jared Rhoads, Senior Research Specialist in CSC Healthcare.
There is no gentle way to put it—cyber criminals from around the world are out to steal your personal health and financial information. And, if recent studies are an accurate reflection of the state of security in the healthcare industry then criminals have ample opportunity to do harm.
The past five years has seen rapid growth in the digitization of healthcare records and the online sharing and transmission of personal and financial data. Healthcare organizations have taken many of their information capabilities online, and they have embraced new technologies like portable media and mobile computing. However, they have not always been able to keep up with leading edge security practices.
Experts warn that the healthcare industry lags in addressing known problems and implementing basic remedies. Many hospitals and practices, for example, have been slow to encrypt their data sources properly and to deploy basic network monitoring. An investigative report by The Washington Post found cases of medical staff at hospitals using unsecured computers to connect both to internal networks and the public Internet. A 2012 government review of industry security cautioned that the way in which some organizations offer remote connectivity to physicians could introduce additional security risks.
Inadequate security practices have enabled cyber crime activity to thrive. According to the federal government, an unprecedented 21 million Americans have had information from their medical records lost or stolen since 2009. Nearly three-quarters of healthcare organizations report having experienced some kind of data breach or security incident in the past 12 months, and 94 percent of report at least one data breach in the past two years.
While not every data breach is necessarily a case of cyber crime, the incentives attracting cyber criminals to the scene are high. According to the World Privacy Forum, a stolen medical record now has a street value of roughly $50, compared to $14-18 for a credit card number or $1 for a Social Security number. Thieves use the rich medical and financial information to commit various forms of identity theft, including receiving free care, filing false patient claims to payers, and forging prescriptions.
Fortunately, medical-related cyber crime is receiving increased attention and awareness is on the rise. Healthcare organizations are beginning to move beyond simple risk assessments and venture into implementing more sophisticated anti-cyber crime solutions.
To address vulnerabilities and combat cyber crime, organizations need to take aggressive action and augment their security strategy using a variety of new approaches and technologies. Here are six ideas that all healthcare organizations can consider in 2013:
Implement automated network monitoring tools. Use automated tools to assess network vulnerabilities and monitor for breaches and unauthorized activity. Monitor key egress points to see what is being sent outside the walls of the organization, where and when it is being sent, and to whom it is being sent.
Deploy adaptive multi-factor authentication. Biometric patient identification systems based on fingerprints, palm vein patterns and other physical attributes can help guard against certain types of medical identity theft and insurance card fraud. User authentication requirements should also change dynamically based on where users are logging in from and what they are trying to access.
Consider outsourcing some or part of your security needs. Researchers at the Ponemon Institute have found that roughly a third of health organizations admit that they do not have the technology, budget or trained personnel necessary to handle today’s security challenges. Managed security service providers (MSSPs) offer a cost-effective way to have 24-hour network monitoring, incident tracking and immediate incident response.
Offer training, guidance, and approved versions of mobile apps for employees. Role-based employee training on mobile device security and guidance is critical to maintaining good security practices. Additionally, hospitals can offer enterprise versions of mobile apps and provide safely partitioned areas of the network for the apps to run upon.
Patch, secure, and monitor medical devices. Medical devices such as IV pumps, pacemakers, and bedside equipment are a new target of choice for cybercriminals seeking to wreak non-financial havoc. To combat this threat, ensure that devices are virus-free prior to installation, and encourage biomedical engineering teams to communicate freely with IT support teams.
Consider cyber insurance. New insurance products are coming to market that are designed specifically with healthcare organizations and HIPAA-covered entities in mind. Policies can defray breach-related costs, such as legal defense, privacy notification and even federal fines and penalties.
Cyber crime is a serious threat to health IT security, and it is unfortunately not going away anytime soon. However, by moving beyond the simple risk assessment and adopting a multi-faceted security strategy, prudent healthcare organizations can take significant steps to protecting their patients’ information and mitigating risk.
Jared Rhoads is a Senior Research Specialist in CSC’s Healthcare group. He consults, researches, and writes on a broad array of topics relating to healthcare technology, trends, and legislation.
Guest post by: Sarah Armstrong, a consultant at ARRYVE, a strategy consulting firm.
A recent study published by the RAND Corporation indicates that implementation of electronic health records (EHR) has not yielded the cost reduction predicted in 2005[i]. Their study identified process efficiency and patient safety savings as two primary outcomes of EHR implementation, leading to a forecasted $81 billion annual drop in healthcare costs. Instead, costs have risen significantly. RAND cites a number of reasons for this: sluggish adoption of health IT systems, coupled with the choice of systems that are neither interoperable nor easy to use; and the failure of healthcare providers and institutions to reengineer care processes to reap the full benefits of health IT.
While the latter can be attributable to the inability or unwillingness of care providers to change, the former places blames on the institutions’ IT departments and software companies. These parties know that disparate EHRs leave a significant gap, but providers are not empowered to bridge the gap. Furthermore, software companies may struggle to differentiate themselves should they modify their product to be compatible with that of a competitor. Assuming either option presented a real possibility, modified software products and altered care processes lie years down the road at best.
If something breaks, you fix it. Fixing this problem will not be easy, however, and many opinion pieces point to our federal government as the catalyst required to affect change. But instead of a major, time-consuming overhaul by the producers and users of health IT, I propose we consider incremental ways to mitigate some of the effects of the problem. I see great opportunity for 2013 to be a year not of rigorously planned change, but of simple workarounds. Specifically, these workarounds would be performed by the people most affected by 1) poor or nonexistent interoperability of EHRs and 2) their caregiver’s inability to effectively use the technology: patients.
Consider the primary problem that arises from non-interoperable health IT systems: incomplete patient data. This problem manifests itself in many ways. For patients, treatment options may be redundant, medicines prescribed may counteract each other, and they may find themselves repeating information they already gave another provider. For providers, if their patients seek care outside their facility and do not fully report their medical history, the current state of health IT does not afford them a way to see the full picture. Additionally, the quality of a provider’s aggregate patient data diminishes.
I would argue that incomplete patient data has long been a problem associated with paper medical records. So why the recent finger pointing at EHRs? Could the problem be attributed to behavioral changes on the part of both providers and patients? Within the past five years, I have changed primary care physicians twice. I have listed the names of my previous physicians, but neither has asked me to obtain my old records. Because I have not been asked to procure these, I have not troubled myself with the task.
A patient unfamiliar with health IT or health information privacy laws might think that listing their previous physician’s name (or current specialists’ names) automatically transfers their medical record. Unless a patient signs for a record transfer, caregivers must rely on what is optimistically a factual and complete patient history form that is often filled out during the minutes before an initial visit. Years of medical care are rewritten according to one’s ability to recall vaccinations, test results, and allergies, as well as the accuracy of a data analyst inputting the record into the patient’s brand spanking new, and likely abbreviated, EHR.
Patients want the best care and we look to our caregivers to tell us what to do. We may not always listen (e.g., quit smoking, exercise, etc.), but people consistently identify their physician as the person they trust most. A simple but powerful mitigation plan for addressing incomplete patient data could be to involve patients more closely in their care:
In addition to obtaining high-level health information in the intake form, ask new patients to procure their old records. Evaluate the records and input the most important details into the EHR.
When calling with appointment reminders, ask patients to bring all current medications and supplements to the medical center. An easy task for many, it can only help providers diagnose and suggest treatment options.
During the visit, ask if the patient has sought care elsewhere. A simple question, it would likely jog one’s memory that, yes, they did see the eye doctor for an annual exam or received a flu shot at the pharmacy since their last visit.
Providers would also benefit from involving patients more closely in their care. Not only do they have countless reasons to deliver care based on complete data, but many also want to publicize to prospective patients that they provide quality care. Complete patient data helps legitimize providers’ quality claims. For example, by asking all female patients about recent cancer screenings, they can truthfully state the percentage of patients who are current on these screenings. Without asking this question, a primary care clinic might report a lower percentage of current screenings among its patients than is accurate, since they would not take into account those performed by outside providers (e.g., OB/GYN, dermatology, etc.).
When discussing the ineffectiveness of EHRs, invite all affected parties to the table. I have confidence that behavior modifications aimed at mitigating the side effects of a rapidly evolving landscape, keeping the best interests of everyone at heart, will serve us all well. I dare say that the cumulative effect of millions of small modifications will reach further and quicker than one major change by software manufacturers or Uncle Sam.
Sarah Armstrong is a consultant at ARRYVE, a strategy consulting firm, with a diverse mix of industry experience ranging from healthcare to software. Healthcare engagements have encompassed strategic planning, process design, revenue cycle, compensation planning, market analysis, quality management and regulatory compliance at academic medical centers, children’s hospitals, and both primary care and pediatric practices.
[i] Arthur L. Kellerman and Spencer S. Jones, What It Will Take To Achieve The As-Yet-Unfulfilled Promises of Health Information Technology, Health Affairs, 32, no. 1 (2013):63-68
Guest post by: Sai Subramaniam, Ph.D., Business Head, Life Sciences & Healthcare at Persistent Systems
According to a recent report only 16 percent of hospitals have clinical decision support capabilities, but IT leaders call it a top priority for the next 12 months. Healthcare reform is all about achieving better quality care at lower costs, and clinical analytics is integral in delivering on this promise. For example, reducing 30-day r-eadmissions and hospital-acquired infections alone is expected to save more than $25 billion dollars in the healthcare system. Analytics on integrated claims and clinical data will allow health systems to pinpoint effective clinical and operational interventions. Here are five high-impact outcomes that health systems can achieve using clinical analytics.
30-day Re-admission Avoidance: Hospital re-admission rates are high for patients whether they are in Medicare, Medicaid or Private insurance plans. People with multiple chronic conditions and mental health conditions are at an increased risk of re-hospitalization because of inadequate care at discharge. Demographic and social factors also dictate if the care transition will be effective or not. Evidence-based rules allow stratification of patients based on these factors. This allows caregivers to give more attention to high-risk patients during hospital discharge.
Enhanced Surveillance and Preventive Care: Growing evidence suggests that education and health coaching will facilitate behavior change and achieve cost savings. The population in the program needs to be screened and stratified to identify at-risk patients. Predictive modeling and business rules can help to identify individuals who may not be diagnosed but have relatively high risk of developing diabetes in the future. Similarly, a cancer surveillance model based on linking environmental, genetic, and lifestyle factors can be used. This will allow early interventions and proactive follow-up care.
Improved Medication Adherence: Non-adherence is said to be responsible for more than 10 percent of hospital admissions and 40 percent of nursing home admissions. Patients on average don’t fill more than 25 percent of new prescriptions. Costs because of lack of medication adherence exceeds $100 billion. Predictive analytics on patients’ past prescription claims data will allow the health system to create an adherence score, and facilitate a proactive approach to managing compliance.
Unplanned Admission Avoidance: It’s important for health systems to identify patients with chronic conditions who may be at risk of emergency hospitalizations. For example, studies suggest that people with respiratory and cardiac comorbidities, with higher hospital utilization in prior years, have a higher probability of hospital admission. Determination of such factors along with socio-demographic characteristics, will allow application of predictive models to identify people at-risk.
Length of Stay Performance Management: Several factors impact the patient’s length of stay in the hospital. This includes demographic as well as hospital operational characteristics. There are standards for length of stay based on diagnosis related group and clinical disease factors. By comparing this with patient profiles, providers can utilize resources efficiently to provide optimal patient care. This will result in significant cost savings as better case management should help to reduce the average length of stay.
Dr. Sai Subramaniam is the Vice-President of Persistent Systems’ Life Sciences & Healthcare business. In this role, Sai is responsible for the overall business growth of Healthcare & Life Sciences business segments.
Guest post by: Lauren Fifield, senior health policy advisor, Practice Fusion
Many HIT vendors will be largely focused on major development efforts to meet 2014 edition certification requirements for meaningful use. However, as Stage 2 measures aim at improving patient engagement, quality and interoperability, we may be surprised by the new technologies that existing and new companies develop to meet the requirements:
Patient health records or portals allowing for access to and transmission of health information
Consumer applications to provide patient education and communication with providers
Exchange platforms to share clinical information like immunizations, diseases and more
Clinical decision support tools for medical professionals to improve their quality of care
We’ll also see new industry movement toward improved patient safety through provider training, reporting and other efforts. Thanks to the successful collaboration between vendors and the agencies that help providers achieve meaningful use, we expect the Food and Drug Administration to work with the Office of the National Coordinator for Health IT (ONC) and the Federal Communications Commission (FCC) to engage key stakeholders by addressing the 18-month study mandated in the FDA Safety and Innovation Act of June 2012.
Given the continued and ever-growing provider outcry to address the broken payment system, the Department of Health and Human Services (HHS) may finally develop plans to move to a reimbursement system that relies on quality and outcomes. With the recent announcement of more than 106 new ACO contracts, growing provider participation in new payment models, and the new possibilities opened up by technology vendors, it may at last be time to put this broken system behind us.
Though much of the 2013 transformation is fueled by government initiatives, the healthcare industry is at a tipping point regardless of any push on Uncle Sam’s part. Patients will soon be expected to pay for more of their care, making consumer health tools, telehealth and personalized medicine more appealing and important. Providers tired of the payment system will partner with technologists and private payers to try alternative models and cash-based business. And big data might just find a home amid all these new patient, provider and health system innovations.
Wolters Kluwer recently released a gem of a survey fit for the bandwagon of health IT topics currently underway.
On its head, the survey results are intriguing and the data does provide some insight into what the American public is thinking when led to think a certain way about a specific topic that, quite frankly, most don’t know much about.
Now, I’m not saying Wolters Kluwer data is flawed. On the contrary, the firm, which makes its living producing qualified data, knows what it’s doing. What I’m implying is that Wolters Kluwer is producing a survey with data collected by an audience that doesn’t truly understand the topic in which it’s responding to.
Let’s dive in and I’ll explain.
According to the survey by the Philadelphia-based company, 80 percent of consumers believe the greater “consumerization” of healthcare – or the trend of individuals taking a greater and more active role in their own healthcare – is positive for Americans.
“Survey data suggests many Americans feel that a greater role in their care is not only good, but necessary, with 86 percent of consumers reporting that they feel they have to take a more proactive role in managing their own healthcare to ensure better quality of care.”
Let’s start here. As a member of the healthcare community, I’ve helped produce similar reports based on surveys I have even helped write, produce, analyze and release to the public. Does that mean my data was a good as Wolters Kluwer? No, not at all.
My point is that there is nothing new here. Nearly every survey of the American public about healthcare tends to suggest that they need to be more involved in their care. All Americans want to take greater control of their car until, seemingly, it’s time to do so.
Even the results suggest that Americans have the information and tools available to them to take on more responsibility.
“Most consumers also say they feel prepared to take on a greater role in managing their own healthcare, with 76 percent reporting that they have the information and tools to take a more proactive role in healthcare decisions ranging from choosing healthcare providers to researching treatment options. Despite feeling prepared, only 19 percent report that they have their own electronic Personal Health Record (PHR).”
Well, there’s the catch. There always something holding people back; no, it’s not the fact that when it comes time for the rubber to meet the road no one is ready to actually start their journey. If only everyone had access to a PHR, everyone would clamor to be more involved in their care.
Certainly, most of us know that this is simply an excuse so no one has to take responsibility for their actions. And, when PHRs are readily available, some other hurdle will keep Americans from moving forward with their engagement.
Finally, of the 1,000 respondents, Wolters Kluwer suggests that a mind boggling 30 percent of Americans want the same experiences with their physicians as they have with other consumer interactions, such as while shopping, traveling or lodging, complete with choices and control.
Here’s where my suspension of disbelief ceases. There’s just no simple to explain this nor is there very much credibility in the statement. The flaw in this piece of detail, in my opinion, is that we’ll never be able to have the same experiences with our physicians as we can with our travel agent or the baker in the local supermarket.
Physicians, after all, develop a much more intimate with their “consumers.” I mean, physicians see us naked and stick us with needles and get a lot closer than the clerk at your local department store. There is simply no way the relationship nor the experience is going to be the same. Which brings me back to my original point: the survey just seems to try to be so much more than it is seemingly as a result of trying to be part of a larger conversation.
But, to mitigate against the risk of you thinking I’m holding out on you, here are the remaining results. Let me know if you agree with my assessment:
According to Wolters Kluwer: “When it comes to choices about physicians, assuming that experience levels and care reputations are similar, consumers rank costs of visits and procedures (20 percent); technologically advanced offices, including the ability to communicate via email with doctors and nurses, schedule appointments online (19 percent); location of practice/office (19 percent) and friendliness of staff (14 percent) as the top four factors influencing their decision.”
Among other findings from the survey:
Women (85 percent) are more likely than men (74 percent) to believe the “consumerization” of healthcare is positive
More women (81 percent) than men (72 percent) feel that they have the information and tools to make their own healthcare decisions
More women (59 percent) than men (50 percent) strongly agree that they need to take a more proactive role in managing their care to ensure better quality of care
Consumers aged 35-54 (60 percent) are the most likely to strongly agree that they need to be more proactive about their care, with those aged 55+ (56 percent) coming in second and younger adults (47 percent) being least likely to agree
I’ve long been an advocate of HealthIT.gov, which I’ve profiled here multiple times for the guidance the site provides about electronic health records and ways to use the technology.
A new addition to the site is guidance for physicians about mobile health technology, which is beginning to pervade the healthcare landscape.
As healthcare workers and professionals continue to use mobile devices in the care setting, they’ll need accurate and helpful information to protect them and their patients from issues such as security breeches.
To that end, it’s nice to see the Department of Health and Human Services to assemble a series of tips and information to the public’s greater good.
The site features several articles and videos designed to offer support and education about using mobile device in healthcare.
For example, articles include topics such as:
How Can You Protect and Secure Health Information When Using a Mobile Device?
You, Your Organization and Your Mobile Device
Five Steps Organizations Can Take To Manage Mobile Devices Used By Health Care Providers and Professionals
For those who prefer video, topics covered include:
Worried About Using a Mobile Device for Work? Here’s What To Do!
Securing Your Mobile Device is Important!
Dr. Anderson’s Office Identifies a Risk
A Stolen Mobile Device
Can You Protect Patients’ Health Information When Using a Public Wi-Fi Network?
In addition, there’s also frequently asked questions and downloadable materials. All in all, the site is filled with a great deal of rich content.
On top of that, there’s a plethora of other information including tips for integrating privacy and security into a medical practice, building a health information privacy and security plan, information about health IT security resources, cyber security and mobile device security.
Simply put, this is a great resource for all of us in healthcare, patients included. Well done, well done, HealthIT.gov.
Every leader of a competing electronics health records vendor probably jumped for joy once they heard the news that Glen Tullman was ousted by Allscripts, the company that he made what it is. Or, maybe I’m wrong. Perhaps leaders of competitive companies would have liked to have kept him around because of what he did to the organization following the acquisition of Eclipsys.
The man, for the most part, has been considered a genius. Peers in the industry gave his performance praise, patted him on the back and showered him in adulation through the maneuvered takeover of the hospital health IT giant. At the time, in 2010, the move made by Allscripts was hailed as a magnificent effort.
It was the kind of move that was supposed to have turned the industry on its head. Many thought it would, and many eyed the effort with envy for such a move was powerful and assertive.
It did rock the industry. Competitors shook in slight fear with the announcement of the news, and many feared for their longevity. In this fact I am serious. I know. I was at a competitor. The whispers went something like this: “Will this new monster kill us all?”
Though all of we worked to secure our shores, many of us were fearful of the coming tide.
But, from the beginning, there was always a sense that Allscripts, and Tullman specifically, was positioned as too big to fail. Perhaps we should have seen a previous merger, the failed move to integrate Mysis, as a harbinger of things to come.
There was even a point in which I had dubbed him the king of health IT. I referred to him as such during internal meetings in my effort to create the queen of health IT, who was a president of another firm in which I worked.
There was a level of pomp and circumstance about everything he seemed to do through his promoted PR moves and image building to his constant appearances and associations with Washington’s power elite, including the president.
I can’t imagine Tullman saw this coming during his rise to the top. Just 18 months ago he was on top of the health IT world, seemingly unafraid of the world in which he lived, or so it seemed from my outside position.
Hindsight is 20/20, though, and it’s easy to question failed policy after decisions have been made.
When the recent takeover bids failed to take the Allscripts private, the company had but one choice and he and other leaders of the company had to go. It’s a common scenario in the world of politics, another world which Tullman is known to frequent. As things grew worse for the once mighty giant, everyone associated with the debacle had to go.
And, even in lands where great kings have ruled, even their glory days come to an end.
But, does it surprise me that he and others at the disheveled vendor are gone? Gone from the vendor that positioned itself as too big to fail? Gone from the vendor that asserted itself upon the market; that worked to take over a market in which its ambitions were bigger than its capabilities?
No, I’m not surprised.
In many ways Tullman died at the hand of his own sword.
And, as we’ve seen countless times and will see again, no company nor its mascot is too big to fail. No kingdom too vast to conquer, no land immune from the trials of the nations it builds.
And so, the king of health IT is no longer king, but neither is he a pauper. And, like most who have achieved his heights, it’s safe to say we probably haven’t seen the last of him.
I continue to be a fan of quality reporting from publications such as Physicians Practice, and I’ve cited their reports in several of my blog posts in the past. Today is no different. As regular reader here may know, I’ve spent a good bit of time on the subject of patient engagement, specifically how physicians and practice leaders can engage patients to improve their care outcomes and their health.
In the piece, Nelson discusses “meaningful use incentives, increased profitability or improved quality of care.” In exacting terms, she makes a call for patient portals and how it can get “patients engaged in their own care and satisfy just about any goal.”
Though I’m somewhat of a skeptic at the party for patient portals (I don’t think that in their current status they’ll actually lead the patient engagement charge), she offers six pretty interesting and solid tips for helping practices lighten their administrative loads.
Thanks, Rosemarie. It’s hard to argue these points:
Self-registration: “Invite and encourage patients to self-register on the portal. It will save your front-desk staff time, reduce costs, and patient data will be more complete and accurate. When patients call to schedule appointments use that time to introduce them to your patient portal, and explain that advance online registration will save them time on the day of their visit, because their paperwork will already be filled out. Advance registration on the portal provides your practice with three core requirements to meet meaningful use too.”
Collect patient data. “A tightly integrated or interfaced patient portal and EHR will deliver data back to the patient from their encounter. Push the patient’s medication list, medication allergies, problem list, and diagnostic test results from the EHR into the portal and patients almost naturally become more engaged in their healthcare.”
Report patient data. “There has always been a mystery surrounding that paper medical chart for patients. By delivering key components of their health information to them automatically, you can satisfy their curiosity and engage them in their own healthcare. As your nurse discharges the patient at the end of the office visit, use that discharge instruction time as an opportunity to introduce patients to the kind of information they will be able to find on the portal.”
Provide clinical summaries. “The integration/interface from the portal to the EHR allows for automation of data exchange after the patient visit. Clinical documentation is completed and made available to the patient without any action from your staff. In addition to further engaging patients in their own care, you’ll have achieved two more core requirements of meaningful use.”
Secure messaging. “Once you’ve got your patients using the portal to access information, you can begin to communicate with them via the secure online messaging function. Communicating online instead of on the telephone will streamline your practice operations significantly, even if all of your patients aren’t using the portal. Your staff can use the portal to deliver automatic reminders to patients regarding preventive care and/or follow-up care. No more manual logs or tickler files and no more mail merges to process. Developing HIPAA-compliant processes and standard messages frees up your staff to provide direct patient care.”
Provide patient education materials. “Secure messaging can also be used to direct each patient to educational information that is specific to their own individual needs and conditions. Your practice will achieve greater percentages of patients meeting quality measures and your patients will feel as well cared for as their pets. Three more requirements for meaningful use can be checked off, too.”