Dean Wiech, managing director of Tools4ever, a global provider of identity and access management solutions, has worked in healthcare for more than 25 years. Here, he discusses how IAM enhances the ROI for health systems, and how the solutions make patient care more efficient, how they work in healthcare, and how systems and records can be made more secure — for patients and providers — because of the technology.
Tell me about yourself and your experience in healthcare.
I have been actively selling software solutions in the healthcare market for 25 years. I have sold and/or managed teams in about 50 percent of the country. I have always focused on solutions that provided a definable ROI based on productivity and time savings.
Tell me about Tools4ever. How does the company serve the space? Tell me about your products and how they are used in healthcare.
Tools4ever is a company that focuses on the identity and access governance space. We assist the healthcare market in insuring that the lifecycle of user accounts are managed in a timely and accurate manner. We also have solutions that save care providers time by eliminating repetitive login tasks and avoiding the need to call the help desk for password resets
How is Tools4ever different than some of the competitors in your space?
I believe our primary differentiator is time to implement. We can get the basics up in running in a few days to a few weeks, depending on the solution. The majority of our competitors take months to years to complete an install. The result is the healthcare organization can realize a much quicker benefit from the product and a quicker ROI.
What’s your footprint like in healthcare and who are some of the organizations you work with? How do you help them?
We have numerous hospitals and long-term care providers across the country. One example is South County Hospital in Rhode Island. It utilizes our Self Service Reset Password Management (SSRPM) solution to allow end users to reset forgotten network passwords. We then synchronize that password to several other solutions to allow a reduction in the number of credentials the employee needs to remember.
Another example is a major university hospital in New York City. It uses our user management solution for several tasks. The most recent example is provisioning patients to the network to allow them to view their records on a mobile device provided by the hospital for the duration of their stay. We also implemented a password self-service reset function to allow the patients to reset their passwords without a further burden on the help desk.
Received the following study recently that is quite interesting; thought it worthy of sharing:
Emergency department physicians are less likely to admit patients to the hospital when they have readily available electronic access to those patients’ health records, Weill Cornell Medical College researchers have found.
Its study, published March 12 in Applied Clinical Informatics, illustrates the value of combining multiple providers’ digital patient charts into a single source for health care providers – particularly in an urgent setting like the emergency department. With information such as previous test results, prescriptions and other patient history immediately accessible, providers are able to treat patients more efficiently and effectively than when they lack that data.
“New York State has made significant investments in health information exchange,” said Dr. Joshua Vest, an assistant professor at Weill Cornell and the lead author on the study. “Our study shows that providing physicians, nurses and allied health care professionals such as physician assistants real-time access to community-wide, longitudinal health records does in fact benefit patients.”
With federal and New York State government backing, hospitals and medical practices across the state are investing millions of dollars to make health records sharable among physicians when they need the information. The digitized charts contain doctors’ notes from every patient visit; family medical history; immunization records; lab results; medication history; allergies; reminders for preventative care and more.
Sending text messages has become a common method of communication among teenagers, adults, and more recently, medical professionals. Physicians are discovering that texting provides a quick and efficient way to communicate with colleagues, patients, and office or hospital staff. A recent survey by QuantiaMD of 38,000 physicians found that approximately “83 percent of physicians own at least one mobile device and about one in four doctors are ‘super mobile’ users who leverage both smartphones and tablet computers in their medical practices.”
As patients and healthcare providers increasingly use mobile devices to communicate with each other, concerns are raised about the security of electronic protected health information (e-PHI). The Health Insurance Portability and Accountability Act (HIPAA) Security Rule allows healthcare providers to communicate electronically with patients, but it also outlines standards to protect individuals’ e-PHI with appropriate safeguards to protect confidentiality, integrity and security of e-PHI. The following identifies security issues raised by texting of PHI between healthcare providers or provider and patient and how unsecure texting may violate the HIPAA Security Rule and create liability for healthcare providers.
As a general rule, texting of PHI by healthcare providers is strongly discouraged. Texting, or traditional short message service (SMS) messaging, is non-secure and non-compliant with HIPAA because data stored on personal mobile devices is not encrypted and is usually stored within the computer memory or on a smartphone SIM card or memory chip. The lack of encryption and the easily accessible storage methods allow any e-PHI communication on a mobile device to be retrieved and shared by anyone with access to the mobile device. This means that messages containing PHI can be read by anyone, forwarded, remain unencrypted on phone company servers, and stay forever on the sender and receiver’s phones.
Another reason why physician-patient texting is discouraged is that standard texting/SMS limits the message to 160 characters. This limited text field may cause critical information or options to be eliminated. According to a recent policy statement from the American College of Physicians and the Federation of State Medical Boards, physicians should understand text messaging is “not analogous to e-mail because of its abbreviated format and the greater possibility of missed messages.” Physicians are urged not to use text messaging even with established patients “except with extreme caution and with patient consent.”
Don’t forget that the end-of-the-year reporting of Health Insurance Portability and Accountability Act (HIPAA) breaches of unsecured protected health information (PHI) discovered in 2013 is due Saturday, March 1, 2014.
Healthcare providers and health plans that are covered entities under HIPAA must report breaches of unsecured PHI affecting fewer than 500 individuals annually to the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). These small breaches should already have been reported to each of the affected individuals, and reports to the OCR should include the actions to mitigate and remediate any breaches, even those affecting a single individual. Reports to the OCR of large breaches (those affecting 500 or more individuals) are made at the time of reporting to the affected individuals—that is, without unreasonable delay and in no case greater than 60 days.
Covered entities may report small breaches electronically at the OCR’s website: www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html.
There are major healthcare regulatory mandates going in effect, at the federal and the state level, which will significantly impact property and casualty (P&C) insurance medical bills payers. The Administrative Simplification provisions of the Federal Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II), state mandates for property and casualty eBilling and more regulatory initiatives are forcing payers to understand these regulation’s requirements and be prepared to implement new processes and technologies in order to be compliant. Federal healthcare administrative simplification offers payers an opportunity to prepare for compliance while meeting cost containment and operational efficiency objectives, empowering property and casualty payers to prepare for an all-electronic American healthcare future.
The concepts of eBilling and ePayment for medical bills are gaining traction throughout the healthcare arena, along with the adjacent P&C insurance industry. Medical providers and P&C payers are increasingly taking advantage of the benefits associated with electronic billing and payments, which include substantially lower transaction costs, increased efficiency for call centers, adjusters and finance departments.
Non-legislative organizations are collaborating and recommending changes that could accelerate the impact on the P&C industry.
Other non-legislative organizations are collaborating and recommending changes that could accelerate the impact on the P&C industry. For instance, the Workgroup for Electronic Data Interchange (WEDI), the International Association of Industrial Accident Boards and Commissions (IAIABC), the American Medical Association (AMA), and the Accredited Standards Committee of the American National Standards Institute (ASCX12) are all working to ensure standards to facilitate eBill exchange and adoption. The National Committee on Vital and Health Statistics (NCVHS), a public advisory body to the Secretary of Health and Human Services (HHS), periodically holds meetings to review health statistics and trends. And while the NCVHS does not set policy, they do provide analysis, insight and recommendations to HHS, with eBilling as a topic of likely review in the future. These organizations have collectively laid a path for how to participate in this new environment.
Providence Hospital, located in downtown Columbia, South Carolina, is a 247-bed hospital founded in 1938 by the Sisters of Charity of Saint Augustine to minister to the community, in both body and spirit. The facility is best known for the expertise in cardiac care it provides through Providence Heart and Vascular Institute. With a hospital staff of more than 2,000 nurses, doctors and hospital administrators, Providence Hospital needed to standardize setup of user accounts and reduce the amount of time network engineers spent assigning rights in Active Directory.
Tony McNeil, technical manager said, “We have more demands on our department and we are not getting any additional staff because of the economic situation. Therefore, we have to work smarter and we need tools that help us work more efficiently.”
This became a perfect opportunity to put into action a permanent process for user account life cycle management utilizing Tools4ever’s complete User Management Resource Administrator solution.
Providence Hospital decided to implement UMRA to mainstream the provisioning process from the time an employee is hired and entered into the hospital developed, web based security application to the time they are entered into Active Directory. The previous process took nearly 2 days to complete before a user was ultimately provisioned in all systems. Now the process allows for an almost immediate creation of a user account with the correct provisioning. A web form allows for the assignment of group privileges and permissions to individual users. The application also creates the appropriate Exchange mailbox and creates a home folder for the employee on the appropriate share drive.
The healthcare industry has to grapple with a lot of sensitive information of patients, and also deal with numerous stringent regulations. This is an industry that has to manage a considerable amount of information without compromising on its safety. From patients’ medical records to prescriptions, information needs to be maintained securely, but also be available for quick access to healthcare professionals.
With all the technological advancements being introduced each day, information has indeed become readily available in the modern world. As a result, healthcare professionals tend to get a larger amount of files and spend more time trying to manage these files. Fortunately, technology has also introduced ways for us to manage documents more efficiently. Document imaging is one of these ways.
What is Document Imaging?
Document imaging involves the conversion of paper documents into computer files and electronic images. There is a good number of document imaging software available and they all allow you to easily retrieve your documents within seconds. The benefits offered by a document imaging system are such that several companies and organizations all over the world are now using it in lieu of the traditional paper filing system.
Benefits of Document Imaging
These are the most notable benefits of having a document imaging system:
– It prevents the loss of important records and documents. A while ago, an article in BioSpace spoke about China halting shipments of HIV therapy because of a missing regulatory document. That could never happen with document imaging and cloud based sharing.
– It allows you to save a great deal of physical storage space and use it for other important purposes.
– It helps you manage your records efficiently. SureClinical has given healthcare companies a cloud based ecosystem that helps them manage content. Collaborative cloud digital signing functionality gives clients the opportunity to adhere to EsMD or Electronic Trial Master File Standard which is a part of the US Medicare program.
Fo r the last several years, there has been an increasing emphasis by the federal government on digitizing the healthcare industry. The allocation of meaningful use dollars to physician practices for converting to electronic health records was only the beginning. The Affordable Care Act (ACA) was the seminal event that demonstrated without a doubt that electronic management of patient information was going to be an absolute if hospitals and health systems are to survive.
The ACA puts healthcare organizations at financial risk for duplication of services, lapses in care coordination and questionable patient safety practices. Population health management demands that electronic patient records be accessible for planning, managing and tracking care coordination. But the fact is fully managing the continuum of care for a patient cannot be achieved without data collection both inside and outside the hospital’s walls. This is a trend that will take on increased importance as healthcare reform rolls out in 2014.
Health systems with forward-thinking HIT executives saw the writing on the wall after the ACA became law and began converting their organizations to electronic medical records. Systems that are considering becoming accountable care organizations (ACOs) – and accepting value-based reimbursement, which will become the predominant reimbursement model – need to find ways to track the health status of individuals in their community before they become patients. How? By embracing the use of technology that closes the healthcare loop before people even know they need those services.
The casualty claim arena involves evaluating and payment of claims for claimants who have suffered from an auto accident or workers’ compensation injury. This side of the health payment continuum has been omitted from the Health Insurance Portability and Accountability Act (HIPAA) as a covered entity.
This means that casualty claim insurers are not required to abide by the standards set forth in HIPAA and that these standards only apply to the health payer. Omitting the ICD-10 in casualty claims from standards does have merit, but when it comes to standardization, all health claims should be adjudicated and paid in the same manner. Why should a provider charge differently and be paid differently when the payer of the claim is not on the health side? This is a question many casualty payers ask and not being part of the standardization only raises the question more.
There is no option for submission of claims by the covered entity to not be compliant by October 1, 2014 with the International Classification of Diseases, 10 Revision (ICD-10). Why is it a good idea to omit the casualty payer from these standards if the majority of health payments are made using this new standard? In addition, if providers are covered entities, then why would the casualty payer not speak the same code language? It’s almost like trying to communicate in a foreign country without the benefit of knowing the language.
Guest post by Bettina Experton, MD, MPH, president and CEO, Humetrix.
Mobile technology core to HIT implementation, a silent revolution which took place on September 23 this year when the HIPAA omnibus rule took effect, giving Americans the right to obtain electronic copies of their health records. But how can this new right be exercised at scale to transform healthcare nationwide? How do we help patients better coordinate their care and ensure their safety by getting their health records in their own hands?
The scalable computing device of choice in the hands of many is a smartphone, now owned by more than 50 percent of the population, and for many the only computing device they use daily to access information on the Internet. Clearly, electronic access to health records would be best provided on the very mobile device most of us carry at all times, especially when navigating a complex health care system with multiple and dispersed providers.
Electronic copies of health records on CDs or flash drives are not only tools of the past, but also perpetuate the barriers and complexity most of us have to face when requesting copies of our records. Desktop and portal-only solutions are also not the optimum approach to consumer-directed health information exchange, since these cannot be available at the point of care where patients need to share their medical history in the most convenient and expedient way. Mobile is, therefore, central to health information exchange policies and new care delivery models built on patient-centered care, and should not be an afterthought or secondary implementation to dated patient portal systems.