Guest post by Chris Strammiello, Vice President of Global Alliances & Strategic Marketing, Nuance.
The growing use of smart devices at the point of care exacerbates the dual, yet contradictory, challenges confronting hospital IT directors and compliance officers: Making patients’ health information easier to access and share, while at the same time keeping it more secure.
A major problem is that there are just too many touch points that can create risk when sharing protected health information (PHI) inside and outside of the hospital. In addition to securing communications on cell phones, tablets and laptops, these tools can send output to smart multi-function printers (MFPs) that not only print, but allow walk-up users to copy, scan, fax and email documents. This functionality is why the Office of the National Coordinator for Health Information Technology now defines MFPs as workstations where PHI must be protected. These protections need to include administrative, physical and technical safeguards that authenticate users, control access to workflows, encrypt data handled on the device and maintain an audit trail of all activity.
Accurate, Effective and Secure Use of Patient Information at Point of Care
Hospitals need to adopt an approach that automatically provides security and control at the smart MFP from which patient information is shared and distributed. This approach must also support the use of mobile computing technologies, which are helping to bring access to patient information and electronic health records (EHR) to the point of care. Advanced secure information technology and output management solutions can help hospitals protect patient health information as part of achieving HIPAA-compliant use of PHI with software by adding a layer of automated security and control to both electronic and paper-based processes. These solutions can minimize the manual work and decisions that invite human error, mitigate the risk of non-compliance and help hospitals avoid the fines, reputation damage and other costs of HIPAA violations and privacy breaches.
With this approach, vulnerabilities with capturing and sharing PHI are reduced with a process that ensures:
Authorization — only authorized staff can access specific devices, network applications and resources with password or smartcard based authentication. Network authentication is seamlessly integrated with the document workflow and to ensure optimal auditing and security, the documents containing PHI are captured and routed to various destinations such as email, folders, fax and EHR systems.
Authentication — user credentials must be verified at the device, by PIN/PIC code, proximity (ID), or by swiping a smart card access documents containing PHI. Once authenticated, the solution controls what users can and cannot do. It enables or restricts email or faxing and prohibits documents with PHI from being printed, faxed or emailed.
Encryption — communications between smart MFP’s and mobile terminals, the server and destinations, such as the EHR, are encrypted to ensure documents are only visible to those with proper authorization.
File destination control — simultaneously monitors and audits the patient information in documents, ensuring PHI is controlled before it is ever gets to its intended destination.
Content filtering — automatically enforces security policies to proactively prevent PHI from leaving the hospital by filtering outbound communications and intercepting documents – rendering misdirected or intercepted information unreadable to unauthorized users.
The American Osteopathic Foundation recently named Dr. Anne Brooks the 2012 physician of the year, for several reasons in which I have described here.
In a nutshell, she’s compassionate, caring and loving of all her patients, and as a nun, it probably helps that she relies on a little help from above.
But, even with her country doctor ways in which she still makes house calls, helps teach her patients to read and write, and building community centers and Habitat for Humanity homes with her own hands, she’s connected technologically – using an electronic health record in her practice – and is informed of many of the latest issues affecting healthcare and healthcare policy.
As a practicing physician, she also serves in the hospital setting, and she drives care for patients while in people’s homes, caring for them in their own environments. As such, she is considered a partner by those lives she’s touched, and she’s seen a great deal of change at the practice level.
The following are a few of her observations from 20 years of practice.
How has patient care changed since you became a physician in 1983?
There are mid-level providers on the scene who are not always appreciated by the patients, who seem to think they need a doctor or by their physician colleagues who often look down on them because it’s a less intense training.
There are RNs who get a doctorate in nursing, but what we need is bedside nurses who care physically and emotionally for and about patients.What I see happening is often the best nurses end up being paper pushers because of new and complicated regulations and disease tracking and length of stay requirements.
Are the patients getting more involved in their care or do they just not care?
I think we need a health blitz in our school curricula so that kids and parents/caregivers all know how to care for an illness or accidents and how to eat healthfully, and the manufacturers of all the fat food would make and sell something much more nourishing so that diabetes and obesity would not cause so much ill health and lower the mortality rate. Change has got to start in the home, but in our case, many parents didn’t go to school so what they don’t know and what they need to know and do are two different things.
Behavior needs to change, too. For example, too many patients have no teeth and eat soft starchy foods which only puts on weight; kids get soft drinks in their baby bottles way early on. So we teach and teach and review and teach some more and a few people get fired up because they learn they have power — which is a big deal at our office — to empower each patient is our major goal. And when we see people actually making lifestyle changes it is incredibly rewarding.
Why did you decide to implement an EHR?
Because of the benefits of speed in communication, ability to quickly access past clinical info and dealing with the handwriting deciphering issue (fewer mistakes related to bad handwriting) the desire not to have to lug a pile of charts home to finish them; urging from forward-looking trusted colleagues; the availability of a grant; articles in medical journals that piqued my curiosity; and the ability to invite salespeople in to speak to the administrative team and then the staff, and pepper them with questions.
Are you more efficient because of an EHR or has there been little or no change?
Technically, I’d probably have to get someone to actually do a time study, but I feel more efficient, which removes some levels of stress for me.
When your career is over, what one thing will you want to carry on in your absence?
Patient-centered care given generously without regard to ability to pay meaning that every patient will get the best care.
I also want our patients to be welcomed with concern, care and compassion, and I want the caregivers to educate and empower patients so they can assume responsibility for their own healthcare, change their lifestyles, and learn how to pass on the education and empowerment to their families and friends.
And, I want caregivers to follow the M*A*S*H* model: