The statistics are terrifying. According to the National Institute on Alcohol Abuse and Alcoholism (NIAAA) Alcohol poisoning kills six people every day. Of those, 76 percent are adults ages 35 to 64, and three of every four people killed by alcohol poisoning are men. The group with the most alcohol poisoning deaths per million people is American Indians/Alaska Natives (49.1 per one million). More than 15 million people struggle with an alcohol use disorder in the United States, but less than eight percent of those receive treatment.
Almost 72,000 Americans died last year from drug overdoses, a record high acknowledging an increase of about 10 percent, according to new preliminary estimates from the Centers for Disease Control. The death toll is higher than the peak yearly death totals from H.I.V., car crashes and even U..S. gun deaths.
Treating addiction is not a simple process and the current treatment of 90-day detox programs works well if you have thousands of beds, staff and other resources. Meanwhile the actual behavioral health treatment of addition is not much better. It is still a time-consuming process requiring individual diagnosis, but largely driven by paper and trial and error guesswork.
Meanwhile heroin, fentanyl and other synthetic drugs addictions were surpassing alcoholism. In Gallup, New Mexico, last year 104 people died from drug and alcohol abuse in McKinley County while the state suffered 1,952 deaths, the 13th highest in the US.
One of the nation’s epicenters of addiction is Gallup, New Mexico, where 22,000 addicts await a behavioral healthcare fix. While there are many tech solutions in healthcare, behavioral health does not receive the same level of attention as physical health, despite mental, behavioral and physical health being inextricably linked, as the World Health Organization noted in a 2014 report.
One of the widest chasms between the two began in U.S. healthcare in 2010 with the transition from paper to electronic patient medical records. However, these electronic health record (EHR) systems have been focused on the physical side of medical recording, leaving the behavioral side with little support.
While care collaboration through interoperability remains one of the major challenges in the healthcare industry, collaboration between physical and behavioral health has is also behind the curve. Behavioral health services (BHS) operate and are updated based on paper records, leaving challenges around efficiency, communication and the ability to scale treatment operations.
Historically, clinicians have directly performed assessments of people for the purposes of diagnosis, monitoring the progression of an illness, or evaluating responses to treatment. For example, a person’s mental state can be evaluated by examining movement patterns, mood states, social interactions (e.g., number of texts and phone calls made, content of interactions), behaviors or activities at different times of day, vocal tone, speed, word choices, facial expressions, biometric and heath measures.
While assessing an individual’s symptomatology, large quantities of behavioral data can provide vital information for researchers to increase their understanding of mental illnesses and mental wellbeing, help develop better interventions and better health outcomes, and potentially predict who may be at risk of developing behavioral health problems.
Providers addicted to records and files
A physical health issue can require visits to a primary care physician, specialists, and possibly x-ray technicians along with the records and paper trails that go along with it, the treatment of behavioral health is often much more complex. If a patient requiring behavioral care shows up at an urgent care facility and receives treatment, that data doesn’t get back to the patient’s primary care provider. The primary care provider only learns of the visit if the patient decides to give them that data. The PCP can’t pull information from possible business partners in the area to know when there’s been a change.
A substance abuse patient needs a physical and mental examination before they can check into the behavioral health center. An intake coordinator starts that process, then the patient sees a nurse, and then a counselor. But the person also has depression and needs to see a psychiatrist and they also need to go to the detox center at the hospital. Chances are they also have social problems to worry about such as child support, perhaps a bankruptcy case, or they’re headed to jail.
In addition, different behavioral treatment centers may have operational differences such as the number of treatment phases and the ability to track, monitor and anticipate recidivism after patients graduate from treatment centers. There are also differing manual processes and types of tracking documentation used by facilities while training programs may or may not be part of treatment centers as well.
In a typical BHS treatment center, their process and workflow comprise admission and treatment which includes assigning a treatment counselor, nurse for withdrawal, case manager and training program coordinator. There is also a program for job training, an aftercare phase along with monitoring, tracking, reporting and progress improvement or non-progress on treatment programs against the outcome of the overall program.
However, this phase is cumbersome because of the lack of an electronic recording system for behavioral health as most records are stored as PDFs in EHR systems. In addition to these limitations, there is lack of support to track progress or non-progress on patient outcomes.
Unlike the ‘physical’ medical approach, behavioral care treatments tend to be more subjective to each care provider and require a longer time to monitor and record positive outcomes from treatment. Behavioral treatment depends more on data analytics from patients to determine the best approach for patient engagements. There are also additional data categories required for BHS such as chemical dependency assessment, a treatment plan, social service related data, a training program and related data and mental health assessments.
When considering all this additional data versus data requirements for physical care, it seems like a process that is almost designed to be slow and cumbersome. So if the parameters of treatment can’t be changed to accommodate the surge in addicts, the only other consideration is the treatment process.
One of the primary problems existing in healthcare is the many barriers to access and delivery of care and treatment. Access to healthcare is centralized to a limited number of intermediary players in a way that is costly, non-transparent, and inefficient. It forces all of us to settle on whatever is given based on our locale and socioeconomic status, without having any real voice.
Access to care impacts patient’s physical, social, and mental well-being, as well as their overall quality of life. According to the Office of Disease Prevention and Health Promotion, people with a reliable source of care should have better health outcomes, fewer disparities, and lower costs. Yet according to the National Association of Community Health Centers, approximately 62 million individuals in the United States have limited or no access to primary care physicians as a result of shortages. This number is widely expected to increase over the next several years as our population grows older.
With an absence of convenient access to primary care physicians, patients turn to alternatives like emergency rooms, urgent care clinics, or choose to not seek care at all. All three options are more costly to the healthcare system than providing access to appropriate physicians.
In America, there is one medical doctor for every 434 people. It is important to note that physicians are not dispersed evenly throughout the country. Cuba, a country that has heavily emphasized medicine, has about six doctors for every 1,000 citizens. Conversely, in much of developing Africa, there is less than one healthcare practitioner (not necessarily a doctor) for every 1,000 people. India has fewer than one doctor for each 1,000 person.
Even in communities where healthcare exists, there are financial barriers to accessing care. Countries requiring but not providing health insurance or out-of-pocket payment put citizens at risk of delaying or forgoing treatment, hoping their ailments will go away. This increases costs overall as these same citizens are often treated in emergency rooms, and outcomes diminish because preventative treatment is all but forgotten.
MedTrainer is the creator of an all-in-one compliance management suite that encompasses all the tools healthcare professionals need to manage processes, increase departmental collaboration and simplify compliance.
Elevator pitch
The MedTrainer all-in-one compliance management suite combines a learning management system (LMS) with governance, risk and compliance (GRC) and provider credentialing to make compliance management accessible online, 24/7, to all healthcare organizations at a price they can afford.
Founders’ story
After growing three different companies to profitable buyout, MedTrainer’s co-founders, Steve Gallion (CEO) and Jorge Fernandez (COO), invested the equity from the eight-figure acquisition of the third joint endeavor, Waste Stream Solutions (a more than 4,700 percent return on investment), to co-found and fund MedTrainer.
Gallion and Fernandez realized the inefficiencies and challenges of the current market and created the first all-in-one compliance management suite that encompasses all the tools healthcare professionals need to manage processes, increase departmental collaboration and simplify compliance. The powerful, innovative and affordable solution improves efficiency across practices.
MedTrainer is headquartered in Redlands, California, and has offices in Denver; New York; Washington, D.C.; Queretaro, Mexico; and Mexico City. In 2017, the company doubled its staff to 85 employees, added a chief technology officer to foster continued development and enhance top-level support, and achieved 400-percent growth over the previous year. The system is now used by 300,000 healthcare professionals, representing 15,000 healthcare sites and Fortune 500 companies across North America. Not only have these organizations saved money by consolidating to a single compliance management solution, but they have also seen how proper training and compliance management can directly result in more efficient facility operations and a higher level of patient care.
Marketing/promotion strategy
Founded in 2013, MedTrainer supports primary care offices, ambulatory surgery centers, urgent care facilities, multi-specialty practices, federally qualified health centers (FQHC), dental offices, veterinary practices, long-term care facilities and community health centers. The company uses a mixture of direct marketing, online and offline strategy, and partnerships to promote the MedTrainer suite.
Market opportunity
In the healthcare industry, compliance and education software has always been reserved for enterprise-level organizations and major hospital systems. Even then, healthcare professionals have to run dozens of different software in parallel to manage requirements. Add growing regulations and shrinking budgets and it becomes even more difficult for healthcare providers to keep up with compliance education requirements and provide top care to their patients.
With MedTrainer, healthcare organizations can access more than 25 different modules 24 hours a day. MedTrainer’s CMS provides a learning management system with more than 200 custom courses; modules for management of policies and procedures, SDS, equipment life cycles and contracts; a license and credential tracking center; safety plans and incident reports; expert virtual compliance support; QuickCred provider credentialing; compliance tool kits; OIG/SAM checks; and security risk assessments.
Who are your competitors?
As the first all-in-one compliance management suite on the market, MedTrainer does not have any direct competitors. However, companies like HealthStream, Verity and Relias provide solutions with similar functionality to some of MedTrainer’s modules.
The phrase “medical tourism” has been coined to describe the millions of Americans who are traveling across the globe to have surgery or other medical procedures performed. According to Visa and Oxford Economics, this trend is growing at a rate of 25 percent per year.
Healthcare in the U.S. has become increasingly expensive — to the point that some necessary treatments are entirely out of reach for the average American. Combine that with rising health insurance premiums and high deductibles, and it’s no wonder 1.4 million people traveled abroad last year to get the medical care they needed.
Additionally, many countries offer more advanced technological solutions and experimental treatments that are not yet available within the U.S. Better, more advanced care that is less expensive sounds like an attractive reason why so many Americans are taking advantage of overseas healthcare.
Healthcare implications
The reason these countries can offer above-standard care for less money is that the doctors are paid less and hospitals charge less than in America. Plus, the insurance costs are a fraction of U.S. expenses. The result is that some U.S. health insurance companies now support overseas treatment and even pay for the travel along with the cost of the procedures.
Talk of improvements to the U.S. healthcare system becomes popular during an election year, but unfortunately, things don’t seem to improve; they continue to get more expensive for the average American.
The Affordable Care Act of 2010 was in part meant to discourage traveling outside the country for healthcare by making it easier for all Americans to be able to afford their own treatment. Unfortunately forcing everyone to have health insurance only increased health insurance premiums, hospitals and physician fees and complicated the issue making affordable healthcare further out of reach.
U.S. Medical Technology: How Does It Measure Up?
In the U.S., healthcare professionals have a number of factors to consider when implementing technology. They must consider cost, leadership buy-in and other keys to successful implementation. Unfortunately, because of the excessive investment cost for medical technology implementation here in the U.S., America is sorely lagging behind countries like Canada, China, India and England. These countries have access to bigger budgets, fewer government bottlenecks, and a more streamlined approval process to get medicine and devices out into the market faster.
The United Kingdom, China and Canada are all investing serious money in biotechnology and experimenting with pharmaceutical cures that are years beyond the technology produced by U.S. companies. Lawmakers in those countries are invested in supporting and funding new technologies to lead the pack in innovation and medical history.
The difference is that in many of these locales, the government solidly backs the research and development of medical technology solutions rather than private companies. In the U.S. most of the advancements come from the private sector and are not government sanctioned or funded.
Pillo Health, a Boston-based company bringing medication adherence to the forefront of healthcare, announces the launch of Pillo, a voice-activated in-home companion with facial recognition that lets consumers better manage their health and stay connected to their caregivers. Pillo helps users better adhere to medication regimens, reminding them about dosages at set times, and offers them research-backed care plans to remain active and empowered in improving their health.
Six in 10 Americans live with at least one chronic condition, a leading driver of healthcare costs across the country. Adhering to medication to treat those conditions is especially challenging for those who have detailed, regimented care plans to follow. Medication non-adherence amounts up to $289 billion in wasted costs annually and a higher mortality rate in the U.S.
Emanuele Musini
“Pillo is redefining how the industry addresses medication non-adherence and is giving people some of their independence back,” said Emanuele Musini, CEO of Pillo Health. “Managing chronic conditions can create immense stress on patients and their families as day-to-day care plans can be difficult to follow and time-consuming. I wanted to create an in-home companion that helped alleviate this issue, which impacts millions of lives, particularly in the aging baby boomer population.”
Pillo provides the following core services:
Medication Management – Pillo stores and dispenses 28 doses of medication and reminds users when to take their medications to keep them on track. Pillo also reorders medications automatically before they run out.
Care Plan Delivery – Pillo delivers important instructions to users to help them stay adherent to prescribed care plans by pushing personalized health content to patients at home. Pillo can play videos on its high definition screen or recite health information via voice.
Pillo Insights – Pillo analyzes real-time health data in order to extract valuable insights from inside the home. Pillo also serves as a connection between the caregiver and patient, by notifying the caregiver if the patient missed a dose of medication and connecting them via video.
Pillo, which is HIPAA-compliant and registered as an FDA Class 1 medical device, is already attracting attention in the healthcare community. The company received funding from Hackensack Meridian Health System’s Innovation Center fund, focused on helping the startup commercialize and go-to-market in the acute care space. The company also completed an in-home test focused on diabetes management in partnership with AARP.
From last few years, there have been significant modifications in the rules in addition to guidelines that medical coding and billing firms must achieve. The medical billing vendor that is fully compliant in all under HIPAA are authoritatively business associates of most ideal healthcare clients. This means they never reveal private information, take substantial deterrents with client data, and shield the uprightness of the client.
But another utmost and instantaneous requirement is to influence the company’s profits as to make certain you file the medical claims as rapidly and swiftly as possible. For this determination, you can farm out the situation to a medical billing vendor as they promise to adhere to a strict round-the-clock turnaround for medical claim filing. Also, they have the real strength and aptitude to make available the flexible times for patient queries from outpatient ambulatory surgery centers to large hospitals.
Nonetheless to share your medical billing success story across healthcare landscape, some essentials should be think through in accordance of what’s being said, demonstrated and delivered at any stage:
Medical Bill Repricing Solutions
It is for this reason, the top medical billing vendor companies are certainly in a successful partnership attitude that lay emphasis on prompt, practical and a patron-centric billing approach. The objective ought to provide excellence attention to injured worker’s compensation claims and effectual charge clarifications. It always starts by real-time bill review besides fake finding for self-insured houses, third-party administrators in addition to insurance companies. Such practices prevent excessive payments and endorse an equitable repricing level for reimbursement.
Non-Network Negotiation
The non-network negotiations possibly will continue to establish the average for fair and reasonable reimbursement aimed at medical billing claims. But getting the substantial discounts on non-network claims and to regulate 100 percent in excess of provider sign-off to ease the risk is always an ideal method used by medical billing vendors. The supplementary healthcare cost suppression approach can be used for any other reporting type in delivering fair and equitable money to the paymaster and reasonable payment to the provider as well.
Fragmentation into coordination
An outsourced medical billing claim service means that you have a complete squad of professionals who make sure that your entitlements get treated swiftly and precisely, sendoff your practice minus at risk to interruptions in cash-flow. When a physician confidence the chosen billing service company and works self-possessed with billing prerogative team, they develop long-lasting benefits like.
More focus on patient care
Improved cash flow
Reduced billing errors
Elimination of training costs
Ensured billing compliance
Decreased call volume
Regular reports about income
Reduction in storage space
Exclusion of costs linked with hiring additional workers
Reduction in patient satisfaction risks
Savings on software, billing equipment and more
Claim denials reduction
Monitoring and Analytics
Your days in A/R, or revenue cycle period has a noteworthy impression on your bottom line. A medical billing service mete out their overheads transversely the all-inclusive client based on providing an economy of scale, monitoring and analytics. Thought, such medical billing vendors can have the funds to chartering with the best staff potential, so that you pay a smaller amount for the comparable and frequently complex collection percentages. In addition to the uninterrupted fiscal advantage of greater returns as well as decreased costs.
Intiva Health is the first truly integrated career platform for healthcare professionals. It redefines the medical credentialing process by making it faster, more efficient and more secure.
Elevator pitch
Intiva Health provides healthcare professionals with a single place to manage their credentials,continuing education, new job opportunities, secure messaging needs and more. It is built on the Hashgraph digital ledger platform, which means it is faster, more secure, and more error proof than blockchain.
Founders’ story
Intiva Health was founded in 2006 as a staffing agency for surgical services and emergency rooms. Today the Austin, Texas, company it has reinvented itself as a digital health startup featuring a next generation blockchain technology that cuts the time it takes for the medical credentialing process from months to seconds, improves HIPPA compliance,and makes document tampering or theft almost impossible.
Marketing/promotion strategy
Intiva Health focuses its marketing and PR efforts on licensed medical professionals (LMPs), practice managers, and the facilities where they work including medical groups, hospitals and professional associations.The company launched a new brand awareness campaign in March 2018 that includedthe introduction of the Intiva Token, a new cryptocurrency that LMPs can use to purchase continuing education classes, cyber insurance and other services.
Intiva is also partnering with the National Osteoporosis Foundation to test the advantages of using the Intiva Token for charitable donations.
Market opportunity
The Intiva Health Platform automates the burdensome tasks of credential and licensure management, continuing education, and discovering job opportunities for healthcare professionals. Intiva Health’s new ReadyDoc™credential verification solution, built on top of the Hashgraph distributed ledger technology, disrupts the existing broken, slow, and error-prone healthcare credentialing system, which today can take weeks or months to verify credentials, and is subject to tampering.
Intiva believes that ReadyDoc can replace the current processes of credentialing and primary source verification by storing documents and credentials in a Hashgraph-based distributed ledger. Providers and facilities can obtain information that is pre-verified, securely stored, and readily available, creating an ongoing, self-auditing verification of provider work history and clinical reputation.
ReadyDoc will act fluidly between health systems and facilities across the U.S., allowing organizations to instantly verify work history and clinical reputations. In the event of an emergency like the Houston hurricane, facilities will be able staff up by vetting the credentials of qualified providers instantly. ReadyDoc eliminates redundancy and the need for third party verification organizations, letting medical professionals get to work sooner.
Who are your competitors?
We believe that Intiva Health is the first integrative platform to manage healthcare career information from one seamless dashboard. It is certainly the first to use the Hashgraph digital ledger technology and offer a cryptocurrency utility token. However, Doximity also offers a career management application for medical professionals.
How your company differentiates itself from the competition and what differentiates Intiva Health?
Intiva Health can replace the current processes of credentialing and primary source verification by storing documents and credentials in a Hashgraph-based distributed ledger. Providers and facilities can obtain information that is pre-verified, securely stored, and readily available, creating an ongoing,self-auditing verification of provider work history and clinical reputation.
VigiLanz and Cincinnati Children’s Hospital Medical Center announces a collaboration that leverages Cincinnati Children’s research on pediatric nephrotoxic kidney injury and VigiLanz’s capabilities to commercialize a solution for Acute Kidney Injury (AKI) in pediatric patients. Dubbed NINJA, or Nephrotoxic Injury Negated by Just-in-time Action, the solution enables real-time identification and monitoring of patients at risk for AKI due to exposure to nephrotoxic drugs.
Dr. Stuart L. Goldstein
“Pediatric acute kidney injury is a serious problem that traditionally could not be identified in real-time, which impacted our ability to identify the patients who most needed treatment,” stated Dr. Stuart L. Goldstein, MD, FAAP, FNKF, Director of the Center for Acute Care Nephrology and primary researcher on NINJA. “By partnering with VigiLanz, Cincinnati Children’s is applying our unprecedented research to a commercially-available solution that accurately characterizes pediatric AKI epidemiology, reducing AKI and improving patient outcomes.”
Commercially available to hospitals and health systems focused on mitigating pediatric AKI, NINJA automates a time-consuming manual screening process that includes evaluating patients for exposure to 57 nephrotoxic medications, imaging contrast dye, and recent renal testing. For medications, manual screening is limited to the last 24 hours, while the contrast dye evaluation requires reviewing records for the previous seven days to determine if it was received by the patient.
Leveraging NINJA algorithms built into VigiLanz rules, an AKI monitoring dashboard lists all patients that meet the NINJA exposure criteria, as well as the criteria that put the patient in the at-risk category. These criteria include medication exposure, serum creatinine data and patient history of AKI. When patients meet at-risk criteria, they are placed on the monitoring list in real time, where they remain until 48 hours after their risk has passed.
The platform also features metric outputs that can be customized with respect to service lines and time periods, while robust reporting tools provide the ability to trend conditions over time via automated run charts. It also enables automatic and customizable data extraction for all metric elements, including inpatient census by location or service line.
By B.J. Boyle, vice president of product management, PointClickCare.
B.J. Boyle
Interoperability, as it was envisioned, should be built on transparency and connectivity, allowing a patient’s critical health information to be easily accessible, regardless of where treatment is being administered. By creating an infrastructure that supports the sharing of patient data along the care continuum, hospitals, skilled nursing facilities (SNF) and long-term post-acute care (LTPAC) facilities can offer the best care possible. As a result, organizations that participate in interoperability best practices are positioned to become preferred providers.
Unfortunately, interoperability is still a work in progress for many organizations. While more than 95 percent of hospitals and 90 percent of office-based physicians are now utilizing electronic health record (EHR) platforms, many struggle with — or have reservations around — sharing information outside of their facility. As such, silos represent a great barrier to realizing a fully implemented state of interoperability.
The current data gap can drastically impact care. For example, a patient experiences a serious medical incident — such as a fall or stroke — and arrives at the hospital where staff may not have access to existing patient data which could inform the best delivery of care. Or perhaps they’re able to access that data, but not right away. Care is now delayed, which can be additionally concerning depending on the time-sensitivity of the patient’s condition.
Taking this example a step further, let’s explore what happens after care at the hospital has concluded. The patient requires rehabilitation, and a continuation of care document (CCD) is issued to a post-acute care facility. From there, the patient’s information is transferred by less-than-foolproof methods such as fax, for example. A glitch as simple as a jammed paper feed could prevent critical information from reaching the appropriate caregiver.
As value-based care and payment-care models are moving toward the forefront, blind handoffs of patient information are no longer viable, as they drastically increase the financial risks hospitals and payer groups are subject to — not to mention the clear detriment the system has on delivery of care.
Closing the gap
The larger question is how does the industry get from Point A to Point B? The easy answer is to liberate the data through a cloud-based infrastructure that supports an efficient, easy-to-access data exchange between all caregivers. An integrated solution would connect stakeholders across the care continuum, providing accurate insights when needed, eliminating data silos between care partners, and enabling more confident decision-making.
These systems would promote:
Optimized transitions: Data needs to travel with the patient — or before movement — discretely across all systems.
Patient visibility: Data should reflect the most current ADT information, identifying and sharing where a patient is and from where they’ve been discharged.
Central view of LTPAC patients: This facility-agnostic feature should offer automated updates of a patient’s functional progress.
Ongoing status and monitoring: Maintaining continued care is facilitated through alerts and notifications to caregivers regarding any change to their status or well-being and meaningful feedback on care pathway progress.
Facility performance: Beyond understanding a patient’s status, it’s also helpful to understand how facilities in and out of their PPN have performed.
Overcoming concerns
The concept of interoperability, in some ways, seems contradictory to traditional best practices. Healthcare organizations are charged with protecting patient data at all costs, and the idea of sharing data in a way that opens access to a wider group of stakeholders could give pause. Regulatory infractions for data loss in the healthcare industry can be steep, and the number of well-publicized data breaches in recent years reinforces how valuable health records are to both the organizations who keep them and those who try to steal them.
So, it should go without saying that an EHR “superhighway” must be developed with security in its DNA, taking stringent regulatory requirements into account. The good news is that the newest breed of information exchange platforms is being built with security roles in mind, drastically reducing the possibility of data loss.
The Health Insurance Portability and Accountability Act, known as HIPAA, was enacted in the United States in 1996. The legislation creates data security and privacy requirements for safeguarding medical information. In recent years, HIPAA compliance has become a hot button issue for software developers in the healthcare space, as a number of high profile data breaches compromised millions of patient records across the country.
If you’re developing an eHealth or mobile health app, it is vital that you determine whether your software could be subject to the requirements of HIPAA for medical software applications. Failure to do so could subject you to thousands or even millions of dollars of liability if the use of your application results in an unauthorized disclosure of health information that is protected under HIPAA. Here’s how to tell whether HIPAA applies to you, and how to know if your software is HIPAA compliant.
Does HIPAA apply to me?
Before you start worrying about compliance with the security and privacy requirements of HIPAA, you should determine whether they can be applied to you and your organization. Both the HIPAA privacy rule and the HIPAA security rule apply to all covered entities under HIPAA, such as health plans, healthcare clearinghouses and healthcare providers. The website for Centers Medicade & Medicaid Service offers a Covered Entity Guidance Tool that can help you determine whether your organization is a covered entity.
HIPAA was expanded in 2009 with the introduction of the HITECH Act and again in 2013 with the HIPAA omnibus rule which clarified the responsibilities of business associates of covered entities when it comes to managing privacy and security of patient records. Further guidance was issued in 2016 indicating that cloud service providers would also be covered by the HIPAA privacy, security and breach notification rules.
Software developers in the healthcare space need to tread carefully here – the original regulations of HIPAA that deal with covered entities probably won’t apply to most organizations creating eHealth or mobile health products, but if your app will manage protected health information and share it with any covered entities, such as health plans or doctors, then HIPAA applies to you and you must comply.
If your software collects protected health information from patients but does not share it with a doctor or another covered entity at any point, the HIPAA rules won’t apply to you and you don’t need to worry about compliance.
Required safeguards for software HIPAA compliance
The available data indicates that while theft of computing hardware was the primary cause of healthcare data breaches in 2017, the greatest vulnerability that was exploited was health IT networks. For software developers, the HIPAA security rule is the most likely potential source of compliance issues. The rule mandates three types of safeguards that protect patient data – administrative, physical, and technical. In creating these safeguards, software developers must establish a secure application where authorized personnel have access to the required patient information while unauthorized persons do not. Patient information must also be protected from alteration or destruction.
Administrative safeguards ensure that software administrators who make have access to the data are acting responsibly. If your software stores medical data, anyone with access to that data must be authorized and trained on the ethical and legal requirements of that access. Administrative safeguards include:
Security management process
Security personnel
Information access management
Workforce training and management
Evaluation
Physical safeguards help to mitigate data breaches by ensuring that only authorized users can access the facilities and machines where protected health information is stored. Physical safeguards include managed policies for:
Facility access and control
Workstation and device security
Technical safeguards present the greatest challenge for software developers building HIPAA-compliant products, as software bugs represent the best opportunity for data attacks against your organization. HIPAA does not detail exactly what firewalls, anti-malware devices or encryption tools should be used to secure your software against a data breach, but it does indicate the need for several types of controls:
The phrase “medical tourism” has been coined to describe the millions of Americans who are traveling across the globe to have surgery or other medical procedures performed. According to Visa and Oxford Economics, this trend is growing at a rate of 25 percent per year.
