Developments in technology have had a profound impact on nearly every aspect of our lives. We can hardly get through an hour without tech having an effect on what we’re doing, let alone a full day. From the morning alarm on our smartphones, to the Bluetooth sound system in our cars, to the social media accounts we share everything on, technology surrounds us.
Perhaps one of the aspects that many of us think the least about is how it has utterly transformed the way we manage our healthcare data. The development of electronic health records and, even more importantly, the cloud, have brought about all sorts of changes. Many have the potential to impact our lives in both positive and negative ways depending upon how they are managed.
When it comes to our health data, there is an added urgency in making sure everything is safe and secure no matter where it is ultimately stored. Well managed data can mean a more efficient and effective healthcare service, while mismanaged data can lead to the loss of personal information and an unraveling of the privacy most of us have come to expect in a professional healthcare setting.
Medical Records, HIPAA and the Cloud
In 1996, the United States government passed HIPAA, a landmark healthcare act that helped to create and enforce privacy and data security requirements associated with medical information. The act has since been expanded in an effort to keep up with modern technologies, and nearly everyone involved in the healthcare system is expected to follow the rules. Because of this legislation, one can expect that their medical records will be kept private unless they choose to release them, no matter where they are stored.
Cloud-based data storage and technology provides numerous benefits to the healthcare system including things such as better dataset analysis, improved efficiencies in individual patient care, and a much lower cost. However, it can also lead to a number of concerns, especially when it comes to HIPAA compliance. HIPAA rules not only apply to the medical facilities that are using cloud technology, but also to the tech vendors as well.
Unfortunately, just because cloud technology providers are not exempt from HIPAA rules, does not mean that they necessarily follow them. There is no real certification process and the government doesn’t exactly clear companies to work with healthcare organizations. It is completely up to the healthcare entity and the tech provider to make sure their services are meeting the necessary HIPAA standards.
Loopholes in the System
It may come as somewhat of a surprise to both patients and healthcare providers to learn that there are popular new aspects of medicine and technology that aren’t necessarily covered by HIPAA regulations. For instance, HIPAA does not cover anonymized data such as the data that is collected during genetic testing. Essentially, this allows for a patient’s anonymous information to be shared at will.
CareClinic acts as a virtual advocate that enables patients and caregivers to analyze the entire treatment experience outside the clinical setting (including meds, meals, symptoms, side effects, activities and other experiences) and analyze the resulting patterns and correlations that can help improve outcomes using AI.
Founders’ story: Akshay Khanna
I had experienced chronic fatigue and was looking to figure out why I felt the way I did. The only apps that were available in the App Store consisted of medication adherence apps, nutrition apps for tracking calories or fitness apps for exercise.
It wasn’t convenient to download three different apps and then try to make sense of all the data across all of them for me. It simply required too much work, so I made a simple web-based platform where I could record my health as needed day to day and have correlations automatically bubble up. It didn’t take long for others like myself to find out about what I was doing and started using the platform for tracking chronic disease. We soon decided to raise a seed round and built our mobile apps and now more than 30,000 users use our app.
Marketing/promotion strategy
CareClinic has not required too much marketing, it has been able to grow organically. We have users from the VA, CAMH and other patient groups promote our app to their patients. We have also partnered with pharmacies to provide our app to their patients for remote refills. Patients like the fact that they can order refills from the app automatically and the pharmacies are happy because they are able to improve help patients keep adherence rates high.
Market opportunity
Chronic conditions are on the rise across the world. More than 133 million Americans have a chronic condition, 12% of those patients have multiple conditions. Additionally, the optimal quality of life can be difficult with disease our app can lessen cognitive burden for patients.
Costs are also high for patients for non-adherence; not following overall care plan increases re-admissions. We seek to simplify the way patients measure and care for mental health & chronic conditions by helping people make smarter health decisions between professional care.
Who are your competitors?
There are many mobile health apps that do various things independently. However, CareClinic
is the only app that enables patients to create care plans to track and manage all aspects of their treatment within one app. We take this a step further by leveraging AI to bubble up insights that the patient would find beneficial. Our AI also works to keep the user safe by letting them know if there could be potential side effects, interactions and overdose. In fact, we are already one of the top three most downloaded apps for self-care treatment management for iPhones.
Current needs
We are currently in the midst of partnering with specialty drug companies, pharmacies, patient advocacy groups all of which have shown massive interest in adopting our platform to help patients improve outcomes. We are also in the midst of integrating with EMR/EHR and pharmacy management software to make sure there are no discrepancies in the patients’ prescription data.
Addressing the social determinants of health (SDoH) in communities is a hot topic of conversation in healthcare. The industry has bought into the theory that 20 percent of an individual’s health is determined by clinical care and the rest by social, economic, genetic and behavioral factors. But perhaps more importantly health systems need to recognize that they can’t solve this issue on their own.
From my perspective at PCCI, I’ve seen an increase in value-based contracting models in recent years, and health systems and physicians are looking beyond the four walls of their institutions to build relationships with outpatient, behavioral health, post-acute care, and now non-medical providers. The number and types of collaboratives between health systems and non-traditional providers has been growing over the past several years with a recent report gathering information on more than 200 different partnerships between hospital and community-based organizations across the country.
But while health systems may be embracing community provider relationships, I believe that sustainable success in addressing social determinants of health requires a fundamental shift in the way health systems view their role in improving the health of their communities.
Over the past ten to fifteen years there has been an evolution in how health systems have approached improving health outcomes. Initially health systems focused on providing high-tech solutions for care delivery such as robotic surgery, and advanced imaging techniques. Then to meet the need for increased access and demand for outpatient services, health systems seeded service areas with ambulatory surgery centers, urgent care, retail clinics, and physician offices.
In each of these evolutions the strategies centered on a solution created by the health system alone. And one could argue that the main beneficiaries of these investments were often the health systems themselves – increased market share, improved reimbursements. But such a self-centered approach will not work when addressing social determinants where the root causes lie outside the four walls of the health system.
Effectively creating a system of community will require a collaborative mentality from health systems. While they may have power and influence to gather partners to the table, execution of successful interventions lies with social services and community-based organizations that are the experts in understanding and helping individuals address social needs. Even if not leading, health systems should still be active participants in this work. Indeed, there are areas where their contributions to the organization of partners is critical:
Response by Kristin Simonini, vice president of product, Applause.
Healthcare has long been looked at as a laggard when it comes to adopting digital services. Part of that is due to the stringent regulations of the industry and the sensitivity surrounding personally identifiable information. Part of the blame, however, falls on healthcare providers themselves. As more and more providers in the industry start to embrace digital innovation, a number of key trends emerged over the past decade including:
The embrace of mobile technology for scheduling appointments and other routine tasks
Telehealth patients accessing doctors for consults, education, and certain outpatient treatments across a variety of fields
The IoT explosion (Fitbits and other wearables) providing customers health information to drive the healthcare they receive
Healthcare’s focus on patient experience means bringing a critical eye to current digital experiences. Ease-of-use and inclusivity must be considered to ensure high-quality digital experiences across all touchpoints, particularly on smartwatches, tablets, and smart speakers
In terms of predictions for 2020, we expect use of voice technology will continue to grow and empower the healthcare industry in new ways, including supporting patients. The benefits that voice brings to healthcare can be seen in medical record transcriptions, chatbots sharing the work, sharing knowledge, voice-user interface, and connecting clinics to customers.
In addition, AI will continue to impact the healthcare industry in numerous ways. As healthcare embraces AI, it will also need to address issues of bias. All types of AI – from virtual assistants learning how different users ask for the same thing, to healthcare apps identifying potential health issues from uploaded photos – have been hampered by the same challenge: sourcing enough data to teach the machine how to interpret and respond, and then testing the output at scale to ensure the results are accurate and human-like when necessary. To mitigate bias concerns, healthcare will need to make AI more representative of patients.
As the technology industry continues to experience continuous, rapid change and advancements, other industries are faced with the challenge of incorporating these new technologies, creating rules and regulations in order to ensure the safety and privacy of consumers and businesses. In 2020, technology will continue to lead to new developments in the healthcare industry, but will also leave room for new threats. In particular, telehealth will grow in popularity for both doctors and their patients, allowing for streamlined communication, more convenient consultations, an increase in treatment accuracy and the ability for patients to receive healthcare anywhere in the world.
As the health industry normalizes digitizing health data and providing telehealth services, we must also prepare for what lies in the year ahead for healthcare and data privacy – specifically as it relates to a rise in cyber threats, increase in regulations and the adoption of blockchain.
Protecting Privacy in the Wake of Cyber Threats
Today, telehealth is segmented, essentially meaning that “walls” exist in the network that protect data and act as a defense against hackers and cyber criminals. However, in the coming year, many networks will be streamlined and optimized into an end-to-end solution, likely under the umbrella of one vendor and cutting out third party applications. This has the potential to minimize costs, resources and time. However, accelerating digital health convergence in this way will open the door for network security vulnerabilities. Ultimately, this will provide hackers new avenues to access private patient data and find ways around pre-existing cyber defense mechanisms.
This increase in cyber threats due to the implementation of end-to-end solutions is something that the healthcare industry cannot be prepared for without proper regulation and a dedication to provider compliance.
Increasing and Reforming Regulations
As telehealth becomes a normalcy in patient-provider communication in 2020, we will see a rapidly evolving regulatory environment in order to combat the increase in cybersecurity threats and data breaches. This will lead to a need for additional regulatory compliance codes and demand for more security compliance assessments for healthcare providers and organizations engaging with personal health data.
After the enactment of the Affordable Care Act, insurers had to cut down on the “cherry-picking” of members and not provide insurance to just low-risk individuals. To some extent, the scope for earning high-profit margins had decreased for health insurance companies. This rule created an imperative for them to look for ways to curb expenses in other ways.
As a result, influential insurers came up with an innovative idea to merge with their contemporaries. Mergers and acquisitions reduce the competition and empower payers to negotiate better with the providers.
However, a lot of Medicare Advantage (MA) markets are served by just one or a small number of insurers and the competition is already bleak. If the few existing insurers also lobby to negotiate contracts, the providers wouldn’t stand a chance to get a decent deal.
US healthcare dynamics are already far from ideal with costs soaring high and quality parameters below most developing nations. The lopsided power play between providers and payers can exacerbate the existing healthcare problems.
To prevent this, the government is making it a point to put brakes on major insurance mergers and acquisitions. At the beginning of 2017 U.S. District John D. Bates ruled against Aetna’s acquisition of Humana. Along with that, the Anthem–Cigna merger was also stopped from going through. It seems like it’s time for payers to think beyond this strategy of creating an oligopoly. It also means that insurers have to compete with each other instead of relying on their collective clout.
Gaining an edge over competitors with improved star ratings
Now that there is no way for insurers to earn strong profits other than by capturing increased market share, they need to look for ways to increase the number of enrollments. For MA plans, their best shot to grow their member enrollments is by achieving credible star ratings. Medicare’s Star Rating system was developed to provide Medicare beneficiaries some concrete insights about a plan’s performance. Every year, CMS evaluates the performance of each MA Plan on quality and cost measures and rates them on a scale of one to five stars. The more stars a plan gets, the more appealing it appears to the beneficiaries, which leads to increased enrollments.
Every health plan aims to achieve maximum operational and cost efficiency and tries to create lucrative offerings for the members. However, unless they are able to do it better than other health plans, their efforts will not bear fruit. The first step to improving their Star ratings is to assess the performance measures of other health plans.
Evaluating the performance of MA plans over the last few years
In 2011, only 24 percent out of all MA Plans got 4+ Star Ratings. By 2018, this figure grew almost by a whopping 50 percent. In a bid to perform better, the health plans brought remarkable changes in their performance. As a result, member enrollments also increased by 17 percent in this tenure.
Since the inception of the Medicare Advantage, some measures were modified. However, there were 22 measures that remained consistent between 2009 and 2018. On calculating the average Star ratings of each measure, it was revealed that the average Star ratings had improved by 0.56. The average outcome measures had improved by 0.45 stars, the process measures by 0.49 stars, the patient experience measures by 0.55 Stars and the access measures by 1.12 stars.
Overall, most of the measures showed some improvement. Since 73 percent of the health plans have ratings above 4 Stars, it can be established anything below this can gravely impact the number of member enrollments. On top of that, to match the average performance scores of other health plans, health plans have to earn an average of at least 3.5 Stars.
Creating strategies to perform better than other health plans
An overarching picture of how all the MA plans in the country are performing can be helpful in revealing the measures you need to work on. However, understanding the area-specific operational nitty-gritty is important to find out what steps you need to take to improve the performance of your health plan.
Comparing your plan with top-performing health plans in your area and diving deeper into their measures can unveil what they are doing to perform better than others. This information can be instrumental in devising winning strategies to score star ratings that are better or at the very least at par with other high-performance plans.
Response by Christopher Gerg, CISO and vice president of cyber risk management, Gillware.
With 2020 nearly upon us, I am finding that many organizations are doing a poor job of prioritizing information security risks appropriately. Part of this is a product of how the information is presented and the context within which it is presented. Part of it is mindset – many organization’s management teams think of IT and information security as a cost center.
They also think of the role of technology as one of convenience; websites are a nice way to market your company, and email is a nice way to communicate. In reality, many organizations find that their entire business grinds to a halt when their computing infrastructure is locked up with ransomware. In addition, I think that senior management roles think about finances and classic business (MBA-style) strategy.
Ultimately, management can do one of three things to address a risk: fix it directly (buy something or change something), insure against the risk (transfer the risk to your cybersecurity insurance policy), or simply assume the risk (with knowledge of the impact if there is an issue as a result of the risk materializing).
A report of risk to management should include a discussion of the nature of the risk, a likelihood of it materializing, and finally the impact on the business. This will give management context to decide how to address the reported risks (in a language that business people will appreciate).
The solution revolves around communication. Basing the message in terms of risk to the organization, and having that be the core of your reporting is essential. Why do we need to change how we do something, or spend money to address something? What risks are we trying to address, and how significant are they? How will the proposed fix address that risk? Is it sustainable?
Everywhere, everyone is building dashboards: Tableau reports, Excel spreadsheets and others. To paraphrase many hospital leaders I meet: “We’ve spent tens of millions of dollars on an EHR implementation. On top of that, we have invested a lot on reporting capabilities; we have lots of dashboards throughout the hospital to keep track of everything. And teams of people dedicated to BI, reporting, data visualization, ETL, and custom report generation. How can we leverage this investment to improve operational performance?”
The issue is we often “admire the problem” and end up with results that aren’t too actionable, resembling what you can do by looking at yesterday’s weather. As an example, for operating room performance, most health systems can track room and block utilization and drill down to individual surgeons to see their metrics: utilization, first-case on-time starts, turnover time, etc. However, making the metric visible isn’t the same thing as improving on it. If a surgeon’s block utilization is, say, 53%, what can we do about it? Can we take away 47% of his or her allocated time? No. Let’s say, hypothetically, that we eliminated all first-case delays. Can we really reclaim those pockets of time and put cases in them? Not likely. So, what exactly is the purpose of measuring block utilization?
Going forward, hospitals will need to go beyond dashboards and describing or diagnosing the problem and actually predict what’s likely and prescribe the action they can take in a data-driven and defensible way. For example, in the above scenario, imagine looking at truly repurposable portions of time being left on the table by block owners; taking into account past case volume and mix, seasonality, and other key factors to predict which ones won’t need all the time allocated; and being able to produce the type of “prescription” that is surgeon-centric and data-driven as well as fully defensible.
Data will drive action based on prediction and prescription — much like Waze, Uber surge pricing, and so many other real-world examples that we all use in our day-to-day lives.
Healthcare has long been looked at as a laggard when it comes to adopting digital services. Part of that is due to the stringent regulations of the industry and the sensitivity surrounding personally identifiable information. Part of the blame, however, falls on healthcare providers themselves. As more and more providers in the industry start to embrace digital innovation, a number of key trends emerged over the past decade including:
As the technology industry continues to experience continuous, rapid change and advancements, other industries are faced with the challenge of incorporating these new technologies, creating rules and regulations in order to ensure the safety and privacy of consumers and businesses. In 2020, technology will continue to lead to new developments in the healthcare industry, but will also leave room for new threats. In particular, telehealth will grow in popularity for both doctors and their patients, allowing for streamlined communication, more convenient consultations, an increase in treatment accuracy and the ability for patients to receive healthcare anywhere in the world.
With 2020 nearly upon us, I am finding that many organizations are doing a poor job of prioritizing information security risks appropriately. Part of this is a product of how the information is presented and the context within which it is presented. Part of it is mindset – many organization’s management teams think of IT and information security as a cost center.
Everywhere, everyone is building dashboards: Tableau reports, Excel spreadsheets and others. To paraphrase many hospital leaders I meet: “We’ve spent tens of millions of dollars on an EHR implementation. On top of that, we have invested a lot on reporting capabilities; we have lots of dashboards throughout the hospital to keep track of everything. And teams of people dedicated to BI, reporting, data visualization, ETL, and custom report generation. How can we leverage this investment to improve operational performance?”