The Health Insurance Portability and Accountability Act, known as HIPAA, was enacted in the United States in 1996. The legislation creates data security and privacy requirements for safeguarding medical information. In recent years, HIPAA compliance has become a hot button issue for software developers in the healthcare space, as a number of high profile data breaches compromised millions of patient records across the country.
If you’re developing an eHealth or mobile health app, it is vital that you determine whether your software could be subject to the requirements of HIPAA for medical software applications. Failure to do so could subject you to thousands or even millions of dollars of liability if the use of your application results in an unauthorized disclosure of health information that is protected under HIPAA. Here’s how to tell whether HIPAA applies to you, and how to know if your software is HIPAA compliant.
Does HIPAA apply to me?
Before you start worrying about compliance with the security and privacy requirements of HIPAA, you should determine whether they can be applied to you and your organization. Both the HIPAA privacy rule and the HIPAA security rule apply to all covered entities under HIPAA, such as health plans, healthcare clearinghouses and healthcare providers. The website for Centers Medicade & Medicaid Service offers a Covered Entity Guidance Tool that can help you determine whether your organization is a covered entity.
HIPAA was expanded in 2009 with the introduction of the HITECH Act and again in 2013 with the HIPAA omnibus rule which clarified the responsibilities of business associates of covered entities when it comes to managing privacy and security of patient records. Further guidance was issued in 2016 indicating that cloud service providers would also be covered by the HIPAA privacy, security and breach notification rules.
Software developers in the healthcare space need to tread carefully here – the original regulations of HIPAA that deal with covered entities probably won’t apply to most organizations creating eHealth or mobile health products, but if your app will manage protected health information and share it with any covered entities, such as health plans or doctors, then HIPAA applies to you and you must comply.
If your software collects protected health information from patients but does not share it with a doctor or another covered entity at any point, the HIPAA rules won’t apply to you and you don’t need to worry about compliance.
Required safeguards for software HIPAA compliance
The available data indicates that while theft of computing hardware was the primary cause of healthcare data breaches in 2017, the greatest vulnerability that was exploited was health IT networks. For software developers, the HIPAA security rule is the most likely potential source of compliance issues. The rule mandates three types of safeguards that protect patient data – administrative, physical, and technical. In creating these safeguards, software developers must establish a secure application where authorized personnel have access to the required patient information while unauthorized persons do not. Patient information must also be protected from alteration or destruction.
Administrative safeguards ensure that software administrators who make have access to the data are acting responsibly. If your software stores medical data, anyone with access to that data must be authorized and trained on the ethical and legal requirements of that access. Administrative safeguards include:
Security management process
Security personnel
Information access management
Workforce training and management
Evaluation
Physical safeguards help to mitigate data breaches by ensuring that only authorized users can access the facilities and machines where protected health information is stored. Physical safeguards include managed policies for:
Facility access and control
Workstation and device security
Technical safeguards present the greatest challenge for software developers building HIPAA-compliant products, as software bugs represent the best opportunity for data attacks against your organization. HIPAA does not detail exactly what firewalls, anti-malware devices or encryption tools should be used to secure your software against a data breach, but it does indicate the need for several types of controls:
By Freddie Tubbs, communication manager, Academized.
Freddie Tubbs
So much has changed in terms of healthcare over the last decade. Technology has advanced and improved processes – what used to take hours can now take seconds. This means a lot both to the medical community and patients alike.
It seems that almost every day, there is a new technological breakthrough.
Here we examine eight of the very best.
Online interaction
So called portal technology. Such a simple idea but so groundbreaking in its application, it simply means both doctors and their patients having access to their medical records and can interact with each other. It gives physicians the benefit of being able to see a patient’s full history while the patient can challenge and question any aspect they feel is incorrect. Acting as a safety net, it helps both sides spot any problems before they arise and gives patients more power over the information that is held about them.
Genomes
Understanding genomes and sequencing has lead to impressive breakthroughs in the treatment of cancers. Patient testing has allowed specialists to tailor treatments entirely towards individual patients, making it much more effective than a one-size-fits-all approach.
Theresa Kelly, a healthcare writer at Stateofwriting and UKwritings, said: “In my opinion this is probably the most relevant breakthrough in healthcare over the last decade. Being able to tailor treatments towards the exact needs of individuals is breathtaking”.
Fighting waiting times
Advancements in technology mean that hospitals and clinics needing to track down specialists, beds and even equipment can now use an electronic kind of tracking device. This made the waiting times much shorter which inherently relieved the stress off both the patients and the medical staff. Things happen quickly and everything is much easier to track.
Safer remotely
Gone are the days when older or vulnerable people have to wear a large buzzer around their neck in case of a fall. Nowadays, with the advancement of voice activated technology, these people have much easier time with all aspects of their lives. As a bonus, everything can be monitored remotely, and medical staff can react faster.
Messaging the smart way
With the advent of smart messaging services healthcare providers can receive the results of urgent test, the moment the are concluded and act upon them fast, especially if there is a need for a surgery or examination.
“Removing some of the anxiety that can build up while waiting for a result is almost as important as having the tests done. Healthcare professionals also get frustrated by long delays so with this advancement, everyone wins”, so says David Evans, a Tech Blogger at Boomessays.
By Ken Perez, vice president of healthcare policy, Omnicell, Inc.
Ken Perez
As widely reported, based on exit polls, healthcare—not the economy—was the top issue on voters’ minds in the 2018 midterm elections. This was due in part to the nation’s sustained economic recovery of the past two years, resulting in the current healthy state of the economy in general. In addition, Democratic Party political advertising emphasized healthcare—61 percent of pro-Democratic House ads from Sept. 18 to Oct. 15 mentioned healthcare, compared with just 10 percent of all Democratic ads in 2016.
According to several analysts, the Democrats’ success in taking back the House was largely due to their riding the “train of healthcare,” with a large proportion of Democrats in Congress supporting the idea of single-payer healthcare as embodied in Independent Vermont Sen. Bernie Sanders’s “Medicare for All” bill that he introduced in Sept. 2017.
Many of the most likely Democratic candidates for president in 2020 have publicly expressed their support of Medicare for All. Five of the seven most likely Democratic candidates from the Senate cosponsored the Medicare for All bill: Cory Booker of New Jersey, Kirsten Gillibrand of New York, Kamala Harris of California, Jeff Merkley of Oregon and Elizabeth Warren of Massachusetts. Some of the possible Democratic candidates from the House (e.g., Rep. Beto O’Rourke of Texas) and current and former Democratic governors (e.g., former Massachusetts Gov. Deval Patrick) are also Medicare for All backers.
At this point, what is the plausibility of Medicare for All becoming law after the 2020 elections?
It would obviously require the election as president of Sanders or a Democratic candidate who supports a single-payer system. In addition, the Democrats would need to retain their new majority in the House, and they would also need to attain a 60-seat majority in the Senate to overcome a possible minority party filibuster by the Republicans, assuming their united opposition. Note that the Patient Protection and Affordable Care Act passed in the Senate by a 60-39 vote, with not a single Republican senator voting for the bill.
A 60-seat Senate majority for the Democrats is not very likely to happen in 2020. Evidently, the Democrats will have 47 seats in the Senate once the 2018 midterm election results are finalized. The most aggressive current projection from a Democratic perspective regarding their Senate prospects in 2020 is a flipping of five seats presently held by Republicans (in Arizona, Colorado, Iowa, Maine, and North Carolina), resulting in a 52-seat majority. However, even that outcome would be eight seats short of the 60 needed. Thus, it appears that it would take some combination of executive branch meltdown (e.g., impeachment proceedings) and retirements by multiple Republican senators during the next two years in order for voters to flip an additional seven seats in the Senate to the Democrats in 2020.
High-quality affordable healthcare is important to help eliminate healthcare disparities and works to improve the overall health of the population, whereas more expensive healthcare increase the disparity between health of the affluent and the less well-off.
The cost of healthcare varies dramatically around the world. Many health systems are struggling to update aging infrastructure and legacy technologies with already limited capital resources.
As healthcare costs increase, affordability and insurance coverage remain problematic.
In the United States, deductible cost increases are far outpacing increases in costs covered by insurance.
Brazil’s private health insurance sector lost 2.5 million beneficiaries between 2014 and 2016 due to the country’s high unemployment rate. Added to that, companies in Brazil had to cut expenses, and changing their employees’ health insurance plan to a cheaper one was a popular option.
As mentioned previously, lack of access to care causes an increase in hospital and urgent care visits.
According to Centers for Disease Control and Prevention (CDC), 79.7 percent of non-admitted emergency room patient visits were due to lack of access to a healthcare provider. A recent study published in the Journal of American Medical Association estimated $734 billion (27 percent) of all healthcare spending was wasted on unnecessary services, inefficiency and inflated prices.
Similarly, according to Truven Health Analytics, 71 percent of emergency room visits with employer-sponsored insurance coverage are ambulatory sensitive, and could have been managed in an outpatient care center.
Moreover, as shown by the rise in medical tourism as a new industry, there is now a greater cost disparity in accessing healthcare than before. This new industry shows the cost of healthcare is such that patients are increasingly willing to travel overseas in order to take advantage of more competitive pricing for healthcare in other countries.
This makes it easier to connect patients in one geographic location to physicians in another, which can dramatically reduce costs, and create a freer and competitive market for high-quality medical services.
Today’s consumers want to take responsibility for managing their own health. Yet, most feel they don’t have the information and tools to do so. In other industries, customers can easily access comparisons of features, benefits, and costs to guide their purchasing decisions. In contrast, the healthcare industry presents a huge array of confusing choices, contact points, and service flows without any upfront pricing information.
Seventy-five percent of consumers consider their healthcare decisions as the most important and expensive decisions they make. Yet, the process of choosing and paying for medical services can be so daunting that patients often decline treatment simply to avoid the confusion and expense.
To make better decisions, healthcare consumers are increasingly expecting—and demanding—better information and more transparency from healthcare providers. They’re also asking for more of a partner relationship rather than a one-way dialog from medical provider to patient.
At the same time, as healthcare costs continue to rise, consumers are required to assume responsibility for a larger share of the costs of health plan premiums, co-pays, and out-of-pocket expenses, with no way to offset the cost.
By Christine Alfano, senior director of marketing, Vyne.
Christine Alfano
Most practices are looking for ways to keep their chairs full by attracting new as well as continuing treatment with existing patients. Keep in mind that all of the things we’re going to discuss in this article, also apply to your existing patients. After all, with so much competition in the market today, you can never assume that just because you have seen a patient in the past they will return to your office.
What’s the first encounter or first impression that most prospective new patients have with your dental practice? At a recent conference, dental professionals gave a multitude of answers like phone calls, the front desk person, the building/office, but most of them missed the mark.If you said, visiting your website or searching online, you get an A+! Nowadays, the way people find a new dentist is by searching online and visiting your website, so, if you’re not actively working on those two things in your practice, and want to grow your patient base, you’d better get started!
If you have a website, make sure it’s relevant and up-to-date. A site that looks 10 years old and has out of date information or events, gives the impression that you don’t care and that’s not a good first impression.
If SEO and responsive websites are terms that make you scratch your head, it’s okay. You don’t have to be the online marketing expert. There are a lot of great resources online for creating an online presence and there are a lot of partners and services available as well. Just be sure to invest your marketing dollars wisely, measure the results, and you will see the ROI.
Hire friendly people and greet your patients.
This may sound really simple, but hear me out. Once a prospective patient has visited your website and decided to make an appointment, your people are up to bat. Your team members and their attitudes are the thing that will leave the longest lasting impression on a patient. Make sure that you’ve properly trained everyone on office etiquette, greetings and expectations.There is nothing worse than getting to a practice, walking in and not being greeted immediately.
Here’s a real-life example that happened to me recently. I walked into my dentist’s office for a 1 p.m. appointment, there were about four ladies at the front desk: one was on the phone, and no one else was in the waiting room. I’ve always had a great customer service experience at this practice and I love my doctor, but to my surprise, when I arrived, no one said a word to me. I went ahead and scribbled my name on the sign-in list and sat down while they all discussed what to order for lunch. They never acknowledged me, but a couple of minutes later, the hygienist came to the door and called me back for my cleaning. The appointment itself went great (as usual) but that initial experience left me with a sour taste in my mouth. I’ll give them the benefit of the doubt and go back, of course, but I wonder if I’d been a new patient with no other good experiences to recount, would I be so forgiving? Think about it …
Solicit feedback from your patients
The best way to know how you’re doing is to ask. Whether you ask them on their way out as they setup their next appointment, send them a follow-up email survey or text message, or call them a day or two post-appointment, ask your patients if everything went okay with their appointment, if there’s anything your team could improve upon and if they have any suggestions for ways that you could better serve their needs. People like to be heard and while, not everyone may be as willing to complete a survey, you’ll never know unless you ask.
If you have a referral program, let your patients know about it when you ask how the appointment went so that it’s more of a conversation than just a satisfaction survey. You may even want to try incentivizing them to participate. For example, if they are happy with the services provided, ask if they’d like to provide an online review or give them a card to share with a friend. Once the review is posted or the referral card returned by a new patient, you can reward them with a gift card as a token of thanks.
By Grace Carter, freelance healthcare writer, OX Essays.
Healthcare industry requires a number of different skills in order to be successful. The job combines organization, practical knowledge of innovations, and professionalism. Your resume should reflect this kind of experience and skill, or your chances of getting a call back are slim. Read on to find out how to write a healthcare resume that will get you an interview.
The objective statement is becoming less of a popular option, instead you should write a summary. Here you will give a quick statement, summarizing your skills and experience in a sentence or two. You’re trying to get the hiring manager interested in reading further. Your summary will go at the top of the page and include a good snapshot of your healthcare skills and experience.
Highlights
A highlights section is very important when you’re creating a healthcare resume, it will be the next section after your summary. The highlights section is similar to the summary, in that it is like a greatest hits, but it will be more exhaustive and in point form. You can include attributes, skills, and work experience here. Did you go to medical school? Are you a certified? These are all things you could potentially put in your highlights.
Accomplishments
“Now it’s time to provide some proof that you can get the job done, and do it well. Talk about some real world, quantifiable career accomplishments that are healthcare related,” recommends Sandra Bealer, resume editor at EliteAssignmentHelp. Some people will include their relevant education in this section. Have you run a healthcare business? Talk about these kinds of things, and if you can, use numbers to back up your claims. Give some details about projects you were a part of, what your role was, and how you were an asset.
Experience
Use your work experience section to show how aligned your previous experience is with the position you’re applying for. You only have so much space, so be selective about what you include. Prioritize the experience that is most relevant to healthcare. Remember to match the keywords you are seeing in the job posting, or your resume could be filtered out by a computer program before a hiring manager even gets a chance to look at it. Put your most recent experience first, and list your past positions in reverse chronological order. Write the position you held, followed by the time period, followed by the company and it’s geographical location. Include a few lines describing your duties and responsibilities at the position. Don’t forget to use action verbs. Remember this section is for your everyday tasks, your big achievements can go in the accomplishments section.
Work on your writing skills
It’s crucial that the writing in your resume is professional and grammatically correct. One of the quickest ways to disqualify yourself is a typo or other error. These kinds of mistakes make it seem as if you can’t be bothered to edit your resume. Try out these tools for help writing your resume.
Resumention — This is a service specially geared towards improving your resume so that you get your interview. Learn extra tips and tricks for resume writing here.
ViaWriting and SimpleGrad — Use these grammar resources to check over your resume and make sure everything is correct. Don’t let a silly mistake ruin your chances of getting a healthcare job.
OXEssays and UKWritings — These online proofreading tools, suggested by UK Writing Services Reviews, will give you a piece of mind. Why? Because you’ll know that your resume has been proofread by experts and is good to go.
Studydemic and MyWritingWay — Give these career writing blogs a read. They’re full of useful tips and tricks for writing resumes and what to do in the interview.
Abbott and The Chertoff Group, a security and risk management advisory group, have released a white paper that shares key findings from a recent study of 300 physicians and 100 hospital administrators on cybersecurity challenges in the hospital environment. Results found that while physicians and hospital administrators view cybersecurity as a priority, the majority of them feel under prepared to combat cyber risks in the connected hospital.
Chris Tyberg
“Cybersecurity is a shared responsibility across all of us working in today’s healthcare system,” said Chris Tyberg, divisional vice president, product security, Abbott. “Hospitals are critical hubs within this system, and as the use of advanced medical technology and attention to cybersecurity and connected health increases, it is important for us to understand the challenges hospitals face and how we can collaborate on potential solutions.”
The survey revealed several key findings, including:
Cybersecurity is a priority in today’s connected hospital: 92 percent of physicians and 91 percent of hospital administrators say that keeping patient and hospital data secure is a focus of their hospital.
Physicians and hospital administrators feel underprepared to combat cyber risks: 75 percent of physicians and 62 percent of hospital administrators feel inadequately trained or prepared to mitigate cyber risks that may impact their hospital.
Physicians and hospital administrators view medical device cybersecurity as a shared responsibility: 71 percent of physicians and 74 percent of hospital administrators believe cybersecurity is a shared responsibility among all participants in the healthcare system.
Communication about medical device cyber-related vulnerabilities can improve: Only 15 percent of physicians and 45 percent of administrators report having seen or read advisories related to medical device security in the last six months.
Standards are widely desired: 82 percent of physicians and 73 percent of administrators believe there should be industry-wide standards and consistent terminology.
Using these survey insights, Abbott partnered with The Chertoff Group to develop the white paper on connected healthcare security, which outlines key considerations for managing cybersecurity risk in the connected hospital. The white paper, “Building a More Secure Connected Healthcare Environment,” identifies members of the healthcare ecosystem can work together to mitigate cybersecurity risk while preserving the benefits of connected medical devices for patients.
The white paper calls for the healthcare industry to come together to address three key areas:
Industry-wide standards and cybersecurity by design to ensure cybersecurity protections are built into medical device development and that physicians and patients feel confident in the security and safety of the devices they use.
Investment in cybersecurity incident response processes for identifying and responding to vulnerabilities in a timely manner, while supporting safe clinical care.
Improved education, focus and training to increase all stakeholders’ understanding of cyber risk in the healthcare setting.
There’s no shortage of news stories and think pieces outlining the ways regulations have hurt healthcare in the U.S., from spending to physician burnout. (Notably, there’s also no shortage of stories claiming the opposite.) Regardless of this debate around benefits vs. protections, there are a few non-negotiables–like doing everything possible to prevent a breach. Patients are entrusting organizations with their health data in way that they don’t understand and failure to protect their data can lead to clear and direct harm (via embarrassment, or identity theft–healthcare records are considerably more valuable than credit card numbers, or discriminatory practices from employers).
As a result, many engineering and IT departments in the healthcare industry accept a reduced level of function and service in order to avoid costly penalties. Unfortunately, this also harms their customers because of reductions in the effective level of care.
New, smaller and more agile healthcare companies are encountering these legacy environments. For example, they may only be able to get a “data dump” every week (or month) from partners, and many of the organizations they partner with are exporting data in formats that are expensive to work with, like retro formats from ’70’s and ’80’s mainframes.
This is a problem in an era where customer service has become the crux of any business. The healthcare providers that don’t change because of the regulatory risk will not be able to build a quality consumer product, even for internal platforms. And internal products have to be consumer grade, now, as well. We’ve talked with doctors who changed jobs because their hospital adopted a medical record system that was bad.
The truth is that newer technologies can allow healthcare systems to do both, but fear of transition and possible compliance violations are holding progress back. And that’s why, in 2018, we can get a probe to Pluto but we can’t send over health records within minutes of a patient’s request. To scale a new infrastructure and workflow for the largest healthcare systems is a huge project, so changes with clear benefits–like DevOps practices, iterable software development and a constant release schedule–are met with resistance. Here are three ways healthcare systems can start digging themselves out of this:
#1: De-silo. Most have heard this advice, but acting on it is different for every organization. At a high level, most healthcare IT departments have a compliance group, an infrastructure group, a security group and a product engineering group, all working independently of each other. The compliance group (usually lawyers and analysts who often lack technical expertise), need ongoing conversations with engineering and security so that the latter understands the compliance requirements. In return, those teams can help the compliance group understand trade-offs, what’s realistic, anticipated roadblocks, etc.
Security teams tend to develop their own compliance controls internally and often don’t tie back their controls to actual regulation and policy. The infrastructure engineering teams are concerned with implementing compliance and also care that the system is always available to customers. The product engineering team wants to build something of value that keeps customers safe and meets their needs. All of these different priorities require complex tradeoffs, making it unsurprising that systems don’t fulfill customer expectations. To de-silo here, compliance teams should act as consultants to product teams and help them understand the compliance requirements. Additionally, consider merging the defensive security and infrastructure teams into a single team with a safety and availability mandate; high-quality infrastructure and high quality security end up at the same place.
There’s no shortage of news stories and think pieces outlining the ways regulations have hurt healthcare in the U.S., from