Guest post by Lucas Vogel, principal consultant, Endpoint Systems.
Lucas Vogel
Imagine being a software developer at a company where your job description involves building HIPAA-compliant apps and services. As you onboard with your new company, you receive some formal basic training and learn about the privacy, security and breach notification rules, and after some additional training on various topics about your job, you enter your department and get acquainted with your work environment. This is the point where you find out what you’re really getting yourself into.
There is a direct correlation between the maturity level of applications developed in your organization and the quality of your work life. For example, if you walk into a developer role for a healthcare provider, you’re likely walking into a large and well-established IT group with many old and new technology platforms deployed, where you’ll take your place with a department that’s existed for several years and does fairly predictable work on prebuilt systems. But let’s say you’re working at the more cutting edge of healthcare technology, at a startup straddling innovation with compliance. In that case, understanding HIPAA compliance can feel incredibly daunting, especially as you may essentially be learning as you go with little guidance.
The good news is that it’s never been a better time to work on HIPAA-compliant healthcare apps. Advances in identity and access management (IAM) and consent frameworks make it easier for apps to authenticate, authorize and audit users, logging who is performing what within your application; advances in machine learning make it easier to parse these log streams, detecting threats and anomalies to application use, among other countless benefits. Further advances in application architecture, cloud and API technologies, database and container platforms (not to mention containerized database platforms), and development methodologies over the past decade have dramatically changed the way companies build applications and deploy platforms, culminating in what is known as the “twelve-factor application.”
This summer, the U.S.-based pharmaceutical giant Merck has suffered the Petya ransomware attack that required to hand over a ransom or have its computers remain locked and inaccessible. One month before, the WannaCry ransomware attack devastated many big organizations around the world, including national healthcare organizations such as UK’s National Health Service (NHS).
Last week, cybersecurity experts warned that medical care would suffer from new additional risks they are not prepared to handle. The new threats are coming from the “Internet of Bodies” – IoT devices incorporated into human bodies for medical purposes.
“Healthcare companies are probably the most susceptible to upcoming ransomware attacks – and these attacks will come again, we have no doubts about it,” said Marty P. Kamden, IT security expert and CMO at NordVPN. “Outdated technology, lack of experience in managing the IT sector, and vulnerabilities of the new Internet-connected medical devices pose a grave danger to the safety and even lives of thousands of medical patients around the world.”
In fact, several months ago, the FBI (United States Federal Bureau of Investigation) issued a warning to all healthcare sector companies to remain vigilant of new cyber threats, possibly stemming from foreign governments.
Here is NordVPN’s advice about protecting healthcare companies from cyberattacks:
Don’t use FTP servers operating in anonymous mode. According to FBI, “some criminal actors from abroad are trying to target protected healthcare information (PHI) and other personally identifiable info (PII) from medical facilities to intimidate, harass, and blackmail business owners.” FBI was alerting healthcare companies against the use of FTP servers operating in anonymous mode.
You are as strong as your weakest link. Healthcare companies should choose their suppliers carefully and should work together with them to tighten overall IT security. The new trend is supply-chain attacks: attackers look for the weakest link in the supply chain to install their malware, which will affect all the companies within the chain. The supply-chain vulnerability was used in the destructive NotPetya attack, originating in Ukraine and branching out to various European and U.S. organizations.
Use a VPN. Healthcare organizations usually use Intranet for private internal communications, which include local area networks (LAN) as well as on-site networks. When employees need to access the organization’s Intranet while traveling or working remotely, they should use virtual private networks (VPNs) for a secure connection. When using a public or unprotected WiFi connection, VPNs create an encrypted tunnel that connects the computer and the Intranet or VPN server. This tunnel protects the connection from public access, should there be hackers ready to breach the system.
Many healthcare organizations refer to the at-home, at-risk patients as the “sickest of the sick.” Unfortunately, these patients may receive inadequate care and attention after being discharged and often rely on emergency medical services and/or the ED to answer questions and provide care in non-emergency situations. The model for treating these patients and attempting to keep them at-home (and not back in the hospital) has not changed substantially in decades. In an attempt to minimize re-admissions, hospitals may schedule case managers and/or nurses to physically visit these patients at-home in an effort to help the patients stay on track with their adherence.
However, this continuum of care model is not sustainable. The budget and resourcing implications are significant when most of the staff’s time is spent behind the wheel vs. in front of the patient. Significant opportunities exist for telehealth solutions to bring the care closer to the patient — at a more convenient and cost-effective manner for all involved.
Why Reducing Readmissions Matters From the patients’ perspective, returning to the ED and potentially being re-admitted is disruptive and stressful for patients and family. Patients may be put at an additional risk for hospital-acquired infections and complication. Returning to the hospital can also lower the rate of patient satisfaction and weaken overall outcomes.
From the perspectives of health systems and health plans, readmissions are costly. Since the introduction of HRRP (Hospital Readmission Reduction Program), hospitals that exceeded the national average of readmissions for specific conditions (within the 30-day window) have been penalized by a reduction of payments across all of their Medicare admissions. More than half of hospitals in the HRRP program were penalized the past five years, resulting in $528 million in withheld Medicare payments. Re-admissions can also negatively impact measures in Hospital Compare data, levels of provider satisfaction and the health system’s overall reputation in the community it serves. Re-admissions cost more than $26 billion annually but $17 billion is considered avoidable.
What Happens Today Keeping at-risk patients at-home is critical to reducing re-admissions and the associated consequences. Typical discharge programs with in-person appointment schedules often fail the at-home, at-risk patient, the providers, and the healthcare system by insufficiently engaging the patient at the point of discharge and upon returning home. The rates of patients being readmitted are significant:
Nearly 20 percent Medicare patients are readmitted within 30 days.
34 percent of Medicare patients are readmitted within 90 days and 56 percent within 1 year.
64 percent received no post-hospital care between discharge and readmission.
What happens in-hospital and at-home which leads to this situation? In-hospital experiences can adversely affect health and contribute to substantial impairments during the early recovery period, an inability to fend off disease, and simple mental error. As a result, patients may leave the hospital deprived of sleep, experiencing pain and discomfort, without sufficient nourishment, and with medications which may alter cognition and physical function.
When a patient is discharged, the patient may continue to face physical, emotional and even financial issues, depending on one’s condition, health history and home environment. A patient may be discharged without adequate instructions and information for self-care and follow-up. The patient may be provided with comprehensive verbal instructions but quickly forget the detailed instruction. Written instructions may be provided to the patient but the patient may fail to keep the information handy and/or share the information with family/friends serving as caregivers. Internalizing the discharge program and being able to practice self-care may also be negatively impacted by a patient’s level of English proficiency, health literacy, socio-economic status, gender and cultural background.
People perform better if they have a vested interest in the outcome of a given situation. Employees who are given an ownership stake in their company historically perform better and enjoy a higher degree of satisfaction from their respective jobs than do their non-stake-holding counterparts.
Recent research has shown that a similar premise holds true in healthcare. Patients who are engaged in their own care generally have better outcomes and enjoy higher satisfaction in the care they received. According to the American Journal of Managed Care, “A growing body of research has established the benefits of patient activation, which is defined as the knowledge, skills, confidence and motivation to make effective decisions and take action to maintain or improve one’s health.”
According to a 2016 New England Journal of Medicine survey of 340 U.S. healthcare executives, clinician leaders and clinicians at organizations directly involved in healthcare delivery, 42 percent of respondents indicated that less than a quarter of their patients were highly engaged, and more than 70 percent reported having less than half of their patients highly engaged. And to underscore the importance of this result, 47 percent of those surveyed revealed that low patient engagement was the biggest challenge they faced in improving patient health outcomes.
This is not only true for hospitals, but also for specialty care practices. In these environments, it is imperative that practices understand the very specific needs and behavior of their patients, so they can determine how best to conduct effective outreach that will increase patient engagement and patient portal utilization.
Importance of User Interface
A results-driven (or high performance) patient engagement platform helps turn patients into partners in their own healthcare. In addition, a proper next-generation solution supports compliance with MIPS (Merit-based Incentive Payment System), a component of MACRA (Medicare Access and CHIP (Children’s Health Insurance Program) Reauthorization Act), and with meaningful use (MU), by providing patients the ability to view, download or share their medical record. Payback is many fold: In addition to helping providers meet regulations through a user-friendly interface, patients are freeing up time for caregivers to spend with them by self-populating data fields that would previously have been handled by caregivers. This streamlining of the patient intake process delivers significant time and cost savings to the practice.
Equally important is a patient portal that helps patients remain engaged while enabling practices to comply with government requirements under meaningful use and the MACRA regulations, thereby increasing Medicare payments and minimizing takebacks. It is imperative that the patient portal seamlessly integrates with the organization’s electronic health record (EHR), health information exchange (HIE) and accountable care organization (ACO), if the practice is participating in one. Ideally, the solution should be able to adapt to any healthcare facility’s IT system—not the other way around. Patient engagement initiatives should permeate the practice’s entire healthcare ecosystem.
Engaging for ACOs, Triple Aim
Originally a concept born of healthcare reform, accountable care organizations (ACOs) were initially little more than a way of redefining the shared responsibility of doctors and hospital staff to coordinate care, improve quality and lower costs. It did not, however, specifically examine the role of the patient. That all changed when the Affordable Care Act (ACA) came along and the ACOs were officially codified into law. Furthermore, the law also recognized that ACOs could not succeed without patient engagement. According to the IHI, “quality,” in this case, is defined from the perspective of an individual member of a given population, hence the logical focus on patient-centric care and patient engagement.
Guest post by Ken Perez, vice president of healthcare policy, Omnicell.
Ken Perez
In 1992, the 340B Drug Pricing Program was created to give safety net providers—those that organize and deliver a significant level of both healthcare and other health-related services to the uninsured, Medicaid, and other vulnerable populations—discounts on outpatient drugs to “stretch scare federal resources as far as possible, reaching more eligible patients and providing more comprehensive services.” In simple terms, the program requires pharmaceutical manufacturers participating in Medicaid and Medicare Part B to provide discounts on outpatient drugs to 340B providers.
340B-eligible providers include various types of hospitals, such as Disproportionate Share Hospitals (DSHs), Critical Access Hospitals, sole community hospitals, freestanding children’s hospitals, and freestanding cancer hospitals. In addition, certain federal grantees are 340B-eligible providers, e.g., federally qualified health centers, and comprehensive hemophilia treatment centers. DSHs, freestanding children’s hospitals, and freestanding cancer hospitals need to have their Medicaid and uninsured populations account for 11.75 percent or more of their total patient populations in order to be eligible for the program. DSHs accounted for 75 percent of 340B drug purchases in 2011 and continue to account for the majority of the purchase volume.
The program benefits safety net providers by offsetting the cost of providing free or discounted drugs to patients who cannot pay and by generating funds to improve and expand programs such indigent clinics and free oncology services to low-income patients.
Eligible patients must receive services from a covered entity (CE), defined as the healthcare provider that has established a relationship with the individual and maintains records of the individual’s care. Contract pharmacies dispense 340B drugs to CEs’ 340B-eligible patients.
Importantly, CEs are able to purchase drugs for outpatient use at the sizable 340B discount for all their outpatients, not just their Medicaid or uninsured patients. As of October 2016, there were 12,148 CEs, and there were 2,871 hospitals as CEs as of July 2017. Total discounted purchases under the program have grown steadily during the past decade and reached $16.2 billion in 2016.
The program is administered by the Office of Pharmacy Affairs within the Health Resources and Services Administration (HRSA), an agency of the U.S. Department of Health and Human Services.
Controversies
For years, the 340B program has been fraught with controversy, with CEs and pharmaceutical companies defending and attacking the program, respectively. HRSA, the U.S. Government Accountability Office, and the HHS Office of Inspector General have all pointed out the lack of accountability and oversight of the program. There have been many reporting and program integrity issues. For example, in fiscal year 2016, 44 percent of CEs were found to have diverted benefits (discounted drugs) to ineligible patients.
Proposed Major Change to the Program
On July 13, the day after the conclusion of the 340B Coalition Summer Conference in Washington, D.C., the Centers for Medicare and Medicaid Services (CMS) issued its 2018 Medicare Hospital Outpatient Prospective Payment System (OPPS) proposed rule.
Contrary to the Trump administration’s deregulation bent, the proposed rule posited a dramatic reduction in 340B reimbursement of hospitals by CMS from Average Sales Price (ASP) plus 6 percent to ASP minus 22.5 percent.
Sherlock Holmes famously captured the popular imagination with his uncanny ability to make wild, but accurate, leaps of logic to solve mysteries. By observing Dr. Watson’s suit jacket sleeve, upon their first encounter, he was able to deduce that Watson was in fact a surgeon, in the British Army, and had recently returned from Afghanistan, where he had sustained an injury.
When he slowed down to explain his reasoning, it was easy to follow; what made his deductions impressive was how quickly he would skip from observation to conclusion. I’m no Sherlock Holmes, but it seems to me that chatbots are poised to take over much of modern healthcare.
As more data is moved to portals through EHRs and digital documentation, there is increased patient interest in and demand for other digital and remote encounters and health resources. This, along with improving technology and competitive solutions, is helping increase adoption of telehealth. So, patient portals lead to increased telehealth adoption.
Finally, although part of the premise and value of telehealth is enabling face-to-face encounters between caregivers and patients without respect to geography, hospital waiting rooms, or other physical barriers, it changes certain expectations. Like all mobile and web-based services, telehealth feeds a consumer mindset that expects everything on-demand, all but instantaneously, and highly customized at that.
While portable patient records facilitated by EHRs and interoperability can help this, customization and on-demand healthcare doesn’t just put pressure on records and data. Patients want fast and personalized answers. As customer service centers, tech support, banks and virtually every other consumer-facing industry has learned, a lot of the on-demand load can be pushed onto increasingly sophisticated chatbots.
So, telehealth leads to growing expectations for on-demand clinical encounters and chat, which is provided by chatbots.
The Case for Chatbots
Retail has previewed much for healthcare: See how customer service upgrades have turned everyone into “The Most Important Person Here” wherever they go, in person or online. Consumers demand personalization, expedition, authenticity and they want it all exactly when and where they want it. And now, see how AI is not yet taking over the world, but is making FAQs and other routine customer service interactions painless for those answering, and interactive enough for those asking.
Retail is even making inroads to healthcare, as consumer-facing devices promise to measure and track all manner of health metrics. Statistics-loving sports fans witness the increasing digitization and quantification of athletes, games, injuries and training, and they want a similar level of insight and precision for their own care. Mobile technology is redefining and disrupting even the oldest and most stable of markets and industries, bit by literal bit.
So how long until the dry, repetitive questions doctors routinely must answer in check-ups and physicals are ethically and effectively offloaded onto chatbots programmed to triage and educate patients without wasting valuable human resources? How long until using telehealth to keep nonemergency patients out of the emergency room merges with using chat and AI — the basic recipe for chatbots — to keep healthy but curious or concerned patients from wasting time and money going through full encounters simply to get their general questions answered?
It doesn’t take a lot of sophistication to realize the benefits of AI at scale. Google has all but taken over the modern world by connecting searchers with answers to their questions; Wikipedia has all but bankrupted the encyclopedia industry with free, accessible, general knowledge. In a world where health literacy is so lacking in the majority of the population, some interactive resources could go a long way to chipping away at ER overuse and healthcare overconsumption, just by giving people an alternative to seeing the doctor.
Automation of Care, Automation of Crime
As quickly as potential benefits can scale, very real risks and both moral and financial hazards scale even quicker.
The growing popularity and implementation of chatbots has given hackers and cybercriminals a new way to scam, defraud, and generally abuse unwitting consumers. Sometimes that means hackers take over a company’s chat system with their own bot and solicit data. Sometimes fraudsters attract visitors with a spoof website, then use a bot to similarly extract volunteered data at scale from misled visitors. However it is done, it scales almost as well as a more conventional data breach, and can be harder to detect or track.
Have you ever faced the dilemma when you visited a hospital or a pharmacy and have been told that the impending treatment or even the prescription will need a prior authorization?
Prior authorization has been a topic of debate in the healthcare industry for quite some time and it is important to understand the process in detail to be able to take the informed decision when required.
What is Prior Authorization in the healthcare sector?
Healthcare industry, in general, is quite complex in nature with a large number of standard rules and procedures to be followed. The concept of prior authorization or pre-authorization as it is commonly called is generally used during the payment from the insurance partner.
Prior authorization in the medical industry is an intermediary step mandated by the insurance partner that requires an approval from the insurance company in order to take a decision on whether they will/will not reimburse the cost of a certain treatment/prescription/medicine. To put in simple words, healthcare prior authorization is a health plan cost-control process that requires obtaining approval before performing a service to qualify for payment.
Important points regarding prior authorization
The concept doesn’t affect the cash transactions for prescriptions/ treatment
Prior authorization is only required by the insurance partner on those prescriptions when the medical billing is done through insurance.
Anyone who is uninsured or is willing to do the cash transactions, there is no need for getting any kind of prior authorization.
In normal circumstances, the prior authorization is required for pharmaceuticals, medical services, and durable medical equipment
Prior authorization predicament
Like any other process, there are pros and cons of the prior authorization process as well. While the process brings a certain accountability and cost containment for the players; fighting over prior authorizations costs several hours in lost productivity and an incredible amount lost in revenues as well, thus putting everyone in a difficult position.
The American Medical Association (AMA) along with the other stakeholders from the healthcare industry believes that prior authorization is actually a burdensome process that hinders the productivity and also timely access to treatment. The process puts a barrier for the patients in immediate need of the medical care by delaying the start of the necessary treatment/medical assistance required by the patient that can significantly impact the health outcomes.
The Current Reality
A recent survey conducted by the American Medical Association (AMA) reveals certain shocking findings:
Approximately 75 percent of the physicians who were the part of the survey described prior authorization burdens as high or extremely high.
Approximately 60 percent of physicians who participated in the survey reported that their practices wait for minimum of one business day to maximum three business days for prior authorization decisions on an average.
Approximately a third of physicians who were part of the survey raised concerns over man power inefficiency with staff who works exclusively on prior authorization requests.
Approximately 90 percent of physicians who participated in the survey reported that the prior authorization process often or always delays access to medical care to the patients
What are the disadvantages of the Prior Authorization process?
The process is time consuming, inefficient and lacks the transparency, which is crucial for the patients.
Disrupts the workflow of the medical facilities and the process of providing the quality care to the patients in need.
The processing of the prior authorization wastes a great deal of physicians’ or medical practitioners’ time that would be better spent with the patients and for the treatment.
The Road Ahead
Considering the inefficiency of the process of prior authorization and the various hurdles the patients seeking medical care faces, the American Medical Association (AMA) along with a group of experts from other medical and healthcare organizations came together in an effort to reform the inefficient prior authorization requirements imposed on the patients during the medical tests, devices, drugs, prescription and etc.
Purpose of the AMA and other medical organization coalition
The main purpose of the coalition represented by the hospitals, patients, medical group, pharmacists and physicians, is to make the process of pre-authorization simpler, faster and smoother.
The joint forum believes that the requirement of the pre-approval by insurers in the form of pre-authorization before patients can get the prescribed drugs or treatments can not only delay or interrupt medical services, but also poses the risk of medical complications due to delays in the process.
Editorial note: As of this publishing, the Graham-Cassidy healthcare proposal is likely dead, but the points made herein are still of importance.
Guest post by Naomi Lopez Bauman, director of healthcare policy, Goldwater Institute.
Self-appointed healthcare pundit Jimmy Kimmel is at it again.
Naomi Lopez Bauman
A couple of nights ago, Kimmel used his late night show to lambaste Sen. Bill Cassidy of Louisiana, one of the Republican sponsors of the Graham-Cassidy legislation that would repeal and replace parts of the Affordable Care Act (ACA), commonly known as Obamacare. Kimmel claimed that the proposal would roll back patient protections and drive more people into the ranks of the uninsured.
While Mr. Kimmel’s heart is in the right place, he is mistakenly conflating the program’s intentions with unattained outcomes.
As a parent with children with a chronic illness, I have spent stressful days and very long nights in the pediatric ICU, and I’ve felt extremely grateful for having health insurance coverage and access to a high-quality children’s hospital. But I also know the frustration of having post-ACA coverage with zero in-network providers within a reasonable driving distance of the capital city in which we live.
Yes, you read that correctly. While we were eventually able to switch policies and now have local in-network providers, my family is far from unique in facing unintended consequences of the law.
While President Obama repeatedly promised that the average family would see premiums drop by an average of $2,500 per year, they have actually doubled. According to ehealth, an online insurance broker, the average family premium is now more than $1,000 per month, and the average deductible topped $8,000 per year. In other words, the average family not receiving significant ACA subsidies and buying insurance on their own could easily spend $20,000 per year before receiving any significant health insurance benefit.
And that may go a long way in explaining why the uninsured rate is creeping up for those who don’t qualify for significant exchange subsidies. In fact, the Congressional Budget Office estimates predict an overall increase in the number of insured.
Back in 2013, the Congressional Budget Office predicted that without the ACA, there would be 186 million people covered by private health insurance in 2016. Today, there are fewer people covered by private insurance—about 177 million—than what the CBO estimated would happen without the ACA.
Most of the coverage gains that have been achieved are the result of Medicaid expansion, a program already facing long waits to access care. Today, the patients most in need of help are now in the back of the line behind able-bodied adults as a result of handing out Medicaid cards to millions without any plan or viable strategy for caring for the most vulnerable.
Kimmel is right to passionately crusade for healthcare access and affordability, especially for the most vulnerable. But it is time to face reality. According to the U.S. Census Bureau, more than 27 million remain uninsured, and that number will likely climb. Premiums are skyrocketing, insurers have fled the market, provider networks are shrinking, and Medicaid expansion is harming those who need care the most.
