Guest post by Rashmi Katiyar, director, Kratin LLC.
Rashmi Katiyar
I read an article recently in the favor of mobile development in healthcare, though the article was making sense to me, it got comments like “mobile is good but we have many other challenges to cater and mobile is far low on priority.”
As an immediate reaction, I agreed to this comment, but it kept me bugging over the time. When mobile is so powerful (with its reach) so connected why it can’t solve bigger problems? May be they are not thinking mobile beyond “find a physician” or “fitness step count” apps. There are actually endless opportunities and much more serious tasks await smartphone, in healthcare provider perspective.
Patient Assistance: Mobile can be handy guide for a patient outside and inside hospitals, it can not only give information about your facility, services and physicians but also can keep your patients engaged with notifications , health library, you tube channels , care gap management, immunization schedules, etc.
Physician Assistance: In today’s competitive healthcare industry with growing ACOs and other policies it’s equally important to keep your physicians engaged and equipped. Handy & secure access to needed information like patient data , technical terms, on call schedules etc. assist doctors, nurses and clinical staff to increase overall coordination among the care team and achieve greater satisfaction.
Population Health: Good mobile application provides opportunity to stay connected with wider number of people beyond patients, as a result it’s easy to run real-time push surveys, polls and run healthy community forums across. Social and mobile plays vital role in information spreading process, with access to more number of people things can be done altogether at different scale.
These are just some of the very high level thoughts; mobile applications are growing richer in capability and technology. One of the biggest benefits of staying connected to the patients beyond the walls of the hospitals is; it allows care team to keep check on adherence and wellness of the patients, which avoids re-admissions and reduces overall cost of care.
We discuss possibilities with various IT teams from different hospitals, more we talk more I feel the need for healthcare providers to embrace mHealth for better health outcomes and truly emerge as fee for value organization catering to not only about patient’s illness but about wellness of the each and every individual in its sphere.
Guest post by Cheri Bankston, director of clinical advisory services, Curaspan.
Cheri Bankston
As physicians across large and small practices struggle to prepare for the many payment reforms under the Medicare Access and CHIP Reauthorization Act (MACRA), Centers for Medicare and Medicaid Services’ (CMS) Acting Administrator Andy Slavitt recently suggested that MACRA could be delayed from its intended Jan. 1, 2017, start date. He also proposed that reporting requirements may be adjusted to ease the burdens on physicians. For example, data and measurements could be potentially submitted through an automated method.
MACRA is expected to greatly transform how Medicare pays for physicians and other clinicians who participate in the fee-for-service program. Under MACRA, payment changes will be split into a two-track system for Medicare reimbursement:
Merit-based Incentive Payment System (MIPS) is for providers who operate using fee-for-service reimbursements. This new program combines parts of the Physician Quality Reporting System (PQRS), the Value Modifier (VM), and the Medicare Electronic Health Record (EHR) incentive program into one single program for participants.
Alternate Payment Model (APM) is for physicians who take on a significant caseload of patients. New payment models enable health care providers to be paid by Medicare. From 2019 to 2024, CMS may pay some participating health care providers a lump sum incentive payment.
How This May Impact You
Working with physicians and understanding their business model is the core of transition management, especially for physicians who are providing care to patients in the Fee-for-Service program. With a deeper understanding, it is easier to foster a more collaborative and effective relationship. Hospitals have been paid a lump sum since the early ‘80s, but it is important to recognize that some physicians and physician groups do have patients enrolled in bundled payment models and others who are not. So how important is it for case managers to know how a physician is paid? For a case manager to properly perform their job, they must know how the business of health care functions.
Guest post by Stu Sjouwerman, founder and CEO, KnowBe4.
Stu Sjouwerman
Bad guys are abusing the Social Security Administration’s (SSA) online service called My SocialSecurity Account in two ways:
A phishing scam that encourages employees to create an account, where your user enters all their confidential information at the scammer’s site, leaving them open to ID theft and social engineering attacks with that data and infect their workstation either in the office or the house.
The scammers set up My Social Security Accounts on behalf of people, and change the account to direct the benefits checks to a bank account they control.
Basically, this “My Social Security Account” is very useful. It allows you to set up a personal online account that enables you to view your earnings history, estimates of benefits, change your address or start or change direct deposits of your check into a bank account. The SSA also supports two-factor authentication, which is good.
However, it’s a heaven for scammers. Yes, to open an account the SSA requires verification of personal data by asking questions that only the Social Security recipient should know but this info is easily available to an identity thief, who can open an account in the name of the intended victim.
The introduction of two-factor authentication does not prevent an identity thief from initially setting up a My Social Security Account in the name of their victim, and we all know that you can social engineer the user to send the 2FA code to the hacker.
What to Do About This
I suggest you send your employees, friends and family the following. Feel free to copy/paste/edit:
Guest post by Tatsiana Levdikova, copywriter, EffectiveSoft.
Tatsiana Levdikova
The DICOM format has appeared more than 20 years ago. Since then a number of technological advancements have taken place resulting in better resolution in such files and an increase in volume of data. New technologies made it possible not only to get just an ordinary photo, but an animated image. Such new options had direct impact on a size of data being processed by DICOM Viewers.
In the meantime, many hospitals continue to use DICOM viewers that were created many years ago. These viewers work slower than latest solutions and lack many useful functions. Besides, they cannot master a growing volume of data. But hospital staff are reluctant to stop using outdated solutions, and there are some reasons for such attitude:
health professionals are sure that solutions they have been using for years are reliable;
there is no need to train the staff, so no extra expenses are involved;
a software update, as a rule, goes hand in hand with a hardware update, thus leading to new expenses.
Consequently, hospitals have to solve the dilemma; they have latest diagnostic equipment that undergoes regular updates, while their software is too old to work with large volumes of data.
Exploring the Paradox
Health professionals do not participate in development of software they make use of. Being user expertise bearers since they deal each day with images, make diagnosis and conduct researches, diagnosticians barely have relation to the development of software they use.
To keep up with latest developments in the field of diagnosis, healthcare facilities have to look for opportunities to make improvements in the diagnostic software, and in DICOM viewers, in particular.
DICOM viewers’ development prospects
There are a number of lucrative directions that DICOM viewers’ developers should bear in mind.
Collaboration plays a crucial role in making a diagnosis. Diagnosticians often consult each other if they have some doubts or if there is a need to get access to a medical history of a patient.
DICOM viewers could become a solution by providing its users with remote access to images. Besides, they could become a tool for an online discussion (where participants could use different graphic tools to review images).
Import of images from different sources (e.g. from one hospital with its own requirements to file formats to another) and their displaying according to requirements and standards of each health facility.
A built-in set of instruments can be extended by improving their functions by giving DICOM viewers’ users to ability to utilize an advanced review, create annotations and notes, measure angles, circles, add annotations, etc.
DICOM viewers could automatically compile medical assessment reports on the basis of available annotations, with hyperlinks to particular images and image areas.
DICOM viewers could also be used in workflow managing by forwarding processed images to other experts for additional research.
Three dimensional modelling is one more promising direction for DICOM viewers, and auto adjustment of images by improving their quality by using latest algorithms for dealing with pixel images seems to be a solution in this case.
Difficulties Developers of Healthcare Software and Health Facilities Face
Quality and accuracy of healthcare software’s work must be very high, and there must be no room for mistakes in order to eliminate a possibility of a medical error. This makes testing a very important part of the development process, and it accounts from 40 percent to 60 percent of the total development time.
Guest post by Santosh Varughese, president, Cognetyx.
Santosh Varughese
The U.S. healthcare industry is under siege from cyber criminals who are determined to access patient and employee data. Information security think tank Ponemon Institute’s most recent report on healthcare cyber security, published in May 2016, revealed some sobering statistics:
In the past two years, 89 percent of healthcare organizations – and 60 percent of their business associates (or BAs) – experienced at least one data breach, with 79 percent experiencing two or more breaches. The most commonly compromised data are medical records, followed by billing and insurance records. These breaches have not declined since Ponemon began tracking them in 2010.
The average cost of a healthcare data breach is about $2.2 million.
Criminal attacks, from outside the organization or from malicious insiders, account for half of all healthcare data breaches, the other half being due to mistakes by employees or BAs.
The majority of respondents (69 percent of healthcare organizations and 63 percent of BAs) feel that the healthcare industry is at greater risk of breaches than other industries. Despite these concerns, the majority of respondents reported that their organizations had either decreased their cyber security budgets or kept them the same.
Another study conducted in April by IBM, found similar problems, as well as insufficient employee training on cybersecurity best practices and a lack of commitment to information security from executive management.
With only about 10 percent of healthcare organizations not having experienced a data breach, hackers are clearly winning the healthcare data security war. However, there are proactive steps that the healthcare industry can take to turn the tide in its favor.
Data Security Starts with a Culture of Security Awareness
Both the IBM and Ponemon studies highlight an issue that experts have been talking about for some time: despite increasing dangers to information security, many healthcare organizations simply do not take cybersecurity seriously. Digital technologies are relatively new to the healthcare industry, which was very slow to adopt electronic records and when it finally did so, it implemented them rapidly without providing employees adequate training on information security procedures.
Unfortunately many front-line employees feel their only job is to treat patients and that information security is “the IT department’s problem.” These employees fail to grasp the importance of data security, and are not educated on the dangers of patient data breaches, reflected in Ponemon’s findings that employee mistakes account for half of all healthcare data breaches.
The healthcare industry needs to adjust this attitude toward cybersecurity and implement a comprehensive and ongoing information security training program, and cultivate a culture of security awareness. Information security should be included in every organization’s core values, right beside patient care. Employees should be taught that data security is part of everyone’s job, and all supervisors – from the C-suite down to the front line – should model data security best practices.
Additionally, organizations should implement physical security procedures to secure network hardware and storage media (such as flash drives and portable hard drives) through measures like maintaining a visitor log and installing security cameras, limiting physical access to server rooms, and restricting the ability to remove devices from secure area. Continue Reading
Guest post by Dan Hickman, chief technology officer, ProModel.
Dan Hickman
With six in 10 U.S. hospitals functioning at operational capacity, patient flow optimization provides one of the most cost-effective ways to increase a hospital’s bottom line.
Around 6 a.m. every day, hospital-wide “huddles” occur to discuss and determine a collective understanding of the state of operations. Most of these huddles take less than an hour and provide hospital and departmental leaders a snapshot of census status and expected discharges.
But hospitals are complex, dynamic systems. By 7 a.m. a flood of patients could hit the ED, affecting everything from staffing to the census, and carefully crafted plans disintegrate.
Consider the current state of patient flow at most hospitals.
Most health systems today have a reactionary approach to admit, transfer and discharge (ADT), patient flow, census, and staffing. Moreover, there is no way of accurately predicting future patient flows to right-size staffing and optimize workflows.
Discharge processes are open loop, resulting in costly delays. Most hospital staff use spreadsheets stating the number of discharges planned for the next 48 hours. However, there is no way to look at patient census with diagnosis codes tied to the typical length of stay.
The current state of patient flow results in multiple problems:
For many hospitals, the length of stay and cost per case metrics exceed CMS value-based care efficiency measures affecting reimbursements and the bottom line.
The daily reality of hospital staff revolves around logistics — the timely and accurate flow of patients coupled with staff, equipment, and facilities needed to accommodate and provide care within the hospital. Yet most hospitals lack the tools to define, visualize, predict and optimize the logistical flow of real-time needs into the near-term future.
Compounding the problem, many patients cite time spent ‘waiting’ as an issue affecting their experience, and ultimately patient satisfaction and the hospital’s HCAHPS scores.
Hospitals are really good at examining what’s happened to a patient in the past. The staff knows where they’ve been, but they haven’t taken the next leap, which other industries have, at projecting out where they think patients will “flow” during their stay and how the next 24 to 48 hours could affect the status and the census. There are parallels with other highly complex industries where accuracy and logistical management are critical to safety and success. One example — air traffic control.
Guest post by Tim Cannon, vice president of product management and marketing, HealthITJobs.com
Tim Cannon
All jobs can be stressful at times, but anyone who works in health IT will tell you that their job is considerably stressful. In fact, 55 percent of health IT professionals surveyed in The 2016 Health IT Stress Report, by my employer HealthITJobs.com, said they are at least frequently or constantly stressed.
Among those surveyed, 38 percent rated their stress intensity as high or extremely high, while 45 percent said their stress occurs on a frequent or chronic basis.
What’s so stressful about health IT and what impact does it have on employees? Here’s a closer look at the findings and what they mean for professionals in the field:
Work management causes stress
What stresses health IT professionals out the most? Constantly changing priorities. Among respondents, 39 percent rated changing priorities as the top stressor. What’s more, 45 percent said they have little or no control over deadlines and timelines for accomplishing project milestones.
Although project management and their lack of control in the process stresses employees out, they don’t blame their manager for the problems. Only 15 percent listed managers as a top source of stress. In fact, respondents actually have great relationships with their managers, describing them as supportive, smart, and trustful.
With such supportive managers, health IT professionals should turn to them when work gets hectic. Instead of struggling with stress on your own, talk it out with your manager. Let them know when changing priorities are a problem, and talk to them about working together to set project timelines. If a deadline seems unreasonable, give your input and suggestion for a more practical timeframe for completion.
Workloads are unreasonable
After changing priorities, the workload itself gives health IT professionals the most stress — 35 percent of respondents rated it as a top stressor. An additional 35 percent of professionals said they have an unrealistic amount of work to do in the time given. And those who said they are frequently stressed were more likely to say their workload was too much to handle.
What’s bogging down workloads? Meetings could be the culprit. According to the survey, 27 percent of professionals spend 11 or more hours in meetings each week, and those who are frequently stressed are more likely to do so.
As part of an ongoing effort to ensure compliance with the HIPAA Privacy, Security, and Breach Notification Rules, the HHS Office for Civil Rights (OCR) has begun the second phase of audits for HIPAA covered entities. The first phase of the audits was conducted in 2011 and 2012 and evaluated the controls and processes implemented by 115 covered entities in order to comply with HIPAA’s requirements. This second phase of audits builds upon the findings of that first audit, and will address compliance efforts by both covered entities and their business associates.
The second phase of the OCR audits is focused primarily on compliance with HIPAA directives related to privacy, security, and breach notifications. Currently, details about the specific documentation that will be required is unavailable, but the OCR has noted that the audit will only deal with compliance with federal guidelines. Compliance with state regulations will not be addressed at all. Still, even though the specifics of the audit are still under wraps, now is a great time to review your own compliance with HIPAA rules and begin gathering documentation.
The HIPAA Audit Process: An Overview
Earlier this summer, the OCR sent notification to all HIPAA-covered entities requiring them to confirm the contact details for their organization and all business associates that handle protected data by the end of July. Once contact details are confirmed, the OCR will send out preliminary surveys to gather more information about specific organizations and their data protection protocols. From those survey responses, several hundred organizations will be chosen for desk audits, which means that they will be required to submit specific, requested documentation as instructed.
While the Phase 2 audits have many health care executives concerned, the OCR has noted that only several hundred entities will be selected for an audit, and of those, a very small percentage (only about 25 to 50 organizations total) are expected to move on to a full, on-site audit. Still, because there is no way of knowing whether your organization will be selected for audit, you need to prepare and be ready to go should that be the case.
The OCR is quick to point out that the Phase 2 auditing process is not intended to be punitive, and that the purpose is rather to identify best practices and potential weaknesses as a means to provide better guidance to covered entities on how to more effectively comply with HIPAA regulations. That being said, regulators do note that should there be serious deficiencies discovered during the process, then there could be sanctions or other corrective actions taken.
As part of an ongoing effort to ensure compliance with the HIPAA Privacy, Security, and Breach Notification Rules, the HHS Office for Civil Rights (OCR) has begun the second phase of audits for HIPAA covered entities. The first phase of the audits was conducted in 2011 and 2012 and evaluated the controls and processes implemented by 115 covered entities in order to comply with HIPAA’s requirements. This second phase of audits builds upon the findings of that first audit, and will address compliance efforts by both covered entities and their business associates.