Category: Editorial

State of Application Security: Mobile Healthcare

Exactly how secure are the mobile health apps we use? Arxan Technologies set out to find that answer with its 5th Annual State of Application Security report. The new research assessed 71 popular mobile health apps from the US, UK, Germany, and Japan. It also examined the perception of app users and app executives in regards to the level of confidence they have in the security of their applications. Arxan discovered a huge discrepancy between consumer confidence in the level of security and the degree to which organizations address known application vulnerabilities.

Below are some of the report’s key findings:

Mobile health apps approved by regulatory/governing bodies are just as vulnerable as other mobile apps. Eighty-four percent of the US FDA-approved apps tested did not adequately address at least two of the OWASP Mobile Top 10 Risks. Similarly, 80 percent of the apps tested that were formerly approved by the UK NHS did not adequately address at least two of the OWASP Mobile Top 10 Risks.

Most of the mobile health apps were susceptible to application code tampering and reverse-engineering. Ninety-five percent of the FDA-approved apps, and 100 percent of the apps formerly approved by the NHS, lacked binary protection, which could result in privacy violations, theft of personal health information, and tampering.

Arxan_SOAS_Healthcare_FINAL

 

Patient-Centered Care Needs Engaged Communication through Shared Data

Guest post by Jennifer Holmes, chief executive officer, Central Logic.

Jennifer Holmes
Jennifer Holmes

Healthcare systems gather a lot of patient data as care providers, but a surprising lack of coordination too often puts patients at risk.

Tragically, that is exactly what happened to my father nine years ago.  A week before his 70th birthday, he passed away due to the lack of care coordination.  His risk factors were high and his care provider had all his health records and history documented in his chart. Over the course of 15 years, my father had been admitted and treated six times at the same hospital. He was an open heart surgery patient, had multiple coronary artery stents placed 10 years post surgery, and he was diagnosed with cancer eight years before his death.

His primary care physician admitted him to the Emergency Room after finding a lump on his leg. Later that evening, we learned he had Stage 4 non-Hodgkin’s Lymphoma. The coordination care breakdown started with his oncologist who, although armed with most of my father’s health information, he missed one critical piece to the puzzle. Our family later learned the physician never reached out to my father’s interventional cardiologist to better understand his percent of heart function. If he had, they would have learned his left ventricular function was only 45-percent. Due to this lack of care coordination, the wrong drug cocktail was prescribed to treat his cancer, ultimately resulting in heart failure.  He was gone in six weeks.

Finding the Good in the Bad

The good news is that EHR technology adoption and compliance certifications around Meaningful Use is driving improvement for quality, safety, efficiency, and reduced health disparities. I believe these efforts to enhance care coordination will result in improved population and public health so that fewer and fewer families will experience what mine did.

According to the Health and Human Service’s Agency for Healthcare Research and Quality (AHRQ), the Institute of Medicine identifies patient centeredness as “a core component of quality health care.”  The agency tracks and analyzes the number of incidences of avoidable hospital-acquired conditions along with adverse events.  While progress has been made over the years, more work is necessary to improve care coordination.

To be fair, enormous demands have been placed on healthcare systems for profitability, efficiency, compliance, safety and overall excellence. However, excellent quality healthcare is inextricably connected to a patient care centered strategy. Our current systems must get back to that root focus through improved communication and sharing data transparently across all facets of the patient’s health spectrum. The key is finding user-friendly solutions to collect and analyze the right data, and warehouse and share all this data in a compliant way.

How to Engage – Transparently

Sharing all of that data sounds like a tall order and the technicalities of exactly how it gets accomplished seem daunting. We must follow patients from their first office visit to hospitalization, to discharge, to outpatient care, to patient-centered medical home (PCMH) care, and even at-home care. Lives can depend on it. The rub for patients and providers comes when collecting information becomes cumbersome, time-consuming and inefficient.

Recent tech and software solution advances portend smoother sailing ahead. Powerful tools are now available to collect, connect, communicate and share data from inside and outside a hospital’s four walls, directing real-time, actionable health decisions to improve patient-centered care. Providers realize efficiencies of scale when they use systems and software solutions that aggregate a patient’s total record. Optimal tools collect data from the patient’s complete health history and the best solutions can synthesize that data across all platforms and providers. This connected data roadmap then acts as a support and monitoring tool, as well as a yardstick to measure business intelligence goals.

What to Engage – Complete Data for Excellence

Patient-centeredness must then be a partnership among systems, practitioners, patients, and their families (when appropriate) to ensure that decisions respect the wants, needs, and preferences of patients.  Such partnerships ensure patients have the education and support they need to make decisions and participate in their own care.

Continue Reading

HIMSS16: Let’s Talk About what Happened in Vegas

Guest post by Jeff Kaplan, chief strategy officer, ZirMed.

Jeff Kaplan
Jeff Kaplan

The 40,000 healthcare and healthcare IT professionals who gathered at the Sands Expo in Vegas brought a different vibe for HIMSS 2016. The halls buzzed with activity and an overall optimism that belied any of the potential causes for uncertainty—politics, a down stock market, increases in uncompensated care, the movement toward fee-for-value, or the staggering shift in patient responsibility.

For those who attended HIMSS 2015 in Chicago, the difference was visible in vendor messaging and audible in conversations during the conference. Among all attendees the optimism seemed well founded, grounded in reality. We all see significant opportunity to drive improvement in healthcare for our generation and generations to come. That’s why we came to HIMSS – we’ve placed our bets.

In that spirit, let’s talk about where healthcare is doubling down, where it’s hit a perfect blackjack, and which trends pushed as providers look for the next deal.

Double Down – Data Interoperability

Out of the gate at HIMSS 2016, there was increased focus and emphasis on the importance of data interoperability and integration. From booth signage to the increase in dedicated vendors to industry veterans evangelizing on the topic, you couldn’t miss the tells from all players—everyone wants to show they have a strong hand when it comes to interoperability. Epic’s Judy Faulkner made a play that Epic wasn’t just the leader of the interoperability movement – they were in fact the originator (see her interview with Healthcare IT News here).

Of course, wander off into other parts of the exhibition hall and it wasn’t long before you heard the all-too-familiar complaints about closed-system platforms – that they limit innovation by outside companies and technologists who can build applications to add additional value. In the era of Salesforce.com and other open platform successes, many HIMSS attendees spoke of their hope that companies like Cerner and Epic will follow suit.

Blackjack – Data Analytics

Over the last year vendors heard providers loud and clear – healthcare providers need hard ROI on any new initiatives, especially as many have EHR/HCIS sunk costs in the tens of millions of dollars. They need a sure thing—and the changes evident at HIMSS 2016 reflected that shift. Buzzwords like “Big Data” thankfully went to the wayside and were replaced with meaningful discussion around data analytics and data warehousing. Providers know they’ve amassed a wealth of clinical and financial data—now they’re looking for ways to increase the quality of patient care while driving down costs.

Continue Reading

5 Themes I Tracked at HIMSS 2016 in Las Vegas

Guest post by Tom S. Lee, Ph.D., CEO and founder, SA Ignite.

Tom S. Lee
Tom Lee

Those making the long trek to and through the annual, arduous health IT connection-fest known as HIMSS are undeniable siblings-in-arms. Each has their own list of “must learns” by which they measure the return on the foot blisters and hurried lunches.

This year, I brought my particular list of themes to track. Although the odds are great that I missed relevant crevices of the show, I believe I gathered a decent quorum of items to share here.  You be the judge.

Theme 1: More Regulatory Guidance from CMS and HHS

The HHS, ONC and CMS brain trust spoke to packed rooms in an illuminating 24-hour span, which crossed multiple themes on my list. On the regulatory front, HHS Secretary Burwell, National Coordinator for HIT DeSalvo, and CMS Acting Administrator Slavitt, all made direct or indirect mention of the MACRA legislation and its constituent parts, the Merit-based Incentive Payment System (MIPS) and alternative payment models (APMs; e.g. Medicare accountable care organizations). MIPS and APMs together redefine how $250 billion per year in Medicare Part B payments will be paid to physicians in value-based, rather than fee-for-service-based, manners. The hub-bub around MIPS, in particular, stems from the fact that it can reward high-performing providers with incentives up to and even beyond 27 percent of Part B payments and penalize low-performing providers up to 9 percent, while also reporting their MIPS performance scores to consumers.

Although CMS was unable to confirm or deny many aspects of the CY2017 MIPS rule currently being drafted, I heard strong clues from CMS and its contractors confirming a Jan. 1, 2017, start of the first MIPS performance year. In addition, CMS officials publicly stated across multiple sessions that the draft CY2017 MIPS rule would be released “within a few months,” “in the spring,” and perhaps as soon as April.

Theme 2: The Rising Importance of the Back-Office Impacts of Value-Based Programs

Over the last nine months, it wasn’t clear how Medicare’s Chronic Care Management (CCM) program was playing out in the field.  CCM rewards primary care providers with a monthly per patient fee for delivering a set of high-quality, chronic care services to patients both within and outside the clinic.  The dollars netted by a practice can be substantial, even eclipsing the incentives earned from complying with meaningful use over the last several years. However, the front-office and back-office tasks needed to support a successful CCM program can be substantial. Whereas after walking 80 percent of the main exhibit hall floor I saw no CCM vendors, I saw in the first-time-exhibitor hall several companies out of ~40 exhibiting focused exclusively on offering outsourced CCM program delivery services. Maybe the CCM model and market are starting to take root.

Continue Reading

Bundled Payment Are Here to Stay

Guest post by Neil Smiley, CEO and founder, Loopback Analytics.

Neil Smiley
Neil Smiley

When I remodeled my house a few years ago, I hired a contractor, and negotiated a bundled payment for the entire job.  The fees I paid to the contractor covered project management costs as well as the costs of independent subcontractors assembled do the work, such as carpentry, dry-wall, electrical and painting.  The contractor stood to make a nice profit if they efficiently managed the work of their subcontractors. On the other hand, he could lose his shirt if there were unmanaged rework and cost overruns.

Bundled payments are still relatively rare in healthcare. If a patient has knee replacement surgery, each provider – the surgeon, anesthesiologist, hospital, rehab facility and home health agency are paid separately. The patient is often left to serve as their own general contractor, without any one provider responsible for the cost and quality of episode. As a result, there can be significant variations in episode cost and clinical outcomes for the same procedure.

CMS has been experimenting with voluntary bundled payment demonstration projects for about five years. In 2011, CMS launched the Acute Care Episode (ACE) program with a handful of healthcare systems. In 2013, CMS began the Bundled Payment Care Initiative (BPCI) with over a hundred participating hospitals. The bundled payment programs included different conditions, procedures and episode durations. However, they all worked in a similar way: CMS combined a bundle of health care services that had been previously paid as separate components. A bundled payment price was set, representing the average historical episode cost, less a withheld amount (typically around 3 percent). A general contractor (AKA “convener”) was assigned responsibility for the total cost and quality of the episode of care. After five years of voluntary experimentation, the concept of bundled payments is about to go big.

In April 2016, CMS will require 800 hospitals that are located in one of 67 geographic regions to be conveners for Comprehensive Care for Joint Replacement (CJR) surgeries – mostly elective hip and knee replacements.  The bundle payment will include the costs of the hospital stay along with all related costs within 90 days of the hospital discharge. Each of the providers involved in the surgery and post-discharge care will continue to bill Medicare as before, but the hospital will now be financially responsible for all of the costs. If the bundled costs are below the target price, the hospital will receive a bonus that they may share (or not) with the other providers participating in the care episode. However, if costs are above the target, the hospital is responsible for paying the difference to CMS.

Continue Reading

Three Opportunities to Improve Your Patients’ Healthcare Payments Experience

Guest post by Jeff Lin, senior vice president of product management, InstaMed.

Jeff Lin
Jeff Lin

The amount a patient must now pay before a health plan covers any portion of the balance has increased 67 percent in five years, according to the Kaiser Family Foundation. This surge in patient responsibility is driven primarily by enrollment in high-deductible health plans which require patients to pay towards a certain minimum balance before the plan benefits begin. According to HealthPocket, deductibles are expected to increase 8 percent to $6,480 for a family plan, further increasing patient balances.

Despite this growing trend, many patients leave their visit without any expectation that they will receive a bill or a discussion about how to make a payment. Therefore, it should come as no surprise that providers can expect to collect only 50 percent to 70 percent of a patient balance after a visit (McKinsey and Company). As patients’ out-of-pocket expenses continue to grow, healthcare providers of all sizes will need to focus on improving the payment experience to ensure patient collections and the future of their organization.

Make Healthcare Payments Simple
Providers can look to best practices from other industries to guarantee their revenue while making it simple for patients to pay their responsibility. Just like reserving a hotel room, providers can require that all patients present a payment method before the time of service to ensure the responsibility is automatically paid with low staff intervention. Patients are familiar with this process from their experiences in other industries and often prefer automated, simple payments. Providers can leverage innovative payment technology to securely automate payment collection with saved payment methods.

Add Healthcare Payments to Household Bills
Nearly 70 percent of patients surveyed said they pay their non-healthcare bills such as cable or utility bills online or through a bank bill portal, according to the 2014 Trends in Healthcare Payments Annual Report. This demonstrates that patients prefer to make payments through convenient payment channels. However, these payment channels are simply not always available in the healthcare industry. To enhance the payment experience, providers can easily allow patients to pay online or through a website where they are already accustomed to visiting and paying bills. For instance, many health plans offer member portals,which enable patients to manage claims and view benefit amounts. By enabling patients to make online payments to all of their providers through these member portals, providers will receive a payment as soon as the claim is adjudicated – all without ever sending a statement or making a phone call.

Ease the Burden of Deductibles
High deductibles can result in large balances for a single patient visit which can make it difficult for a patient to pay their total balance at one time. Automated, customized payment plans can help patients pay down these large balances over time without relying on paper statements, staff follow-up calls and manual payment posting.

As a best practice, these plans should enable providers to automatically collect payments in a secure and compliant way with automated notifications and receipts to the patients.

Continue Reading

Welcome to the Telepresence Patient Revolution

Guest post by Jeff Goldsmith, vice president of marketing, Revolve Robotics.

Jeff Goldsmith
Jeff Goldsmith

We will never return to the days of house calls and family doctors who knew you from birth. However, thanks to advances in mobile and digital technology we are well on our way to a new golden age in medicine, one that will offer near instant access to electronically delivered healthcare from humans, anywhere, any time. The groundwork has already been set – there have been more than one billion tablets produced by the tech industry (one for every seven humans), so we certainly have enough screens to get a caregiver’s face in front of every patient.

So, what’s the next step? An understanding and commitment to using this technology to give everyone access to care, whether they are an aging boomer, someone living in a rural area without enough specialists, or a very sick kid who can’t travel because of their treatment regime.

This isn’t science fiction – robotic technology and tablets are already being combined in schools, in homes and in hospitals to better patient experiences. For example, a public elementary school in Round Rock, Texas recently accommodated a student receiving chemo in Philadelphia by using a telepresence robot to put her back “in” the classroom. The technology allowed her to look around the room, interact with fellow students and ask questions as if she were there in person – all for under $1,000.

The ROI of this type of set-up for schools is impossible to calculate nationwide, but the benefits are massive. Not only does the child benefit, so do their classmates who learn about inclusion, the school which evolves its technology, and the community because it gains one more educated human being. More than 40,000 children undergo treatment for cancer each year in the US – imagine giving each of them this opportunity.

Continue Reading

Simplify and Secure Electronic Health Records with Document Imaging

Guest post by Chris Strammiello, vice president global alliances and strategic marketing, Nuance Communications.

Chris Strammiello
Chris Strammiello

Every healthcare IT professional is already thinking about mobility and security in general, but not all consider their relation to document management. A single piece of paper could contain immeasurable amounts of sensitive data and even protected health information (PHI) that, if somehow found in the wrong hands, could present major HIPAA violations. So, how will document imaging impact healthcare technology?

The Mobile Game-Changer

As healthcare organizations transition their processes from paper to electronic workflows, mobile device use will increase. From patient registration to discharge and beyond, mobile technology simplifies patient communication via e-prescriptions, online scheduling and automated appointment reminders.

Productivity-enhancing capabilities like barcode scanners, e-forms and e-signatures also benefit practitioners by improving on-the-ground access to clinical documents and reducing manual document handling. Plus, mobile devices can curb printing costs through the implementation of pull printing, which holds a print job on a server until the user authenticates its release at the output. Ultimately, for the patient, all of these advantages translate into more time for quality interactions with their doctor; for the hospital, significantly streamlined processes and lower costs.

We also expect to see an increased use for mobile devices in medical instrumentation. Take, for example, the advancements brought to speech therapy with the utilization of a tablet’s microphone during a session. Previously, patient testing would have been done with a much larger and more complex device that would produce less data about the quality, pitch and frequency of the voice. Not only are mobile devices simplifying day-to-day workflow within the healthcare industry, but they will also revolutionize the actual healthcare practice.

Smarter, Simpler and Even Spoken Security

Alas, as with all technological advancements, security remains an essential question mark. Unfortunately, the smartphones, tablets, laptops and even multifunction printers (MFPs) that increase access to patient information are also some of the biggest security vulnerabilities in EHR implementations. In fact, theft or loss of portable and unencrypted devices is the leading source of reported HIPAA data breaches and fines. Even further, as the U.S. Department of Health and Human Services now defines office copiers and printers to be actual workstations, IT professionals must secure them in the same way they do computers.

With all this in mind, both physical and technical safeguards must and will be improved in the near future, starting with the embrace of solutions that provide two-factor authentication. Commonly used in financial services, two-factor authentication combines a password with something you know, like the answer to “What is your mother’s maiden name?,” or something you have, like a fingerprint. We can expect such biometrics, including voice commands, being more commonly used as a second authentication factor in the near future. Long gone are the days of scanning your ID card to credential a print release – users will simply speak to the printer to verify who they are.

Continue Reading