Guest post by Ben Oster, product manager, AvePoint.
Ben Oster
Balancing the strategic needs of a business with the user-friendliness of its systems is a daily struggle for IT pros in every industry. But for healthcare organizations, safeguarding the data living in these systems can be especially daunting. According to a study by the Ponemon Institute, healthcare is a minefield for various security hazards. Within the last two years, 89 percent of healthcare organizations experienced at least one data breach that resulted in the loss of patient data. As healthcare businesses and the patients they serve adopt a mobile-first approach, providers must strike a balance between innovation and risk to prevent patient data (and internal information) from falling into the wrong hands.
The use of mobile devices and apps certainly enhance patient-provider relationships, but these complex information systems present new concerns surrounding compliance, security, and privacy. As employees and patients increasingly adopt smartphones, tablets, and cloud-based software into their daily lives, healthcare leaders must prioritize users’ needs while mitigating security risks. Mastering this dynamic requires healthcare companies to balance mobility trends like BYOD and cloud computing with regulatory requirements like HIPAA.
To lower the risk of data breaches, healthcare organizations need to defend their systems by identifying, reporting on, and safeguarding sensitive data. Here are a few steps the healthcare industry can take to join the mobile revolution without compromising security:
Start with discovery – Traditionally, healthcare organizations have taken a “security through obscurity” approach to protecting data. In other words, relying on the ambiguity of the data in their systems to ward off malicious attacks and breaches. But as technology emerges that personalizes patients’ end-user experience – such as online patient portals and electronic medical records – the less obscure healthcare organizations’ data becomes. With patients and medical staff accessing this data through a range of devices and workflows, knowing precisely what content exists in a healthcare organization’s infrastructure is essential to security. That’s why discovery is the first step to safeguarding content. Healthcare IT teams should also roll out internal classification schemas to determine which user groups need access to this data. By categorizing content based on these factors, healthcare companies can lay the framework for a truly secure system.
Obviously, the health care providers in your facility do great work every day. You might even argue that miracles are a common occurrence. But when we talk about halos in health care, we aren’t talking about health care in a spiritual sense. When we refer to a halo, we’re talking about the overall impression that patients and their families have of your hospital, and how it can influence your patient satisfaction scores. Because as it turns out, your HCAHPS scores aren’t always based entirely on the actual patient experience.
Understanding the Halo Effect
In 1920, psychologist Edward Thorndike coined the term halo effect to refer to the cognitive bias that influences our impressions of others. According to Thorndike, the overall impression that we have of someone influences the assessment of their character. When someone rates another person highly in one trait, for example, leadership, they are more likely to carry those positive impressions over to other traits, and consider that person more intelligent and dependable as well. We see the halo effect often in our ratings of celebrities: Because celebrities are often attractive and successful, we are more likely to evaluate them with other positive associations as well, such as being kind or intelligent, despite not having any evidence to support that impression.
The halo effect does not only apply to individuals, though. When asked to rate businesses or services — including healthcare — people who have a positive experience in one or more areas are more likely to rate the entire experience as being a good one. What constitutes a positive experience depends on the individual; for example, someone who values tidiness might be upset that their room is not cleaned and straightened up often enough, and thus rate the entire experience more negatively because their experience in one area clouded the entire stay.
The Halo Effect and Satisfaction Surveys
Often, hospital administrators approach patient satisfaction surveys and scores literally. That is, they look at the areas where they are perhaps not up to snuff and focus on improving those specific aspects of the patient experience. While that’s undoubtedly important, by improving the overall experience that patients have with your hospital you can also see an uptick in your overall satisfaction scores. In other words, patients who have a generally extraordinary experience with you are going to rate you higher on the HCAHPS even if every aspect of the experience wasn’t perfect, then a patient who had a less than ideal experience. If the room wasn’t cleaned enough and the food was subpar then those experiences will influence their responses on questions relating to other areas, which may have been excellent.
So how do you “polish your halo,” so to speak? By focusing on the entire patient experience, and identifying the factors that most strongly influence how patients respond to patient satisfaction survey questions, and developing plans to improve in those specific areas. Healthcare administrators are well served to follow the lead of facilities like the Cleveland Clinic, which went so far as to develop an entire department devoted to patient experience and operates under the notion that patients view service as synonymous with quality in healthcare.
Guest post by Stu Sjouwerman, founder and CEO, KnowBe4.
A story about hospital ransomware or a compromised computer seems to emerge weekly. It is no surprise that healthcare breaches have been on a steady increase for the past five years. Loss of personal health information (PHI) poses a financial risk for health care institutions, expected to cost the industry in the neighborhood of 6.2 billion dollars.
By the numbers
Despite the prevalence of cybersecurity incidents, a study by Ponemon Institute in May 2016 showed that the majority of healthcare organizations and business associates were most concerned with negligent or careless employees causing healthcare data breaches.
Sixty-nine percent of healthcare organizations believe they are more vulnerable to a data breach than other industries.
When asked what the greatest threat was to healthcare data security, the majority of healthcare organizations stated employee inaction or error (69 percent). Rounding out the top three concerns were cybercriminals at 45 percent and the use of insecure mobile devices at 36 percent.
Employee error was also the top concern for business associates (53 percent), followed by use of cloud services (46 percent) and cyberattacks (36 percent).
Ransomware is currently one of the most prevalent threats to Healthcare. A June survey done by KnowBe4 of Healthcare IT professionals shows 44 percent of healthcare organizations have been hit with ransomware, 6 percent above the national average of 38 percent. 65 percent of these IT professionals know someone personally who has been hit and another 47 percent would pay the ransom if faced with a scenario of failed backups. With some healthcare ransomware demanding five figures, this can get pretty expensive.
Why hospitals are the perfect targets
I was interviewed by WIRED magazine’s Kim Zetter. She’s written a great article that analyzes why hospitals are perfect targets for ransomware. She started out with: “Ransomware has been an internet scourge for more than a decade, but only recently has it made mainstream media headlines. That’s primarily due to a new trend in ransomware attacks: the targeting of hospitals and other healthcare facilities.”
Now, Who Else Should Be Scared?
Hospitals have shown themselves to be soft targets and are under full attack by several cybercrime gangs using different attack vectors. The SamSam ransom gang attacks server vulnerabilities in JBoss apps using an open source pentesting tool called JexBoss, so these are targeted attacks are based on scans the bad guys did. Cisco technical background:http://blog.talosintel.com/2016/03/samsam-ransomware.html
That is an exception though; the vast majority of ransomware infections are caused by phishing emails. Next are malicious links and ads leading to compromised websites with Exploit Kits causing drive-by-infections.
Guest post by Cheri Bankston, RN, MSN, director of clinical advisory services, Curaspan.
Cheri Bankston
When determining a discharge plan, hospitals must provide a list of home health agencies (HHAs) or skilled nursing facilities (SNFs) that are available to care for the patient; this comes as part of the Conditions of Participation (CoPs) for Discharge Planning. In the case of a HHA, the provider must be able to serve the patient in the area where the patient resides, or in the case of a SNF, the area requested by the patient.
Acute care providers have been struggling on how to set up a high-quality provider network to support patient choice as we move from volume to value. Provider networks aim to gather more information to assist beneficiaries with selecting a high-quality post-acute provider. CMS has not outlined any specific criterion that deems a provider “high quality,” but the end goal is to provide the patient more information on quality performance and resource use at the time they are making a decision Through the Center for Medicaid and Medicare Services’ (CMS) Star Rating program, discharge planners or case managers working for hospitals are able to highlight those provider networks that will best fit the needs of the patient. The networks are able to counsel patients about their available choices, while more importantly upholding the patient’s right to choose.
Under the Affordable Care Act’s value-based purchasing initiative, hospitals are at financial risk for the outcomes of care its patients receive from post-acute care providers, leading hospitals to work towards establishing high-quality provider networks. For many, upholding the standard of Medicare policy – patient freedom of choice – is challenged by potential financial incentives and penalties for the bottom line – the quality of care provided to the patient after discharge impacts the reimbursement levels for hospitals and ACOs. Although provider networks may appear to narrow patient choice, they actually create a set of higher quality post-acute providers that improve patient outcomes without impeding access to care.
Payers have been using “provider networks” for years, but being applied to hospitals is a brand new concept. An ACO’s success depends on using a provider network that has a demonstrated history of high quality of care outcomes. For example, SNFs that have a high rate of patients going to emergency rooms and not being admitted must be evaluated to determine the variance from other providers with the same level of care and fewer emergency room visits. Quality outcomes and patient satisfaction are going to drive the definition of provider networks.
A question that many businesses dither about is whether outsourcing their billing will be profitable to them or not. Third-party services can help make billing smoother as compared to the in-house process that involves using billing software. While some practices think outsourcing to be the right decision because that allows them to make use of the experts, their resources, and the timely manner in which the job is finished. However, others think doing it all in-house will help them maintain control over their practice. Caught in the same conundrum? Don’t worry! We can help! Here are a few reasons why outsourcing is a good idea:
In-house billing is costly
If you have been thinking that outsourcing is expensive then just try adding the expenses of in-house billing and you are in for a surprise. The expenses will include:
What you will be paying the billers
How much employee benefits will cost you
How much the technology systems will cost you
Outsourced billing is less expensive
Outsourcing seems like a good idea for startups, especially small ones, and transitioning businesses dealing with an employee who has resigned.
In-house billing comes with liabilities
A billing department is chock full of liabilities. Here are two of the sources from which said liabilities may originate:
Embezzlement
Employee neglect
Thus, they require constant and strict supervision from the manager all the time.
HFMA ANI 2016 was a very interesting conference for me, which yielded some unexpected insights. Throughout the conference and in conversations on the show floor, I heard a very strong emphasis on focusing on the consumer in healthcare. Provider organizations and the vendors that support them seem to have reached a kind of tipping point on consumerism. The once conventional wisdom that outcomes trump experiences, seems to be giving way to the realities of increasingly competitive healthcare markets. For me, this conversation was a prime example of a strange idiosyncrasy of the healthcare industry where we often shy away from talking about healthcare as a business and feel compelled to put every issue in the context of improving patient care.
I heard individuals at this year’s ANI reiterating the point that there is no data to support the idea that a better patient experience correlates with better outcomes. Healthcare leaders seem to be recognizing, though, that this fact is largely irrelevant, and does not justify negligence of the healthcare consumer experience. I heard an apt comparison to auto makers – who commands a financial commitment from their customers that can be similar to the cost of healthcare. Ford, Honda and BMW do not stop at making a safe and reliable vehicle, they work very hard to outdo their competitors in creating a complete shopping, purchasing, paying and owning experience that their customers will love. Quality care – like a safe, well running car – is clearly the most important thing, but it also just the start – the foundation for the much larger strategic play: creating a total consumer experience that attracts and retains great lifelong customers and their friends and families.
Clearly, in a world where healthcare organizations must compete for customers/patients /members, we have to take experience very seriously. Especially as organizations take on risk in managing the health of larger populations, a reputation for offering a great experience is going to be essential to attracting the right mix of patients and to engaging them in more effectively managing their own health and care. Fortunately for forward-thinking HCOs, emphasizing patient experience will set them apart from the rest of the pack in today’s market, as healthcare’s status quo for customer service is similar to that of a cable company, and a far cry from paragons like the Apples or Amazons of the world. So there is tremendous opportunity to seize and hold a competitive advantage by making healthcare brands attractive and part of a consumer identity that target customers want to be part of. The financial upside for a health system that can make being part of their community a source of pride and satisfaction for customers the way Harley Davidson has will be tremendous.
Interestingly, I found that this kind of frank business talk about and concepts like market share, customer retention and profitability, is not a comfortable thing, even at a healthcare finance conference. Healthcare leaders — be they physicians, CFOs or CEOs – do not feel safe outside of the boardroom in discussing their efforts to improve the bottom line, as necessary and natural as that is. It is an odd and anachronistic instinct we have in healthcare that is very out of sync with other industries, where we feel that we can only talk about the business of care in the context of providing better outcomes, improving access to care and reducing suffering. Even something like improving patient experience and creating happier patient populations, which should be universally commendable, requires gymnastic contortions of language to always be in the context of improving care rather than enhancing business performance.
One of the strongest impressions I came away from ANI with was that we need to give our industry permission to talk about the business of healthcare as a business, without shame or the need for double-talk. We must develop an acceptable language in which payers and providers can have business centric conversations to address these issues head on, rather than circumnavigating hard commercial conversations. The outdated idea that patient experience does not matter because it does not affect outcomes is a great example of how talking about the business of healthcare only in the context of providing great care can take even smart, sensible professionals down very counter-productive roads.
Guest post by Dean Wiech, managing director, Tools4ever.
Dean Wiech
Identity and access management (IAM) in healthcare continues to be a growing part of the industry. The management of identities, user accounts and access to both data and applications is a large task for hospitals and healthcare organizations. In the healthcare industry especially, the need to follow strict access and security rules and regulations exists, which makes IAM even more challenging. This need has led to newer solutions to meet the needs of healthcare organizations.
Here are the top four account management issues in healthcare that can be significantly improved:
Onboarding of Employees
The first issue that many healthcare organizations face is efficiently onboarding new clinicians and employees. For example, when a new doctor or nurse begins employment, they need their account created, and the correct access to the systems and applications they require in order to assist patients. The issue is, too often, new employees are waiting idle while all of their access and accounts are created.
By streamlining and automating the account management processes, this issue can be improved. Automating the process allows administrators to easily enter new employee’s information into a source system, such as the HRM system and check off which systems the employee needs access to and accounts in; and the new accounts are automatically created.
Changes to Accounts
Next, there is the issue of movement or changes to an employee account throughout their employment. Often, clinicians need to contact their manager to ask for permission for a change to or additional access, who then in turn needs to contact IT or HR to have the change carried out.
IAM software with workflow management capabilities has evolved to assist with this situation. A web portal with workflow can be set up so that employees can easily request changes to their account and then have it securely carried out.
As an example, a nurse moves to a different unit, or floor, and needs access to a different set of data or applications. A nurse can easily request the access through a portal and the request is automatically sent to the correct people for approval. Once the approval is given, the change automatically is made. If the request needs multiple levels of approval, it will move to the next person in line. In addition, all of these changes are logged so that the healthcare organization knows exactly what changes are made, when they were made and who approved them.
The healthcare industry deals with tight IT budgets and highly confidential records that require premium security, which is why desktop as a service (DaaS) is an appropriate solution. This technology allows you to focus more on your healthcare business than IT, which in the long run, cuts costs. Here are various other reasons why desktop as a service may be the right solution for your healthcare operation.
Virtual Desktops and the Cloud
When you use desktop as a service you are operating on a “virtual desktop” powered by a cloud provider. It connects everyone in your organization through one platform. Employees can then bring their own laptops or other devices to access data or communicate with other team members. This system potentially means you no longer need IT to maintain every physical desktop and server in an in-house infrastructure.
Instead of updating security on every company computer, the cloud provider handles security updates, which tend to prevent breaches better than a locally managed system, especially those that are HIPAA-compliant.
Healthcare Collaboration
Because of the growing complex nature of the healthcare industry, professionals from various specialties within the field are working together, creating a more collaborative culture. That’s another good reason to use virtual desktops, which allow for easy collaboration between even distant facilities in real time.
This team effort requires strong, decisive leadership so that staffing, ethics and communication are high quality. If this essential foundation is in place combined with desktop as a service, the result is enormous synergism for dealing with committee issues such as interdisciplinary programs, charters and training programs. Another reason for collaboration is that it helps expedite services, which can help save lives.
Strength of DaaS Security
Since all healthcare facilities must comply with strict HIPAA regulations, which require robust security to protect patient privacy, cloud solutions are becoming increasingly more appropriate than trying to run all systems on in-house architecture. As long as you make sure your cloud provider is HIPAA-compliant, you won’t have to worry much about constant security updates or data backups since the cloud provider will do that for you.
In recent years, healthcare data breaches have affected more than 30 million patients. But that was often a result of thieves stealing laptops were confidential information was stored. It raises the question: would you rather store data on multiple devices that can potentially be stolen, or in a safe cloud-based haven where only users with passwords gain access?
Obviously, the health care providers in your facility do great work every day. You might even argue that miracles are a common occurrence. But when we talk about halos in health care, we aren’t talking about health care in a spiritual sense. When we refer to a halo, we’re talking about the overall impression that patients and their families have of your hospital, and how it can influence your patient satisfaction scores. Because as it turns out, your HCAHPS scores aren’t always based entirely on the actual patient experience.
