This article is part of the “Think Further” series sponsored by Fred Alger Management. For more “Think Further” content, please visit www.thinkfurtheralger.com.
There is almost nothing I’m certain of except that life is an uncertain thing and that it seems to change a lot. Even in the most predictable of settings, even the minutest changes in detail can have a lasting and overwhelming effect on nearly everything in its atmosphere. In healthcare, a space seemingly immune to the status quo, things seem to get a whole lot more complicated. The same can be said of life and death, health and well-being. On their own, they are not so difficult to understand and often, in most cases, predictable and redundant; until the final days, of course, then things begin to get a little more complicated. When we’re fine, we’re fine. Life is good and most of our concerns seem trivial.
Then health gets involved and the minutest change in detail can send our lives in a spiral so much so that we barely recognize our place in it let alone who we are and where we belong. When such an occurrence arises, we begin to rely on beeps and buttons, software and technology in ways never before imagined for the intersection of our lives.
Clearly, the health IT landscape will be completely different five years from now. From where we stand today to where we’re headed, we’ll likely look back on this moment and wonder how we survived such archaic times. Just a couple years removed from the age of the electronic health records, technology that already seems dated and antiquated, is no longer monolithic and domineering to the space as it likely seemed in 2010.
Our future selves might stand on the threshold of 2020 and say that we were being single minded. The technology — EHRs were supposed to save healthcare and are now nothing but foundational. The technology was supposed to simply aggregate information collection, provide for the ability to quickly share information system wide and around the world; and give us the capability accessing all of a patient’s information at the tips of the proverbial finger.
When the promise of those solutions faded (yes, their stars have faded) and as our attention forced us into new technologies (primarily because of consumers’ desire) we are now seeing developments in technology creating touch points that impact patients “where they live” and has become the new force behind healthcare technology.
Consumers will drive healthcare’s future. Probably not a secret at this point, but a point that is hard for the old guard. They’ve had enough of being left out of the ownership process regarding their own health. They’re tired of being locked out of their own records, and kept access to their own information. Such data would not exist without those helping produce it. New consumer technologies have and will further level the field. Consumer tech will continue to spur innovation, at light speeds. Data will flow between healthcare parties and its consumers; HIPAA protections will be waived and open access for the social good will become the norm. Standard and traditional approaches when dealing with patients, in a generation or so, will be completely different and far less segmented, as they are now.
Guest post by Renata Magurdumov, director of marketing, ColoGuard.
Renata Magurdumov
If you think about it, your doctor probably knows more about you than many of your friends. Healthcare providers store a ton of sensitive data about their patients; everything from their name to their address and place of employment to their Social Security number. In other words, everything a cyber-criminal would need to steal someone’s identity.
Given how valuable that information could be in the wrong hands, you’d think that healthcare providers would use the most high-tech, modernized infrastructure and the most up-to-date security practices to keep it safe. Unfortunately, you’d be mostly mistaken.
Recently, Premera Blue Cross was the victim of a ‘sophisticated cyberattack’ that compromised the healthcare records of 11 million patients. Before that, the victim was Anthem. Before that, Aventura Hospital and Medical Center.
As a matter of fact, according to a recent Kroll study, healthcare accounted for nearly half of the client breaches that took place in 2014, followed closely by business services and higher education. This was the second year in a row that these three industries accounted for nearly two-thirds of all “client events.” What’s more, only 30 percent of the breaches in healthcare were the direct result of hacking.
That means that the other 70 percent were the result of human error – of negligence, poor security practices or ignorance. For an organization whose collection of data can quite literally ruin lives by falling into the wrong hands, this is unacceptable. And it’s going to get worse before it gets better.
“I believe that healthcare IT systems are fragile and highly vulnerable today,”writes CIO Paddy Padmanabhan. “This, combined with the sophistication of hackers and the rising attractiveness of healthcare data in the black market, makes healthcare a huge target for disruption in 2015.”
The Rocky Relationship Between Healthcare and IT
Part of the problem is that many decision makers in healthcare have a serious attitude problem where technology is concerned. They simply don’t realize how important it is. Healthcare IT is often marginalized and undersold, with CIOs struggling simply to keep their departments afloat – if it’s not simply contracted out to third parties.
“While healthcare costs in the US as a percentage of GDP are the highest in the world, healthcare IT spend as a percentage of revenues is among the lowest across various industry sectors,” continues Padmanabhan. “Healthcare CIOs are constantly challenged to do more with less, and face budget cuts year after year.”
The end result of this is that many hospitals view technology as a hindrance. It’s obtuse, frustrating and poorly implemented – because their IT departments lack the resources to make it anything but. Writing for the New York Times, leading healthcare analyst Robert M. Wachter recounts how a job ad last year listed the fact that it didn’t have digital databases as a plus.
“In today’s digital era,” writes Wachter, “a modern hospital deemed the absence of an electronic medical record system to be a premier selling point. That hospital is not alone.”
“A 2013 RAND survey of physicians found mixed reactions to electronic health record systems, including widespread dissatisfaction,” he continues. “Many respondents cited poor usability, time-consuming data entry, needless alerts and poor workflows.”
Worse still, even those hospitals that have successfully implemented modern IT are fighting an uphill battle to figure out how it all works. They grew so accustomed to the way things were, says Wachter, that they found themselves utterly unprepared for a shift which was, for all intents and purposes, years in the making. They were complacent – and now they’re paying for it.
“Whopping errors and maddening changes in workflow have even led some physicians to argue that we should exhume our three-ring binders and return to a world of pen and paper,” he says. “That argument is utterly unpersuasive. Healthcare, our most information-intensive industry, is plagued by demonstrably spotty quality, millions of errors and backbreaking costs. We will never make fundamental improvements in our system without the thoughtful use of technology.”
In 2013, while searching for a telemedicine solution, Brandon Welch thought that his only options were expensive and complicated telemedicine systems or video conferencing solutions that were not HIPAA compliant. He wondered where he would find simple and free telemedicine solutions. He said he felt, “The world needed a simple and secure telemedicine solution that was freely available to all healthcare providers.”
So he created Doxy.me.
Elevator pitch
Telemedicine will revolutionize the delivery of healthcare by making it more convenient and accessible for patients to access qualified healthcare professionals, and reducing unnecessary expenses. Unfortunately, current telemedicine technologies are expensive and complicated to use, limiting its widespread impact on healthcare.
For telemedicine to change the world, we believe that telemedicine technologies must be simple and free to use. That’s why we developed Doxy.me — the simple, free, and secure telemedicine solution.
Product/Service Description
Doxy.me is a simple, secure, HIPAA-compliant and free telemedicine available to an clinician in the world. They can use the platform to provide care to their patients, or use it for clinical research or clinical trials.
Origin Story/Founder’s Story
Brandon Welch
Doxy.me was founded at the University of Utah by then Biomedical Informatics PhD student Brandon Welch while working on a research project within Department of Obstetrics and Gynecology. The goal of the study was to develop and evaluate a novel prenatal care delivery model that replaced several in-person prenatal care visits with telemedicine visits with pregnant moms from home or work. Initially, he wanted to use Skype or FaceTime for the technology, but the institution wouldn’t allow it because these popular and free conferencing solutions were not deemed to be HIPAA-compliant. So he set out to find a good, simple and free telemedicine solution. However, he was surprised upon reviewing HIPAA-compliant telemedicine technologies that the only options available were complicated and expensive; none were deemed practical to be used by patients at home. Being familiar with the technology, he set out to build a simple and free telemedicine solution. He first submitted the idea to a medical invention competition at the university and won the “Consumer’s Choice” award, and he used the winnings from the competition to build the first prototype of Doxy.me (which was used in the prenatal care study). Over the next year, he continued to improve the Doxy.me features based on clinician and patient feedback, but with a guiding principle of simplicity and ease of use.
Marketing/Promotion Strategy
Since it was officially released to the public, it has grown exceptionally over the past year with little marketing efforts. Networking with organizations and word of mouth has been the largest marketing tool.
Market Opportunity
Competitors include snap.md, telehealth.org and vsee.com. Market opportunity really focused on the fact there were no telemedicine solutions that were HIPAA-compliant, free and easy to use. This gave us a leg up on our competitors, as most other solutions require downloads, plug-ins, or are expensive.
Every time a person seeks medical treatment, healthcare professionals are required to use a specific code for billing and tracking purposes. The International Classification of Diseases, Revision 10 (ICD-10), was launched Oct. 1, 2015 — after 20 years of delays.
The new ICD-10 codes multiply the medical coding options available by a factor of five, jumping from roughly 13,000 diagnostics codes under the ICD-9 to more than 69,000 with ICD-10.
ICD-10 attempts to label every possible diagnostic scenario imaginable. Whether you’ve had an initial encounter with an orca whale (W56.21XA, W56.22XA or W56.29XA) or an unlikely repeat orca encounter (W56.21XD, W56.22XD or W56.29XD), been injured by a brass musical instrument (Y93.J4), or walked into a wall (W22.01XA, W22.01XD or W22.01XS), believe it or not ICD-10 has a classification for it.
Don’t believe us? Take a peak for yourself. Check out the ICD-10 Code Lookup Database or you can just look at the entertaining graphic below provided by Quill.com. The graphic illustrates 14 funny examples of ways people injure themselves and how ICD-10 classifies them.
A personal favorite? It has to be V91.07XA: Burn because of to water skis on fire, initial encounter. It’s easy to wonder how this happens once, let alone more than once, V91.07XD: Burn because of water skis on fire, subsequent encounter.
Take a look at the following graphic depicting some of the most bizarre ICD-10 codes, thanks to and provided by Quill.com. What will these codes, when aggregated over the next few years, say about us as a people? That we’re likely into, and injured by, some pretty weird stuff! Perhaps I’ll write a book.
Electronic protected health information (ePHI) is patient information that is protected under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA compliance is a complex and confusing topic, and it only gets more daunting when it comes to communication between providers and patients. If you are sending protected health information over email as a healthcare organization or a healthcare organization’s business associate, HIPAA compliance applies to you. With fines for breaches that can land upwards of a million dollars, it’s a subject that is not to be taken lightly by any organization. Let’s take a moment to settle the score on the myths and facts revolving around ePHI and HIPAA-compliant emails.
Myth: All email is HIPAA-compliant
This is a dangerously false assumption. It may come as a surprise that most free email services are not HIPAA-compliant. This includes big players such as Yahoo!, Gmail, and Hotmail. No, ePHI should never be sent through these systems. If you must send ePHI to run your business, seek out an email provider that specializes in HIPAA compliance and is specifically geared towards protecting you and the patient data that flows through your organization.
Myth: My business is too small to worry about HIPAA
Practices and organizations of all sizes get hit with HIPAA violation fines – no one is exempt. HIPAA regulations apply across the board, regardless of the size of your business. Penalties for not being compliant can range from a simple slap on the wrist to a fine of $100 per email that contains ePHI sent through an unencrypted avenue. HIPAA compliance is everyone’s responsibility, and no business is too small to suffer a surprise audit that results in business-crushing fines. Protect yourself up-front by adhering to HIPAA guidelines, and you won’t find your business under the gun for non-compliance.
Myth: Any email with PHI must have encryption
If emails are sent in-office over a secure network, encryption over e-mail is not necessary. But once that email is sent out of the office over a wide area network, or through the internet, encryption is a must.
Myth: The recipient must have encrypted email
The majority of patients use a free, non-encrypted email host. According to the HIPAA Omnibus Rule, patients have the right to request that their ePHI be sent to them via an unsecured email system. Many secure email systems can send secure messages to people without secure email – and that can be okay. But it’s important to document that request from the patient and also to inform them that when using unsecured email and waiving their right to receive their ePHI privately, they inherit the risk of a potential security breach. Documentation protects you from future accusations of negligence.
Last fall, the provisions governing Business Associate Agreements under the HITECH law went into effect. Many covered entities used templates and models offered by professional societies and the Department of Health and Human Services, but it’s becoming increasingly clear that the “model” agreements were simply a stopgap measure, and that organizations that use BAAs need to conduct ongoing reviews of the documents and customize the language to meet the individual needs of their company.
The need for ongoing reviews to business associate agreements stems from an increased focus on compliance, and audits from the Office of Civil Rights (OCR) in DHHS. In the past, HIPAA compliance audits were limited to specifically covered entities, such as doctors’ offices and hospitals. Using HIPPA-compliant providers like healthcare fax companies to transmit protected data on their encrypted servers has been the best way for health care professionals to avoid audit issues.
However, the provisions of HITECH allow for audits of subcontractors as well, ensuring that they too are complying with the privacy and security policies of the act. Essentially, then, a business associate agreement serves as an agreement by the subcontractor that it will adhere to the rules and standards of HIPAA — and they understand the consequences of noncompliance.
Some argue that the notion of business associate agreements is outdated, given that HITECH holds all subcontractors who have access to HIPAA-protected data to the same privacy and security standards as the covered entity itself, even without the written agreement. The law still states, though, that covered entities must negotiate and maintain compliant BAAs with the companies that have access to their data — even those that may not directly have access to the data.
The simple fact that the OCR is conducting audits of business associate agreements and the companies covered by the agreements, highlights the importance of maintaining up-to-date and comprehensive agreements — meaning that the “boilerplate” agreement that you signed to meet the basic compliance standards may not be enough at this point.
Considerations for Review
Since it’s been a year since the new provisions went into effect, it’s very likely that your BAAs are reasonably up-to-date, and in compliance with the laws. That being said, if you used a template, or you only made minor changes to existing agreements, it’s best to review the agreements you have on file to ensure they comply with current law.
Many experts agree that BAAs should be reviewed at least once a year or more often if they expire, or if there are significant changes to the business relationship.
When reviewing your business associate agreements, there are a few key points to pay close attention to:
Big news from HIMSS today about HIMSS16, especially for sports fans. What may make the following news even bigger is if Peyton Manning is in the midst of a retirement reflection period following this current football season. What news it would be if he decided to make an announcement about the future of his career from the HIMSS podium — HIMSSanity!
Here’s the full announcement:
Denver Broncos quarterback Peyton Manning, the NFL’s only five-time Most Valuable Player and a 14-time Pro Bowl selection, will be the closing keynote speaker at HIMSS16. He takes to the podium at 1 p.m. PDT, on Friday, Mar. 4, 2016. The HIMSS Conference & Exhibition ranked as the largest medical conference in North America during the first half of 2015 (Trade Show Executive, September 2015).
Peyton Manning has earned his place among the greatest quarterbacks in league history as the active leader in nearly every statistical passing category.
In each of his three seasons with Denver, Manning has led the Broncos to an AFC West Division title and a first-round playoff bye. During that time, he ranks first in the NFL in regular-season wins, passing touchdowns and completion percentage.
Named 2013 Sportsman of the Year by Sports Illustrated, Manning’s season ended with a trip to Super Bowl XLVIII, making him only the third quarterback in NFL history to lead multiple teams to a Super Bowl.
For his actions off the field, Manning was honored as the recipient of the Byron “Whizzer” White Humanitarian Award and the NFL’s Walter Payton Man of the Year in 2005 as well as the Bart Starr Award in 2015.
Manning serves as a member of the American Red Cross National Celebrity Cabinet and The Pat Summit Foundation Advisory Board. He and his wife, Ashley, established the PeyBack Foundation in 1999 to promote the future success of disadvantaged youth by assisting programs that provide leadership and growth opportunities for children at risk.
The Centers for Medicare & Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC) today released final rules that simplify requirements and add new flexibilities for providers to make electronic health information available when and where it matters most and for health care providers and consumers to be able to readily, safely, and securely exchange that information. The final rule for 2015 Edition Health IT Certification Criteria (2015 Edition) and final rule with comment period for the Medicare and Medicaid Electronic Health Records (EHRs) Incentive Programs will help continue to move the health care industry away from a paper-based system, where a doctor’s handwriting needed to be interpreted and patient files could be misplaced.
“We have a shared goal of electronic health records helping physicians, clinicians, and hospitals to deliver better care, smarter spending, and healthier people. We eliminated unnecessary requirements, simplified and increased flexibility for those that remain, and focused on interoperability, information exchange, and patient engagement. By 2018, these rules move us beyond the staged approach of ‘meaningful use’ and focus on broader delivery system reform,” said Dr. Patrick Conway, M.D., M.Sc., CMS deputy administrator for innovation and quality and chief medical officer. “Most importantly we are seeking additional public comments and plan for active engagement of stakeholders so we take time to get broad input on how to improve these programs over time.”
HHS heard from physicians and other providers about the challenges they face making this technology work well for their individual practices and for their patients. In recognition of these concerns, the regulations announced today make significant changes in current requirements. They will ease the reporting burden for providers, support interoperability, and improve patient outcomes. Providers can choose the measures of progress that are most meaningful to their practice and have more time to implement changes to program requirements. Providers are encouraged to apply for hardship exceptions if they need to switch or have other technology difficulties with their EHR vendor. Additionally, the new rules give developers more time to create user-friendly technologies that give individuals easier access to their information so they can be engaged and empowered in their care.
As part of today’s regulations, CMS announced a 60-day public comment period to gather additional feedback about the EHR Incentive Programs going forward, in particular with the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), which established the Merit-based Incentive Payment System and consolidates certain aspects of a number of quality measurement and federal incentive programs into one more efficient framework. We will use this feedback to inform future policy developments for the EHR Incentive Programs, as well as consider it during rulemaking to implement MACRA, which we expect to release in the spring of 2016.
Telemedicine will revolutionize the delivery of healthcare by making it more convenient and accessible for patients to access qualified healthcare professionals, and reducing unnecessary expenses. Unfortunately, current telemedicine technologies are expensive and complicated to use, limiting its widespread impact on healthcare.
Last fall, the provisions governing Business Associate Agreements under the HITECH law went into effect. Many covered entities used templates and models offered by professional societies and the Department of Health and Human Services, but it’s becoming increasingly clear that the “model” agreements were simply a stopgap measure, and that organizations that use BAAs need to conduct ongoing reviews of the documents and customize the language to meet the individual needs of their company.
Big news from HIMSS today about HIMSS16, especially for sports fans. What may make the following news even bigger is if Peyton Manning is in the midst of a retirement reflection period following this current football season. What news it would be if he decided to make an announcement about the future of his career from the HIMSS podium — HIMSSanity!