Dr. Juergen Fritsch, co-founder and chief scientist of M*Modal Inc., discusses the company, how it is used in the care setting, the market trends and where it is going.
What is M*Modal?
M*Modal is a leading healthcare technology provider of advanced clinical documentation solutions, enabling hospitals and physicians to enrich the content of patient electronic health records (EHR) for improved healthcare and comprehensive billing integrity.
As the largest clinical transcription service provider in the U.S., with a global network of medical editors, M*Modal also provides advanced cloud-based speech understanding technology and data analytics that enable physicians and clinicians to capture and include the context of their patient narratives in a single step into electronic health records, further enhancing their productivity and the cost-saving efficiency and quality of patient care at the point of care.
Why is it disruptive and important to the community?
M*Modal’s technologies are disruptive because they empower physicians with the ability to make informed decisions at the point of care, one of the most critical factors in reducing healthcare costs and improving patient outcomes.
M*Modal’s solutions are important because they are designed for healthcare by healthcare experts. As such, the solutions understand multiple dialects, accents and cadences, pull from a repository of more than 200,000 physician voices in the cloud and are only medically focused.
What is its potential?
M*Modal has the potential to transform the way the entire healthcare industry leverages advanced clinical documentation technologies and services, ensuring that all stakeholders across the healthcare spectrum, from the patient to the coders on the back end, benefit from the advanced clinical documentation workflows available in today’s and tomorrow’s healthcare settings.
Who’s using it? Why? What is the ROI?
M*Modal provides hospitals and physicians with the healthcare industry’s most advanced clinical documentation solutions. These stakeholders use our solutions to enhance how healthcare professionals capture and manage clinical documentation for improved quality, cost savings, reimbursements, compliance and patient care. Examples include enriching electronic health records for patient care quality and comprehensive billing integrity.
In terms of ROI, our technologies can identify documentation deficiencies and address them via closed-loop workflows, which improve the quality of the clinical patient note and increase the efficiency of documentation processes. Our advanced clinical documentation tools drive adoption of electronic health record systems, saving providers time & expenses.
How did it start? What is it doing to advance?
M*Modal grew out of research performed at Carnegie Mellon University in the late ’90s. The company’s founders developed a radically new technology for understanding conversational human interactions on the telephone. The technology proved to be an even better match for dictated clinical notes as created by healthcare professionals throughout the United States and elsewhere. Today, M*Modal processes millions of hours of verbal healthcare documentation for more than 200,000 physicians each year.
To advance our impact we are also focused on forging partnerships. We just announced several new partnerships with major industry players such as 3M, Optum and Intermountain Healthcare and we have established partnerships with top providers of electronic health record systems, including Epic, Allscripts and Merge. We are constantly working with partners to develop and address industry challenges as they arise.
How is it used in the care setting?
Our advanced speech and natural language understanding technology is used in a wide variety of clinical and administrative healthcare workflows, for example enabling physicians to interact with their clinical systems via voice anytime, anywhere, using their preferred device. This enables instant access to critical information for patient care, allowing providers to spend more time with the stakeholder that matters most – patients.
Additionally, hospitals and practices are using our solutions to analyze vast amounts of unstructured clinical documentation, identify documentation deficiencies and close care gaps. Traditional electronic health record systems do not provide this level of insight and so our solutions fill a critical need that becomes more and more important as we progress from a fee-for-service to a value-based reimbursement and accountable care model.
Tell me something about transcription tools that nobody seems to know.
Our advanced speech and natural language understanding technology has made the process of turning dictated physician notes into structured clinical documents roughly twice as fast as a traditional transcription workflow. On top of that, transcription services are slowly but steadily evolving to also include data validation services. That trend will continue as hospitals seek to lower their cost and free-up physicians to spend more of their time caring for patients rather than dealing with technology.
Should patients care about speech recognition?
Many patients are already familiar with speech recognition technology through their use of off-the-shelf consumer products that some of them are using at home. In my view, it is less the speech recognition technology that they should care about, but the significant advances that we have made in the past few years around computers understanding natural human language. That technology together with the vast and ever growing amounts of “big data” that are being created in healthcare is allowing physicians and other care providers unprecedented insights into healthcare outcomes and ultimately will be a key driver of improved healthcare.
What do you see as the most important health IT trends currently affecting the market? Why?
The most important health IT trends that’s affecting the market today is the move toward a more outcome- and prevention-based reimbursement models. Rather than paying for services provided, the market will shift rapidly toward paying fixed budgets to manage different types of diseases, particularly the costly chronic ones such as heart disease, diabetes, etc. Healthcare information technology is adjusting to this and is developing new solutions that are focused on personalized medicine to prevent diseases rather than just supporting the treatment of them once they occur.
Where are we going as a market?
As I noted earlier with the new outcomes-based focus, I would say that we are rapidly moving toward a more sustainable healthcare cost model, with a much improved focus on disease prevention and personalized treatment plans.
What is the number one complaint you hear regularly from caregivers?
By far the number one complaint is that outdated, inefficient technology is bogging them down, requiring them to spend more time in front of the computer, leaving less time to take care of their patients. In part, this stems from the fact that many hospitals have bought into decades-old electronic health records systems with inefficient workflows that slow down physicians, particularly in today’s world of increasing data capture requirements. But there is also a generation of newer information technology on the market now — such as speech and natural language understanding technology — that actually help improve physician productivity while also providing better insights into their patient population. The bottom line is: physicians and hospitals need to closely follow the healthcare IT market to identify the tools that can drive their efficiencies and improve their outcomes.
What are caregivers most excited about?
Many care givers are excited about mobile devices — mostly about tablets like the iPad Mini. It allows them to do many of their tasks more efficiently while on the go, even sharing a lot of information effectively with their patients. Virtual assistant technology is also of great interest to many physicians, particularly in combination with mobile devices. You will see many new mobile apps hitting the market in the next few years that will allow care givers to verbally ask complex questions about their patients’ health record and get answers within seconds.
What piece of regulation would you like to see abandoned? Adopted?
I’d like to focus on pieces of regulation that I would like to see adopted more readily or more expediently. The key ones for me are interoperability standards and the respective regulation found in the ARRA HITECH Meaningful Use program. Almost every other industry has embraced interoperability. You can get cash at virtually any ATM in the world — but you can’t transfer your electronic patient health record from one EHR provider to the next (at least, not without major effort). We need to change that, and we need to do it quickly. Regulation can help with that.
Dr. Juergen Fritsch is co-founder and chief scientist of M*Modal Inc. where he leads research efforts in the fields of speech and natural language understanding for clinical documentation. His work focuses on building and improving a medical language understanding system that is based on standardized medical ontologies and vocabularies while employing statistical algorithms to learn from vast amounts of linguistic data. He has published more than 20 peer-reviewed papers and has been granted five patents on original speech recognition and natural language processing research. Juergen received his Ph.D. (1999) and M.Sc. (1996) degrees in computer science from the University of Karlsruhe, Germany.
In light of recent reports that nearly 220,000 hospitals, office-based physicians and other eligible professionals have received more than $12 billion in federal incentive payments, I thought I’d highlight the top questions as featured on CMS.gov’s FAQ section.
But, a little perspective first. According to Modern Healthcare, to this point, 3,757 hospitals, or 75 percent of the 5,011 U.S. hospitals that are eligible to receive federal funds under the program, have received an EHR incentive payment.
Also, “215,500 physicians and other EPs, or 41 percent, of the 527,200 total physicians and other professionals deemed eligible to participate, have been paid. Some 85 percent of hospitals and 70 percent of physicians/EPs are registered under the programs, the CMS reports.”
So, back to the original story: CMS.gov’s Frequently Asked Questions and the answers. If you’re not aware of the resource, it serves a broad base audience with a smattering of questions and responses. For example, there a variety of topics including billing, e-health, data navigation, EHR incentive programs, well, you get the point.
Here’s a short list of some questions and their answers:
How and when will incentive payments for the Medicare Electronic Health Record (EHR) Incentive Programs be made? For eligible professionals (EPs), incentive payments for the Medicare EHR Incentive Program will be made approximately eight to 12 weeks after an EP successfully attests that they have demonstrated meaningful use of certified EHR technology. However, EPs will not receive incentive payments within that timeframe if they have not yet met the threshold for allowed charges for covered professional services furnished by the EP during the year. Payments will be held until the EP meets the threshold in allowed charges for the calendar year ($24,000 in the EP’s first year) in order to maximize the amount of the EHR incentive payment they receive. Medicare EHR incentive payments are based on 75 percent of the estimated allowed charges for covered professional services furnished by the EP during the entire calendar year. If the EP has not met the threshold in allowed charges by the end of calendar year, CMS expects to issue an incentive payment for the EP in March of the following year (allowing two months after the end of the calendar year for all pending claims to be processed).
What is CMS? The Centers for Medicare & Medicaid Services (CMS) is a branch of the U.S. Department of Health and Human Services. CMS is the federal agency which administers Medicare, Medicaid, and the Children’s Health Insurance Program. Provides information for health professionals, regional governments, and consumers. Additional information regarding CMS and it’s programs is available at http://www.cms.hhs.gov/.
When eligible professionals work at more than one clinical site of practice, are they required to use data from all sites of practice to support their demonstration of meaningful use and the minimum patient volume thresholds for the Medicaid EHR Incentive Program? CMS considers these two separate, but related issues. Meaningful use: Any eligible professional demonstrating meaningful use must have at least 50% of their of their patient encounters during the EHR reporting period at a practice/location or practices/locations equipped with certified EHR technology capable of meeting all of the meaningful use objectives. Therefore, States should collect information on meaningful users’ practice locations in order to validate this requirement in an audit.
How do physicians join or leave a group? If both the physician and the group are already enrolled with the same carrier, the physician and the group together are required to complete a CMS 855R showing the date the physician joined the group and reassigned benefits to the group. If a physician leaves a group, the physician or the group should complete the CMS 855R, showing the date the physician left the group. When leaving the group, the CMS 855R does not need to be signed by both the physician and the group. If either the physician or the group have not enrolled with the carrier, they must first complete the appropriate CMS 855 for either an individual (CMS 855I) or group (CMS 855B) before the reassignment can be effective.
Your smartphone a medical device? There’s a possibility that this could happen as Washington and its players continue to evaluate whether in the Food and Drug Administration should regulate mobile apps technologies, including health-related apps.
Based on the interpretation of the current administration’s perspective of mobile health innovation and regulation and how those innovations benefit patients will likely determine whether regulation, and ultimately, taxes are assessed on them.
Mobile health apps can range from an iPhone app that monitors diet to mobile or wireless technologies used in hospitals and home-care settings.
Obviously, developers and those producing the apps want more clarification on the issue. As expected from a federal agency, the FDA has issued draft guidance in 2011 according to Modern Healthcare about how it plans to oversee mhealth apps, but nothing final has been released. So, what we’ve seen may not ultimately be what we get.
Some people believe health apps will help solve the overwhelming cost crisis in healthcare; thus, shackling them with additional oversight, taxes and regulation will stifle a burgeoning industry. As such, according to Modern Healthcare, there needs to be “’predictable, transparent and risk-based regulation,’ the value of interoperability, and reimbursement policy that aligns stakeholders.”
I couldn’t have said it better myself, and I agree with the fear that some lawmakers have about a concern that FDA regulation of smartphones, tablets and apps could mean those technologies are subject to the medical device excise tax, a 2.3 percent tax on the sales of certain devices that went into effect in January.
The tax is part of the Patient Protection and Affordable Care Act and is considered the device industry’s contribution to financing healthcare reform.
In a March 1 letter to FDA Commissioner Dr. Margaret Hamburg (PDF), the House committee leading testimony asked the FDA to clarify whether the smartphones and mobile health apps will be subject to the tax. No response as yet. Not surprising. Additionally, leadership also requested that the agency provide information about when it plans to issue final guidance on how it plans to oversee mobile medical apps.
“Most Americans have no idea that their smartphone, tablet or the mobile apps that have become part of their daily lives could be subject to added red tape or a new tax under Obamacare,” Energy and Commerce Committee Chairman Fred Upton (R-Mich.) said in a news release.
According to the Washington Post, “In 2012, Congress gave the FDA the green light to define which medical apps would require its attention. The agency has asked for comment on a proposal that would give it regulation authority over accessories to existing medical devices, such as apps that show MRI scans, as well as apps and accessories that transform mobile devices into regulated medical devices, such as attachments or apps that turn smartphones into heart monitors.”
For those with an interest at stake here, they should feel some level of concern, no matter the side of the isle they happen to sit. Further regulation, and definitely taxation (especially at the app user level), will destroy the momentum gained by these tools to the market since they’ve been developed.
In the very least, the seemingly unending and elusive patient engagement game that plays on may find itself put on pause as this has the potential to once again remove personal control of tools designed to help manage and improve one’s health and to regulate it.
In many ways this seems like a sin tax. High taxes are used to get people to quit bad behavior, like smoking. When the prices gets too high, they (ideally) quit.
Skype and unbridled communication between caregivers and their patients has opened a great many opportunities for care to be offered the world round, from a variety of locations within our own communities to remote and unconventional places in other areas of the world.
In a nutshell, Dr. DeShan spends several months in Russia each year leading an international medical mission where he serves some of Moscow’s most needy, as well as delivers care to some of the world’s remote people through journeys into the wilderness.
When he’s in Moscow serving patients, she’s able to stay connected to his practice in Midland Texas, where he’s a partner at a thriving OBGYN. Aside from relinquishing a few of his daily duties, such as delivering, he’s able to maintain a full patient load and he does that in part using the web and tools like Skype to maintain contact with them and with his practice.
Personally, I believe the work DeShan is doing is fascinating. He’s using his talent and skill to follow his passion and his calling in life. His practice and his patients are in support of his work and in no way does he keep it from them. Those patients that were not comfortable with interacting with him part time through the web were assigned to other practitioners.
However, I’ve always wondered if Skype is a tool that can be trusted for such work. Despite his good deeds, I always wondered he’s in HIPAA compliance.
According to a recent article in Medical Office Today, I’m not the only one. According to the article, “Notwithstanding the fact that Skype is ubiquitous, its use may be inappropriate for healthcare providers as web-based platforms raise a number of significant HIPAA privacy and security issues:
Many platforms are proprietary, meaning that healthcare providers have no way to determine if and what information is stored
Users cannot reliably develop and verify an audit trail
There is no reliable way to verify transmission security
Users have no way to know when a breach of information occurs
There is a lack of integrity controls to ensure that electronic protected health information is not altered
Also, according to the piece, HIPAA and its resulting regulations pertaining to privacy and security require covered entities such as healthcare providers to protect the confidentiality of protected health information and guard against unauthorized access, use, and disclosure of such information.
Among other things, the HIPAA rules require:
Access controls
Audit controls
Person or entity authentication
Transmission security
Business Associate access controls
Risk analysis
Workstation security
Device and media controls
Security management process
Breach notification
“The use of web-based platforms, especially those that are proprietary, makes it difficult for healthcare entities to meet many of their HIPAA obligations,” the article states. “As a consequence, telehealth providers carry a higher risk of potentially violating HIPAA rules when they use services such as Skype.
According to the Health Information and Trust Alliance, the organization recommends against the use of Skype and similar platforms for communications involving health information, concluding that web-based platforms are not secure, and are an inappropriate way by which to communicate with patients, especially when the communication involves health information. Their view was confirmed late last year when a security flaw was discovered in Skype that put users’ personal information at risk of disclosure.
“All of this does not mean a healthcare professional should not use Skype to communicate to patients, only that they be aware of the increased risk of violating HIPAA and think long and hard prior to using such technology.”
However, should a provider insist on using Skype, there are some steps they should consider to better protect themselves from potential HIPAA liability (all good tips, according to the magazine):
Have patients sign HIPAA authorization and a separate informed consent as part of intake procedures when using web-based platforms
Develop specific procedures and protocols regarding use of Skype, similar platforms
Train workforce on the use of these platforms
Exclude the use of these platforms for vulnerable populations
Limit to certain clinical uses (i.e., only intake or follow up)
Use secure platforms with audit trail, breach notification, other capabilities.
Only HIPAA-compliant technologies can truly protect a physician and a patient. These steps may help. In the long run, though, as I’m sure Dr. DeShan would agree, don’t let the cost of the work keep you from doing it.
A new report suggests that the average physician lost just as much as would have been gained had he or she received the full meaningful use incentive payment for the last five years — $44,000 – by implementing an electronic health record, which basically makes the whole thing null and void.
There’s a caveat, though. The practice that has implemented and is using the EHR, needs to make a few changes to the way the practice runs or else the saving is lost. Somewhat of a no brainer, according to study that’s published in Health Affairs, only 27 percent of practices achieved a positive five-year return on investment by implementing the electronic systems.
The trouble, according to the survey, is that practices “failed to make operational changes to realize the benefits of EHRs such as doing away with paper records after implementation of the electronic systems, adoption, as well as dictation, billing services and positions or staff members who were performing services no longer required after EHR adoption.
A reduction in the required workforce at the practice after the implementation of an EHR is a common problem. I’ve spoken with several practice leaders who cited it as such, and in many cases, staff whose positions were eliminated because of the software have been re-assigned to other areas. There are only a few practices in which I’ve spoken where employees were laid off because of the systems. I expect this number to grow as more systems come online.
According to MedPage Today, which published the results of the study, the study sought “pre- and post-adoption financial cost/benefit data from practices such as total revenue, total operating costs and total labor costs. Researchers also asked for information on areas that were impacted by EHRs, such as the cost of paper medical records, dictation services, and billing services.”
Their results of the study showed that the average physician lost $43,743 over five years. Primary care practices fared better than specialists. Practices that saw a positive return on EHR investment increased revenue by more than $114,000 per physician over five years, results showed. In comparison, practices with a negative return on EHR investment saw revenue increase by an average of only $9,200 per physician in five years.
“Even when adding federal incentives to use EHRs, the majority of doctors would have lost money,” MedPage Today reports.
Other results from the study include:
38 percent of practices with six or more physicians achieved a positive return on investment, compared with 26 percent of practices with one or two physicians
55 percent of practices reported a reduction in the cost of paper medical records after EHR adoption
22 percent of practices reported the most common ongoing cost was additional hours of practice time
10 percent of practices noted improved efficiency, allowing them to see more patients each day
18 percent increased revenue through improved billing
This is a bit surprising: Practices with a practice management system prior to EHR implementation in place to help with billing functions benefited less on average.
Seems like some of the unexpected consequences of EHR use are finally working their way to the top and a bit of the actuality of the situation is coming out; just because a system is implemented, doesn’t mean everything is going to be great. “Wide usage of EHRs was supposed to help doctors increase revenue through improved billing and efficiency gains that would allow them to see more patients per day. However, doctors have complained that EHRs are cumbersome and cause physicians to spend more time documenting patient visits,” the magazine states.
Andrew Olowu, chief technology officer of Axxess Technology, discusses home health and how technology is impacting this market segment of the care spectrum, from delivery of care to how caregivers benefit from its use.
Where does home healthcare fit into the big picture?
Home healthcare plays an increasingly vital role in the delivery of quality healthcare in America today. It is widely accepted that patient outcomes are better when care is delivered in the comfort the home, where a patient feels most comfortable. Because the cost associated with home healthcare is much lower than other tradition healthcare options (such as the hospital), home healthcare is also very beneficial from a financial standpoint. Lastly, as the baby boomer generation ages, it will create increasing demands for all categories of healthcare, including home healthcare services.
How is technology affecting the delivery of home healthcare services?
The practice of using paper by home health agencies for maintaining patient records, documenting clinical notes, managing physician orders and scheduling patient visits is still very common today, but must be transitioned to electronic records by 2014.
Advanced electronic health record systems used in home health agencies benefit patients and healthcare providers. A good electronic health record system can perform automatic audits of clinician documentation, check for adverse drug and allergy interactions, warn about scheduling conflicts and deviations, verify access to patient records, and back up all electronic data on a periodic basis.
How are healthcare professionals (nurses, clinicians, treating physicians, etc.) benefiting from technology in home healthcare?
The advent of mobile devices allows nurses to document patient visits directly at the point of care, which decreases the time it takes to submit clinician documentation. Point-of-care systems also improve the nurses’ ability to communicate directly with the physician overseeing the patient’s care, which ensures accurate documentation and allows for ease of collaboration among a patient’s medical team.
Explain the effects of home healthcare on hospital readmission reductions. And where does technology come into play?
Home healthcare plays a significant role in reducing hospital readmissions by providing recently-discharged patients with education about their diagnosis/prognosis, medications and treatment plans. This hands-on approach to post-hospitalization reduces likelihood of patient readmission. Caregivers and family members can also be educated by home health clinicians to provide the adequate care for the patient. Technology facilitates better communication and care coordination among healthcare professionals. The use of technology in home healthcare also reduces the time clinicians spend on paperwork, allowing more time spent caring for the patient.
How do you see the future of home healthcare affecting the healthcare industry as a whole? Why?
With the availability of efficient and comprehensive technology in home healthcare, we can expect better patient outcomes, happier patients because they can recover at home and a reduction in the cost of healthcare delivery. We believe home healthcare will grow and become increasingly important to both patients and providers as an integral element of the larger healthcare industry.
What benefits do hospitals have when partnering with home health agencies?
Under the affordable care act, hospitals with excessive readmissions will see reductions in their Medicare payments. Hospitals partnering with home health agencies that have adopted technology to provide the best care for patients will favorably affect the number of re-admissions and protect their revenue.
Knowing the requirements that wait in 2014, how is progress in the home health industry?
Based on our anecdotal observation, the industry is moving steadily toward adopting electronic health records. Larger organizations generally have been among the first adopters, with many smaller agencies yet to make the transition.
Andrew Olowu is the chief technology officer of Axxess and serves on its board of directors. Olowu is responsible for the overall technology, architecture and innovation of the Axxess platform.
Guest post by Rachel Weeks, director at Courion Corp.
Medical records are confidential. Until a breach occurs and they are let loose on the public, which occurs more often than we think. We need to do better.
According to Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy & Data Security, more than nine in 10 healthcare organizations have had at least one data breach in the past two years. Nearly half have had more than five data breaches in the same period. Breaches cost organizations more than $2 million on average over a two-year period, and the cost is rising. The potential annual cost is nearly $7 billion.[1]
As privacy and security concerns grow and technology becomes more sophisticated, you’d imagine breach rates would be on the decline. But more healthcare organizations are being victimized more often, according to the study, and most aren’t sure they can prevent or quickly detect all patient data loss or theft.
One contributor: data is simply becoming harder to control.
“Technologies that promise greater productivity and convenience such as mobile devices, file-sharing applications and cloud-based services are difficult to secure,” says the report. “Employee mistakes and negligence also continue to be a significant cause of data breach incidents. Another worry presented in this research is that sophisticated and stealthy attacks by criminals have been steadily increasing since 2010.”
You can’t blame the IT staff. There’s far more going on in the average healthcare organization than staff can reasonably handle.
Change is overwhelming
For years healthcare organizations have looked to traditional identity and access management (IAM) solutions to optimize efficiency and secure access to sensitive data. These IAM implementations typically started with user provisioning, a process that put controls in place to ensure users were given only the access rights they needed to do their job. Then, for governance, the organizations would perform periodic reviews or certifications – say, every three, six, nine, 12 months – to validate that those access rights were in line with policy.
But so much change can occur in the months between provisioning and certification: business changes, infrastructure changes, regulatory changes, new resources coming online, new roles and policies, not to mention hirings, firings and transfers, particularly in the healthcare industry with thousands of employees and many more contractors and affiliates. This creates an overwhelming amount of data detailing who has access to sensitive patient information. We call these intervals between provisioning and certification the “IAM security gap.”
As the Ponemon study says, “Many healthcare organizations struggle with a lack of technologies, resources and trained personnel to deal with privacy and data security risks.”
That’s an understatement.
However you characterize it, the IAM gap leaves an organization’s sensitive company information at risk to a range of threats, both internal and external. It can be months from the time someone gains inappropriate access rights or inadvertently accesses sensitive data to when the organization is able to discover it through periodic certifications. To date, existing IAM approaches have not provided the technology and flexibility to get a real-time view of policy and governance violations to help organizations efficiently manage the risk of improper access to patient data.
Closing the IAM Gap
Bridging the abyss between provisioning and certification requires clear understanding of what is actually happening in those billions of constantly changing access relationships created by changing people, computing resources, rights, duties and company policies. The challenge is somehow processing what human minds, or even relational databases, cannot. What’s missing is a real-time holistic view of access risk. The missing ingredient is access intelligence.
The only way to achieve access intelligence is by aggregating all the IAM data – the identity policy, activity, entitlement and resource data generated via those billions of constantly changing access relationships – into a data warehouse just like the ones you use for business intelligence in other areas of the organization. The data warehouse should embody advanced information security, policy and governance domain expertise. Then you need to constantly apply predictive analytics to that data to analyze access risk throughout your entire organization – literally every two minutes or so. Properly constructed, an access intelligence system like this can uncover deeply embedded policy violations or improper access. It can generate instant alerts on those violations, or produce graphical “heat maps” spotlighting looming risks and security breaches.
A system like this helps you find the needle in the haystack you wouldn’t otherwise discover. For example, a nurse might be authorized to search and retrieve his hospital’s pediatric records, but if he is suddenly retrieving records from oncology, dermatology and urology, well, that’s a potential problem that won’t show up without powerful analytics.
Such an access intelligence system can help healthcare organizations:
Identify risk in real time.
See where the greatest vulnerabilities lie.
See how access risk is changing.
Understand what is driving the risk.
Immediately remediate the risk.
Detect risk trends.
Predict future areas of risk.
Implement policies and preventive measures.
Fix the fundamental business process issue that creates security gaps before they become a problem.
With luck, Ponemon will have less to report in the years to come.
Rachel Weeks is a director at Courion Corp., the leader in risk-driven identity and access management.
[1] if every hospital/clinic in the country experienced the average impact
On its face, the CommonWell Health Alliancee really seems to hit the mark. A collection of the top EHR vendors coming together, sharing a stage and shaking hands; smiling; snapping photos of smiling happy CEOs. All together for one cause, or so the story goes: healthcare data interoperability. According to the “organization’s” website, interoperability is the cornerstone of healthcare’s future.
“Interoperability helps improve quality, reduce costs, enable regulatory compliance and ensure better access to healthcare for millions of people,” and so on and so forth.
Finally, CommonWell’s call to action: moving the healthcare industry beyond just recognizing the importance of interoperability, but moving the industry forward. CommonWell is supposed to be the health IT superhero that moved this giant boulder up the hill and positions it so eloquently on the top.
For those of us who didn’t know this already, CommonWell sums it up: “It’s time for healthcare IT organizations to come together and commit to achieving interoperability for the common good,” and so on and so forth.
So glad it took the giants of the industry to tell us as much.
Okay, so admittedly, this is a step in the right direction. It’s like putting big money behind a good cause. For everyone who has ever worked in the nonprofit trenches who spend their days begging the haves for the have nots, this a dream come true.
Those in the spot light can move us forward to a point where we must be. Allowing private enterprise to bear this mantle means we might finally make the move forward instead of being held back by the shackles of the federal reform and imposition.
After all, wasn’t interoperability a staple of meaningful use; an “industry consortium to adopt common standards and protocols to provide sustainable, cost-effective, trusted access to patient data,” if you will?
Because of meaningful use, we were supposed to be singing in circles by now, discussing all of the advancements we’ve made; our coming together and our ascending to the precipice. Alas, little has been attained through federally funded meaningful use except implementation and wars of words.
We waited, didn’t we? Long enough? Perhaps, perhaps not; depends on who you ask. Farzad Mostashari says we should wait a bit longer for the results to role in. The boys at Allscripts, athenahealth, Cerner, Greenway, McKesson and Relay Health (imagine the feelings of all the other vendor’s CEOs who were left out of this pre-arranged agreement; I guess there’s mincing words anymore) decided private enterprise is the way for things to actually get done.
And while it’s an interesting experiment, I think I agree with some of the other more intelligent folks in the field. Until we see some sort of actual forward movement with this initiative and until there’s some proof of life, this is really nothing more than a stake in the ground. A happy public relations move designed to flex a little corporate muscle on the industry’s largest stage.
