5 Tips for Maximizing Electronic Health Record ROI

By Zachary Blunt, manager of product management population health, Greenway Health

Zachary Blunt
Zachary Blunt

Electronic health records (EHRs) were expected to revolutionize healthcare practices, making them more efficient, reducing costs and enabling them to provide more coordinated care.

But ask healthcare providers about the EHRs they’ve deployed, and the results are far from what was expected.

In fact, more than 60 percent of healthcare professionals rank their return on investment (ROI) for EHR systems as “terrible” or “poor,” according to a recent survey from Health Catalyst. Another study, published in the Journal of the American Medical Association, estimated the costs of billing and insurance-related activities using EHRs ranged from $20 for each primary care visit to $215 for inpatient surgery, totaling 3 percent to 25 percent of professional revenue.

So, why aren’t EHRs living up to the hype and delivering the promised investment? In many cases, it has to do with these systems not being used to their highest potential.

Here’s a look at five steps healthcare practices can take to address challenges resulting from EHR implementation and maximize their ROI.

  1. Get Buy-In Across the Board — from IT to Finance to Front Office Staff

Adopting EHRs to manage clinical activities impacts many revenue cycle-related functions, such as patient registration, insurance eligibility, scheduling and the services/treatments a patient received during each clinical encounter. To achieve ROI, EHRs must be able to improve several operations of a practice and streamline the workflows of different departments. It’s best practice for all clinicians and staff to weigh in before installing new systems or technologies.

  1. Provide Strong Leadership, Communication and Training

Changes in common practices during EHR implementation can result in significant resistance from users or a longer learning curve that hampers efficiency and adds to the cost of the system. To achieve results, healthcare leaders should clearly articulate the EHR implementation plan, prepare themselves for a transition period and develop a training protocol so all users understand their roles in using the system. In addition, users should have a solid background and understanding on how their roles factor into the overall success of the system and the practice at large.

  1. Improve Staffing Efficiency While Improving Operating Margins

Labor costs can account for nearly half of a healthcare provider’s operating costs. But providers often fail to take a strategic look at how adjusting staffing can improve the bottom line. Often, providers use historical averages to determine staffing levels at their practices, resulting in an outlay of overtime pay outside the planned budget when unexpected staffing demands occur. Data from EHR solutions, as well as enterprise resource planning (ERP) sources, can be analyzed to gain a better understanding of historical staffing trends. Accenture estimates that by getting insights from EHR and ERP data, U.S. healthcare providers could save more than $77 billion over the next five years by reducing overtime and overall labor costs.

Continue Reading

The Modern EHR Is Mobile

With the increasingly “on the go” nature of technology and communication, information is accessible from the palm of a user’s hand in the form of mobile devices. Subsequently, the success of modern EHR software lies in the moment accessibility on mobile devices like smartphones and tablets.

The addition of mobile functionality for EHR systems is driving the adoption of electronic health record systems and software in the industry and contributing to meaningful use for patients and physicians alike. Patients benefit from doctors and staff who can make informed decisions by easily accessing their medical records from an easy-to-use mobile interface. Mobile EHRs allow practice staff and physicians to access valuable and crucial patient records, while increasing communication between healthcare facilities in a more efficient, secure manner.

This is incredibly useful in critical care or emergency situations; allowing physicians and other care staff to quickly, securely and accurately view patient information on the fly is a major advantage when emergency surgery or care has to be administered. With the continued scourge of the opioid epidemic requiring investments in patient and physician safety and with continued staffing shortages in the industry leading to further implementation of AI and technology based solutions, mobile EHR will be a critical tool in a healthcare staff’s arsenal, allowing the relaying and accessing of accurate information in a constantly evolving environment.

In addition, the internet, office tools and desktop computers are no longer necessary for effective documentation; mobile EHR allows offline record populating whenever and wherever it’s necessary, increasing the accuracy and timeliness of documentation. By allowing physicians and staff to accurately and conveniently exchange documentation and patient records through a secure, mobile platform, informed decisions can be made 24/7. This drives meaningful use by improving quality, safety, efficiency and care coordination for public health.

By utilizing EHR on mobile platforms, staff and physicians can increase their efficacy and accuracy when updating documentation or accessing patient files. By creating a friendly, innovative platform to access crucial information, EHR software that features mobile functionality is a necessity in modern EHR applications. It will continue to drive meaningful use and accessibility in the healthcare industry going forward as evidenced by the infographic featured below.

Health IT Startup: Greenlight Guru

Image result for greenlight guru logoGreenlight Guru is the only quality management software designed specifically for the medical device industry.

Elevator pitch

Get to market faster with less risk and achieve true quality.

Founders’ story

Jon Speer
Jon Speer

The seeds for Greenlight Guru were planted back in 2006 by Jon Speer, a medical device engineer turned consultant as a result of a simple observation: paper-based quality management systems are painful, risky & wildly inefficient. Commercial quality management software solutions have been available for over 20 years now, yet only about 30 percent of medical device companies that should be using them were. This observation and question led Jon Speer to team up with David DeRam to create the vision for a beautifully simple quality management software.

Marketing/promotion strategy

Greenlight Guru partners with trade publications and frequently hosts webinars to help medical device startup founders plot a clear course through the complicated regulatory environment.

Market opportunity

Quality management solutions existed, or could be engineered to work, for nearly every industry. Because of to the complicated nature of medical device regulatory compliance in the United States, Canada and the European Union one of two things was happening: 1. Systems not meant for medical devices were being rigged to work or, 2. An unorganized, not easily searched paper-based QMS was developed.

Greenlight Guru was developed to help medical device manufacturers manage documents, manage risk, perform quality management and log and address customer complaints in an easy to use cloud-based platform.

Who are your competitors?

Greenlight Guru is the only QMS system built specifically for the medical device industry. Non-industry specific QMS systems exist; however, they often have to be heavily modified to handle even the most mundane tasks in the medical device industry. As a result, Greenlight Guru helps device manufacturers spend more time on their product, and less time on paperwork.

How your company differentiates itself from the competition and what differentiates Greenlight Guru?

Greenlight Guru consists of three systems meant to help device manufacturers “GO” to market, “GROW” in the market, and “GURU” to provide regulatory expertise to device makers. This three pronged approach helps manufacturers through the full life-cycle of the product.

Business model

Greenlight Guru has a B2B business model with systems mean to help device makers “GO” to market, “GROW” in the market and “GURUs” to help stay in the market.

Current needs

Greenlight Guru is always looking for talented individuals with a willingness to work hard and improve the quality of life for our users.

Continue Reading

How Digital Technology Is Helping With Cancer Health Issues

Jamie Costello is computer science student.

Jamie Costello
Jamie Costello

Considering how far we come through technology, it’s taking massive strides in regards to managing health and creating new solutions to major health issues. Cancer is still one major topic that is always up in the air in regards to benefits it can gain from technology. There have been many ideas and solutions which have continued to grow. With such a big impact that it’s there are many ways in which digital technology can be used to contribute to the issue of cancer.

Social Media

The growth of social media appears to have benefited many sectors in more ways than one and the same goes for the healthcare sector. With accessibility that everyone has to social media it allows for millions to connect and interact with each other, meaning online support groups gather communities to discuss and access information that everyone involved can relate to. Patients can be directed for support and it’s all extremely convenient. Twitter’s TweetChat facility makes creating groups easy and accessible.

Mobile Apps

The rise of wearables and mobile health apps have increased in popularity enormously with connected care benefiting most from such technologies. With connected care patients and providers can interact with one another, monitoring patient health remotely in real-time. There are also secure email communications available for patients and their careers. It creates great convenience for both parties and keeps everyone well informed with up to date information. Some impressive connected care mobile apps are already available and the progress made in mobile app development is sure to continue with endless possibilities.

Targeted Therapies

The role of genomics has played a major role how scientists and medical professionals have been able to make treatment for cancer more specialized and specific. Because of the complexity of cancer cells, it’s required further in-depth research to understand how these can be targeted better and the development of genomics has made this possible. It enables newer drugs to be created that can help with tackling the different cancer mutations and genetic changes. Further research continues in this space the progress that’s been made, gaining further knowledge and success through technologies like genomics.

Clinical Trials

Digital technology continues to be a valuable asset in the clinic trials space. They’re becoming increasingly costly but the availability of digital technologies means patient reported outcomes can be easily monitored and reported. Being able to gather up to date information to do with side effects, unexpected reactions and outcomes of the trials will make them more reliable. Through digital technologies the mass amounts of people that are able to be recruited will also make it less costly and safer in the long run.

Continue Reading

Top 4 Digital Solutions For Preventive Healthcare

Digitalization is inevitable: Technology and healthcare are becoming more inextricably linked as new innovations and discoveries are made.  Many health-related devices and services have been created in recent years with the express purpose of improving everyone’s quality of life. As a result, many international healthcare companies, like Now Health International, are now implementing innovative digital solutions to deliver better healthcare services.

Recently, broad steps are being made in the field of preventive medicine – below are some of the top digital solutions for preventive healthcare.

Wearables

By now, just about everybody wears a fitness tracker or a smartwatch, or owns a smartphone. The ability to count steps to measure one’s activity level is a great start, and is only the beginning. Vital signs data can now be collected by devices we have on us, which can then be automatically analyzed and sent to your healthcare provider in order to provide crucial information as to your state of wellness.

You can also be alerted to the amount of calories you’ve consumed, reminded to go for a walk or do some stretching exercises, or even take a short break. Sleep monitoring apps collect data while you doze and provide you with helpful information on how much rest you were able to get on any specific night.

With remote monitoring, the need to go to a clinic appointment can be greatly reduced as well. Even big companies like Apple are working on a way to determine blood sugar levels in a non-invasive way, which can change the lives of millions of people suffering from diabetes.

Pathogen Surveillance

Traditionally, health agencies rely on doctors, patient surveys, labs and research studies to collect information on pathogens and outbreaks of diseases. In the event of a serious outbreak, early reporting and progression tracking is critical to getting treatments out quickly and effectively, as well as preventing its spread. Digitalization is changing the way we respond to infectious disease outbreaks with portable genome sequencing as well as epidemiological surveillance and remote monitoring.

Disease Outbreak Prediction

Computers are helping health care professionals in the field calculate how fast a disease can spread, how many people will be affected, and determine which patients should receive priority care. The epidemiological web platform BioCaster mines text from social media platforms, blogs, and news sites to gather information on a specified area that may be a hot spot for an outbreak. There is also the option of receiving warning alerts via text or email to help users keep themselves safe.

Continue Reading

HR 6199: A Benefit To Both Patients and Physicians

By Adam Habig, co-founder and president, Freedom Healthworks.

Adam Habig
Adam Habig

Obtaining healthcare today is daunting. For those unhappy with our current system and seeking greater choice, HR 6199 is a step in the right direction.

Recently passed in the U.S. House of Representatives and awaiting action in the Senate, HR 6199 leverages the proliferation of Health Savings Accounts (HSAs) to expand Americans’ freedom to spend their health savings on the type of healthcare that best suits their needs.

What’s wrong with healthcare? Pricing is murky and expensive. Networks are confusing and restrict choices, while locking out the uninsured. Even with insurance, patients who need care must wait weeks or even months for an appointment, during which they waste hours in the waiting room.  Millions are simply avoiding the doctor altogether — 44 percent of Americans who were sick or injured last year chose (yes, chose!) not to see a doctor.

If they finally see a doctor, visits are often so rushed that burning questions barely get answers and physicians can never really dig into issues. Today’s typical 12-minute visit is not only unfulfilling, but research indicates that seeing a physician who is rushed, distracted and only half-listening is more likely to lead to serious health problems (beyond an inconvenience, the British Medical Journal recently reported that building a foundational, personal relationship with one physician can actually save lives).

Given these headaches, many surely wonder: Why, even with insurance, is it so difficult to obtain care when needed from a skilled doctor whom the patient trusts and who has the time to listen and provide that care?

HR 6199 modernizes the list of medical goods and services eligible for purchase with HSAs. The bill specifically authorizes direct care, where the patient can choose to purchase their care directly from a physician, without third party interference. In the popularized direct primary care model, a flat monthly fee buys an accessible, personal physician, similar to “concierge medicine” but affordable for the average American ($50 to $150 per month). As a result, the patient’s health insurance is then reserved for unforeseen, catastrophic expenses. This model further eliminates barriers like co-pays, deductibles and narrow networks, which all impede access to routine medical care and ultimately degrade the quality of care received.

Clarifying the tax code to explicitly enable greater healthcare choice is critical to fostering much-needed innovation like direct care. While an overall improvement, there are a few glaring issues with the legislation as-written. The DPC Alliance cited three specific improvements to correct flaws that emerged during revision of the original draft legislation:

  1. State that DPC fees are a “qualified medical expense” under IRC 213(d), and not under a more vague categorization of “service arrangement” under IRC 223(d).
  2. Make it clear that a patient may use an HSA to purchase prescription medications on a fee basis (outside of DPC bundled fees) from a DPC practice.
  3. The bill places a $150 cap of DPC fees under IRC 223(d). We do not believe that price should be a defining feature or legal definition of a DPC practice and suggest removing a price cap altogether. But, if such a cap is required for budgetary reasons, this limit should be an expense cap (maximum deduction) under 213(d).

These suggestions are not simply preferences, but in fact stem from real-world experiences of those of us in the industry who are familiar with the preferences of customers in direct care practices.

For instance, many direct primary care practices sell low-cost generic medications during visits at cost, rather than forcing their patients to make a second stop at a pharmacy. Such a small convenience has been found to dramatically boost patients’ likelihood to actually comply with taking their recommended medications, which then prevents hospitalizations and even premature death. The current version of HR 6199 would interfere with this common practice.

Continue Reading

Health IT Startup: Verato

Image result for verato logoVerato enables organizations to rapidly improve patient matching or customer matching through two cloud-based products that are powered by referential matching.

Verato has invested four years, millions of dollars and hundreds of thousands of hours of data science, data engineering, algorithmic, and cloud-services expertise to build the most precise matching technology on the market. The company has built their solutions in the cloud, so organizations can quickly, easily, and cost-effectively gain the power of referential matching to make their patient or customer matching much better, to dramatically reduce their duplicate records, and to significantly reduce the costs associated with manual data stewardship processes.

Verato leaders represent industry experts in big data, analytics, master data management (MDM), and privacy. With a proven track record of building businesses, delivering results for global clients and brands, and developing award-winning products, they are committed to revolutionizing the way our clients manage and match their patient or customer data.

Marketing/promotion strategy

Since Verato is the first patient matching or customer matching technology to use the power of referential matching in the cloud, they use a variety of channels to educate the market on the groundbreaking nature of this new technology. Typically, Verato works with other thought leaders in the industry to produce webinars, bylined articles and other speaking sessions and promote these pieces through social media and traditional media approaches.

Market opportunity

Despite years of investment in master patient index (MPI) matching technology, according to the Office of the National Coordinator for Health Information Technology (ONC), healthcare organizations still suffer from poor patient matching, with matching errors occurring in one out of five patients within a hospital system. What’s worse is that matching errors increase to about 50 percent when exchanging medical records between hospitals.

In fact, the College of Healthcare Information Management Executives (CHIME) sponsored a $1 million patient matching challenge and the ONC also launched a $75,000 “Patient Matching Algorithm Challenge” in 2017. Both contests looked at traditional matching technologies and both failed to show any real change in matching success rates.

Verato has developed a powerful new matching technology called referential matching. It uses a massive reference database of identities curated from commercially available sources that embody a 30-year history of demographics for everyone in the U.S. This database serves as an “answer key” for patient matching, allowing it to see through errors and changes over time.

Who are your competitors?

Verato is the only company to offer a referential matching technology purpose-built in the cloud. Other companies that sell patient matching technology use older probabilistic matching approaches and do not offer technology built reliably in the cloud.

Continue Reading

Technology’s Role In Improving Rural Healthcare

By Dr. Louis Krenn.

Louis Krenn
Louis Krenn, MD

In rural America, patients often find themselves more than 30 minutes away from hospitals or care facilities, making it extremely difficult to receive consistent quality care. In fact, there are only 39 physicians per 100,000 people in most rural areas, and specialists are often few and far between. With the average rural area income being more than $9,000 less than the average household income in the U.S., there simply aren’t enough doctors or financial means to see a specialist in a rural setting. This leaves patients waiting three to six months to see a doctor with the appropriate expertise and can lead them to receive care from non-physician providers, who may not have the same clinical training that a physician has. As a practicing family physician in Springfield, Missouri, I experience these challenges almost daily and as technology advances I have found new ways to help my patients to significantly decrease their need for a specialist visit.

Some of the most common health issues I face as a primary care physician that fall outside of my normal scope are dermatological, cardiological or gastrointestinal. In urban areas, patients can easily make appointments at respective specialists, but in a rural area like my own, diagnosis and treatment is often left to the primary care physician. While seeing patients for regular scheduled appointments, I typically encounter 20 dermatological cases a week including conditions like eczema, psoriasis, warts and actinic keratosis.

Although these are common skin conditions, when I encounter these types of conditions I take my years of experience and try to assess to make a diagnosis and develop a treatment plan, even if I am not 100 percent certain of the specific condition. Thanks to technology, more and more tools are being developed that can help diagnose the conditions – whether common or more intricate – that primary care physicians may not be expertly trained on. These tools, known as clinical decision support tools, enable us to make more accurate diagnoses at the point of care.

Technology as an aide, not a replacement

When I talk to my colleagues about utilizing technology in our everyday practice, I commonly get pushback because there is fear that technology may put us out of a job. The truth is that clinical decision support tools are becoming essential tools for rural health care providers as the volume of available data increases alongside our responsibility to deliver value-based care. These tools are simply aiding us, not replacing us.

A tool I’ve been using for the past year, VisualDx, allows me to access thousands of medical images that I can use to compare to a patient’s skin rather than referring them to a dermatologist with a long wait time. By looking through multiple examples of the same condition on different body parts and on varying skin tones, I can accurately identify a patient’s condition and recommend a suitable treatment plan. This visual element allows me to be confident in each diagnosis and share my findings with my patients directly in the room.

Earning patient trust with technology use

When a patient comes in with a specialized health issue, they are often hesitant to trust that the diagnoses I’ve made are accurate due to a lack of expertise in a certain area. I recently had a parent bring in their child requesting a referral for dermatologist due to some bumps on her arms. In this case, I already knew the diagnosis as the rash had a very characteristic appearance of molluscum contagiosum. However, the patient’s parent was concerned that I was not knowledgeable enough in this area and was insistent upon a referral. In this case, I was able to use the tool to show her the diagnosis, the time frame that it usually lasted and the recommended treatment. This extra level of reassurance allowed the patient to trust my diagnosis and recognize that a referral was unnecessary.

Continue Reading

Health IT Startup: SnapNurse

SnapNurseSnapNurse is an on-demand technology platform that connects pre-credentialed nurses directly with healthcare facilities to fill empty shifts. Similar to other popular on-call applications, SnapNurse reduces staffing shortages for the healthcare industry at a moment’s notice.

Founder’s Story

Cherie Kloss
Cherie Kloss

SnapNurse was created to help solve the critical nursing shortage currently sweeping the globe. In an effort to support healthcare professionals and facilities through this challenging time, Cherie Kloss, founder and CEO with an 18-year history as an anesthetist, launched SnapNurse to offer a more efficient ecosystem for both sides to work together.

After completing a successful 10-year run as a TV producer, Kloss was eager to dive back into the medical industry as a nurse and anesthetist. She quickly realized how difficult it was to land on-request nursing gigs and like many, felt frustrated with the industry’s broken credentialing and hiring process.

Kloss soon tapped her deeply seeded network to fine tune the evolving concept of SnapNurse and to build out her team. The organization’s executive lineup delivers an impressive foundation for its technology and healthcare footprint including founder and former CTO of $22 billion trading platform Intercontinental Exchange (ICE) Edwin Marcial as CTO and former Director of Anesthesia Services at Grady Hospital Jeff Richards as COO.

SnapNurse is fueled by giving the power back to nurses and finding better ways to offer competitive pay, a simple credentialing process and the freedom to work when you want and where you want, thereby driving the rapid adoption of this revolutionary on-demand platform.

Marketing/Promotion Strategy

SnapNurse connects deeply with both the healthcare institutions and the nurses to offer a better way to work together and fill empty shifts instantly through the SnapNurse talent pool.

SnapNurse has successfully established facility-partner relationships with leading organizations across the country where the need is greatest. This has been accomplished by attending top industry events and tradeshows, speaking at local and national events, and leveraging the team’s experience in the industry to connect with noteworthy contacts that are ripe for SnapNurse’s service.

The pioneering startup has also focused heavily on fostering genuine relationships with nursing communities in various regions by hosting one-of-a-kind meetup events with one of their notable TV-star supporters from Atlanta, having a presence at job fairs, developing superior testimonial videos from SnapNurse users, increasing their social imprint, among other successful strategies.

SnapNurse is used by hundreds of nurses in select cities across the nation, with Atlanta (the company’s beta location) having the highest number of nurses.

Market Opportunity

SnapNurse is a 21st-century solution to the global nursing shortage the world has been experiencing for years. Beyond nurses, global nurse agencies, hospitals, clinics and home health care businesses, among others (combined $344 billion annual market worldwide) can benefit from SnapNurse’s platform and talent pool. Estimates from the World Health Organization (WHO) show the needs-based shortage of healthcare workers globally is expected to top 17.4 million in 2018, of which more than 9 million are nurses and midwives. SnapNurse will help fill this need by connecting more nurses with healthcare facilities in need. SnapNurse empowers nurses to make more money, create their own schedule, and even get paid after the end of the shift.

Who are your competitors?

Because of the current services and relationships of SnapNurse and the blockchain software (nursetoken.io) it will soon apply to its platform, there are no direct competitors that offer the cohesive offerings we do.

How your company differentiates itself from the competition and what differentiates SnapNurse?

The tech disrupter is a favorite among hospitals and nurse managers for its ability to save time and money, increase contract talent pool and view profiles and provide ratings for available nurses. Always on the cutting-edge, SnapNurse is the first company that will apply a blockchain software (nursetoken.io) for credentialing allowing nurses to carry portable authorization passports for instant approval at new centers.

Continue Reading

What Are HIPAA Compliant Storage Requirements?

The Health Insurance Portability and Accountability Act (HIPAA) is US legislation that was signed into law by President Bill Clinton in 1996. This law, enacted through regulations overseen by the Department of Health and Human Services (HHS), sets rules for the protection of healthcare information (called protected health information, or PHI) and the ability to maintain coverage when your employment changes. One of the core elements of HIPAA is the protection of electronic protected health information (ePHI) through physical, technical and administrative defenses.

HIPAA applies to two types of organizations, covered entities and business associates.  While covered entities are organizations involved in healthcare payment, operations, and treatment, business associates are institutions that process patient data in the course of performing services for covered entities and their business associates. Companies within both of these categories need HIPAA-compliant storage and to generally follow the parameters established by the HHS.

Look to the Security Rule for guidance

Your primary consideration when you are considering HIPAA storage is the Security Rule, which includes physical, administrative and technical protections that should be used to prevent unauthorized access. Following the Security Rule requires organizations to do the following:

The Security Rule is written in flexible language, with parameters that need to be met but no specific steps forward. That looseness of language, per the agency, is intended to allow individual organizations to come up with their own solutions based on the scope and nature of their institution.

Essential HIPAA-compliant storage safeguards

Here are the specific ePHI safeguards you need, whether internally or through an organization you contract, across the three Security Rule categories:

Technical safeguards

Transmission security – A HIPAA-compliant organization needs to deploy technical security mechanisms that keep nefarious parties from being able to unlawfully access health records that are being sent through the network.

Access controls – Companies must enact technical policy and procedure documents that outline rules for access to electronic health records.

Integrity control – To maintain HIPAA compliance, an organization must develop policies and procedures intended to prevent the manipulation or destruction of health data. Plus, there should be tools implemented to verify that information alteration or elimination is not occurring.

Audit controls – For any systems that hold or utilize electronic health data, institutions have to set up software, equipment, and process elements to log and analyze access and the related activities by users.

Physical safeguards

Workstation and device protections – Access to and use of electronic media and workstations should be governed by policies and procedures developed by the organization. A HIPAA-compliant company should have official policies and procedures related to how electronic media is moved, reused, decommissioned, and discarded.

Facility access – Institutions should verify that physical access to their data center is limited to authorized parties.

Administrative safeguards

Assessment – A HIPAA-compliant company has to routinely evaluate the extent to which its policies and procedures are aligned with the Security Rule.

Security point-person – There should be a designated security officer who creates and launches policy and procedure documents.

Staff management and training – There should be proper authorization and oversight of any staff members who handle patient data. All members of your workforce should have security training, and there must be consequences when anyone disregards the official guidelines.

Data access management – Follow the Privacy Rule’s principle of “minimum necessary” related to the use and disclosure of health data. The Security Rule mandates that the policies and procedures used by a HIPAA-compliant organization should only allow an individual to access data when their role gives them that permission (called role-based access).

Security management – To achieve HIPAA compliance, a company must identify risks and take steps to mitigate them. Risk analysis is critical because it will impact all the above efforts, so it is discussed in its own section below.

Risk analysis and management

All HIPAA compliant storage should be assessed for any risks on a regular basis. Here is how you move forward:

Cloud providers and importance of the BAA

Many organizations work with outside parties to protect their ePHI. The Healthcare Industry Cybersecurity Task Force (HCIC) released a 2017 report of healthcare cybersecurity recommendations that addressed cloud relationships. One key point was to embrace cloud service providers, especially if your organization is smaller, since “smaller healthcare organizations often do not have the resources to fully staff a credible cybersecurity group.”

While cloud may make sense, the business associate agreement is critical to relationships with third parties. While you still must carefully vet these organizations, the BAA establishes responsibility for all aspects of the handling of the information that might otherwise be unclear.

Cloud security may now be stronger than at the typical traditional data center, but the risk still must be addressed. The essential nature of the BAA is underscored in the HHS’s “Guidance on HIPAA & Cloud Computing.”

Continue Reading