Guest post by John Squire, president and COO, Amazing Charts.
John Squire
As developers of electronic health record (EHR) software, my company gets into a lot of conversations with providers about their expectations for the future. This information helps us make decisions about what to build next. Here are three trends we’re hearing from our customers right now:
Low-tech beats high-tech in telemedicine
Unlike the way it was imagined decades ago by science fiction writers, telemedicine does not necessarily mean holographic images or live video conferencing with a physician half a continent away. Patients would rather receive “low tech” remote care from their primary care physician who has a full picture of their health status.
This form of telemedicine happens whenever an EHR system adds to a patient’s clinical chart the messages, pictures, or videos sent securely via smartphone. It happens whenever a smartphone connects to a remote health monitoring device for collection of real-time data such as blood pressure, oxygen levels, and heart rate.
The new rules allowing reimbursement of telemedicine and other non-face-to-face services will encourage physicians to bill for these remote care activities. Medicare’s recently expanded set of billing codes for Chronic Care Management (CCM) is a good example of how the future of value-based care goes beyond the office visit to keep patients out of hospitals and emergency rooms. The ability to securely and rapidly receive and answer a patient’s questions via text, and then capture those activities in the patient’s permanent clinical record is a critical step in that direction.
Primary care providers are trying new types of practices
Primary care physicians are frustrated with the hassle and expense of dealing with insurance companies. The new Medicare fee-for-value quality payment program is creating uncertainty about future reimbursement levels and requires additional reporting. Also, there is an acute level of burnout with “corporate medicine,” which has providers booked for dozens of daily appointments, only to spend less than 15 minutes with each patient.
In order to remain independent, a small but growing group of primary care practitioners are becoming more financially creative and experimenting with new models of practice. One example is direct care, in which a financial relationship is established directly between patient and provider, cutting out insurance altogether. This model includes concierge and direct primary care (DPC), where patients become “members” of a practice and pay a fixed monthly fee for unlimited primary care – similar to a gym membership, but for healthcare. Another example of direct care is the cash-only practice that sees walk-in patients for urgent care.
EHR interoperability will catch FHIR
Physicians and their patients are frustrated with the lack of interoperability in health IT. The concept of having a patient’s medical records accessible to any authorized provider at any time is still a rare occurrence. When a patient switches primary care physicians, the first office typically prints out and faxes their medical records to the second office, which introduces the possibility of errors, HIPAA violations, and others.
Guest post by Pawan Sharma, director of operations for healthcare at Chetu.
Pawan Sharma
Healthcare is quickly adapting to the digital environment by leveraging web-based technologies, electronic health records (EHR) and mobile devices to facilitate the movement of information. With innovative software technology comes great responsibility. One of the unfortunate downsides to increasing the use of technology for data sharing in the healthcare world is the risk of data falling into the wrong hands. Full measures need to be put in place to protect patient’s Protected Health Information (PHI). The Health Insurance Portability and Accountability Act (HIPAA) mandates that all PHIs be secured. Any breach, if not handled appropriately under established procedures, can lead to grave consequences including heavy penalties, jail time, or both. Needless to say that proper mechanisms need to be implemented to secure data while it is stored, transmitted and consumed.
Understanding Regulatory Standards
Knowledge is power. It is paramount that software providers look for back-end development partners that have Healthcare IT experience. This includes extensive knowledge and proficiencies with federal regulations like American Recovery and Reinvestment Act (ARRA), meaningful use stage 1 and 2, Accountable Care Act, etc. Also, regulatory health information exchange (HIE) standards such as Health Level 7 (HL7), Health Information Exchange Open Source (HIEOS), Fast Healthcare Interoperability Resources (FHIR), Consolidated-Clinical Document Architecture (C-CDA), Continuity of Care (CCD/CCR) as well as clinical and financial work flows.
Encryption
With information traveling over a network it may be subject to interference. Hence, it is important that data be encrypted in transit. Vendors must include encryption technology to prevent disclosure of patient health information while data is communicated between the application and the server. Web traffic must be transmitted through a secure connection using only strong security protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS). SSL/TLS certificates are light weight data files that are purchased and installed directly onto the server. Once implemented, a user will be able to connect to the web-based application server via a secure tether with an internet browser.
Code Hardening
Organizations have been keen on securing networks and internal infrastructure from external threats. With this in mind, malicious entities are looking to breach data at the application level. Healthcare software proprietors must protect their application from security threats by employing hardening tactics, which shields bugs and vulnerabilities in the coding. This technique primarily includes code obfuscation. Code obfuscation is the act of intentionally creating obscure source code to make it difficult for entities to decipher. Properly employing this tactic hinders a threats ability to reverse engineer and tamper with an application to facilitate a breach.
