In the land of health IT, innovation is power and those that control it king.
There’s no status quo here. Resting on your laurels, despite all of the industry standardization related to efforts like meaningful use, will get you no where.
As several vendors are discovering that just because they’ve had products in the market for 20 or 30 years doesn’t mean they’ll be in play forever. We’re in the health 2.0 era. Heck, we’re in the era where even the federal government has entered the open source environment.
As such it’s great to see such a resource like Rock Health dedicating itself to the health IT entrepreneur. If you haven’t checked it out yet, you need to do yourself a favor and take a few minutes to familiarize yourself with its site. Then, you need to forward some of the information featured there to all of your entrepreneurial friends.
Not to sound like a commercial for the service, but it’s hard not to since some of the things going on here are pretty incredible. Actually, this is the kind of thing that happens in a country like ours when leaders, innovators, entrepreneurs, creative folks, business minds, a little money and some passion mix.
The cocktail that commences is Rock Health.
So, what is Rock Health?
It’s an accelerator exclusively for health start ups providing capital, office space, mentorship and operational support to entrepreneurs working on ideas in health. As a nonprofit, Rock Health looks for product-centric ideas that solve real problems in healthcare; “Products can be in the form of web or mobile apps, services, have a hardware or sensor component, and should be early and pre-VC funding.”
Ideas can be of anything as long as it solves a healthcare problem.
For those start ups bidding to participate in the Rock Health program, the selected start up receives a $100,000 investment offer from a VC group for an ownership of between 5 and 10 percent.
Other great Rock Health offerings (found on its site and free for everyone) include an interactive funding database that provides the public with sources for potential healthcare start up funding; videos that teach the unknowledgable upstarts almost everything they need to know about topics like marketing, creating boards, accounting, HIPAA, fund raising and dealing with the FDA; healthcare event listings; a great start up handbook that provides legal and financial advice (it’s comprehensive and overwhelmingly impressive); and finally, perhaps my favorite bit of information offered: interesting health facts that once learned will impress everyone, including your closest and most cynical friends.
You get the point.
Rock Health is more than an incubator and a disruptor for health IT — established vendor giants should be concerned about efforts like this — it is the future of innovation in the space, and if you haven’t taken notice, you should.
Crowd funding continues to play big in technology and the star of today continues to be Kickstarter. The site is a funding platform for creative projects including films, games, music, art, design and technology.
According to its site, through it, more than 2.5 million people have pledged more than $350 million to projects posted since 2009 by everyone including company CEOs to hobbyists. Each project is independently created by the person behind it, who have complete control and responsibility over their projects.
If people like the project, they can pledge money to make it happen. If the project succeeds in reaching its funding goal, all backers’ credit cards are charged when time expires. If the project falls short, no one is charged. Funding on Kickstarter is all-or-nothing.
In most cases, the majority of funding comes from the fans and friends of each project. If they like it, they’ll spread the word to their friends, and so on.
Given the scope, there’s an obvious need for something similar in the healthcare space. Hence, it’s good to see MedStartr emerge, a new crowd funding site dedicated solely to the healthcare space.
According to MedStartr, it “is a new way to fund healthcare projects, startups and innovations that improve healthcare and help people live longer, better lives.” Like KickStarter, “MedStartr is powered by an all-or-nothing funding method where projects must be fully-funded or no money changes hands. This makes it so you have no obligations either way if critical mass is not achieved to get to your minimum viable product.”
Medstartr encourages users, such as patients, entrepreneurs, physicians, researchers, nonprofits, artists, filmmakers, musicians, designers, writers, performers and others to drive healthcare forward.
Unfortunately, though, it doesn’t appear that much money has changed hands using MedStartr, even though there is a clear need. For example, of the four successful projects featured on the site, one of them is for the launch of MedStartr. The other three only grossed $23,733. That’s a far cry from some of the projects funded on KickStarter, which reach as highas a few millions dollars.
Okay, so it’s not important that the funding goals are so far apart. In principal, the two sites are competitors, I guess, but they serve much different audiences for the most part. However, given the continuous chatter for improved tech tools the healthcare market needs, and that we’re in the age of do-it-yourself, I surprises me that more people, entrepreneurs and so on, are not using the service.
There are a few apps featured there, and some community events (like conferences), but very few systems or technology that can be used to actually enhance or better healthcare for providers or patients. At least to this point, anyway.
It makes me wonder if MedStartr simply needs to conduct a better PR campaign (call me, I’d be glad to help) or if there’s just not an appetite for micro, crowd-funded project in the healthcare technology space.
There’s a draw, though, and with time there’s a god chance that many good things will come because of the site. Hopefully so. I’d like to see it embraced, and I’d like to see it succeed. If for no other reason than it’s good for all of us, and may be good for our health.
Perhaps creating an opportunity is nothing more than observing the details and taking action once one has been identified.
Lack of opportunity, on the other hand, might be the opposite – keeping your head down and barreling through life without taking an adequate measure of the terrain in which you are navigating.
The feds missed an opportunity. During their planning and roll out of meaningful use, in their effort to collect the health data of this country’s population, specialists, in many cases, were not considered as recipients of their meaningful use incentives.
For many specialties, this might not apply. But pediatrics are different entirely. Not so much for the physicians’ sake, but for the patients they serve.
Given the direct marketing plan that the federal government has undertaken with its latest healthcare pet project, Blue Button, I’m surprised by its lack of foresight related to patient involvement to this group when it comes to meaningful use.
As the feds work desperately to change the perception of electronic data collection, and to move the most information into electronic records as possible, one might think the best way to ensure absolute adoption is by requiring the one group of physicians who might be able to affect the longest term change to participate in the incentive program.
Pediatricians, like it or not, have not been given special treatment as far as meaningful use is concerned. They, like another large group of physicians, OBGYNs, are left to fend for themselves. You can read more about OBs and their fierce independence in my recent interview with digiChart’s CEO Phil Suiter. The reason is well known and obvious: these groups of caregivers don’t necessarily rely on the government (Medicare/Medicaid) to keep their doors open.
The nature of pediatric practice is such that Medicare is not a significant part of their practice so meaningful use incentives don’t apply here. Therefore, the only avenue left for pediatrics is the Medicaid option – and it only works for practices that have more than 20 percent of their volume as Medicaid. In most cases, these groups of physicians don’t meet the minimum requirements of serving Medicare and Medicaid recipients to qualify, and, also in most cases, they don’t go out of their way to do so.
Therefore, given the logic that A+B=C, they are not lining up to get their share of the incentive checks.
But, one would think the feds would try to find some way to make an exception for pediatricians to participate in meaningful use without having to meet the minimum requirement that 20 percent of their population participate in Medicare. I’m not trying to re-open an issue that I know has been discussed countless times; I’m trying to make a different point.
That is, given the new push for patient engagement and the social media-like approach being taken through the Blue Button movement, I believe the importance of pediatricians has been overlooked.
Why? Well, it’s obvious to me that to engage a population, it’s best to change the population’s behavior. To do so, you have to catch them young; so young that they never knew a difference otherwise.
For example, children today will never know what life was prior to the web. They won’t be able to imagine life before mobile devices turned us into an always on society. There’s a lot they’ll never know.
Thus, if they are exposed to electronic health records in their doctor’s office as they grow up, by the time they reach adulthood, they’ll expect their doctors to use nothing but electronic health records. In fact, they won’t even know what to do with a paper record – how to read and understand it – and, therefore, won’t give their money to doctors without the systems.
It’s really the most direct route to changing a population’s behavior.
Sure, engaging the adult population through a service like Blue Button is important, and will certainly help fill the gap currently experience in healthcare’s ownership issue, but as we’ve seen in every other area of life, true change won’t come until those who know no other way become the majority and know no other way.
As the self-proclaimed ONC Blue Button movement gains steam and more members of the public sign up to make sure their data gets downloaded, it seems the Office of the National Coordinator, among others in the fold, have borrowed a marketing campaign from office supply chain, Staples.
The “Easy Button” is vernacular for something that get done at the press of a button, even if said task isn’t necessarily as easy as just pushing as button. Obviously, that’s the point.
Same goes for the Blue Button. From a marketing perspective, the concept is genius. With the simple push of a button, you too (read: “consumer/patient”) can have instant access to every last bit of your media records and personal health information like never before.
With the campaign just getting started, there are already more than one million people who have signed up for the Blue Button service (sounds sort of like “black tie event” when I read it like this). Eventually, the movement will take hold, no doubt, and the consuming public will be on board like never before. I anticipate Blue Button will grow enormously, similar in nature to the culture that social sites the likes of Facebook and Twitter have become. Not that we’ll sit around sharing our records with those who “like” us or posting comments about each others ailments and conditions, I think people will perceive blue button to have the same value.
It’s about access to information – information that until now many people have not realized they owned or had access to – instantly, as long as Blue Button is available to them.
That’s the catch after all, isn’t it? Blue Button has to be available to consumers for them to be able to push that little easy button. Seems like there are only a couple things that might keep someone from it. The most obvious is that a patient’s physician must have a meaningful use EHR in place. Another is that the practice must choose to offer the service.
It goes without saying, then, that consumers without insurance most likely won’t have access to Blue Button as they’ll likely not have access to a regular physician with a certified EHR. The current healthcare reform may change this slightly as more people will be “encouraged” to insure themselves. And, as practices move to EHR, access to Blue Button will increase.
All of these details are beside the point. Right now, it’s about the marketing. Making sure patients know that the health information that is rightfully theirs can be in the palm of their hands as easily as pushing a little button.
As we know, or so we’ve hypothesized, that the more you can engage patients in their care, the better care they’ll take of themselves.
And you’ve got to hand it to the ONC. Creating a message that directly engages the public rather than hoping that physicians and their vendors will carry the task is something I have long advocated for.
So getting us, as patient consumers, to engage in and to own our care really took little more effort than developing an app and marketing it directly to the people.
Looks like my suspicions are correct. Most health data breaches are inside jobs. But, what’s surprising, according to a somewhat recent survey from Veriphyr — an access and identity provider – is that the majority of data breaches of medical records is by practice employees.
According to the survey, most of the data breeches of medical records more than 35 percent were of healthcare employees peeking into the files of their co-workers. Another 27 percent of the breeches reported were of a healthcare employee’s family or friends
Also gleaned from the survey is that of the hospitals and healthcare facilities surveyed, 70 percent reported some form of data breech. Data breeches cost healthcare organizations more than $6 billion a year, according to Veriphyr’s CEO, Alan Norquist, so they really are big business.
Some of the report’s key findings include:
Top breaches by type:
Snooping into medical records of fellow employees (35 percent)
Snooping into records of friends and relatives (27 percent)
Loss/theft of physical records (25 percent)
Loss/theft of equipment holding record (20 percent)
When a breach occurred, it was detected in:
One to three days (30 percent)
One week (12 percent)
Two to four weeks (17 percent)
Once a breach was detected, it was resolved in:
One to three days (16 percent)
One week (18 percent)
Two to four weeks (25 percent)
According to Health Data Management, there have been more than 31,000 data breeches in the last two-and-a-half years. Most of these breaches are unintentional, though, according to magazine, with “employee transferring records to a flash drive or sending records to a personal e-mail account to work on them from home, or even sending records to a peer for advice.”
Accordingly, some steps to limiting internal data breeches is to continuously educate your employees about the dangers and consequence of handling HIPAA-protected data appropriately, and in some case, it’s may be necessary to adopt new policies to help manage how data is accessed. For example, if personal devices are allowed to be used in the work setting, you need to establish some rules to protect the data the the devices access, and in some cases, you’re going to have to offer support of the devices.
Nevertheless, the information about data breeches is shocking. The number of employees sneaking peeks at patient’s profiles is like the rest of the world surfing the social profiles of complete strangers. Sure, the information is there, but that doesn’t mean we should take advantage of it.
This line pretty much sums it up: Improve quality of care through electronic health records.
Apparently, it’s a motto of sorts for the New York City Department of Health and Mental Hygiene. Not bad when you think about it. Sort of has a “I-love-health-IT” ring to it.
As cool as the organization’s unofficial motto, it features a wealth of great information about the benefits of EHRs, how they can improve healthcare and patient outcomes and steps practice leaders need to take when working to protect the data contained in the records.
As such, NYC’s health department site is filled with great advice for practice administrators to take to create proper procedures and practices to maintain data security.
Here’s a nice, 12-step program for you, courtesy of the NYC:
1. Continue following the rules and regulations set forth by HIPAA. Do not leave printed patient health information where others have access to it. When scanning information into a patient’s EHR, destroy the paper copy when it is no longer needed. Unlike paper charts, it is easy to see a computer screen from across the room. Computer screens should not be visible from the waiting room, check-in area or any place an unauthorized person may be able to see a patient’s EHR. Install privacy filters on monitors to block anyone from viewing the computer from a side view.
2. Install antivirus, intrusion detection and firewall software.
3. Do not use social security numbers as a unique patient identifier. This is something I’d like to see adopted universally in healthcare. There’s no need for my SSN to be sitting on the top of my new patient forms for all the world to see.
4. Patients have the right to control who sees their information. Whether or not an EHR system is in place, do not share patients’ health information with anyone unless the patient has personally authorized it or such disclosure is authorized by law (e.g., mandated disease reporting). Ensure that employers,marketers and law enforcement or immigration officers do not have access to patient records. If your practice is part of a Health Information Exchange network, patients have the right to choose whether or not they will participate. Patients have the right to revoke their consent for sharing information.
5. Patients should understand their rights to consent, as listed in #4 above.
6. Always log out of the EHR system when leaving the computer. If EHRs are left open on the screen, other people can access and/or modify patient information. This activity will be logged as the user’s and he/she may be held accountable for any privacy violations.
7. Keep all passwords safe and secret. Create a password carefully. Passwords should not be obvious, such as birthdays, pets’ names or favorite sports teams. Think of something that is easy for you to remember, but impossible for anyone else to guess. Never share passwords. If anyone asks a staff member for his/her password, the staff member should report that person immediately to the practice administrator. Passwords should not be posted or written down near the staff members’ desks. Change passwords every three months.
8. Ensure hardware is safe and secure. Portable computers are easy to steal. Computers, servers and other equipment that contain data should be locked in a secure place when not being used.
9. Be careful when accessing EHRs from outside of the office. When opening a patient’s EHR in public, make sure no one can see the computer screen. Only access EHRs from a secure Internet connection.
10. Train all staff members on data security policies and procedures. Make sure everyone in the practice understands and observes the policies and procedures for protecting patient health information.
11. Keep up with staffing changes. If an employee leaves the practice, change the user’s status to inactive. This means they can no longer sign in with their old password.
12. Review audit trails periodically. Reviewing audit trails can alert practices to potential system abuse or misuse. Some staff members forget to log out of their system, as well as access parts of the EHRs that are beyond their practice function. Audit trails can let practice administrators know when this occurs and take appropriate action.
So, as the old saying goes, “The more you know, the further you’ll go.”