One of the biggest trends in healthcare has a distinctly technical focus: clinical mobility, the use of mobile devices like smartphones, tablets, laptops, and mobile printers by physicians and nurses at the point of care. According to the U.S Department of Health and Human Services, the average physician currently spends 15 hours per week on reporting measures, cumulatively costing a staggering $15.4 billion annually. Added mobility measures will be a huge relief to these healthcare heroes, who can then spend more time with patients.
The requirements for devices utilized by medical professionals are exacting and stringent because our health depends on them. Likewise, many devices must comply with the sweeping Health Insurance Portability and Accountability Act (HIPAA) regulations, along with numerous other government certifications. While there is a plethora of mobile healthcare devices on the market, a select few are worth calling out for the progress in their performance and usage. Here are three essential tools for modern practices.
No hospital or clinic can survive without positive patient identification (PPID) wristbands, which track patients from admission to discharge using printed labels and help improve throughput and security. Staff members scan bar codes on the bracelets to access medical history, medication lists, or allergies and then send data directly to labs or pharmacies through hospital databases. Workers can also use PPID to generate labels for everything from charts and bills to specimen containers, so important medical documents and paraphernalia stay secure.
Assisted living facilities and nursing homes that give patients more freedom benefit from PPID as well, because the technology is excellent at helping maintain the safety of residents. In many cases, family members can also access this information, and so have peace of mind.
Personal care technologies
Chatbots have revolutionized many areas of modern life, and medicine is no exception. The artificially intelligent apps handle basic but time-consuming tasks, ensuring patients take prescriptions and comply with orders. These tools will save the healthcare industry billions of dollars, so many tech companies want to get in on the action, such as by using text and voice apps to answer patient questions with natural language processing, helping medical professionals stay mobile and focused on their work.
Amazon recently announced the availability of a HIPAA-eligible development environment for Alexa-enabled devices. This environment allows select developers to create healthcare “skills” or applications that enable voice-based access to personalized health information. Six healthcare companies are already operating in this new environment and have developed skills “designed to help customers manage a variety of healthcare needs at home simply using voice,” writes head of Alexa health and wellness, Rachel Jiang, in Amazon Alexa’s official announcement.
Amazon Alexa’s move to support handling of personalized health information, whether to make it easier for individuals to book a medical appointment, access hospital post-discharge instructions, provide recovery updates to physicians, check on the status of a prescription delivery or make better food choices based on their latest blood glucose measurements, is reflective of a broader movement of healthcare towards empowering the consumer. This is for good reason, because the traditional approach to healthcare is broken.
Despite astounding medical advances and technologies such as whole genome sequencing, modern health care systems aren’t helping people to live in a healthy state any longer than they did a decade ago. For example, the percentage of the U.S. population with diabetes has been steadily growing over the last decade, and the share of the world population with cancer has been stable or has risen over the past 30 years. Some of the health care problems that contribute to our stagnant health span, or the length of our disease-free lives, include unequal access to healthcare, top-down health care recommendations that don’t translate into people’s daily lives and lack of patient engagement outside of the clinic.
Popular technologies including health and fitness apps, wearables and virtual assistants, like Amazon Alexa, are forcing and enabling a revolution in healthcare. Amazon’s creation of a HIPAA-eligible environment for developers of Alexa-enabled device applications indicates that health care is moving out of the fortress of the hospital and the clinic and coming into each patient’s hands for their own control. It won’t be long before we will all be able to access our health data through devices like Alexa and mobile apps like Apple Healthkit and LifeOmic’s LIFE Extend health tracking app. This data will live more securely in the cloud and will help inform our day-to-day decisions about our health.
A voice-enabled move on precision health
Alexa’s HIPAA-eligible environment is one participant in the broader precision health movement. Precision health is a mission of most modern health care providers that involves intervening at the right time for the right patients in order to best treat and prevent disease. Precision health is practically impossible without individual patient engagement. Treating the right patient at the right time with the right drug or intervention requires having information about that person’s genome, environmental exposures, lifestyle factors, health barriers, existing health literacy and more. To not only collect this data from individuals but also to engage them in preventive screening, interventions and health behaviors that fit into their lives, providers need to meet patients where they are: on the go, not in the clinic.
The future of healthcare involves delivery of personalized health information and recommendations through smartphones and voice-enabled devices like Alexa that follow people throughout their homes and out of their doors on a daily basis. Virtual assistants that can help people more quickly and easily make decisions that are best for their health are particularly exciting. People are turning to AI assistants to help them reduce their stress, pick the right nutrition plan and more.
According to the United States Department of Health and Human Services, approximately 70 percent of organizations are not HIPAA Compliant. The Health Insurance Portability and Accountability Act, known as HIPAA mandates industry wide standards for healthcare information and electronic billing, and requires protection as well as confidential handling of protected health information.
According to HIPAA rules, any company that deals with protected information must have a physical network and process security measures that are followed to ensure compliance. It may be safe to say that many organizations are still perplexed about HIPAA audits, enforcements and compliance. As a result, the number of organizations that fail to meet compliance each year remain the majority. To begin understanding compliance, healthcare organizations would be wise to consider three key recommendations.
Analyze the past, to avoid making the same mistake twice
It is important for hospitals and healthcare facilities to look at some of the common mistakes that are repeatedly noted in HIPAA security reviews. HIPAA states that out of all the reviews completed, there are a number of frequent compliance violations and issues that are found each year. This includes impermissible uses and disclosures of protected health information, lack of safeguards to protect health information, lack of patient access to their personal health information, lack of administrative safeguards on electronic protected health information, and use or disclosure of more than the minimum protected health information. Protecting valuable data by analyzing past mistakes is an important step in the compliance process.
Perform a risk assessment and GAP analysis
One preventative measure in assessing an organization’s compliance with HIPAA is a risk analysis and a GAP analysis. The confusion and lack of understanding around the two examinations has been common among healthcare professionals in the marketplace for some time. Not understanding the differences can be detrimental to an organization, and puts them at a significantly higher risk. According to HHS and OCR guidelines, all healthcare organizations must specifically conduct a risk analysis to be deemed within HIPAA compliance.
A HIPAA GAP analysis can be used to measure the organizations information security standing against HIPAA, which is part of HHS audit protocol. Comparing the organization’s current practices to the HHS OCR audit protocol will identify the strengths and weakness of the security program. From there, the organization can determine whether they have reasonable and appropriate administrative, physical and technical safeguards in place to protect patient health. Performance of the GAP analysis also allows the organization to develop an audit response toolkit, which includes the data and documentation that would be able to support compliance with the HIPAA regulations to regulatory agencies.
Amazon announced that a version of their virtual assistant technology, Alexa, is now HIPAA-eligible. This means it’s available for applications that are subject to the data privacy and security requirements of HIPAA. The new HIPAA-eligible version of Alexa, specifically the Alexa Skills Kit, is now available to a limited number of developers by invitation only.
Amazon has seen increasing interest in Alexa’s potentialto serve as a virtual healthcare assistant. While devices like PCs, tablets, and smartphones have contributed to advances in healthcare, they’ve been problematic for some aspects of patient engagement – particularly among the elderly and others whophysically cannot – or will not – use them.
The idea of a smart, always-available, hands-free, voice-powered virtual assistant that can answer questions, deliver medication reminders, facilitate communication with one’s doctor, provide health coaching, and more, has piqued the interest of the healthcare community. Amazon has responded.
Until now, Alexa’s use in healthcare has been mostly limited to questionanswering services – voice apps, or “skills” in Alexa parlance, that answer general questions about health conditions, treatments, symptoms, etc. Amazon Echo users, for example, canaccess health benefit information from a skill like Answers by Cigna, or tap into one of many symptom checkers in the Alexa marketplace. The big change is that Alexa can now be used in certain applications that collect and transmit protected health information (PHI).
Thisopensa whole new world of voice applications beyond basic Q&A, such as remote patient monitoring population health, medication adherence and clinical trial optimization. It seemed inevitable that voice assistants like Alexa and smart speaker-equipped devices like the Amazon Echo would find their way into clinical applications. Amazon’s announcement confirms this.
Organizations must understand the full range of issues surrounding the “what, why and how” of securing, voice-first healthcare applications. HIPAA is just the start. There is no formal certification process for HIPAA, and it applies only in the U.S.Also, many healthcare IT departments use other industry standards or ?have created their own standards for data privacy and security. In their eyes, completely securing a voice application may go well beyond ensuring that a service provider will sign a HIPAAbusiness associate agreement. Issues like user authentication, data privacy in shared spaces,network and device hacking, secure system integration (e.g. with an EHR), should all be addressed.Continue Reading
By Brooke Faulkner, freelance writer; @faulknercreek.
Advancements in medical technology grant modern patients access to better care than ever before, but they also come with serious privacy concerns. Widespread data breaches in the realm of digital health records led to the implementation of the Health Insurance Portability and Accountability Act (HIPAA) in 1996, and it’s a relevant as ever in the present day.
In our current healthcare climate, patient privacy and data protection go hand in hand. HIPAA is meant to protect sensitive patient medical records while adhering to ethical principles. With the rise of alternate treatments like medical marijuana and CBD, which are illegal or regulated in many states, ensuring patient privacy is more important than ever. Here’s how patient privacy and ethics intersect in the age of technology.
Healthcare administrators, ethics and privacy
The role of the healthcare administrator is a complex one that merges patient care and bureaucratic involvement. Healthcare administrators are a major player in the front lines of HIPAA compliance. One of the biggest ethical dilemmas of the role is maintaining each patient’s right to privacy and autonomy. Administrators often play a big part in ensuring that a facility properly adheres to HIPAA and other relevant laws and regulations.
Of course, ensuring patient privacy only goes so far in certain situations. A healthcare administrator may break confidentiality under particular circumstances, such as when patients may harm themselves or others. Cultivating a thorough understanding of applicable laws and knowing when to break confidentiality is integral to maintaining a balance of patient privacy and ethics.
It may not always be easy to determine if or when confidential information should be shared. A psychiatrist in Singapore was recently fined $50,000 for breaching medical confidentiality by sharing confidential patient information with an unauthorized party. A man posing as a patient’s husband contacted the psychiatrist, claiming that his “wife” was suicidal. The psychiatrist had previously determined that his patient was at risk of self-harm, and he wrote a memo for the man that included confidential medical information. The man turned out to be the patient’s brother rather than her husband, and he did not have legal access to the patient’s medical information.
In this case, while the psychiatrist was within his rights to share information related to his patient’s potential for self-harm, he did not verify the identity of the family member who ultimately received the confidential medical information. Thus, the patient filed a complaint with the Singapore Medical Council (SMC). The SMC handed down the stiff penalty and censure as a form of “general deterrence” for similar situations in the future, and healthcare administrators should take note of the decision.
The role of the medical provider
The topics of patient privacy and ethics form the backbone of numerous industry jobs, from healthcare administrators to nurses and medical assistants. In many cases, medical assistants are directly responsible for administrative tasks, including the collecting and handling of patient data. Because of this fact, a medical assistant must ensure that he or she adheres to all pertinent privacy regulations and take the utmost care to keep patient data safe. Nurses also come in contact with sensitive patient data and should take similar precautions to avoid a potential HIPAA violation.
Ensuring patient data privacy starts at the training level for medical assistants. Best practices for maintaining electronic patient medical records is a key focus in any assistant’s education, but it’s particularly important for those interested in pharmacology. As a student, a medical assistant should be trained in HIPAA and similar regulations in order to develop a keen understanding of what’s at stake. A HIPAA breach could result in fines, but guilty parties may also be stripped of their individual licenses as well, causing many to lose their job and be barred from future employment in the healthcare industry.
While not all HIPAA violations result in termination, repercussions for individuals depend on the policy of the healthcare facility or organization and the severity of the violation. In 2018, a Texas nurse was fired after violating HIPAA regulations by posting sensitive patient data on social media. While posted information did not include a patient name, it contained specific details about the patient’s condition, and the nurse’s social media profile listed the facility in which she worked. Her employer, Texas Children’s Hospital, determined that the violation was severe enough to warrant firing her.
By Amy Perry, director of product marketing, OpenText.
The pace of digital transformation today is increasing rapidly, with more industries jumping on the bandwagon to adopt new technologies which recast workflows. New solutions powered by artificial intelligence and machine learning are enabling machines to handle processes once cumbersome to employees.
In fact, the rate of this shift is so pronounced that according to Deloitte, the average digital transformation budget has increased by 25 percent over the past year, from $11 million to $13.6 million. More than half of mid-sized and large companies are spending more than $10 million on these efforts.
While this is a trend impacting almost every industry, it presents unique challenges to the healthcare sector. One of the most important challenges digital transformation extends to healthcare professionals is in the area of interoperability. As the sheer amount of health-related data, along with the ways to transmit and store this data, continues to increase, the ability of healthcare organizations to juggle the free flow of information between the patient’s care team and the patient is becoming more vital. At the same time, healthcare providers must ensure the highest levels of patient data privacy.
Unsurprisingly, most healthcare providers are preparing for this challenge. According to a new survey of healthcare IT professionals conducted by OpenText in conjunction with IDG Research, 85 to 94 percent of healthcare organizations are either actively investing or are planning to quickly invest in interoperability infrastructure to provide more intelligent and connected healthcare. While this intent is a great starting point, the journey can still be challenging for organizations of every size.
Ensuring a more free flow of information between providers to enhance the patient experience while simultaneously adhering to HIPAA’s privacy mandates may initially seem impossible to many teams. A wider embracement of paperless fax solutions across the industry could provide a data-centric solution which allows organizations to further interoperability goals while also ensuring that patient privacy remains paramount.
Paperless fax gains momentum
The evolution to fax stems from HIPAA guidelines mandating all patient information be securely stored and communicated. Tools such as email lack essential regulatory compliance and must be shelved in favor of other forms of communication, such as secure fax. While paper-based fax has become almost obsolete in other industries, it is still heavily used in healthcare despite causing some roadblocks to efficient communication. Paper-based fax requires a labor-intensive process that results in limited access to patient information at the point of care and slower care coordination between providers. Though these shortcomings are widely recognized among healthcare professionals, nearly half of patient information is still being transmitted by paper-based fax.
Findings from the same survey confirm momentum in paperless fax technologies. According to survey respondents, 50 percent of all medical communications continues to be done via some form of fax, but paperless faxing surpasses paper-based faxing in terms of medical communications volume. Among this, a significant majority of the survey respondents showed favorability to paperless faxing because of its digital integration capabilities.
Seventy-six percent of respondents either agreed or strongly agreed with the statement that they are happy with their current paperless faxing method because it’s integrated with their electronic medical record (EMR), back-end system, or other applications. By integrating digital faxing with EMR, document management systems, and clinical applications, a paperless fax solution becomes the most connected device in an organization, optimizing patient information exchange, reducing costs, and increasing productivity.
The catalyst for future patient information exchange
In addition, a favorable attribute to paperless faxing is that it provides a much more secure form of patient information exchange and surpasses the requirements of HIPAA’s Protected Health Information privacy rule. As new interoperability tools based on standards for the secure transmission of patient records are considered across many healthcare organizations, health providers can leverage their existing paperless fax solution to transition to modern, secure, and interoperable exchanges of patient documentation that are integrated across systems and applications.
Ultimately, the study’s findings show technology has reversed the death knell many initially thought had struck the fax industry. In fact, instead of being a siloed or time-consuming way to share information, new paperless fax technologies are helping eliminate these inefficiencies by shortening the time it takes to get patient information to the right provider and facilitating faster access to critical information at the point of care. Implementing a cloud-based delivery system is an attractive step as organizations move to the adoption of digital transformation. Healthcare providers must modernize legacy systems and embrace these new technologies to stay at the forefront of the industry and meet patients’ growing expectations.
By Drew Ivan, EVP of product and strategy of Rhapsody.
It was generally recognized by 2009 that the health care industry was long overdue when it came to adopting electronic systems for storing patient data. At the time, hospital adoption of electronic health record (EHR) systems was at about 10 percent while electronic record keeping was commonplace in most other industries. EHR technology was widely available, yet doctors and hospitals were still using paper charts.
The HITECH Act of 2009 was part of a broader stimulus package that financially nudged hospitals and eligible professionals to adopt and use EHRs. The meaningful use incentive program began a national, decade-long project to adopt, implement, and optimize EHR software. The program was a huge success, judged by the most obvious metric, EHR adoption. Today, nearly 100 percent of hospitals are using electronic health records. This means that records are safe from physical damage, far easier to analyze and report on, and – in theory at least – easier to transfer from one provider to another.
However, when viewed through the lens of return on investment, the success is less impressive. The federal government has spent $36 billion to encourage providers to adopt EHR systems but the industry has spent far more than that to procure, implement and optimize the software. Yet, hospitals are seeing reduced productivity, doctors face a huge documentation burden, and interoperability remains an unsolved problem. The first two problems are the consequence of workflow changes brought on by the EHR systems, but interoperability roadblocks ought to have been eliminated by implementing EHR systems, so why is it still so difficult to transfer records from one provider to another, or from a provider to the patient?
Health IT experts generally consider three categories of obstacles to interoperability:
Business disincentives: allowing medical records to move to a different provider makes it easier for patients themselves to move to another provider, and helping customers switch health care providers is contraindicated by usual business practices (even though HIPAA states that patients are entitled to receive copies of their medical records and may direct copies of their records to be sent elsewhere.)
Technical challenges: Meaningful use set a fairly low bar for cross-organizational data exchange requirements, and it did little to ensure that EHR systems could understand data sent from another system. Although these problems are largely resolved today, there is still the impression that “interoperability is a hard technical problem”.
Network effects: point-to-point connections between providers are impractical, but the network approach also has its drawbacks. The assortment of HIEs and national interoperability initiatives is huge and confusing, and it’s not obvious which network(s) an organization should join.
There may have been an assumption that when medical records moved from paper to electronic format they would immediately become more interoperable, but by 2016, the level of interoperability was far below what patients and regulators expected. As a result, the 21st Century Cures Act of 2016 was passed by Congress and signed into law by the outgoing Obama administration. The law’s scope included a number of health care priorities, including a patch for the interoperability gap left by Meaningful Use. Cures explicitly forbids providers, technology vendors, and other organizations from engaging in “information blocking” practices.
Earlier in 2019, the Office of the National Coordinator for Health IT (ONC) issued a notice of proposed rulemaking (NPRM) that defined exactly what is (and what is not) meant by “information blocking.” Once adopted, the expectation will be that a patient’s medical records will move according to the patient’s preferences. Patients will be able to direct their data to other providers and easily obtain copies of their data in electronic format.
It is not uncommon, in today’s age, to do large amounts of personal business online. This includes discussing or sharing medical records. You may think that any place that shares your medical records online would invest in intense digital security, but you would be surprised.
It takes just a small mistake on the part of the health organization working with your records and your data can be breached. In fact, there have been multiple examples of large medical organizations allowing thousands of patient’s information to be leaked.
In 2010, Columbia University Medical Center and New York-Presbyterian Hospital were victims of cyber security attacks involving the theft of close to 6,800 patient records. A Temple University doctor had his laptop stolen which contained the private medical files of nearly 4,000 patients. These are just two of way too many examples.
Part of the problem is that these records are being protected by individual not properly trained in digital security. Medical professionals all know about HIPAA (Health Insurance Portability and Accountability Act) — a US law designed to provide privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals and other health care providers.
They know that you don’t share medical information to anyone that isn’t approved of in writing by the patient. But even that standard is often broken by some medical professionals. So, if some people in the medical industry are willingly leaking information, just imagine how often information is leaked accidentally.
So, what can you do? As with most instances of digital security, it is best to take matters into your own hands. The only person who will always, 100 percent of the time, advocate for you – is you. It is vital that you do everything you can to protect yourself and your data when going online. This can prevent others from ascertaining your location, medical data, personal data, and much more.
Let’s take a look at a few ways that you can protect yourself in the digital realm:
Be aware with whom you are communicating
It might be obvious that you shouldn’t send personal information to strange email contacts or social media profiles, but not everyone considers the authenticity of medical websites. Often times people will look up medical advice and find themselves sharing personal details with any random website that offer to let you chat with a “real” medical professional.
These websites can not only put your medical information at risk but also your credit card information since we guarantee you won’t get to chat with anybody without coughing up your card number.
Beyond that, it is also important to consider the applications your medical facility is using to share your information. Before agreeing to access your data digitally, look into the software they are using to ensure it is considered respectable and safe.
By Brad Spannbauer, senior director of product management, eFax Corporate.
When it comes to cybersecurity, healthcare organizations are up against a constantly shifting threat landscape. New technologies and techniques, employed by increasingly advanced criminals, require organizations to be proactive in their defense efforts, or they risk being outsmarted by those who seek to expose them. But security threats don’t just come from external sources; risks are just as prevalent within organizations. In fact, the latest edition of Verizon’s Data Breach Investigations Report found that healthcare is the only industry where insiders pose the greatest threat to sensitive data, with 58 percent of incidents coming from within.
Whether malicious in intent or the result of innocent mistakes by healthcare workers doing their best in a high-stress environment, a failure to recognize these risks and apply appropriate safeguards can have grave consequences for healthcare providers. For example, an IBM & Ponemon Institute study revealed that healthcare data breaches cost organizations $408 per record on average, which is more than three times the global average across all other industries. That may not seem like a lot of money, but multiplied by the thousands of records that could be contained on a stolen and unencrypted laptop, it adds up to a significant financial penalty.
Software testing and quality assurance have grown in critical importance for companies. Over the few years, it has established itself as a formidable career choice which is unlikely to stop anytime soon. Now as the name implies, quality insurance is all about maintaining “high quality” on a constant basis. And it isn’t surprising at all to see the concept making its way to the core of several industry verticals including the healthcare.
Quality monitoring is gaining momentum for purchasers, patients, and providers who strive hard to evaluate the value of health care expenditures. Over the past decade, science has evolved in regards to quality measurement despite a few challenges that might be a counterforce to the demands of cost containment. Well, the following post explores those crucial challenges that must be addressed in the Healthcare sector. But before that let’s take a bit of a detour which will eventually lead us to the answer.
Why the healthcare sector needs QA and testing
Speed and quality are one of the core essentials that tend to serve the healthcare industry more efficiently leading to a significant amount of inventions and advancements. One of the best examples showing how digitalization is becoming more capable of transforming the industry is that more and more number of people and devices are found connected to deliver meaningful interference from the data generated.
Technology is the best support system where different kinds of applications are created to deliver best services even at a distant. A sudden increase is found in the growth of healthcare products such as wearables, followed by applications especially the ones being associated with them. It may quite interest you to know that these can be termed as products featuring a big market and will continue to have a tremendous impact on the economy even in the upcoming years. Down below I would like to mention a few reasons stating why QA and testing are crucial in the healthcare industry.
#1 Big Data Testing in Healthcare: Because of being well associated with tons of information related to their patient’s health conditions, the healthcare industry is believed to be one of the most highly data-intensive sector. Several healthcare institutions and the associated segments to devise the right strategy building the right and relevant kind of products. Initially invented to derive the right interferences and the data point big data testing also helps in making certain decisions in regards to drug inventions, disease cure, and the last but not the least research and development. These decisions are some of the best and informed ones that anyone could take.
#2 Security of applications: I am sure you will agree with me when I say that healthcare websites have the most sensitive kind of the data about their patients and their health-related information. By security testing and penetration testing, we can make the websites, as well as applications, hack proof and sustainable especially in challenging a digital scenario. It is very important to conduct quality assurance and testing to ensure security to all such applications.
#3 Usability testing in healthcare: Usability testing is the most required in the health care industry. However, there are various features and the user scenarios that a pharmacist or a nurse can continue to face during their working hours. Do you think these tasks are of prime importance? Absolutely not! In fact, they can be eased with the help of automation, adding in more number of features that will help to simplify the entire process.
QA Challenges in Healthcare Apps
Healthcare industry has also started to introduce mobile platforms across the care delivery cycle, creating a voluminous medical app market. Further, we have extracted a few QA challenges concerning testing and healthcare mobile apps and how to get over them.
Challenge #1 Users and their expectations
Software usability has been a core element in the healthcare industry. Look at those EHR systems; it is very important to come up with something that not just offers accurate physical records but also aggregate physical activity recommendations with nutrition tracking. While testing a mhealth app, thinks about situations which patients may need it. During critical cases, older patients can make the most of condition management app that aids well in finding what their actual condition is and tap the emergency call button at an extreme point.
In addition to this, healthcare mobile apps have the potential to influence the stakeholders this includes patients, caregivers, care team members, administrative staff, insurers and more. The app should adequately support their workflows, so QA specialists need to get a good picture of basic user needs. Let’s say for example if the patient likes to connect his or her smartwatch to the app to monitor heart rate while exercising or if a physician would like to review his patient’s treatment plan progress remotely.