Healthcare and Technology news
48.6K views | +10 today
Follow
Healthcare and Technology news
Your new post is loading...
Your new post is loading...
Scoop.it!

5 Barriers to Telemedicine Adoption and How to Overcome Them

5 Barriers to Telemedicine Adoption and How to Overcome Them | Healthcare and Technology news | Scoop.it

Telemedicine is one of the most notable advancements making waves in the digital transformation of healthcare. Telemedicine poses wins for healthcare organizations seeking to improve patient access while controlling costs, as well as healthcare consumers looking for more convenient ways to engage with providers.

 

With 71 percent of providers reporting the use of telehealthand telemedicine tools, it’s clear that the industry is sold on the benefits of virtualized care. Telemedicine market projectionssuggest that the industry will reach roughly $20 billion by 2025.

 

The patient and provider benefits of telemedicine are manifold—including reduced readmissions through remote patient monitoring, reduced costs via virtual access to specialists, and improved patient engagement—but barriers to adoption still linger. Here are five key challenges giving healthcare executives pause when it comes to telemedicine adoption and recommendations on how to successfully navigate those hurdles.

 

1) Understanding what comprises telemedicine. Due to varying state and federal definitions, as well as variance between Medicare, Medicaid, and commercial payer guidelines on what constitutes telemedicine, confusion still exists regarding what services will and won’t be reimbursed. Establishing a keen understanding of what virtual services qualify and how those services are reimbursed for each payer is vital. This will lay the foundation for quantifying the potential revenue impact of adoption.

 

2) Concerns around the cost to implement. Costs associated with telemedicine program adoption can include a myriad of factors, from video conferencing adoption to remote patient monitoring expansion. To mitigate the potential for expense sprawl, executives should identify key, phase-one telemedicine service offerings. Weigh earnings potential against anticipated program implementation and support costs to justify those telemedicine coverage areas.

 

3) Added data vulnerability. With healthcare security breaches on the rise, executive teams remain cautious of any patient data exposure risk. Many view virtual care delivery as an additional layer of potential threat. As with other IT implementations, thorough security protocols and routine audits should be put in place to guard against the real-time exposure of protected health information (PHI).

 

4) Potential for fraud and abuse. Telemedicine agreements can be subject to federal kickback laws, particularly in situations involving referrals for additional services. Providers must remain up-to-date on the regulations governing telemedicine services to ensure regulatory compliance and proper eligibility for reimbursement.

 

5) Patient awareness of and trust in virtual care offerings. Even with the proper broadband and internet resources in place to support patient adoption of telemedicine, providers may encounter patient reluctance to engage virtually. Healthcare organizations must cultivate trust by educating patients on offerings and what they can anticipate during virtual visits. Providers should also address security concerns with patients.

 

To ensure that engagement in telemedicine is a long-term trend as opposed to a short-term fad, healthcare providers will have to address and overcome these challenges. By implementing a telemedicine strategy that addresses these challenges head-on, providers can overcome barriers and rise to meet growing consumer demand for more convenient provider engagement options. As more healthcare organizations pivot to embrace new digital health platforms, telemedicine adoption, specifically, is quickly emerging as a key differentiator in an increasingly competitive landscape.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Cryptomining Malware Can Affect HIPAA Obligations

Cryptomining Malware Can Affect HIPAA Obligations | Healthcare and Technology news | Scoop.it

The well-established security firm Check Point recently ranked cryptomining as the leading cyber-threat in healthcare – ahead of ransomware. Cryptomining malware, also known as cryptocurrency mining malware, refers to software programs and malware components developed to take over a computer’s resources and use them for cryptocurrency mining, without a user’s authorization. This hijacking of computer resources can result in a shutdown and even total systems failure.  Cryptomining is not specifically addressed by the HIPAA security rule. However, the threat of cryptomining malware should make covered entities and business associates evaluate their Security Rule compliance efforts, and, if necessary, implementing additional cybersecurity measures as needed to protect against this unique and powerful threat.

 

Under the HIPAA Security Rule, covered entities and business associates must implement administrative, technical, and physical safeguards to ensure the confidentiality, integrity, and availability of electronically protected health information (ePHI). Cryptomining malware can compromise this confidentiality, availability, and integrity. To understand the nature of the threat posed by cryptomining malware, it is useful to first understand some basic concepts.


These include cryptocurrencycryptography, and cryptomining.

What is Cryptocurrency?

Cryptocurrency is digital money that can be purchased, transferred, and/or sold. Cryptocurrency exists solely on the Internet. This form of currency is not backed by anything tangible (such as gold), nor is it backed or managed by any bank or government. Cryptocurrency transactions, or trades, are changed and verified by a decentralized (not affiliated with anyone single entity) network of computers.

What is Cryptography?

Cryptography is a method of protecting information by encrypting it into an unreadable format known as ciphertext. Ciphertext can be converted to regular text through the process of decryption. Cryptography encrypts and protects the data used to help identify and track cryptocurrency transactions.

What is Cryptomining? 

Cryptocurrency miners engage in cryptomining to earn more cryptocurrency (often referred to as “coins” or “Bitcoins”). 

Here is how the mining process works:

Miners compete with other cryptominers to solve complicated mathematical problems. Solving the problems enables the miner to authorize a transaction and to chain together (blockchain) blocks of transactions. Once a transaction is included in a block, it is secure and complete.

For his or her mining activities, the miner receives a small amount of cryptocurrency of his or her own, The more currency a miner “mines,” the more currency a miner ends up owning. Cryptocurrency can then be sold for actual cash. 

So, you may now be thinking, …..

“What Does Any of This Have to do with HIPAA Health Care?”

Crpyotmining malware is surreptitiously installed on a user’s computer. Once it is installed, the  cryptomining malware turns the affected computer, in effect, into a mining operation – one through which the miners solve their math problems and “earn” their coins and cash.

Here’s the problem: Cryptomining has an enormous appetite for computer power.  As the malware is enabling the mining, the mining process consumes significant computing power, bandwidth, and even electricity.  Particularly persistent forms of malware consume resources even after a user has logged off.   

Eventually, a device or a network may simply become unable to mining malware’s energy requirements, causing the device or network to crash.

Since any Internet-connected device can be infected with cryptomining malware, those devices used by covered entities or business associates that are missing essential security features – which features include, but are not limited to, antivirus software, firewalls, updates and patches for operating systems – can, upon a malware attack, shut down or experience total system failure.  ePHI data thus becomes compromised. As in, lost, rendered inaccessible, or damaged beyond repair. The HIPAA Security rule thus becomes implicated, and, if an organization is found to have implemented ineffective security safeguards, the Department of Health and Human Services’ Office of Civil Rights (OCR) can audit and fine that organization.

Compliancy Group Simplifies HIPAA Compliance

Covered entities and business associates can address their HIPAA cybersecurity compliance obligations under the Security Rule by working with Compliancy Group.

Our ongoing support and web-based compliance app, The Guard™, gives healthcare organizations the tools to address HIPAA cybersecurity issues so they can get back to confidently running their business. 

Find out how Compliancy Group has helped thousands of organizations like yours Achieve, Illustrate, and MaintainTM  their HIPAA compliance!

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

These 6 Healthcare Cybersecurity Tips Could Save You Thousands

These 6 Healthcare Cybersecurity Tips Could Save You Thousands | Healthcare and Technology news | Scoop.it

n 2017 alone there were more than 330 data breaches in the US medical and healthcare sector, which exposed 4.93 million patient records.

 

What’s more, data breaches in the healthcare sector are among the most costly with the average breach costing $408 per stolen record. In comparison, the global average of other industries across the world is $148 per record. The medical and healthcare industry in the United States is particularly vulnerable to data breaches. Here are a few reasons why:

  • Healthcare organizations store a high volume of patient records with valuable and private data
  • A lack of mobile security protocols with the BYOD (Bring Your Own Device) trend makes it easier for hackers to breach a network.
  • IoT medical devices and other popular technologies in the healthcare industry like multi-cloud IaaS or SaaS environments provide cybercriminals with more opportunities to hack into a network.
  • The healthcare industry is one of the lowest performing industries when it comes to endpoint security, and the sector as a whole ranks poorly in terms of cybersecurity strength compared to other major industries, making it an easier target for cybercriminals.

 

Chances are you don’t want to spend $50,000 or more in fines for a HIPAA violation, so it’s more critical than ever for you and your healthcare organization to implement the required cybersecurity protocols to ensure you’re protecting sensitive patient data from cybercriminals and hacks.

 

Here’s how you can improve your IT security and make sure you’re implementing healthcare security best practices.

1. Ensure All Employees are Properly Trained

One of the best ways to prevent the risk of data breaches is to make sure all employees and contractors receive the training they need to meet HIPAA requirements and keep data safe.

A proper employee training program will include factors such as:

  • Disaster Response
  • Fire Response (RACE) and Prevention
  • Workplace Violence Prevention and Response
  • VIP Security Control
  • EMTALA (Emergency Medical Treatment and Labor Act)
  • Command Center Operations
  • HIPAA Controls and Compliance
  • Training on The Joint Commission and other Accrediting Bodies
  • Crime Prevention
  • Safety Compliance

What’s more, your training program should go beyond initial training to provide frequent updates to your employees so they can stay on top of the latest trends and threats.

Download the Free HIPAA Regulation Checklist

2. Prioritize Real-Time Evaluation and Response

Want to save your organization thousands of dollars every year? A study by Ponemon Institute discovered that IT teams wasted 425 hours per week trying to solve false negatives and false positives. Healthcare organizations saved an average of $2.1 million yearly by implementing a system where IT teams were able to evaluate security posture in real time, patch all devices for known vulnerabilities, and proactively address emerging threats with data controls and/or patch distribution. This also increases your chances of preventing the risk of an expensive cyber-attack.

3. Leverage the Power of Automation

Since many healthcare organizations are decentralized, it can be more difficult to coordinate software patching and updates. To make sure software updates are fast but thorough, leverage the power of automation where possible to eliminate any vulnerabilities a cybercriminal might exploit.

4. Restrict Access When Needed

Even though employee training is critical, ensuring that your employees can only access sensitive or critical data on a need-to-know basis is another healthcare security best practice.

 

All data should be stored in a centralized location that is protected by a role-based access control system. Those with access should only see what they need to do their jobs and once the information is no longer required access should be removed automatically.

 

Moreover, technologies should be implemented to track and analyze data access as a way to spot suspicious activities.

5. Have a Disaster Recovery Plan in Place

To comply with HIPAA Security, you must have a disaster recovery plan in place and ways to recover and maintain ePHI (electronic Protected Health Information) in case of an emergency. That means you should be backing up all files regularly so data restoration can be quick and easy. A good rule of thumb is to back up your data both locally and remotely (ex: on a recovery disc as well as on a cloud-based server) and you should aim to store all backed-up information away from the main system whenever possible.

6. Encrypt All Data

Data encryption makes sensitive information unreadable, which makes it much harder for cybercriminals to gain access to that data even if a network is hacked or a mobile device is missing or stolen.

 

It’s also important to make sure that all data is encrypted not only when it is at rest (being stored) but also when it is in motion (ex: sending an email). This way sensitive information is protected at all times.

 

Since the healthcare industry is one of the most frequent targets for cybercriminals and one of the most expensive when it comes to addressing a data breach, it’s vital to implement these healthcare security best practices and stay on top of the latest trends in IT security. Help your organization avoid the risk of data breaches and costly fines and give yourself peace of mind knowing that all HIPAA requirements are being met and your patients can trust their sensitive information in your hands.

 

Following these tips will help keep your healthcare company safe and reduce the risk of expensive cybersecurity threats.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

What are the HIPAA Administrative Simplification Rules?

What are the HIPAA Administrative Simplification Rules? | Healthcare and Technology news | Scoop.it

What are the HIPAA Administrative Simplification Rules?

 

The HIPAA Administrative Simplification Rules establish national standards for electronic transactions and code sets to maintain the privacy and security of protected health information (PHI). These standards are often referred to as electronic data interchange or EDI standards.

The regulations, detailed in 45 CFR 160, 45 CFR 162, and 45 CFR 164, aim to make health care systems more efficient and effective by streamlining paperwork associated with billing, verifying patient eligibility, and payment transactions.

HIPAA Administrative Simplification Standards

HIPAA regulation includes four standards covering transactions, identifiers, code sets, and operating rules. The HIPAA Administrative Simplification Rules illustrate how switching from paper to electronic transactions reduces paperwork burden and increases payment speed for health care organizations. Additionally, information can be exchanged faster and claim statuses can be checked more easily.

HIPAA covered entities (which include health care providers, health plans, health care clearinghouses) and HIPAA business associates must adopt these standards for transactions that involve the electronic exchange of health care data. Such transactions may include claims and checking claim status. Other such transactions may involve encounter information, eligibility, enrollment and disenrollment, referrals, authorizations, premium payments, coordination of benefits, and payment and remittance advice.

Unique identifiers, such as a Health Plan Identifier, Employer Identification Number, or National Provider Identifier, are required for all HIPAA transactions.

Code sets are standard codes that all HIPAA covered entities must adopt. These codes have been developed for diagnoses, procedures, diagnostic tests, treatments, and equipment and supplies. HIPAA details several code sets including NDC national drug codes; CDT codes for dental procedures; CPT codes for procedures; the HCPCS health care common procedure coding system; and the code set for the international classification of diseases (ICD-10).

Updates to the HIPAA Administrative Simplification Rules

The HIPAA Administrative Simplification Rules were updated after the Affordable Care Act was passed in 2010 to include new operating rules specifying the information that must be included for all HIPAA transactions.

HIPAA covered entities must follow national standards, which were set to protect patients’ privacy (HIPAA Privacy Rule) and improve PHI security (HIPAA Security Rule), in addition to the HIPAA Administrative Simplification Rules. The Final Omnibus Rule, which was enacted in 2013, now includes HITECH Act standards in its HIPAA regulations; the standards added new requirements for breach notifications in the HIPAA Breach Notification Rule.

The Centers for Medicare & Medicaid Services both administers and enforces the HIPAA Administrative Simplification, whereas the Department of Health and Human Services’ Office for Civil Rights typically enforces the HIPAA Privacy, Security, and Breach Notifications Rules.

The HIPAA Administrative Simplification Regulations apply to all HIPAA covered entities and HIPAA business associates, not only those that work with Medicare or Medicaid.

Addressing the HIPAA Administrative Simplification Rules with Compliancy Group

Compliancy Group allows health care professionals and vendors across the industry to address the full extent of their HIPAA regulatory requirements, including HIPAA Administrative Simplification Rules, with our HIPAA compliance solution, The Guard. The Guard is a web-based HIPAA compliance app that allows users to confidently address their HIPAA compliance so they can get back to running their business.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
Scoop.it!

5 Ways Attackers Are Targeting the Healthcare Industry

5 Ways Attackers Are Targeting the Healthcare Industry | Healthcare and Technology news | Scoop.it

The healthcare industry is one of the largest industries in the United States and potentially the most vulnerable. The healthcare sector is twice as likely to be the target of a cyberattack as other sectors, resulting in countless breaches and millions of compromised patients per year. Advancements in the techniques and technology of hackers and identity thieves could escalate these vulnerabilities into a major crisis if the healthcare industry doesn’t adapt.

Cybersecurity in Healthcare

In 2015, over 113 million patients in the healthcare industry were the victims of an information breach, resulting in lost patient revenue and identity theft. The high volume of cyberattacks on healthcare organizations may be an indicator; the average organization receives 32,000 cyberattacks on a daily basis, a much higher rate than other industries experience. A lack of cybersecurity infrastructure and the high value of personal information makes these organizations likely targets for cybercriminals.

The healthcare industry’s increasing reliance on electronic medical records and internet-connected medical devices means the problem of data breaches could increase in the coming years. In 2017, the estimated total losses from cyberattacks amounted to $1.2 billion, and this number is expected to grow as the attack surface of the healthcare industry increases. The same way consumers and patients have their own resources to protect against identity theft, healthcare organizations need their own systems in place to protect against cyber threats. The following list covers the biggest threats to the industry going forward.

1. DATA BREACHES

The healthcare industry has the highest rates of data breaches out of any sector. Of the 551 data breaches in 2017, 60% were in the healthcare industry. In some cases, hackers have broken into healthcare databases undetected and maintained access for weeks before they were discovered.

The most common types of data breaches are hacking and malware-based attacks. Hackers can sell healthcare data and medical records for over 100 times more than personal data from non-healthcare industries. But not all data breaches are cybersecurity-related; a data leak can also occur through an employee or a lost laptop.

To thwart data breaches, healthcare organizations should ensure that data is encrypted at every point between the patient and an organization’s data storage. Trainings for healthcare staff on data security can also help reduce the number of accidental disclosures.

2. RANSOMWARE

Ransomware attacks tripled in 2017, and the healthcare industry receives more of these attacks than any other industry. A ransomware virus disables a computer or server until a ransom is paid to the hacker. Hospitals use their IT systems for critical patient care, making ransomware potentially life-threatening if it causes a delay in critical care processes.

In 2016, a ransomware attack rendered the hospital network of Hollywood Presbyterian Medical Center inoperable until the administration paid out $17,000 to the attackers. An analysis of the attack showed that the hackers had gained access to an outdated server without using hospital staff as an entry point. Attacks like this demonstrate the importance of a two-part approach to cybersecurity that involves staff training and rigorous network security protocols.

3. SOCIAL ENGINEERING

Hackers looking to exploit a healthcare network’s security system often target hospital staff and other human victims in order to gain access. This type of attack happens through social engineering as a means of subverting even the most rigorous security systems. Phishing attacks, the most common social engineering approach, use a manipulative email to trick a victim into clicking a link or entering their password information. These emails will often download malicious software directly to the system, granting the attacker unlimited access.

Unlike other security threats, social engineering approaches can be combated only through education. Trainings for staff and administrators on identifying a phishing email and avoiding malicious links. Many organizations employ a strategy known as “red teaming,” where trained cybersecurity professionals play the role of attackers and test the organization’s preparedness.

4. DISTRIBUTED DENIAL OF SERVICE ATTACKS

Distributed denial of service (DDoS) attacks are purely disruptive and are a popular tactic for hacktivists who want to shut down a network out of protest, malice or anarchism. These attacks create a coordinated assault from several hundred to several thousand computers, which overwhelm a network or server to the point of inoperability.

In 2014, Boston Children’s Hospital was embroiled in a controversial custody case involving a 14-year-old patient. The sensitive nature of the case spurred the hacktivist group Anonymous to conduct a successful DDoS attack, which resulted in over $300,000 in damage and lost productivity over a one-week period. Healthcare is often connected closely with politics, and it’s likely that DDoS attacks could occur more frequently in the future. Protecting against these attacks requires close coordination with service providers to ensure that critical networks can remain operational under a DDoS onslaught.

5. INSIDER THREATS

A healthcare organization’s cybersecurity system is only as strong as its weakest link. Even the most rigorous cybersecurity network can be bypassed by an insider, making this type of attack one of the most difficult to prevent. Many disgruntled or criminally motivated employees have compromised healthcare organizations by installing entry points to a hospital’s network from the inside.

Insider threats aren’t necessarily malicious. The increasing number of personal devices in hospitals poses an additional insider threat to these organizations. Smartphones, tablets, and laptops are allowed at 81% of healthcare organizations, but only half of these organizations have plans in place to secure these devices. Personal devices are often unencrypted and may be carrying malicious viruses or “worms” that can compromise connected networks.

Cybersecurity is a constantly evolving field. Healthcare organizations must be ready to invest in ongoing security protocols to remain ahead of the most common attacks. Complete security might be impossible, but a reduction in service interruptions and lost data could help healthcare organizations exponentially going forward.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Healthcare Technology Trends for 2019 and Beyond

Healthcare Technology Trends for 2019 and Beyond | Healthcare and Technology news | Scoop.it

The healthcare industry is moving from products and services to solutions. Just a few years ago, medical institutions relied on special equipment and hardware to deliver evidence-based care. Today is the time of medical platforms, big data, and healthcare analytics. Healthcare institutions are focused on real-time results. The next decade will be focused on preventive care, and here new healthcare technology trends will come into play.

Artificial intelligence

The modern healthcare industry has already introduсed AI-based technologies like robotics and machine learning to the world. For example, IBM Watson is an AI-based system that’s making a difference in several areas of healthcare. The IBM Watson Care Manager was produced to enhance care management, accelerate drug discovery, match patients with clinical trials, and fulfill other tasks. Systems like this can help medical institutions save a big deal of time and money in the future.

 

It’s likely that in 2019 and beyond, AI will become even more advanced and will be able to carry out a wider range of tasks without human monitoring. Here are some predictions of AI trends in healthcare:

Early diagnosis

This healthcare technology trend can accurately and quickly process a lot more data than the human brain. So AI tools can reduce human errors in diagnosis and treatment and allow doctors to work with more patients. For example, image recognition technology will help to diagnose some diseases that cause changes to appearance (diabetes, optical deviations, and dermatological diseases). It’s also likely that in future people will be able to diagnose themselves. DIY medical diagnosis apps will probably ask some questions, process a patient’s care history, and then show possible diagnoses based on the current symptoms. But as this technology isn’t advanced yet, patients should be careful with DIY medical apps and self-medication.

Medical research and drug discovery

The future of drug discovery and medical research lies in deep learning technology. Deep learning is a field of machine learning that’s able to model the way neurons interact with each other in the brain. This allows medical systems to process large sets of data to quickly identify drug candidates with a high probability of success. A Pharma IQ report says that about 94 percent of pharma specialists believe that AI technologies will have a noticeable impact on drug discovery over the next two years. Even today, pharmaceutical giants such as Merck, Celgene, and GSK are working on drug discovery in collaboration with AI platforms, predicting AI to be the primary drug discovery tool in the future.

Better workflow management and accounting

There are a lot of routine and tiresome tasks that medical workers have to do apart from caring for patients. AI can reduce staff overload by automating monotonous tasks such as accounting, scheduling, managing electronic health records, and paperwork.

IoMT

The Internet of Medical Things (IoMT) includes various devices connected to each other via the internet. Nowadays, this technology trend in healthcare is used for remote monitoring of patients’ well-being by means of wearables. For example, ECG monitors, mobile apps, fitness trackers, and smart sensors can measure blood pressure, pulse, heart rate, glucose level, and more and set reminders for patients. One recently introduced IoMT wearable device, the Apple Watch Series 4, is able to measure heart rate, count calories burned, and even detect a fall and call emergency numbers. The FDA has recently approved a pill with sensors called Abilify MyCite that can digitally track if a patient has taken it.

IoMT technology is still evolving and is forecasted to reach about 30 billion devices worldwide by 2021 according to Frost & Sullivan.

  • IoMT will contribute sensors and systems in the healthcare industry to capture data and deliver it accurately.
  • IoMT technology can reduce the costs of healthcare solutions by allowing doctors to examine patients remotely.
  • IoMT can help doctors gather analytics to predict health trends.

 

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
Scoop.it!

Rural Health Professions Training: Teaching Medical Students the Benefits of Telemedicine

Rural Health Professions Training: Teaching Medical Students the Benefits of Telemedicine | Healthcare and Technology news | Scoop.it

For medical students with the University of Arizona College of Medicine – Tucson, weeks of suspense will end on March 15. Otherwise known as Match Day, it’s the day the students will learn where they will go for their residency training, in their chosen medical field, after they graduate from medical school in May.

 

Sarah Joy Ring, who has completed the College of Medicine – Tucson’s Rural Health Professions Program and a 16-week Rural Health Distinction Track, is hoping for a residency focused on both pediatrics and emergency medicine, potentially in a rural location.  Her “capstone” paper, an in-depth research project that all Distinction Track students are expected to complete, carries the impressive title of “A Survey of Rural Emergency Medicine and the Discrepancy of Care for Pediatric Patients that Present to Rural Emergency Departments.”

 

During her training, she had opportunities to see how important telemedicine can be in rural communities.

 

“I was at sites that had telemedicine capabilities and spent some time chatting with the physicians about them. "I can specifically remember two experiences, one while on my family medicine rotation in Tuba City (in northern Arizona, where students learn about American Indian healthcare) and one during my RHPP summer in Flagstaff” (also in northern Arizona).

“Tuba City experiences a significant shortage of mental health providers in general, and specifically for children and adolescents," Sarah says.

“As such, they found using telemedicine helpful to connect the children of that region with services that they would otherwise struggle to receive, due to having to travel large distances to receive help, which incurs financial and time burdens for families.

“Moreover, a point that I found particularly enlightening when learning about this service, was with regard to what it means to live in a small population where it is quite likely you know most people living in the region," Sarah says.

“The physicians found that because of this, many adolescents experiencing difficulties often felt uncomfortable sharing with people who lived in the region, out of fear that they may tell someone, or that they were themselves a relative or family friend, which can be a common experience. Having someone to share with who lived out of the region and was not specifically invested in the region and an integral member of the community made many of these adolescents more comfortable with disclosing their experiences.  

“I also worked on writing about how telemedicine can be used to augment pediatric services in rural emergency departments for part of my "capstone" project and found some very positive results from multiple studies. For critically ill patients, one study found that in particular, telemedicine consults improved the access to critical care specialists, resulting in a reduced frequency of physician-related medication errors. Moreover, another study found that parent satisfaction was higher with telemedicine consults than with phone consults, which is a particularly important outcome when caring for pediatric patients and their family. Many of these same findings also translated to the pre-hospital environment, where ambulances that utilized telemedicine resulted in better assessments, more interventions in the pre-hospital environment, and improved outcomes for pediatric patients in pre-hospital care. 

“Overall," Sarah says, I think that we will continue to find that telemedicine is an excellent resource for rural providers that allows patients to have clinically significant access to additional resources and care that would otherwise be difficult or unavailable to the region."

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
Scoop.it!

Top 3 Third Party Risk Management Challenges

Top 3 Third Party Risk Management Challenges | Healthcare and Technology news | Scoop.it

Since the massive Target data security breach in December 2013, third party cyber security stopped being an afterthought and started becoming one of the top security priorities for CISOs and Risk Departments. As a response, Third Party Risk Management (TPRM) underwent a transformation in early 2014, and continues to reverberate today.

 

With attackers finding new ways to break into third parties in hopes of infecting a larger organization, the third party ecosystem is more susceptible than ever before. Meanwhile third party usage is growing fast in large organizations and enterprises. Many critical business services such as HR functions, data storage, and modes of communication are the responsibility of cloud-based third parties.

 

Without a modern TPRM program, many of these third parties are left behind in security risk management, putting organizations in a vulnerable position.

 

Over 60% of data breaches can be linked either directly or indirectly to a third party (per Soha Systems, 2016) but TPRM programs don’t often take a risk-first perspective when it comes to risk management. Security and Vendor Risk departments are often solely focused on compliance. That’s important, but doesn’t get at the heart of the risk posed by your third parties. To shift the approach of your TPRM program to measure true risk, you’ll need to make some adjustments in how you manage third parties.

 

Here are the three top TPRM challenges and the actions you and your organization can take in order to bolster your TPRM program.

 

1. Automate Your TPRM Process to Reduce Unmanaged Risk
With the rise in SaaS, businesses are now using cloud-based third parties more than ever. Gartner predicted that SaaS sales will nearly double by 2019, and that SaaS applications will make up 20% of the growth rate in all public cloud services, a $204B market. Last year, Forrester had already predicted that enterprise spend on software would reach $620B by the end of 2015.

 

As businesses engage in IT and infrastructure digital transformation, the need to manage vendors is more pronounced. Over 60% of respondents from a Ponemon Institute’s survey on Third Party Risk Management believe that the Internet of Things increases third party risk significantly. 68% believe the same is true for cloud migration.

 

However, as more third parties are brought in, they’re often not managed to match the level of cyber security risk they carry. Worse, they may not be managed at all due to a lack of resources. This creates unmanaged security risk. If these third parties have access to your network, your employees’ PII, or your customers’ sensitive data, shouldn’t they be subject to rigorous risk management assessments?

 

Unfortunately, as the number of third parties swell to the hundreds, it’s often not feasible for every vendor to be assessed in the same critical fashion. That’s why having an automated risk assessment tool for assessing vendors is a way to ensure you’re minimizing unmanaged risk from both new and existing vendors.

 

Automating your TPRM process is one of the major steps towards having a mature TPRM department capable. Its benefits include:

 

  • Improved third party management flexibility
  • Standardized processes and thirdparty management
  • Metrics and reporting consistency
  • Improved data-driven decision making
  • Further structuring the TPRM organization
  • Increased third party responsibility
  • Increased overall risk assessment and mitigation

 

By automating the TPRM process, you’re creating a standardized structure that can be applied to all third parties, whether existing or onboarded.

 

You can automate your TPRM process by finding new technologies or tools that will automate the assessment and information gathering process for your third party vendors. This helps to ensure that you’re optimizing your resources and spending company time on what is most impactful.

 

2. Augment and Validate Self-Reported Questionnaires Through Independent Risk-Based Assessments
Third parties are often assessed through questionnaires, onsite assessments, or via penetration tests. Each has its own advantages and disadvantages. Onsite risk assessments and penetration tests are resource-intensive, requiring time, money, and staff in order to carry out the assessments. Because of the costs, these kinds of assessments cannot be used for all third parties, and should be reserved for the most risk-critical third parties.

 

That leaves questionnaires to fill the void for most of the other third parties. However, questionnaires are self-reported, which makes using a ‘trust, but verify’ approach to risk management difficult to accomplish.

 

In a 2016 Deloitte Study on Third Party Risk Management, 93.5% of respondents expressed moderate to low levels of confidence in their risk management and monitoring mechanisms. With numbers like that, it’s easy to see why TPRM programs need increased attention. Without a way to independently verify the security posture of your third parties, you can only rely on the word of your third parties who are, for obvious reasons, incentivized to report positively.

 

Organizations should find independent third parties that can provide risk-based assessments of their third parties to validate that the findings from questionnaires are a realistic portrait of the state of third party security.

 

There are a number of cyber security solutions that provide risk-first third party assessments. To find the right solution, you should research whether or not those solutions:

 

  • are accurately assessing third parties
  • can facilitate communication between you and third parties
  • are focusing on key cyber security areas that are indicative of a potential breach


3. Utilize Continuous Monitoring to Assess Third Parties Beyond Point-In-Time Assessments
The assessment methods mentioned in the previous section all have one glaring flaw in common – they assess third parties at a single point in time. Many times, the information gathered by security risk assessments is outdated by the time it falls into your hands. The speed at which hackers are developing new attacks and exploiting vulnerabilities is too fast for point-in-time assessments or annual reviews to provide any insight into the real security posture of a vendor.

 

A PWC Third Party Risk Management report on the finance industry noted that 58% of companies using ad hoc monitoring experienced a third party service disruption or data breach, compared to only 37% of those that regularly monitor their providers and partners. Without having a way to know the security posture of your third parties on-demand, you’re managing risk with a blindfold on for most of the year. By only having point-in-time information that is quickly outdated, your ability to react to new vulnerabilities, or worse, a potential third party cyber security incident, is negligible.

 

Through continuous monitoring, you’re bolstering the security of your third party by keeping them consistently accountable, which in turn, minimizes your overall risk to a potential security incident.

 

How to Get Started Revamping Your VRM
We covered how to implement continuous monitoring in your TPRM program in part 2 of our How to Revamp Your VRM Program article series. Start by establishing a central TPRM office if you don’t already have one, prioritize and identify your most risk-critical and business-critical vendors, and then define your third parties’ security controls and processes that you’ll monitor on an ongoing basis. If you have the resources, look for automated risk healthassessment tools and solutions that offer continuous monitoring for your third parties.

 

Conclusion
Updating your TPRM program doesn’t have to be a complete overhaul of your department. Instead, you should use a risk-first perspective to define the aspects that are the most criticalto update. The three we highlighted here will yield the most dramatic changes in a TPRM program, reducing your unmanaged risk, and reducing your reaction time should a security incident occur.

 

By automating aspects of your TPRM program, using independent third party assessments, and adopting continuous monitoring, you’re not far from having a mature TPRM program that can easily assess any new third party as it comes, keeping your organization safe.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Top 6 Benefits of Adopting a Phone System 

Top 6 Benefits of Adopting a Phone System  | Healthcare and Technology news | Scoop.it

In the modern medical era of robot surgeries, drones, and telemedicine, it’s easy to overlook basic communication platforms like your phone system. But your phone system is still a critical method patients and providers rely on for communication. If your organization is using a legacy phone system, it’s time to discover the benefits of voice over Internet protocol (VoIP).

 

VoIP is the transmission of phone calls over the Internet instead of traditional telephone lines, and this technology is rapidly transforming how healthcare organizations across the country communicate with their providers, patients, and counterparts.

 

No matter if your organization is a large medical system, behavioral health group, small doctor’s office, public health department, or rural clinic, VoIP systems can provide numerous benefits that legacy phone services just can’t deliver. Here are the top six benefits of adopting a VoIP phone system.

 

Enhanced Productivity and Efficiency

It’s no secret healthcare organizations are slammed in our current fast-paced climate. Healthcare administrators and providers alike are watching their responsibilities increase while the amount of time to meet them stays the same. According to IT Toolbox, switching gears throughout the day to tackle tasks like managing contacts and voicemail leads to a 40% reduction in staff productivity.

 

With a VoIP phone system, you can get your day back with productivity-enhancing features that legacy phone systems can’t support, and the integration of those features creates seamless, time-saving communications among your staff members. Simple-to-configure call routing and self-routing auto attendant features are easy for staff to navigate, improves staff availability to callers who need them, and decreases time spent on routing calls. And, if your goal is to reduce the time physicians and medical staff spend on voicemails, VoIP systems offer voicemail transcribing features that will automatically transcribe messages and deliver them to your email inbox.

 

Additionally, advanced reporting data gives your team an inside look into the traffic loads of your system. This data is extremely valuable and can be used to make intelligent routing and configuration decisions to balance call loads across your organization.

 

Cost Savings

With costs escalating and reimbursement rates shrinking, it’s more important than ever for healthcare providers to find innovative ways to save money without sacrificing efficiency.

 

VoIP is a cost-effective solution because calls are made and received over your organization’s Internet rather than traditional phone lines. This means your organization isn’t being charged for local and long distance calls on a minute-by-minute basis, cutting down your costs by a huge margin.

 

VoIP systems are also affordable to install. Because VoIP is cloud-based, most of the equipment a healthcare organization needs is already in place, making installation fast and seamless. Typically, the only capital expenditure needed is the cost for the phones themselves. VoIP allows your organization to save time and effort that otherwise would have been spent on additional infrastructure, project management, and staffing. These critical savings can be reallocated to other needed services that directly save lives.

 

Delivers a Better Patient Experience

At any healthcare establishment, the quality of care provided and patient experience delivered is paramount to success. Adopting a VoIP phone system can help elevate the communication experience your patients have with your facility.

 

With a VoIP phone system, you enjoy enhanced audio quality and clarity, making it easier to decipher and respond to a patient’s questions and concerns. Additionally, several features can be implemented to ensure your patients and callers are routed to the correct point of contact. Some of these features include:

 

  • Prioritized calling for medical emergencies
  • Call forwarding
  • Click-to-call
  • Routing calls based on caller ID
  • Routing calls with option sets for billing, scheduling, care, etc.
  • Custom messages based on day and time
  • Custom hold music or announcements
  • Integration with patient account information systems

 

These advanced features work together to ensure your callers are able to reach their destination and gather or relay information quickly and painlessly.

 

Online Portals Put You in Control

With legacy phone systems, changing system settings can be a difficult task and can even require multiple calls to the vendor. That’s time your providers and staff simply can’t afford to waste.

 

Cloud-based VoIP platforms deliver complete organization and control to your staff through easy-to-use online portals. These portals give your staff advanced features that allow easy day-to-day management of your voice services without ever having to call the service provider. Authorized administrators can change call-forwarding settings, manage call groups, update contacts, reset passwords, configure phones, listen to transcribed voicemails, and more, all through their online portal. Your staff can easily and quickly update and configure settings instantaneously anytime from any web browser.

 

Flexibility Allows You to Scale

Another advantage cloud-based VoIP services offer is simple scalability, allowing you to transition as slowly or as quickly as needed. Healthcare organizations vary in size and complexity and your phone system should be able to scale to your needs. With traditional phone systems, this is incredibly difficult and can cost you more money in the long run. Flexible designs enable healthcare organizations to deploy VoIP at one site or multiple sites if you’re looking to consolidate multiple voice platforms. Additionally, VoIP systems allow you to scale your system to only include features your organization truly utilizes.

 

Streamlined Communications on the Go

With a mobile VoIP capability, such as an app on your smartphone, your staff and providers are always reachable on their mobile phones. Missing important calls or information can create a lot of added work and decrease efficiency. Thanks to the mobility provided by many VoIP applications, staff members can stay connected by using their mobile devices to receive and make calls to and from their work extensions, as well as access voicemail, call logs, and contact lists.

 

 

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Compromised logs can hamper IT security investigations 

Compromised logs can hamper IT security investigations  | Healthcare and Technology news | Scoop.it

At the heart of most devices that provide protection for IT networks is an ability to log events and take actions based on those events. This application and system monitoring provides details both on what has happened to the device and what is happening. It provides security against lapses in perimeter and application defences by alerting you to problems so defensive measures can be taken before any real damage is done. Without monitoring, you have little chance of discovering whether a live application is being attacked or has been compromised.

 

Critical applications, processes handling valuable or sensitive information, previously compromised or abused systems, and systems connected to third parties or the Internet all require active monitoring. Any seriously suspicious behaviour or critical events must generate an alert that is assessed and acted on. Although you will need to carry out a risk assessment for each application or system to determine what level of audit, log review and monitoring is necessary, you will need to log at least the following:

  • User IDs
  • Date and time of log on and log off, and other key events
  • Terminal identity
  • Successful and failed attempts to access systems, data or applications
  • Files and networks accessed
  • Changes to system configurations
  • Use of system utilities
  • Exceptions and other security-related events, such as alarms triggered
  • Activation of protection systems, such as intrusion detection systems and antimalware

Collecting this data will assist in access control monitoring and can provide audit trails when investigating an incident. While most logs are covered by some form of regulation these days and should be kept as long as the requirements call for, any that are not should be kept for a minimum period of one year, in case they are needed for an investigation.  However, monitoring must be carried out in line with relevant legislation, which in the UK is the Regulation of Investigatory Powers and Human Rights Acts. Employees should be made aware of your monitoring activities in the network acceptable use policy.

 

 

Log files are a great source of information only if you review them. Simply purchasing and deploying a log management product won’t provide any additional security. You have to use the information collected and analyse it on a regular basis; for a high-risk application, this could mean automated reviews on an hourly basis. ISO/IEC 27001 control A.10.10.2 not only requires procedures for monitoring the use of information processing facilities, but demands the results are reviewed regularly to identify possible security threats and incidents.

 

However, even small networks can generate too much information to be analysed manually. This is where log analysers come in, as they automate the auditing and analysis of logs, telling you what has happened or is happening, and revealing unauthorised activity or abnormal behaviour. This feedback can be used to improve IDS signatures or firewall rule sets. Such improvements are an iterative process, as regularly tuning your devices to maximise their accuracy in recognising true threats will help reduce the number of false positives. Completely eliminating false positives, while still maintaining strict controls, is next to impossible, particularly as new threats and changes in the network structure will affect the effectiveness of existing rule sets. Log analysis can also provide a basis for focused security awareness training, reduced network misuse and stronger policy enforcement.

 

ISO/IEC 27001 controls A.10.10.4 and A.10.10.5 cover two specific areas of logging whose importance is often not fully appreciated: administrator activity and fault logging. Administrators have powerful rights, and their actions need to be carefully recorded and checked. As events, such as system restarts to correct serious errors, may not get recorded electronically, administrators should maintain a written log of their activities, recording event start and finish times, who was involved and what actions were taken. The name of the person making the log entry should also be recorded, along with the date and time. The internal audit team should keep these logs.

 

There are two types of faults to be logged: faults generated by the system and the applications running on it, and faults or errors reported by the system's users. Fault logging and analysis is often the only way of finding out what is wrong with a system or application. The analysis of fault logs can be used to identify trends that may indicate more deep-rooted problems, such as faulty equipment or a lack of competence or training in either users or system administrators.

 

All operating systems and many applications, such as database server software, provide basic logging and alerting faculties. This logging functionality should be configured to log all faults and send an alert if the error is above an acceptable threshold, such as a write failure or connection time-out. The logs should be reviewed on a regular basis, and any error-related entries should be investigated and resolved. While analysing all logs daily is likely an unrealistic goal, high-volume and high-risk applications, such as an e-commerce Web server, will need almost daily checking to prevent high-profile break-ins, while for most others a weekly check will suffice.

 

There should be a documented work instruction covering how faults are recorded or reported, who can investigate them, and an expected resolution time, similar to a service contract if you use an outside contractor to support your systems. Help desk software can log details of all user reports, and track actions taken to deal with them and close them out.

 

No matter how extensive your logging, log files are worthless if you cannot trust their integrity. The first thing most hackers will do is try to alter log files to hide their presence. To protect against this, you should record logs both locally and to a remote log server. This provides redundancy and an extra layer of security as you can compare the two sets of logs against one another -- any differences will indicate suspicious activity.

 

If you can’t stretch to a dedicated log server, logs should be written to a write-once medium, such as a CD-R or DVD-R, or to rewritable media such as magnetic tape data storage or hard disk drives that automatically make the newly written portion read-only to prevent an attacker from overwriting them. It's important also to prevent administrators from having physical and network access to logs of their own activities. Those tasked with reviewing logs should obviously be independent of the people, activities and logs being reviewed.

 

The protection of log information is critical. Compromised logs can hamper IT security investigations into suspicious events, invalidate disciplinary action and undermine court actions.

 

Another point to bear in mind is system clocks need to be synchronised so log entries have accurate timestamps. Check computer clocks and correct any significant time variations on a weekly basis, or more often, depending on the error margin for time accuracy.

 

Clocks can drift on mobile devices and should be updated whenever they attach to the network or desktop. Always record the time of an event in a consistent format, such as Universal Coordinated Time (UTC) across all files. For additional security, add a checksum to each log entry so you can detect if any entries have been tampered with. Controls also need to be in place to ensure there is ample log storage. If your logs can be trusted, they can help you reconstruct the events of security incidents and provide legally admissible evidence.

 

Logging and auditing work together to ensure users are only performing the activities they are authorised to perform, and they play a key role in preventing, as well as in spotting, tracking and stopping unwanted or inappropriate activities.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

 
more...
No comment yet.
Scoop.it!

Hospitals, payers and docs collaborate on prior authorization 

Hospitals, payers and docs collaborate on prior authorization  | Healthcare and Technology news | Scoop.it

Dive Brief:

  • Multiple healthcare stakeholders, including the American Medical Association, American Hospital Association and America's Health Insurance Plans, are coming together to streamline prior authorization processes.

  • Prior authorization can assure appropriate, cost-effective care, but it can also create a burden for hospitals, payers and patients, the group acknowledges.

  • A consensus statement highlights the groups’ “shared commitment to industry-wide improvements to prior authorization processes and patient-centered care,” and calls for selective application and regular review of therapies that may not require such approval.

Dive Insight:

Also included in the group are the American Pharmacists Association (APhA), Blue Cross Blue Shield Association (BCBSA) and Medical Group Management Association (MGMA), all calling for improving transparency and communication to improve prior authorization processes.

 

Tom Nickels, executive vice president of the AHA, said hospitals and health systems “are committed to delivering the best care for patients in the most efficient manner,” which are “goals we share with our partners in the health field.” “These principles provide a good starting point for providers and health plans to work together toward continuous improvement in quality of care and health outcomes while reducing unnecessary administrative burden,” said Nickels.

 

The consensus statement includes healthcare leaders working together to:

  • Reduce the number of healthcare professionals needed for prior authorization requirements
  • Regularly review services and medications that require prior authorization and remove ones that are no longer needed
  • Improve channels of communications between the stakeholders “to minimize care delays and ensure clarity” on prior authorizations
  • Protect continuity of care for patients
  • Accelerate industry adoption of national electronic stands for prior authorization

Richard Bankowitz, M.D., chief medical officer of AHIP, said the collaboration will improve the “process, promote quality and affordable health care, and reduce unnecessary burden.”

 

AMA Chair-elect Jack Resneck Jr., M.D., called the consensus “a good initial step.”

 

Prior authorizations have become the norm in healthcare, particularly for pricey procedures and tests. They have helped keep down costs, but at the expense of more work for providers. A December 2016 AMA survey found that physicians were completing an average of 37 prior authorizations each week, which took about 16.4 hours to process.

 

Through this initiative, healthcare stakeholders hope to improve patient care and remove administrative burdens for providers, payers and pharmacists, while maintaining checks in the system to keep costs under control. 

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Connecting the Dots: Referrals between Medical Care and Community Resources 

Connecting the Dots: Referrals between Medical Care and Community Resources  | Healthcare and Technology news | Scoop.it

Policymakers and providers all agree that addressing patients’ non-medical needs will be critical to improving health, health care, and health care costs, but little progress has been made towards integrating traditionally segmented services. What can and should a health care organization do? Realistically, most health care organizations will not build new lines of social services into their core clinical operations. Instead, leading organizations are connecting the dots by optimizing referrals to existing community resources. Based on phone interviews and site visits with executive leadership, frontline providers, and community partners, we highlight the work of nine innovative health care organizations. Here, we offer practical steps to reflect upon where your organization stands and where it might look to be in a referral model for community resources.

 

Starting point: Does your team have a useful resource library?

Useful is the key word here: we’re not talking about a static laundry list that simply names local community resources on a website or a print out. Useful resource libraries not only catalog existing community resources but also include pertinent details such as eligibility criteria. For example, at one organization we interviewed, health coaches use their electronic resource library to match the patient’s age, income, and residence profile with available community resources. To create the most useful resource library for your organization, we suggest querying your care team about what essential pieces of information would help them effectively and confidently refer patients to community resources.

Importantly, a resource library is only as useful as it is accurate and up-to-date. Organizations will need to identify who will monitor and update the resource library at regular intervals by visiting program websites, calling program contacts, or surveying providers about their experiences with listed community resources. For example, one organization we interviewed created a dedicated committee to appraise over 300 community resources that engage with their providers. Clearly, modifications to the resource library are to be expected, so electronic resource libraries (e.g. in a cloud-based platform or in the EHR) will be more dynamic than binders. Two organizations we interviewed are even using or contracting with companies that have created web-based resource libraries (e.g. Aunt Bertha, NowPow).

Next step: Who is responsible for referring patients?

Remember, the resource library is a tool not the solution. Organizations must lay out what roles will best enable referrals to community resources. Depending on your unique organization, referrals to community resources might be done through an entire team, an individual, or outsourced partners. For example, one larger organization we interviewed developed multidisciplinary teams of nurses and social workers, making specialized referrals and handoffs for particular social service domains (e.g. a housing team, transportation team, and nutrition team). In contrast, another organization used a single, centralized point person to make all referrals into the local community. Alternatively, two organizations we interviewed piloted with external partners (such as Health Leads) whose staff executes the referrals to specific community resources.

In addition to defined roles, organizations must not forget to develop associated workflows. What is the workflow to identify the patients with social service needs? What is the provider’s workflow to connect with whomever will make the community resource referrals? Are there workflows in place to follow-up regarding the referrals made to community resources? While developing these workflows, organizations need to consider what the preferred modes of communication are and which documentation platforms will facilitate the workflows. For example, one organization we interviewed built workflows into their EHR by tailoring the existing social service pathways of the Pathways Hub Model to fit the organization’s particular patient needs, staffing structure, and provider network. By strategically designing roles and workflows that support patient referrals to community resources, your organization shares responsibility for the success of the referral model.

Final move: Are you evaluating the impact?

Evaluating your referral model is crucial not only to intelligently decide what to keep, drop, or adapt but also to assess the impact of your work. All of the organizations we interviewed found it challenging to demonstrate that referrals to community resources directly influenced larger outcomes such as total costs of medical care. More immediately, data points that organizations may want to capture include the number of patients with different types of social service needs and the number of complete and incomplete referrals made to each community resource. For example, one organization we interviewed is tracking their rate of unsuccessful referrals to community resources in order to reveal where gaps in the community persist and subsequently inform advocacy efforts.

Furthermore, evaluating your referral model sets the foundation to build a business case for social service partnerships. A few organizations we interviewed were interested in entering financial arrangements with a curated network of community partners based on quality and other performance metrics, although these were generally still in the early stages of development. As organizations look to harmonize data collection and evaluation efforts, partners will need to agree upon the types of data, preferred reporting formats, and interval of reporting requests. In fact, based on interviews with community partners, we learned that many community partners are motivated to collect and exchange data on shared patients in order to improve their value proposition with grant funders and secure future funding.

Following the lead of innovative organizations, there are valuable opportunities for health care organizations to use a referral model with community resources. Health care organizations that leverage their local communities can more effectively match patients with comprehensive services critical to improving health status. Improving the referral model is a key sPolicymakers and providers all agree that addressing patients’ non-medical needs will be critical to improving health, health care, and health care costs, but little progress has been made towards integrating traditionally segmented services. What can and should a health care organization do? Realistically, most health care organizations will not build new lines of social services into their core clinical operations. Instead, leading organizations are connecting the dots by optimizing referrals to existing community resources. Based on phone interviews and site visits with executive leadership, frontline providers, and community partners, we highlight the work of nine innovative health care organizations. Here, we offer practical steps to reflect upon where your organization stands and where it might look to be in a referral model for community resources.
 
Starting point: Does your team have a useful resource library?
Useful is the key word here: we’re not talking about a static laundry list that simply names local community resources on a website or a print out. Useful resource libraries not only catalog existing community resources but also include pertinent details such as eligibility criteria. For example, at one organization we interviewed, health coaches use their electronic resource library to match the patient’s age, income, and residence profile with available community resources. To create the most useful resource library for your organization, we suggest querying your care team about what essential pieces of information would help them effectively and confidently refer patients to community resources.
Importantly, a resource library is only as useful as it is accurate and up-to-date. Organizations will need to identify who will monitor and update the resource library at regular intervals by visiting program websites, calling program contacts, or surveying providers about their experiences with listed community resources. For example, one organization we interviewed created a dedicated committee to appraise over 300 community resources that engage with their providers. Clearly, modifications to the resource library are to be expected, so electronic resource libraries (e.g. in a cloud-based platform or in the EHR) will be more dynamic than binders. Two organizations we interviewed are even using or contracting with companies that have created web-based resource libraries (e.g. Aunt Bertha, NowPow).
Next step: Who is responsible for referring patients?
Remember, the resource library is a tool not the solution. Organizations must lay out what roles will best enable referrals to community resources. Depending on your unique organization, referrals to community resources might be done through an entire team, an individual, or outsourced partners. For example, one larger organization we interviewed developed multidisciplinary teams of nurses and social workers, making specialized referrals and handoffs for particular social service domains (e.g. a housing team, transportation team, and nutrition team). In contrast, another organization used a single, centralized point person to make all referrals into the local community. Alternatively, two organizations we interviewed piloted with external partners (such as Health Leads) whose staff executes the referrals to specific community resources.
In addition to defined roles, organizations must not forget to develop associated workflows. What is the workflow to identify the patients with social service needs? What is the provider’s workflow to connect with whomever will make the community resource referrals? Are there workflows in place to follow-up regarding the referrals made to community resources? While developing these workflows, organizations need to consider what the preferred modes of communication are and which documentation platforms will facilitate the workflows. For example, one organization we interviewed built workflows into their EHR by tailoring the existing social service pathways of the Pathways Hub Model to fit the organization’s particular patient needs, staffing structure, and provider network. By strategically designing roles and workflows that support patient referrals to community resources, your organization shares responsibility for the success of the referral model.
Final move: Are you evaluating the impact?
Evaluating your referral model is crucial not only to intelligently decide what to keep, drop, or adapt but also to assess the impact of your work. All of the organizations we interviewed found it challenging to demonstrate that referrals to community resources directly influenced larger outcomes such as total costs of medical care. More immediately, data points that organizations may want to capture include the number of patients with different types of social service needs and the number of complete and incomplete referrals made to each community resource. For example, one organization we interviewed is tracking their rate of unsuccessful referrals to community resources in order to reveal where gaps in the community persist and subsequently inform advocacy efforts.
Furthermore, evaluating your referral model sets the foundation to build a business case for social service partnerships. A few organizations we interviewed were interested in entering financial arrangements with a curated network of community partners based on quality and other performance metrics, although these were generally still in the early stages of development. As organizations look to harmonize data collection and evaluation efforts, partners will need to agree upon the types of data, preferred reporting formats, and interval of reporting requests. In fact, based on interviews with community partners, we learned that many community partners are motivated to collect and exchange data on shared patients in order to improve their value proposition with grant funders and secure future funding.
Following the lead of innovative organizations, there are valuable opportunities for health care organizations to use a referral model with community resources. Health care organizations that leverage their local communities can more effectively match patients with comprehensive services critical to improving health status. Improving the referral model is a key step in connecting the dots between medical care and community resources, a small move toward systematically caring for the whole person rather than the discreet set of problems bringing a patient into a given provider’s office.tep in connecting the dots between medical care and community resources, a small move toward systematically caring for the whole person rather than the discreet set of problems bringing a patient into a given provider’s office.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Readmissions Penalties Get Very, Very Real

Readmissions Penalties Get Very, Very Real | Healthcare and Technology news | Scoop.it

It was quite bracing to read the August 3 Kaiser Health News report entitled “Half of Nation’s Hospitals Fail Again to Escape Medicare’s Readmission Penalties.” As Jordan Rau wrote in the article, “Once again, the majority of the nation’s hospitals are being penalized by Medicare for having patients frequently return within a month of discharge—this time losing a combined $420 million, government records show. In the fourth year of federal readmission penalties,” Rau reported, “2,592 hospitals will receive lower payments for every Medicare patient that stays in the hospital—readmitted or not –starting in October. The Hospital Readmissions Reduction Program, created by the Affordable Care Act, was designed to make hospitals pay closer attention to what happens to their patients after they get discharged. Since the fines began,” he added, “national readmission rates have dropped, but roughly one of every five Medicare patients sent to the hospital ends up returning within a month.”


What’s more, Rau noted, “Some hospitals view the punishments as unfair because they can lose money even if they had fewer readmissions than they did in previous years. All but 209 of the hospitals penalized in this round were also punished last year, a Kaiser Health News analysis of the records found.”


As hospital executives already know, the fines for failure to meet the criteria of the Centers for Medicare & Medicaid Services (CMS) focus on five conditions: heart attack, congestive heart failure, pneumonia, chronic obstructive pulmonary disease (COPD), as well as elective hip and knee replacements, and are based on readmissions between July 2011 and June 2014.


And these reimbursement cuts are everywhere—indeed, the penalties will be assessed on hospitals in every state except for Maryland, as that state has a special payment arrangement with Medicare. And the cuts will affect three-quarters or more of hospitals in the following states: Alabama, Connecticut, Florida, Massachusetts, New Jersey, New York, Rhode Island, South Carolina, Virginia, and the District of Columbia.


What’s more, the readmissions-driven reimbursement cuts are hitting hospitals on top of cuts coming out of the mandatory value-based purchasing program and the mandatory healthcare-acquired conditions (mostly hospital-acquired infections) program.


 Meanwhile, the average penalties by state are being found to vary tremendously. Nationwide, 54 percent of hospitals (2,592 organizations) are being penalized, with an average Medicare pay cut of 0.61 percent. But those nationwide averages encompass huge variations. On one end of the spectrum, in North Dakota, where only three hospitals, or seven percent of the state’s hospital organizations, are being penalized this year, the average penalty is just 0.14 percent of Medicare payments. But in Kentucky, where 62 organizations, representing 65 percent of the state’s hospitals, are being penalized, the average penalty amounts to a full 1.19 percent of Medicare revenues—that’s an 850-percent spread.


And as everyone knows, many not-for-profit community hospitals in the U.S. are surviving on operating margins of between 1 and 3 percent; and for those with a majority of their revenues coming from Medicare reimbursement, a penalty of more than 1 percent could potentially be devastating.


Five years ago when the U.S. Congress passed he Affordable Care Act, and President Obama signed it, I predicted that the mandatory readmissions program would be one of the healthcare system reform provisions in the ACA that would be one of its most impactful; and it already has been. As we all know, ten years ago, if you were talk walk into the office of the average CFO in the average inpatient hospital in the U.S. and were to ask that CFO what her/his hospital’s average 30-day readmissions rates were for patients with documented congestive heart failure, diabetes, or COPD (chronic obstructive pulmonary disease), s/he could likely not have told you. Now, that CFO needs to know that number—and needs to be working with all levels and disciplines of leadership in her/his hospital to reduce that number.


What’s more, private health insurers are absolutely moving forward to implement similar programs in their hospital contracts, since, as is nearly always the case with such things, once the Medicare program, the U.S. healthcare system’s proverbial 800-pound gorilla, moves forward in an area, all the major private health insurers quickly follow Medicare’s lead and design their own versions of the same initiative.


Industry experts have long noted that many, if not most, readmissions that occur within 30 days are relatively easily predicted. Research, and the experiences of pioneering hospital organizations, have found that the key gaps in this area have to do with care management on multiple levels—ensuring effective discharge planning, including really robust patient and family member education; and then, very importantly, case manager/care manager nurse follow-up with the discharged patient in a day or two at most following discharge, via phone communication, which must involve the scheduling of a follow-up primary care physician appointment; and then of course, that follow-up PCP visit, along with further coaching, education, and care management.


And all of those processes must be strategically directed, excellently executed, and very strongly facilitated by robust information systems run by hospital and health system leaders with commitment to strategic goals and to success over long periods of time and across large groups of patients. Now, clearly, the leaders of many patient care organizations are moving forward with alacrity to develop accountable care organizations (ACOs), either under the aegis of one of Medicare’s ACO programs, or in collaboration with private health plans; as well as implementing population health management programs, and developing patient-centered medical homes.


But here’s the thing about the Medicare readmissions reduction program: because it’s mandatory, it is forcing action on the part of every hospital that receives regular Medicare payment, regardless of whether or not that hospital is also pursuing ACO, population health, or PCMH strategies, or not.


So the same “blessed cycle” of performance improvement is called for on the part of all regular U.S. hospitals receiving Medicare reimbursement, at this point. And that means creating really good data collection and reporting mechanisms, reporting the data, developing continuous clinical performance improvement processes to reduce predictable 30-day readmissions, making those improvements, and continuously sharing with clinicians, clinician leaders, and administrative executives and managers the ongoing results of those efforts, for further improvement work.


In other words, we’re talking about a continuous learning system in U.S. healthcare. And guess what? It’s no longer optional.

The reality is that healthcare IT leaders are playing and will continue to play, an extremely important role in all of this work; indeed, their contributions will be vital to success, at the data and information level, the process improvement level, and the strategic level, organization-wide. The one thing that neither healthcare IT leaders nor any other leaders can do is to sit any longer in denial about what is happening. Because, along with the mandatory value-based purchasing program under Medicare, and to a lesser extent as well, the mandatory healthcare-acquired conditions reduction program under Medicare, continuous clinical performance improvement is in effect now a core component of federal policy.


In other words, folks, this is happening.


The good news is that leaders at the most pioneering hospitals and health systems are lighting the way for others to follow. The bad news is that anyone waiting for further “clarity” on all this is going to be waiting so long as to potentially endanger the future of their hospital organization. So as the readmissions reduction program under Medicare—and inevitably under many, if not most, private health insurers as well—expands and ramps up, it will be incumbent on healthcare IT leaders and on all healthcare leaders to get ahead of the curve, because the penalties are only going to get more and more real—and won’t ever be reversing.

more...
Scoop.it!

How do I report an unsecured Protected Health Information (PHI) Breach?

How do I report an unsecured Protected Health Information (PHI) Breach? | Healthcare and Technology news | Scoop.it

Have you had a HIPAA Breach?  Here's how you report it.

If you are a covered entity and have experienced the loss or theft or accidental disclosure of unsecured or unencrypted Protected Health Information (PHI), you have most likely had a HIPAA Breach. As a covered entity you must undergo specific breach notification procedures as per HIPAA law,  if you discover a breach of unsecured protected health information.  You may need to invoke your incident response plan and involve your attorney depending on the size and nature of the breach.

Step 1- Notify the Secretary of Health and Human Services (HHS)

Your obligations for breach notification to the secretary differ based on whether the breach affects 500 or more individuals or fewer than 500 individuals. If you are unsure how many individuals are affected at the time of submission, provide an estimate.  If the breach affects 500 or more individuals, you need to report the breach to the Secretary no later than 60 days of discovering the breach.

Once HHS receives your breach notification, your information along with some information of the breach will be published on the HHS Breach Portal, also known as the "Wall of Shame".  The Office of Civil Rights (OCR) will then open an investigation.

Step 2- Providing additional information after a breach has been reported

If you discover additional information, submit updates as necessary. If only one option is available in a submission category you should pick the best option, and may provide additional details in the free text portion of the submission.

If you discover additional information that supplements, modifies, or clarifies a previously submitted notice to the Secretary, you may submit an additional form by checking the appropriate box to indicate that it is an addendum to the initial report, using the transaction number provided after submitting the initial breach report.

Step 3- Notify the affected individuals

  1. It is your responsibility to notify each individual of the breach of their PHI, either by notifying them via first class mail, or if they have given permission, you may notify them via email. This notice must include a description of the breach, including the information involved in the breach, steps the individual can take to protect themselves and a summary of the steps you are taking to investigate the breach and what you are doing to prevent future breaches. 

 

What if I don’t have the contact information for Affected Individuals?

 

  1. If contact information for 10 or more individuals is incorrect, you must provide a public notice or media notification in the residential area of those affected individuals, providing them with an 800 number they can call to find out if their information was included in the breach. This number must remain active for a minimum of 90 days.  These individual notices may be substituted by providing notice on your website for a minimum of 90 days or by issuing a media statement notifying the public of the breach.

 

If the Breach Affects 500 or More Individuals:

 

3. If a breach of unsecured protected health information affects 500 or more individuals, you must notify the Secretary of HHS of the breach without unreasonable delay and in no case later than 60 calendar days from the discovery of the breach.  You must submit the notice electronically by clicking on the link below and completing all the required fields on the breach notification form.  

Step 4- Notify the media and update your website 

If the breach affects 500 or more individuals, you need to report the breach to prominent media outlets in the areas where affected or potentially affected individuals reside.  This helps inform all breach victims of the possibility of the exposure of their protected health information.  

If you do not have up-to-date contact information or addresses of 10 or more affected individuals, then you need to update your website with a notice of the breach.  A link to the breach notice must be prominently visible on your home page.

Step 5- Notify HHS annually of breaches affecting fewer than 500 individuals

If a breach of unsecured protected health information affects fewer than 500 individuals, you must notify the Secretary of the breach within 60 days of the end of the calendar year in which the breach was discovered. (You are not required to wait until the end of the calendar year to report breaches affecting fewer than 500 individuals; you may report such breaches at the time they are discovered.) You may report all your breaches affecting fewer than 500 individuals on one date, but you must complete a separate notice for each breach incident. The covered entity must submit the notice electronically by clicking on the link below and completing all of the fields of the breach notification form.

 

Other considerations

  • Be aware that your state may have more stringent breach notification procedures compared to the Federal Government. 
  • Be cognizant of the timeline of breach notification; delays in notification can cause fines and penalties to be levied.
  • Business Associates are also subject to the Breach Notification Rule. Business Associates must inform covered entities within 60 days of discovering the breach.  Business Associates must comply with requirements specified in their Business Associate Agreement with the covered entity.
  • Contact HHS OCR with questions toll-free at: 1-800-368-1019, TDD: 1-800-537-7697 or send an email to OCRPrivacy@hhs.gov
Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Cybersecurity: What Every Telemedicine Practitioner Needs to Know

Cybersecurity: What Every Telemedicine Practitioner Needs to Know | Healthcare and Technology news | Scoop.it

Telemedicine, which enables health professionals to provide treatment to patients remotely, is especially useful in rural areas, where people are distanced from healthcare facilities. It can also play a considerable role during natural disasters when professionals cannot reach affected areas or must operate outside of traditional medical settings.

 

But because of the nature of the platform — and the technology used — telemedicine is susceptible to outside attacks, particularly cyberattacks. Communication and digital exchanges are often done via the open internet. A patient will have a live video chat with a health professional via a mobile app, for instance. That feed and any data from the exchange is vulnerable to snooping or outright theft, especially if one of the parties is using an unsecured network connection.

 

Cyberattacks Are More Dangerous in Health Fields

There’s no reason to downplay general theft. The risk of hackers scooping up personal data is always a concern, but when attacks involve highly sensitive health details, the risks are much higher. Not only could the data be used to harm and damage others, but its misuse can also harm the professionals and, by proxy, the facility they work for. HIPAA law dictates that all communications and data exchanged between doctors and patients be secure — if not, healthcare providers face massive fines and penalties.

 

What makes the whole thing even more alarming is that, in today’s landscape, it’s not a matter of “if” you will experience a cyber attack or data breach, but “when.”

Norton Security, which claims "protection against viruses, malware and more," estimates that by 2023, cybercriminals will successfully steal 33 billion records per year.

 

To provide an even better perspective, consider this: By 2018, nearly 70 percent of businesses had experienced some form of cybersecurity attack, with over half experiencing a data breach. Out of all small businesses that suffer attacks, 60 percent close within six months of an event.

 

It’s a very costly, very damaging problem from which the healthcare and telemedicine industry is not exempt.

How to Prevent Attacks and Mitigate Damage When They Do Happen

Preventative measures are important, and understanding how to deal with an attack or breach can be instrumental in lowering risks. Assuming that a breach can and will happen allows you to better lock down your systems and data. For example, putting stringent authentication and user access measures in place help ensure that only the right people can interact with certain types of data. This means if a lesser user’s account were to be hacked, the attacker wouldn’t have access to sensitive information.

The first recommendation is that you follow ISO 27001 standards and develop a process of internal audits to measure compliance and performance. This set of management standards deals specifically with information security and proactive protection measures.

 

Here are some ways to improve general security and mitigate the risks of a breach:

  • Hire a third-party data security provider or a consultant to understand what’s necessary to protect your network, systems and hardware
  • Establish user access protocols to prevent unauthorized users from accessing high-level information; in other words, keep people in their lanes
  • Use strong authentication measures to identify users and require the use of strong passwords
  • Educate personnel on the importance of security and ensure they understand what role they play
  • Use data encryption for all information sharing and open streams so that any exchanged information is locked behind a security protocol
  • Develop the entire platform, app or tool with security in mind as a foundational element
  • Create a response plan for cyberattacks: how you lock down affected systems and networks, prevent future data loss and tampering, and regain control
  • After a breach, always inform the necessary parties involved, including customers and patients, as well as regulatory bodies

 

While many of the solutions discussed here are valuable, many tactics can help telemedicine practitioners prevent and protect against cyberattacks. The most obvious involves awareness and preparedness, which means educating yourself and your personnel on modern security.

 

This is not something that can be continually brushed aside or avoided. Security must always be a “now” practice that is honored and put into place as soon as possible. It’s especially true of for telemedicine, which involves the facilitation and exchange of highly sensitive information across open channels.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

How Relevant CTI Can Be

How Relevant CTI Can Be | Healthcare and Technology news | Scoop.it

CTI stands for Computer Telephony Integration and it refers to any type of technology that allows computer and phone central functionalities to be interconnected resulting in an added value service portfolio.

 

In the beginning of the telephony era, you were not given the chance of dialing; you would simply “signal” a call center and a human operator would ask you what you required. Then once you stated you wanted to call someone, that human operator would establish a point-to-point connection between your terminal equipment (phone) and the destinations.

 

The funny thing is that nowadays, when you ask your smartphone’s personal assistant to call someone, the process as perceived by us humans is, in fact, the same, and we like it better than having to dial the number or look for the contact.

 

Phone Centrals have become Computers instead of the long-gone PBX backbones, nevertheless the integration of such computers (which perform the role of phone centers) with terminal equipment’s which are in fact computers (like smartphones) and computer software like CRM and ERP Servers or Cloud-based App Services has made the CTI concept more relevant by the day.

 
Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Net Benefits of Telemedicine for Urgent Care Centers

Net Benefits of Telemedicine for Urgent Care Centers | Healthcare and Technology news | Scoop.it

Practice EHR discusses net benefits of telemedicine for Urgent Care Centers.

 

Telemedicine is becoming the new norm for giving and receiving care. Today’s patients are more connected than ever before and 64 percent of Americans report they would seek care via telemedicine, according to an American Well telehealth survey.

 

In its early stages, telemedicine seemed like another on-demand solution taking patients away from urgent care centers (UCCs). Today, urgent cares are realizing the benefits of integrating telemedicine into their operations, such as better flexibility, accessibility and in some cases, better patient satisfaction and outcomes.

 

Fortunately, telemedicine also has financial advantages. Telemedicine empowers UCCs to provide a convenient and cost-effective service for patients, while at the same time improving revenue. Have you considered telemedicine for your urgent care? Read on to learn more about the financial benefits of telemedicine:

Net-Benefits of Telemedicine

1. Increase the number of patients you see each day.

Telemedicine helps you work more efficiently and see more patients in less time. A virtual visit takes less time than an in-person visit, allowing your urgent care to increase the number of patients seen in a day, without having to extend office hours. For example, a clinic with three providers that completes two virtual visits per day, at an average reimbursement of $50, will earn $109,500 in additional revenue in just one year.

 

For UCCs who do feel the need to provide extended office hours, telemedicine is a feasible and cost-effective solution when you have a cloud-based electronic health record (EHR) with integrated telemedicine capabilities. Consider virtual extended hours, where a patient can be seen via a virtual visit conducted by a remote on-call physician. This idea eliminates in-person visits during extended hours, which keeps costs low, drives revenue for your clinic and at the same time provides better accessibility for patients who may be in need during those off-hours

.

2. Better allocate your resources.

Today, consumers have more options than ever before when it comes to their care. Long wait times can result in low patient satisfaction and fewer patients. If your clinic is experiencing long wait times, consider how you can incorporate telemedicine for services that don’t require an in-person visit, like for the flu or an emergency medication refill. Providing virtual visits for these scenarios is a much more efficient and cost-effective way for your patients and your clinic.

 

Telemedicine can also help multi-location UCCs balance their patient volumes and wait times, without having to spend money on additional resources. The Journal of Urgent Care Medicine cited an example of an urgent care that decreased patient wait times and increased patient satisfaction by equipping facilities with telemedicine capabilities in two locations. In other words, UCCs can leverage providers in lower-traffic locations to conduct virtual visits immediately and remotely for patients who are waiting to be seen at the busier location.

 

3. Reach more patients.

In addition to load balancing, telemedicine can easily enable UCCs to reach a larger pool of patients to generate more revenue. Urgent cares who use telemedicine can expand their services to reach patients across one state or multiple, instead of being limited to patients who only live within a 3-5 mile radius.

 

4. Achieve competitive advantage.

Research from Accenture indicates patients want a better healthcare experience and they are leveraging technology, such as telemedicine, to do so. However, the same research also suggests patient demands for virtual care options are outpacing what’s currently available. This provides a significant opportunity for urgent cares. UCCs were the catalysts for convenient, on-demand healthcare; those who continue to evolve with their patients will successfully differentiate themselves in today’s competitive healthcare market.

 

To continue to lead in the on-demand market, urgent care centers will need to adopt technology, like telemedicine to meet patient expectations. The good news is telemedicine is a smart investment that can result in improved efficiency, patient care, cost-savings, revenue and more. Incorporating telemedicine into your UCC isn’t difficult, and there are affordable, telemedicine solutions on the market today. UCCs that incorporate telemedicine, have a lot to gain and very little to lose.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

How to integrate your Phone System with Google Apps through CTI?

How to integrate your Phone System with Google Apps through CTI? | Healthcare and Technology news | Scoop.it

With VoIP (voice over internet protocol), companies are now able to access cheaper, more accessible phone systems all over the world. While VoIP phones have become common, particularly in North America and Europe, there is still a broad growth trend in Asian, African, and Latin American markets. Asian Pacific Markets expect an estimated 14% growth over the next five years, a significant increase considering the dense technological saturation in the area, caused primarily by escalating high-speed communications networks.

 

In markets where there isn’t such an extreme jump in internet infrastructure, there are also significant gains in the adoption of IP phone technology. In Africa, VoIP growth is stunning (80% in South Africa, for example). Because governments own traditional phone infrastructure in Africa, and also because of the challenges expanding utilities to less urban or more isolated areas, mobile VoIP has been replacing traditional phone systems for emerging and growing businesses.

 

Given contemporary global markets and the push toward global expansion, even companies that have long-established traditional phone infrastructure are adopting VoIP systems for their call centers and sales teams. Global calls are more than just person-to-person voice; they now include video, conferencing, and text, whether in Asia, Europe, or North America.

 

With VoIP phone systems, businesses can integrate their phones to their computers and smoothly connect all aspects of sales and service. SMEs and larger enterprises can all benefit from merging data and communications functions; with IP phones, users gain key communication features, all the while letting their VoIP service providers handle IT, updates, and data hosting. Businesses, regardless of size, can benefit from efficiently merging voice and data functions and gaining innovative communication features, while their VoIP service provider takes care of the technology.

 

CTI (computer telephony integration) software lets users integrate their phones with their CRM or ERP platforms to provide more efficient, cheaper, and easier customer communications.

 

With sales, agents can contact more potential clients, improve customer/agent interaction, and create a more collaborative sales team performance. With service, CTI software gives customers options of self-service or live agents, gives automatic call routing, reduces handle times, and gives management the opportunity to review call center performance.

 

It follows by implication that it’s important for businesses to find the best VoIP phone system and CRM for their needs. Some companies need a comprehensive system that works seamlessly across a host of different silos, whereas other businesses need customizable specifics for one element (IT, for example). Businesses must understand their budgets, dominant departments, as well as the need for scalability, and make decisions accordingly.

 
Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

HIPAA Physical Security is Just as Important as Cyber-Security

HIPAA Physical Security is Just as Important as Cyber-Security | Healthcare and Technology news | Scoop.it
HIPAA Physical Security is Just as Important as Cyber-Security

There are many misconceptions when it comes to HIPAA and security controls for covered entities. While security is related to technical measures such as encryption, firewalls, and security risk assessments, it also addresses physical and administrative safeguards that must be in place to protect patient information. In order to comply with HIPAA regulation, healthcare organizations must address each standard and safeguard outlined in the HIPAA Security Rule.

 

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has now released new information further emphasizing the importance of physical safeguards for healthcare organizations across the country. HIPAA not only requires technical controls to protect the confidentiality, integrity, and availability of protected health information (PHI) but also proper physical security controls.

 

Physical safeguards are generally seen as the simplest and cheapest forms of protecting PHI, yet many organizations tend to overlook this important element of security. There are even some physical security controls that cost nothing- such as simply locking up portable electronic devices when they are not in use (laptops, portable storage devices, and pen drives).

 

Although this may seem like a very basic form of security, it is one of the most effective ways of preventing theft. To illustrate the importance of HIPAA physical security safeguards, OCR focuses on a 2015 HIPAA settlement with Lahey Hospital and Medical Center that affected 599 patients. This breach and subsequent HIPAA fine were triggered by the theft of an unencrypted laptop from the Tufts Medical School-affiliated teaching hospital.

 

The laptop was stolen from an unlocked treatment room off an inner corridor of the radiology department and contained ePHI. Lahey Hospital was fined $850,000 for failing to implement physical controls–a high price to pay for something that could have been avoided if some simple physical security safeguards were in place.

 

Prior to the Lahey Hospital settlement, QCA Health Plan paid $250,000 to OCR in 2014 for potential HIPAA violations. QCA Health Plan neglected to implement physical safeguards for all workstations to restrict access to ePHI to authorized users only. In this case, an unencrypted laptop was stolen from an employee’s vehicle.

 

Massachusetts Eye and Ear Infirmary (MEEI) also settled a HIPAA violation with OCR in 2012 for $1.5 million. Again, this incident was related to the theft of an unencrypted laptop, resulting in the exposure of patients’ ePHI.

 

In 2016, Feinstein Institute for Medical Research settled potential HIPAA violations with OCR for $3.9 million. Feinstein Institute failed to physically secure a laptop that was stolen from an employee’s vehicle containing the ePHI of 13,000 patients.

 

In July 2016, the University of Mississippi Medical Center was fined $2,750,000 for a failure to implement HIPAA physical security safeguards. An unencrypted laptop that contained ePHI of approximately 10,000 patients was stolen from its Medical Intensive Care Unit.

Preventing HIPAA Physical Security Breaches

It is up to covered entities and their business associates to decide on the most appropriate physical security safeguards that will protect their patients’ ePHI. One way organizations can implement these physical security controls is by adopting an effective compliance program.

 

Compliance Group gives health care organizations confidence in their HIPAA compliance with The Guard. The Guard is our HIPAA compliance web-app that covers every element of HIPAA compliance.

 

Our Compliance Coaches will guide users through every step of their compliance program with the help of our HIPAA compliance web-app. The Guard is built to address the full extent of HIPAA regulation, including everything needed to implement an effective HIPAA compliance program that will help safeguard your practice from violations and fines.

 

With The Guard, health care professionals will not only address their physical security safeguards but the technical and administrative safeguards as well, along with the other HIPAA requirements.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
Scoop.it!

Information Risk Management Still Needs Improvement

Information Risk Management Still Needs Improvement | Healthcare and Technology news | Scoop.it

Cybersecurity threats and attacks across various business sectors are on the rise pressuring for organizations to continuously assess the risks to any information. While the General Data Protection Regulation (GDPR) has garnered a lot of buzz in 2018, many standards and regulations in the United States also require cybersecurity.

 

But what are the technical details and operational steps needed to meet the high level guidance on cybersecurity risk? A recent Advisen survey revealed some interesting statistics:

 

  • 35% of respondents rated data integrity risks as “high risk” versus only 22% that of rated business continuity risks, or cyber related business interruption
  • Only 60% of the risk professionals surveyed said their executive management team viewed cyber risk as a significant threat to the organization, down 23% from the previous year.
  • Only 53% knew of any updates or changes even after the 2017 high profile attack

 

In short, these statistics paint a grim picture over the state of cybersecurity in the United States. While organizations are aware of the high risk of cyber attacks, management team involvement may be decreasing, and organizations may not be evolving their cybersecurity programs quickly enough.

 

Creating a Security First Risk Mitigation Posture
Many organizations have moved to a risk analysis security first compliance posture to enable stronger risk mitigation strategies and incorporate senior management oversight. However, identifying the potential risks to your environment only acts as the first step to understanding your overall risk. In order to identify all potential risks and engage in a full risk analysis that appropriately assesses the overall risk facing your data, you need to incorporate vendor risk as part of your risk management process.

 

That’s a lot of risk discussion, but you also have a lot of places in your overarching ecosystem that create vulnerabilities. Using a risk management process that establishes a security-first approach to your organization’s data environment and ecosystem means that you’re locking down potential weaknesses first and then backtracking to ensure you’ve aligned controls to standards and regulations. This approach, although it seems backward from a traditional compliance point-of-view, functions as a stronger risk mitigation program by continuously monitoring your data protection to stay ahead of hackers. Standards and regulations mean well, but as malicious attacks increasingly become sophisticated the best practices within these documents may be outdated in a single moment.

 

What is an Information Risk Management (IRM) Program?
An information risk management (IRM) program consists of aligning your information assets to a risk analysis, creating IRM policies that formalize the reasoning and decisions, and communicating these decisions with senior management and the Board of Directors. The National Institute of Standards and Technology (NIST) and the International Standards Organization (ISO) both provide guidance for establishing an IRM.

 

For example, the September 2017 NIST update to NIST 800-37 focuses on promoting information security by recognizing the need for organizational preparation as a key function in the risk mitigation process.

 

In fact, the core standards organization, ISO, updated its ISO 27005 in July 2018 to focus more on the information risk management process.

 

Specific to the United States, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) updated it enterprise risk management framework to minimize data threats while requiring organizations to detail potential risks and manage risks more proactively.

 

As risk analysis increasingly drives information security practices, you need to focus on a risk treatment program that begins with risk identification, establishes an acceptable level of risk, defines your risk treatment protocols, and create risk mitigation processes.

 

Create an Information Risk Management (IRM) Team
In order to appropriately manage risk, you need to create an IRM Team consisting of stakeholders across the organization. Relying solely on your IT department may leave gaps in the process. To determine the stakeholders, you should explore the departments integral to risk identification. For example, you might want to ask yourself:

 

  • What departments hire vendors?
  • What departments can help with the overall risk process?
  • What stakeholders are legally required (in the United States) to be informed of the risk process?
  • Who brings unique insights into the risks that affect my data environment and ecosystem?

 

For example, while your IT department sets the controls that protect your information, your human resources department handles a lot of sensitive data. You need to incorporate stakeholders who understand the data risks unique to their role in your organization so that they can work with your Chief Information Officer and Chief Information Security Officer. Additionally, many United States regulations, such as the Sarbanes-Oxley Act of 2002 (SOX) require senior management and Board of Director oversight so they should also be included as part of your IRM team.

 

Begin with Business Processes and Objective
Many organizations forget that businesses processes and organizational business objectives should be the baseline for their risk analysis. Senior management needs to not only review the current business objectives but think about the future as part of the risk identification process. Some questions to ask might include:

 

  • What businesses processes are most important to our current business objectives?
  • Do we want to scale in the next 3-5 years?
  • What business processes do we need to meet those goals?

 

Understanding the current business objectives and future goals allows organizations to create stronger risk mitigation strategies. Many organizational goals rely on adding new vendors whose software-as-a-service products enable scalability. Therefore, you need to determine where you are as well as where you want to be so that you can protect the data that grows your organization and choose vendors who align with your acceptable level of risk.

 

Catalogue Your IT Assets
The next step in the risk analysis process requires you to look at all the places you transmit, store, or access data. This step often becomes overwhelming as you add more cloud storage locations that streamline employee workflows. Some questions to ask here might include:

 

  • What information is most critical to my business processes?
  • What servers do I store information on?
  • What networks does information travel over?
  • What devices are connected to my servers and networks?
  • What information, servers, networks, and devices are most essential to my targeted business processes?
  • What vendors do I use to management my data?

 

Review Your Potential Risks from User Access
Once you know what information you need to protect and where it resides, you need to review the users accessing it. Using multi-factor authentication and maintaining a “need to know” access protocol protects your information.

 

  • Who accesses critical information?
  • What vendors access your systems and networks?
  • Does each user have a unique ID?
    Can each user be traced to a specific device?
  • Are users granted the least authority necessary to do their jobs?
  • Do you have multi-factor authentication processes in place?
  • Do users have strong passwords?
  • Do you have access termination procedures in place?

 

These questions can help you manage risks to critical information because employees lack password hygiene or decide to use the information maliciously upon employment termination.

 

Establish An Acceptable Level of Risk
Once you’ve completed the risk identification process, You need to review what risks you want to accept, transfer, refuse, or mitigate. To determine the acceptable level of risk, you may want to ask some questions such as:

 

  • What is an acceptable level of external risk to my data environment?
  • What is an acceptable level of risk arising out of vendor access?
  • How do I communicate the acceptable level of risk to senior management?
  • How can I incorporate my acceptable level of risk in service level agreements (SLAs) with my vendors?
  • Can I quantify the acceptable level of risk I have assumed as part of my risk analysis?

 

Your information risk management (IRM) process needs to incorporate the full level of tolerances and strategies that protect your environment. In some cases, you may decide that a risk is unacceptable. For example, you may want to limit consultants from accessing your corporate networks and servers. In other instances, you may need to find ways to mitigate risks with controls such as password management or a Bring-Your-Own-Device policy.

 

Define the Controls That Manage Risk
Once you’ve set the risk tolerance, you need to define controls that manage that risk. This process is also called risk treatment. Your data ecosystem can leave you at risk for a variety of data breach scenarios, so you need to create information risk management (IRM) policies that outline your risk treatment decisions. In doing this, you need to question:

 

  • What firewall settings do I need??
  • What controls protect my networks and servers?
  • What data encryption protects information in transit across my networks and servers?
  • What encryption protects the devices that connect to my systems and networks?
  • What do I need to make sure that all vendor supplied passwords are change?
  • What protects my web applications from attacks?
  • What do I need from my vendors as part of my SLAs to ensure they maintain an acceptable level of security?

 

Defining your controls includes everything from establishing passwords to requiring anti-malware protection on devices that connect to your systems and networks. Creating a clearly defined risk treatment program enables a stronger security-first position since your IRM policies focus on protecting data proactively rather than reactively changing your security controls after a data event occurs.

 

Tracking the Risks With IRM Policies
Creating a holistic security-first approach to risk treatment and management means using IRM policies to help create a risk register. A risk register creates a tracking list that establishes a mechanism for responding to security threats. Your IRM policies, which should outline the entire risk management process, help establish the risk register by providing the list of risks monitored and a threat’s impact.

 

Although this process seems intuitive, the larger your environment and ecosystem, the more information you need to track. As you add vendors and business partners, you increase the risk register’s length making threat monitoring cumbersome.

 

How SecurityScorecard Enables the Information Risk Management Process
SecurityScorecard continuously monitors threats to your environment across ten factors: application security, DNS health, network security, patching cadence, endpoint security, IP reputation, web application security, cubit score, hacker chatter, leaked credentials, and social engineering.

 

Using these ten factors, organizations can streamline the risk management process. A primary hassle for those engaging in the risk management process lies in defining risks and establishing definitions for controls that mitigate overall risk. The ten factors remove the burden of identifying both risks to the environment and ecosystem as well as controls that mitigate risk. Moreover, you can use these same ten factors to quantify your risk monitoring and reaction, as well as the security of your vendors.

 

SecurityScorecard’s continuous monitoring tool can help alleviate bandwidth problems and help facilitate a cybersecurity program more in line with the sophisticated cyberthreat landscape.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
Scoop.it!

Empower Patients With StrongBox Payment Portal & Patient Financing Alternatives

Empower Patients With StrongBox Payment Portal & Patient Financing Alternatives | Healthcare and Technology news | Scoop.it

Customer churn. The phrase refers to the periodic loss of patients and the gaining of new clients. One way to ensure that churn works in your office’s favor is to empower your customers through our online financing portal. StrongBox, a leading platform as a service (PaaS) provider based in Boca Raton, FL, understands that when patients have the freedom to finance their procedures at a time and place of their choosing they are more likely to follow through with timely payments.

 

Why Customer Empowerment Matters
We all live busy lives, and patients are no different. No matter how welcoming and friendly your clinic is, patients are always mindful of their next appointments. One way StrongBox allows your clinic to empower patients is through our online financing portal. Instead of requiring your customers to fill out lengthy forms in the office, they simply need to sign on through our online portal to apply for financing from top lenders. By allowing your patients to choose when they apply, you are showing that you respect their valuable time. Plus, the online platform reduces wait time in your office.

 

A 2016 article in the Journal of Dental Hygiene found that long wait times in office have a measurable “negative effect” on patients’ satisfaction with their dentist and lowers patient return rates.

 

How StrongBox Empowers Your Patients
In addition to our revenue recognition cloud-based platform and our Payment Portal, StrongBox also offers two financing options, Select and Pro, that are accessible at the office or to be completed by the patient when they have the time to complete the less than 5 minute application process. The application process is paperless and offers instant access to an easy to use online financing application form. By partnering with StongBox, your patients will benefit from: 

  • Fixed-rate loans
  • No hidden markups
  • No interest hikes for late payments
  • No impact on credit score
  • Access to top-tier lenders (Discover, OneMain, Ascend)
  • Fast response from lenders
  • Easy application process
  • Hassle-free payments
  • Set monthly payments

 

Small- to medium-sized providers will benefit from our Select financing option. This service gives patients access to 30 lenders simultaneously. Select financing applications are approved at twice the rate as medical credit card applications. Both forms of application take less than five minutes for patients to complete.

 

Larger groups and networks may be best served with our Pro patient financing option. Our cloud-based platform can analyze your patients’ credit characteristics and rank them accordingly. Once approved, your clinic will receive funds within 24 hours.

 

More options for patients means a greater likelihood of compliance with billing, accelerating revenue recognition and reducing collection risk for the provider.  Many patients already experience anxiety over medical bills and non-payment is a healthcare system issue. In fact, a recent survey found that 79 million Americans have trouble paying medical bills and medical debt. Why not turn those worried patients into informed allies. The StrongBox model has a proven track record. Hospitals and clinics that use Pro and Select plans can see their collection rate increase from 15 to 70 percent to best practices 95 percent over the near term.


Learn How Our Online Platform Can Grow Your Business
Once your office begins using our online financing platform and payment portal, you can enjoy the benefits of our prompt customer support and proven return on investment. The freedom delivered by our revenue recognition platform and financing options means that your patients will feel empowered to handle payments on their terms while your team of oral health professionals can spend more time focusing on what you do best — serving patients.

 

If you have questions about StrongBox’s financing services, contact our team online or call our Boca
Raton, FL office at (855) 468-7876.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

4 Things to Know About Telehealth

4 Things to Know About Telehealth | Healthcare and Technology news | Scoop.it

Telehealth has emerged as a critical tool in providing health care services. [1] The practice covers a broad range of medical technology and services that collectively define the discipline. Telehealth is especially beneficial for patients who live in rural communities and other remote areas where medical professionals use the Internet to gather and share information as well as monitor the health conditions of patients by using peripheral equipment and software such as video conferencing devices, store-and-forward imaging, and streaming media. The following information details important factors that are shaping this burgeoning field.

 

The Changing Face of Telehealth Law
Today’s competitive health care marketplace has created an environment where patients demand lower costs, higher service quality, and convenient access to services. [2] Telehealth is an innovative and valuable mechanism that provides patients with efficient access to quality services. Lowering costs and removing barriers to service access, are critical components in promoting patient wellness and population health. Convenience and cost-effectiveness are important commodities in the modern health care marketplace, as patients tend to avoid treatment that is difficult to access or too expensive. As a result, telehealth technology is emerging as a preferred choice among patients and providers. Telehealth has also attracted the attention of US legislators. They utilize this tool for improving the competitiveness of American health care services. This is especially important, seeing as health care represents 17 percent of the nation’s gross domestic product (GDP). In fact, the resource has helped to define the role that lawmakers play in ensuring that patients benefit in a competitive health care market.

 

Reimbursement for Services Delivered by Telehealth
The laws regarding reimbursements change regularly as more service providers incorporate telehealth technology into their practices. Reimbursement procedures can vary by state, practice, insurer, and service. [3] Care providers need to understand several facts, regulations, and laws to navigate Medicare telehealth reimbursements. They must first scrutinize whether the distance between the facility (the originating site) and the patient is far enough to qualify as a distant site. The location must also qualify as a Health Professional Shortage Area (HPSA) per Medicare guidelines. Additionally, the originating site must fall under Medicare’s classification as a legally authorized private practice, hospital, or critical access hospital (CAH). For instance, the Centers for Medicare and Medicaid Services ranks the Harvard Street Neighborhood Health Center as a top facility in need of physician services based on these criteria. Care providers must also use proper insurance coding to be reimbursed for hosting services that use telehealth technologies. For now, collecting reimbursements for telehealth services remains simpler for practitioners who limit the scope to which they apply the technology.

 

Telehealth or Telemedicine?
The term ‘telehealth’ is gaining popularity among medical professionals, compared to the original term, ‘telemedicine.’ [4] Some medical professionals use the names interchangeably. However, telemedicine is a term that may apply to the application of any technology in the clinical setting, while telehealth more distinctly describes the delivery of services to patients. Telemedicine is a familiar term, but telehealth more appropriately describes the latest trends in using technology to deliver treatments to patients. Depending on the organization, service providers may use a different definitions of telehealth. Although the basic premise remains similar, the context may change according to factors such as organizational objectives, and the needs of the patient population being served. Medical experts do agree on one point; telehealth is an innovative way of engaging patients, and it is highly beneficial for both providers and patients.

 

The Road Ahead
There are several areas where telehealth medicine could make a significant impact. It could be used as a tool to remotely monitor patients who have recently been discharged. It may also help treat individuals with behavioral health issues who might normally avoid treatment due to its high cost, or to avoid any perceived public stigma. [5] The largest area where technology could advance medicine is in treating the chronically ill. These patients usually require many visits with several specialists who may practice at different and distant originating sites. To move telehealth forward, organizational leaders must present evidence to peers and patients that the technology offers value. In addition, care providers must work to transition patients from using telehealth services only for minor conditions (for headaches, colds, etc.), to accepting the technology as a viable replacement for costly physician office visits. Advocates for telehealth medicine must also develop quality controls, so that this potentially transformational tool can maximize its problem solving capabilities and its service effectiveness. To harness the benefits of telehealth technology, America’s brightest medical professionals (both experienced and up-and-coming) must make a concerted effort to incorporate the tool into their practices and make it a regular service offering. Today’s medical students — as they enter a world where telehealth is becoming more pervasive — can take part in what might be a monumental change in the way health professionals think about medical treatment.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Reporting’s Rising Role in Healthcare Success 

Reporting’s Rising Role in Healthcare Success  | Healthcare and Technology news | Scoop.it

Today’s healthcare market is saturated with hospitals, health systems, and physician practices tackling EHR optimization, cost analytics, and other data-related projects. The industry has made great strides to establish a digital, real-time record of patient care. As that clinical, operational, and financial data piles up, one of the industry’s latest challenges is identifying ways to make that valuable information actionable.

When viewed collectively, data tells a story of what has happened over time. In the healthcare setting, effective data capture helps providers easily assess a myriad of pertinent business metrics, including (but by no means limited to):

How many patients were seen today?

Which patients presented with co-morbidities?

On average, how long was the reimbursement process by payer?

What is the Accounts Receivable impact?

By monitoring business performance, healthcare stakeholders can understand where they stand today relative to past periods and peer organizations. Analysis of that data illuminates areas for improvement and the progress the healthcare organization is making in pursuit of long-term goals. As value-based care initiatives continue to take root, performance reporting also fuels reimbursement under quality payment programs like the Merit-based Incentive Payment System and Meaningful Use.

Hospitals working towards the triple aim of improving population health and patient experience while reducing the cost of care will have to leverage analytics to trend patient outcomes and identify improvement opportunities. With patient health, regulatory compliance, and reimbursement on the line, reporting stakes have never been higher. Amid the proliferation of data-oriented business processes and payment models, reporting expertise and analysts will be among healthcare’s greatest assets.

As your healthcare organization undertakes the complex process of broader clinical and financial reporting, build a successful data management strategy by keeping the following reporting considerations in mind.

Start with your current process.

How are you capturing relevant data now? Analysts should shadow staff members to see what information they are trying to get and how they are presently documenting those details. This can help you identify points in the data capture process that can be improved upon, or are perhaps being overlooked. Help employees understand the “why” behind data capture requirements. Demonstrate how current practices impact the data staff members see in reporting results.

Avoid knowledge gaps by involving reporting stakeholders early on.

In almost every healthcare setting there are gaps in the data being captured. Involve reporting in all implementation initiatives to make sure your organization is consistently capturing the right variables. This is particularly true among clinicians preparing to report on new metrics under MACRA’s inaugural Quality Payment Program period. Set field requirements in your EHR or other healthcare IT platform to ensure the necessary data makes it into the system.

Format reporting data in a manner that highlights actionable insights.

How do you want to see reporting data portrayed? Data may need to be sourced as a dashboard, manipulated in Excel, or sent to a third party, depending on the project at hand. In most use cases, a visual representation of data can help administrators more easily:

  • Compare performance data to other hospitals.
  • Track metric performance over time.
  • Visualize outliers, high-performance areas, and low-performance areas.

Armed with that insight, stakeholders can quickly identify downward trending financial KPIs, clinical quality measures that best support the organizations value-based reporting endeavors, and more.

Develop a data governance strategy.

Avoid common data quality “gotchas” by developing a data governance plan that cultivates consistency in how data is documented. Implement EHR rules that bar duplicate data entry and support field normalization. Establish a data source hierarchy to defer to the highest quality data source in cases where fields may come from multiple sources.

End-users often have not considered the impact that data documentation has on the reporting perspective. Data quality issues revealed during reporting often drive process or policy changes and can shed light on training opportunities. Reporting is a data mining process that supports more effective decision making on behalf of the organization. With reporting and analytics poised to play an expanding role in healthcare initiatives like population health management and improved utilization management, now is an ideal time for healthcare organizations to engage reporting expertise to establish a strong foundation for data-driven success.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

AI must overcome data challenges to reach healthcare potential 

AI must overcome data challenges to reach healthcare potential  | Healthcare and Technology news | Scoop.it

Dive Brief:

  • Rapid digitization of health information in EHRs and other repositories is creating new opportunities for AI in healthcare, but challenges in data accessibility, privacy and security persist, according to a new ONC report.
  • Frustration with legacy medical systems, the omnipresence of networked smart devices and consumer comfort with at-home services offered by Amazon and other tech vendors is driving interest in AI's potential.
  • Smartphone, social and environmental data can all be potential sources to fuel AI's use in healthcare. However, the report concludes such data must be high quality and reliable. Otherwise, AI's promise will not be realized in healthcare.

Dive Insight:

AI is a hot healthcare topic but still needs to be translated into reality, especially in an industry as complex as healthcare. 

During the second quarter of 2017, CB Insights counted 29 investment deals in the healthcare AI space — a record number — and predicted 2017 would set a six-year high.

 

Enthusiasm is expected to stay heated into 2018, with demand for tools that go beyond noting social determinants of health to using that data to inform patient care plans.

 

While investors will continue to fund wearables and biosensors, what grabs their attention are specific clinical use cases these technologies can support, Megan Zweig, director of research at Rock Health, told Healthcare Dive recently.

 

Tech giants including IBM Watson, Microsoft, Google and Apple are staking a claim in the space, too. Last month, Google launched Deep Variant, an open-source tool that uses AI to create a picture of a person’s genetic blueprint using sequencing data. The goal is to pinpoint specific genes or gene mutations that can help providers better manage disease states.

 

But challenges to widespread use of AI in health remain, as the ONC study shows. Among these are the acceptance of AI applications in clinical practice, difficulty leveraging divergent personal networked devices and AI solutions, access to quality training data on AI applications in health and gaps in data streams.

 

The report belies a large obstacle for rampant AI use. White noting the importance of high quality and reliable data, the industry has a data standards problem at the moment which needs to be ironed out. 

 

Currently, different vendors and clinicians send unstructured data in medical records back and forth across EHR systems through continuity-of-care documents, which are format flexible. If the promise of AI relies on reliable data, standards will have to be well-defined to ensure the data are high quality.

 

On the bright side, the industry seems aware that healthcare is close to a breaking point at interoperability. The growing Internet of Things and consumerism in healthcare naturally demands a more networked, connected industry approach. 

 

CMS Administrator Seema Verma in a town hall webcast on Wednesday with American Hospital Association CEO and President Rick Pollack said interoperability will be a topic of interest for the agency. She told listeners they will hear more from CMS in the future.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Could On Demand Medical Services Be Good for Doctors?

Could On Demand Medical Services Be Good for Doctors? | Healthcare and Technology news | Scoop.it

I’ve been seeing a lot of discussion lately about the peer sharing economy and how it applies to healthcare. Some people like to call it the Uber of healthcare, but that phrase has been applied so many ways that it’s hard to know what people mean by it anymore. For example, is it Uber bringing your doctor to your home/work or is it an Uber like system of requesting healthcare? There are many more iterations.


I’ll to consider doing a whole series of posts on the Peer Sharing Economy and how it applies to healthcare. There’s a lot to chew on. However, most recently I’ve been chewing on the idea of on demand medical services. In most cases this is basically the Skype or Facetime telemedicine visit on a mobile device. These models are starting to develop and it won’t be long until all of us can easily hop on our mobile device and be in touch with a doctor directly through our phone. In some cases it will be a telemedicine visit. In other cases it might be the doctor coming to visit you. I’m sure we’ll have a wide variety of modalities that are available to patients.


Every patient loves this idea. Every insurance company is trying to figure out the right financial model to make this work. Most doctors are scared at what this means for their business. Certainly there are reasons for them to be concerned, but I believe that this new on demand medical service could be very good for doctors.


In our current system practices do amazing scheduling acrobatics to ensure that the doctor is seeing a full schedule of patients every day. They do this mostly because of all the patient no shows that occur. This makes life stressful for everyone involved. Imagine if instead of double booking appointments which leads to all sorts of issues, a doctor replaced no show appointments with an on demand visit with a patient waiting to be seen on a telemedicine platform. Basically the doctor could fill their “free time” with on demand appointments instead of double booking appointments which then causes them to get behind when both appointments do show up.


I can already hear doctors complaining about them being “mercenaries” and shouldn’t they be allowed free time to grab a coffee. I’d argue that in the current system they are mercenaries that are trying to fill their schedule as full as possible. The current double booking scheduling approach that so many take means that some days the doctor has a full schedule of appointments and some days they have more than a full schedule of appointments. If doctors chose to back fill no-shows with on demand appointments, then their schedule would be more free than it is today. Plus, if they didn’t want to back fill a no show, they could always make that choice too. That’s not an option in the double book approach they use today.


In fact, if there was an on demand platform where doctors could go and see patients anytime they wanted to see patients, it would open up a lot more flexibility for doctors much like Uber has done for drivers. Some doctors may want to work early in the morning while others want to work late at night. Some doctors might want to take off part of the day to see their kid’s school performance, but they can work later to make up for the time they took off (if they want of course).


Think about retired doctors. I’m reminded of my pharmacist friend who was still working at the age of 83. I asked him why he was still working at such an advanced age. He told me, “John, if I stop, I die.” I imagine that many retired doctors would love to still see some patients if they could do it in a less demanding environment that worked with their new retirement schedule. If there was an on demand platform where retired doctors could sign in and see patients at their whim, this would be possible. No doubt this is just one of many examples.


Currently there isn’t an on demand platform that doctors could sign into and see a patient who’s waiting to be seen. No doubt there are many legal, financial and logistical challenges associated with creating a platform of this nature. Not the least of which is that doctors are only licensed to practice in specific states. This is a problem which needs to be solved for a lot of reasons, but I think it will. In fact, I think that legal issues, reimbursement changes, and other logistical challenges will all be solved and one day we’ll have this type of on demand platform for healthcare. Patients will benefit from such a platform, but I believe it will open up a lot more options for doctors as well.

more...
No comment yet.