Healthcare and Technology news
48.6K views | +10 today
Follow
Healthcare and Technology news
Your new post is loading...
Your new post is loading...
Scoop.it!

Take Full Control of Your Business Phone System

Take Full Control of Your Business Phone System | Healthcare and Technology news | Scoop.it

In order to reach a  93% chance of converting a lead, it takes an agent about 6 attempts; meanwhile, 10 to 15 are the number of 2-minute calls one has to make within the span of an hour; and, on an average, a sales agent needs to keep in touch with a clientele consisting of 2 large accounts, 6 medium accounts, and 50 small accounts to reach his or her monthly quota. Are your current modes of communication able to help you meet these numbers on the daily? If you answered “no,” then it’s about time that you get a grip, and take control of your business phone systems.

 

Imagine starting your career in sales sometime before the ’80s, when modern technological advancements didn’t exist; a time when going through the previously mentioned statistics meant doing it with an early version of a landline device.  Luckily, today’s set of experts has given grave importance to the development of both software and hardware in easing the flow of communications. A more resilient, advanced, dependable, and cost-effective version of previous corporate communication tools, is this new breed of phone systems. But despite its seemingly pristine facade, these modern upgrades are still prone to issues. It is important for organizations to be aware of these possible circumstances, in order to effectively manage their phone systems, and have it fully optimized for the efficiency of operations.

Always One Step Ahead

Defying the forthcoming is probably not the wisest way to go about any internal issue. When dealing with something as vital as phone systems, it always pays to address the issue head on. Whether it is for internal communications or other communication functions, these pieces of technology are constantly being used. With this frequency of its usage, it does not matter how careful you are while using it. The daily wear and tear these phone systems go through make them very much prone to certain system problems. Giving yourself enough lead-time to adjust to eventual system troubleshooting requires that you know what is there to prepare for.

 

An upgrade in their system’s hardware is the primary problem faced by most companies. Yes, just like your smart phones, your business phones get obsolete too. Every year brings to the table a different challenge for developers to battle. And as time passes, the once top-of-the-line equipment that furnished your agents’ desks will see the end of its glory days. Newer systems are introduced to the market each year; and all of them cater to a company’s need to cater to the growing list of demands from clients.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Compromised logs can hamper IT security investigations 

Compromised logs can hamper IT security investigations  | Healthcare and Technology news | Scoop.it

At the heart of most devices that provide protection for IT networks is an ability to log events and take actions based on those events. This application and system monitoring provides details both on what has happened to the device and what is happening. It provides security against lapses in perimeter and application defences by alerting you to problems so defensive measures can be taken before any real damage is done. Without monitoring, you have little chance of discovering whether a live application is being attacked or has been compromised.

 

Critical applications, processes handling valuable or sensitive information, previously compromised or abused systems, and systems connected to third parties or the Internet all require active monitoring. Any seriously suspicious behaviour or critical events must generate an alert that is assessed and acted on. Although you will need to carry out a risk assessment for each application or system to determine what level of audit, log review and monitoring is necessary, you will need to log at least the following:

  • User IDs
  • Date and time of log on and log off, and other key events
  • Terminal identity
  • Successful and failed attempts to access systems, data or applications
  • Files and networks accessed
  • Changes to system configurations
  • Use of system utilities
  • Exceptions and other security-related events, such as alarms triggered
  • Activation of protection systems, such as intrusion detection systems and antimalware

Collecting this data will assist in access control monitoring and can provide audit trails when investigating an incident. While most logs are covered by some form of regulation these days and should be kept as long as the requirements call for, any that are not should be kept for a minimum period of one year, in case they are needed for an investigation.  However, monitoring must be carried out in line with relevant legislation, which in the UK is the Regulation of Investigatory Powers and Human Rights Acts. Employees should be made aware of your monitoring activities in the network acceptable use policy.

 

 

Log files are a great source of information only if you review them. Simply purchasing and deploying a log management product won’t provide any additional security. You have to use the information collected and analyse it on a regular basis; for a high-risk application, this could mean automated reviews on an hourly basis. ISO/IEC 27001 control A.10.10.2 not only requires procedures for monitoring the use of information processing facilities, but demands the results are reviewed regularly to identify possible security threats and incidents.

 

However, even small networks can generate too much information to be analysed manually. This is where log analysers come in, as they automate the auditing and analysis of logs, telling you what has happened or is happening, and revealing unauthorised activity or abnormal behaviour. This feedback can be used to improve IDS signatures or firewall rule sets. Such improvements are an iterative process, as regularly tuning your devices to maximise their accuracy in recognising true threats will help reduce the number of false positives. Completely eliminating false positives, while still maintaining strict controls, is next to impossible, particularly as new threats and changes in the network structure will affect the effectiveness of existing rule sets. Log analysis can also provide a basis for focused security awareness training, reduced network misuse and stronger policy enforcement.

 

ISO/IEC 27001 controls A.10.10.4 and A.10.10.5 cover two specific areas of logging whose importance is often not fully appreciated: administrator activity and fault logging. Administrators have powerful rights, and their actions need to be carefully recorded and checked. As events, such as system restarts to correct serious errors, may not get recorded electronically, administrators should maintain a written log of their activities, recording event start and finish times, who was involved and what actions were taken. The name of the person making the log entry should also be recorded, along with the date and time. The internal audit team should keep these logs.

 

There are two types of faults to be logged: faults generated by the system and the applications running on it, and faults or errors reported by the system's users. Fault logging and analysis is often the only way of finding out what is wrong with a system or application. The analysis of fault logs can be used to identify trends that may indicate more deep-rooted problems, such as faulty equipment or a lack of competence or training in either users or system administrators.

 

All operating systems and many applications, such as database server software, provide basic logging and alerting faculties. This logging functionality should be configured to log all faults and send an alert if the error is above an acceptable threshold, such as a write failure or connection time-out. The logs should be reviewed on a regular basis, and any error-related entries should be investigated and resolved. While analysing all logs daily is likely an unrealistic goal, high-volume and high-risk applications, such as an e-commerce Web server, will need almost daily checking to prevent high-profile break-ins, while for most others a weekly check will suffice.

 

There should be a documented work instruction covering how faults are recorded or reported, who can investigate them, and an expected resolution time, similar to a service contract if you use an outside contractor to support your systems. Help desk software can log details of all user reports, and track actions taken to deal with them and close them out.

 

No matter how extensive your logging, log files are worthless if you cannot trust their integrity. The first thing most hackers will do is try to alter log files to hide their presence. To protect against this, you should record logs both locally and to a remote log server. This provides redundancy and an extra layer of security as you can compare the two sets of logs against one another -- any differences will indicate suspicious activity.

 

If you can’t stretch to a dedicated log server, logs should be written to a write-once medium, such as a CD-R or DVD-R, or to rewritable media such as magnetic tape data storage or hard disk drives that automatically make the newly written portion read-only to prevent an attacker from overwriting them. It's important also to prevent administrators from having physical and network access to logs of their own activities. Those tasked with reviewing logs should obviously be independent of the people, activities and logs being reviewed.

 

The protection of log information is critical. Compromised logs can hamper IT security investigations into suspicious events, invalidate disciplinary action and undermine court actions.

 

Another point to bear in mind is system clocks need to be synchronised so log entries have accurate timestamps. Check computer clocks and correct any significant time variations on a weekly basis, or more often, depending on the error margin for time accuracy.

 

Clocks can drift on mobile devices and should be updated whenever they attach to the network or desktop. Always record the time of an event in a consistent format, such as Universal Coordinated Time (UTC) across all files. For additional security, add a checksum to each log entry so you can detect if any entries have been tampered with. Controls also need to be in place to ensure there is ample log storage. If your logs can be trusted, they can help you reconstruct the events of security incidents and provide legally admissible evidence.

 

Logging and auditing work together to ensure users are only performing the activities they are authorised to perform, and they play a key role in preventing, as well as in spotting, tracking and stopping unwanted or inappropriate activities.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

 
more...
No comment yet.
Scoop.it!

Reporting’s Rising Role in Healthcare Success 

Reporting’s Rising Role in Healthcare Success  | Healthcare and Technology news | Scoop.it

Today’s healthcare market is saturated with hospitals, health systems, and physician practices tackling EHR optimization, cost analytics, and other data-related projects. The industry has made great strides to establish a digital, real-time record of patient care. As that clinical, operational, and financial data piles up, one of the industry’s latest challenges is identifying ways to make that valuable information actionable.

When viewed collectively, data tells a story of what has happened over time. In the healthcare setting, effective data capture helps providers easily assess a myriad of pertinent business metrics, including (but by no means limited to):

How many patients were seen today?

Which patients presented with co-morbidities?

On average, how long was the reimbursement process by payer?

What is the Accounts Receivable impact?

By monitoring business performance, healthcare stakeholders can understand where they stand today relative to past periods and peer organizations. Analysis of that data illuminates areas for improvement and the progress the healthcare organization is making in pursuit of long-term goals. As value-based care initiatives continue to take root, performance reporting also fuels reimbursement under quality payment programs like the Merit-based Incentive Payment System and Meaningful Use.

Hospitals working towards the triple aim of improving population health and patient experience while reducing the cost of care will have to leverage analytics to trend patient outcomes and identify improvement opportunities. With patient health, regulatory compliance, and reimbursement on the line, reporting stakes have never been higher. Amid the proliferation of data-oriented business processes and payment models, reporting expertise and analysts will be among healthcare’s greatest assets.

As your healthcare organization undertakes the complex process of broader clinical and financial reporting, build a successful data management strategy by keeping the following reporting considerations in mind.

Start with your current process.

How are you capturing relevant data now? Analysts should shadow staff members to see what information they are trying to get and how they are presently documenting those details. This can help you identify points in the data capture process that can be improved upon, or are perhaps being overlooked. Help employees understand the “why” behind data capture requirements. Demonstrate how current practices impact the data staff members see in reporting results.

Avoid knowledge gaps by involving reporting stakeholders early on.

In almost every healthcare setting there are gaps in the data being captured. Involve reporting in all implementation initiatives to make sure your organization is consistently capturing the right variables. This is particularly true among clinicians preparing to report on new metrics under MACRA’s inaugural Quality Payment Program period. Set field requirements in your EHR or other healthcare IT platform to ensure the necessary data makes it into the system.

Format reporting data in a manner that highlights actionable insights.

How do you want to see reporting data portrayed? Data may need to be sourced as a dashboard, manipulated in Excel, or sent to a third party, depending on the project at hand. In most use cases, a visual representation of data can help administrators more easily:

  • Compare performance data to other hospitals.
  • Track metric performance over time.
  • Visualize outliers, high-performance areas, and low-performance areas.

Armed with that insight, stakeholders can quickly identify downward trending financial KPIs, clinical quality measures that best support the organizations value-based reporting endeavors, and more.

Develop a data governance strategy.

Avoid common data quality “gotchas” by developing a data governance plan that cultivates consistency in how data is documented. Implement EHR rules that bar duplicate data entry and support field normalization. Establish a data source hierarchy to defer to the highest quality data source in cases where fields may come from multiple sources.

End-users often have not considered the impact that data documentation has on the reporting perspective. Data quality issues revealed during reporting often drive process or policy changes and can shed light on training opportunities. Reporting is a data mining process that supports more effective decision making on behalf of the organization. With reporting and analytics poised to play an expanding role in healthcare initiatives like population health management and improved utilization management, now is an ideal time for healthcare organizations to engage reporting expertise to establish a strong foundation for data-driven success.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

A Hospital Is Already Giving Apple Watch To Its Patients

A Hospital Is Already Giving Apple Watch To Its Patients | Healthcare and Technology news | Scoop.it

The Apple Watch began arriving in homes and businesses across America on Friday.


And in New Orleans, one doctor immediately strapped it to his patient’s wrist.


“We need to fundamentally change behavior,” says that doctor — Richard Milani. “And the Apple Watch has the potential to [do] it.”

Milani is the Chief Clinical Transformation Officer at Ochsner Health System, and overseeing what the hospital calls a first-of-its-kind trial: Giving Apple Watch to patients who struggle with high blood pressure, and seeing if it prompts them to take their medication, to make positive changes in lifestyle, and simply, to just get up and move around.


And Milani believes that the potential opportunity is huge: More than 80% of U.S. health care spending goes toward chronic disease. And many of those diseases are exceedingly preventable.


Apple Watch part of Ochsner’s broader strategy

While it doesn’t have the national profile of some health systems, Ochsner has been working hard to be a leader in digital medicine.


  • More than a year ago, the hospital launched an “O Bar” — deliberately modeled on Apple’s Genius Bar — to help patients pick through the thousands of health and wellness apps available to them.
  • Six months ago, Ochsner became the first hospital to integrate its Epic electronic health record system with Apple’s HealthKit software.
  • And in February, Ochsner launched its “Hypertension Digital Medicine Program,” a pilot program where several hundred patients regularly measure their own blood pressure and heart rate ratings using wireless cuffs, which then send that data through Apple’s HealthKit (and collects it in their medical records). Based on the results, Ochsner staff then make real-time adjustments to the patients’ medication and lifestyle.


The new Apple Watch trial builds off the hospital’s existing digital medicine program, Milani says. And he began Friday’s pilot with his longtime patient Andres Rubiano, a 54-year-old who’s spent the past twenty years trying to manage his chronic hypertension.

Rubiano says that his two months participating in Ochsner’s digital medicine program have been “comforting” — he enjoys the constant monitoring — and have already led him to make changes in diet and exercise.

“It’s been a life-changer for me,” he says.

But the Apple Watch has the potential to go further. Its customized alerts and prompts encourage immediate interventions. When we spoke on Friday afternoon, just six hours or so after he began wearing the Apple Watch, Rubiano raved about the subtle taps on his wrist.

“It’s like I have Milani as my buddy right next to me,” Rubiano said, “just nudging me to get up off your [behind] and walk around, or saying, hey, take your meds.”

Milani acknowledges there’s limited evidence that wearable technologies can directly lead to the health improvements he’s hoping to see.


But he plans to quickly enroll about two dozen patients in his Apple Watch trial, in order to begin collecting data on whether the Watch is actually making a difference. (Other patients in the hypertension program will act as the control group.) And he’s optimistic that wearable technology will pay dividends in health.

“For whatever reason, health care doesn’t do a very good job of creating [the necessary] behavior change,” Milani says. “But many of these new technologies have that ability.”

more...
No comment yet.
Scoop.it!

How to Meet HIPAA Compliance Requirements

How to Meet HIPAA Compliance Requirements | Healthcare and Technology news | Scoop.it

A Revolutionary Approach to HIPAA Compliance

We all know that meeting the requirements set forth in the HIPAA compliance policy is mandatory for any healthcare, medical records, insurance, or other healthcare-related business. Securing individuals’ electronic protected health information (ePHI) is the most critical step to complying with HIPAA.

 

Yet this is often easier said than done, especially when you consider the high number of complex requirements that must be met in order to prove compliance.

The challenges of abiding by the “Security Rule”

For example, one of the most critical items on any HIPAA compliance checklist is meeting the Security Standards for the Protection of Electronic Health Information. Commonly referred to as the “Security Rule,” this requirement establishes a national set of security standards for protecting certain health information that is held or transferred in electronic form.

The Security Rule addresses the technical and non-technical safeguards that organizations referred to “covered entities” must put in place to secure individuals’ ePHI. All covered entities must assess their security risks, even those entities who utilize certified electronic health record (EHR) technology. Those entities must put in place administrative, physical and technical safeguards to maintain compliance with the Security Rule, and document every security compliance measure.

Related: Sorry for the Inconvenience – The Breaches Just Keep Coming (and so do the Ramifications)

CSPi’s HIPAA compliance solutions

If all of this sounds intimidating, we have some good news: CSPi’s security solutions are uniquely suited to address the requirements specified in the Security Rule (and in turn, to help you stay HIPAA compliant).

Our ARIA Software-Defined Security (SDS) solution and applications help healthcare organizations protect the security of individuals’ ePHI information with powerful tools and capabilities required to:

  • Know and prove what ePHI records were accessed (if any) through:

    • The automatic detection of intrusion or unauthorized access.
    • Continual and complete monitoring of ePHI data as it moves through the network (including east-west traffic), and is accessed throughout the environment.
    • The ability to stop or disrupt incidents that could lead to potential disclosure.
    • Block or redirect identified data conversations with ePHI repositories and provide the auditable documented detail of measures take to maintain HIPAA compliance.
    • Prevent unauthorized access of customer data through the use of encryption that can be applied on a per-customer basis.

Working in conjunction with ARIA, our nVoy Series provides additional proof of HIPAA compliance with:

  • Automated breach verification and notification, critical to giving healthcare organizations a better way to comply.
  • Detailed and complete HIPAA compliance reports, including recordings of all conversations involving ePHI.
  • Auditable proof of the exact impact of data breach, including:
    • What devices are involved and to what degree?
    • When did the breach start and when did it end?
    • What critical databases or files were accessed?
    • Who did the intruder talk to?

Visit CSPi at HIMSS19 in the Cybersecurity Command Center Booth 400, Kiosk 91.

Interested in learning more about CSPi, including how our innovative security tools are helping today’s healthcare leaders achieve compliance with HIPAA? Make your plans to visit with us at the upcoming HIMSS conference, or visit www.cspi.com, to learn more about our HIPAA compliance programs.

About CSPi

CSPi is a leading cybersecurity firm that has been solving security challenges since 1968. Our security solutions take a radically different approach to enterprise-wide data security by focusing on the data at its source, securing DevOps applications and leveraging network traffic for actionable insights. CSPI’s ARIA SDS platform uses a simple automated approach to protect any organization’s critical data, including PII/PHI, on-premise and in public clouds, no matter if is in use, in transit, or at rest. Our Myricom® nVoy Series appliances provide compliance assurance, automated breach verification and network monitoring enabled by the 10G dropless packet capture capabilities of our Myricom® ARC intelligent adapters. To learn more about how our cybersecurity products can help you with data privacy regulation compliance, check out our how-to guide, “Successfully Complying with Data Privacy Regulations.”

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Serve More Patients and Increase Your Revenue

Serve More Patients and Increase Your Revenue | Healthcare and Technology news | Scoop.it

Healthcare costs are rising. So are insurance deductibles and prescription fees. As more and more patients struggle to pay for their medical needs, healthcare providers suffer as well. Healthcare financing is evolving, and practice owners must change with it if they want to stay afloat. Our team at StrongBox offers healthcare/medical/dental patient financing that integrates seamlessly with our revenue cycle management software. Read on to find out how we can help you reduce bad debt expense and increase your return on investment (ROI).

 

Patients’ Confidence in Healthcare Affordability is Declining

In a study conducted this year, only 62.4% of adults in the United States said they were somewhat or very confident in their ability to pay for healthcare costs. [1]  This is a significant decline from 2015, when almost 70 percent of individuals said they were confident they could pay for medical care.

 

In this same study, about 55% of adults with employer-provided insurance plans said they felt certain they would be able to afford medical care when if necessary. But what about those with individual coverage? One-third of all American adults stated that healthcare has become significantly more difficult
to afford over the past year. Additionally, only half of the population said they would have the money necessary to cover the costs of an unexpected medical bill.

 

What Needs to Change?
The statistics mentioned above are staggering. Clearly, we need a better way to help patients afford the
care they need. However, if healthcare providers keep performing treatment on patients who cannot
pay, their business suffers. What is the solution? At StrongBox, we offer healthcare/medical/dental
patient financing that benefits both the doctor and the patient.

 

Lending Partners and Patient Financing
What if you could give your patients the option to search fixed-rate healthcare loans from top-tier lenders? This is precisely what StrongBox offers. When your patient fills out an application, rates are provided without markup. Better yet, compared to medical credit cards, over twice as many applicants are approved. This option is not only ideal for elective procedures, such as cosmetic surgery and fertility treatments, it’s also extremely beneficial for individuals who do not have the money to pay for health-related procedures upfront.

 

StrongBox Healthcare/Medical/Dental Patient Financing
When it comes to patient financing, StrongBox offers two primary solutions: Select and Pro. Select is ideal for small to mid-sized providers. This cloud-based software works in conjunction with StrongBox revenue cycle management. Patients can complete their application in less than five minutes, after which it is submitted to a pool of up to 15 lenders. With terms up to 60 months and reasonable interest rates, this option is non-recourse to healthcare providers.

 

Pro is designed for large group practices and hospitals. This proprietary software identifies each patient’s credit profile and predicts their ability to pay. After approval, the healthcare facility receives funds directly within 24 hours. This increases average collections from 15% to 70%. As a result, practice owners can enjoy improved revenue and reduced bad debt expense.

 

Learn More about Healthcare/Medical/Dental Patient Financing with StrongBox

Are rising healthcare costs having a negative impact on the financial state of your practice? We can help.
If you would like to learn more about StrongBox solutions, request a virtual demo. We can assess your
unique practice needs and design customized software to address those concerns. Contact our Boca
Raton, FL office by calling (855) 468-7876.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Ed McCallister’s Vision for UPMC: “The Patient Has To Be At the Center”

Ed McCallister’s Vision for UPMC: “The Patient Has To Be At the Center” | Healthcare and Technology news | Scoop.it

While both Edward W. McCallister and HCI Editor-in-Chief Mark Hagland were participating in HIMSS15 last week at the McCormick Place Convention Center in Chicago, they had the opportunity to sit down for a conversation on April 14. McCallister, who became chief information officer at the 21-hospital UPMC (University of Pittsburgh Medical Center) Health System in October, has spent nearly 17 years with the organization, most of those years with the organization’s 2.5-million-member health plan, of which he was CIO for several years prior to October 2014. He now oversees information systems for the entire system, including its 21 hospitals, 3,500 physicians in medical groups, and other outpatient services, and its 2.5 million-member health plan, and has over 1,400 professionals reporting to him across the vast UPMC organization. Below are excerpts from their interview.


There is a lot going on at UPMC these days. Now that you are CIO of the entire organization, what is your vision for the organization over the next few years?


Part of what’s going on right now is the whole restructuring of UPMC—it’s become a much flatter organization. I’m over the hospitals, medical groups, and insurance division, and am a customer/partner with the Technology Development Center, which has become our development arm, under the name UPMC Enterprises. But the vision is, with the alignment, with the move towards consumerism and population health, it’s putting the patient and consumer at the center. So the 50,000-foot strategy would be to recognize the opportunities to recognize the person.


When people come into the UPMC world as consumers of healthcare, we’re able to treat them in a way that is unique because of who we are. We address the consumer experience in three ways. First, we address it n terms of guidance: we provide the transparency tools, the cost comparison tools, and so on, to help them make decisions about their health. The second piece is supporting them in terms of motivation. For example, we actually have a platform that’s very device-agnostic, and gives them a place to capture data from their wearables and devices, through the insurance division, MyHealthOnline. And the third piece would be the convenience. You might be interested in all your information, and you might not necessarily want to have to pull up a portal, so you could get your information on a mobile device.


The pressures on CIOs in the new healthcare are intensifying. What must CIOs do in today’s evolving operating environment?


You bring up a good point. The role of the CIO—the changes have accelerated. Oftentimes, information technology  is seen as an expense—a necessary expense, but an expense nonetheless.. I think the CIO has become a chief innovation officer and chief integration officer, and other things, all at once. So you need to start with the business leaders of your organization, and be at the table for the discussion from the beginning. Instead of CIOs being reactive, I think the role of the CIO involves being at the table in the first place, defining the future together with other senior leaders. And that makes the role of the CIO much more interesting, and much more valuable. That sets the stage, and then the CIO and his or her executive team, they’re able to figure things out together. It makes it more all-inclusive.


What are your biggest challenges at UPMC, going forward?


I think that the most difficult thing is to realize all of the opportunities and sequence them in a way that’s much more meaningful to the consumer, because at the end of the day, the patient has to be at the center of everything we do. That means sitting down with the business leaders of the organization and focusing on the consumer experience. And I think the excitement over the opportunity outweighs the fear of the challenge. I do see the challenges and opportunities. Think about telehealth and telemedicine:  short five or ten years ago, the technology was the barrier in getting it done. The technology’s there now; it’s no longer the barrier to getting some of these things done. And partnering with the business is why you’re able to do this today. And I meet regularly with our telehealth director, Natasha Sokolovich. That’s a great example of what can be done together. The same goes for our ongoing collaboration with Dr. Shapiro [Steven Shapiro, M.D., UPMC’s chief medical and scientific officer since September 2010], in terms of the development of clinical pathways, as another example.

What are your top few strategic priorities as CIO?


We obviously want to do the business of IT. You start with the business of great care, and supporting 21 hospitals and 3,500 docs, and the health plan with 2.5 million members; and the international arm. So you want to drive efficiencies in our core business. Things like telehealth. The consumer always has to be at the forefront. So then, meeting the consumer where they expect to be met.  And analytics. We continue to have a very focused approach to what we’re doing in analytics. The enterprise analytics initiative is an example of that. We spent the first few years building the foundation. It was more of a data warehouse initiative at first. Now, with the initiative with the University of Pittsburgh and Carnie-Mellon [in March, UPMC announced a new partnership with Carnegie Mellon University and the University of Pittsburgh called the Pittsburgh Health Data Alliance, to leverage big data for healthcare innovation], that provides the opportunity for more advanced analytics work as well.


Meanwhile, you continue to move forward on population health and accountable care as well, correct?


Yes, those ongoing initiatives are also focused on putting the consumer at the center. With regard to patient-centered medical home development, previously, we didn’t necessarily have the right model to address the patient in the right way. We were defining the PMCH and how the patient would be engaged, but in the move towards a more consumer-centric environment, it’s how the consumer can be engaged. It’s partly going to be about mobility, moving everything to the phone. And for the younger generation, their primary care doc is their phone. There’s so much self-diagnosis going on. My kids are in their early twenties, and the first thing they’ll do is to take a picture and do a web search. There’s so much self-diagnosis and education online, that the consumer’s more part of a care team. The PCMH was a great term at the time, but now it has to become a consumer-centric care team model.


Do you have any comments on the current policy and regulatory environment?


Any policy or regulatory activities that happen, in some fashion impact UPMC, so we have to be very aware, and we’re in a very good position to address them. We’ve attested to Stage 2. I think meaningful use was directionally a good thing. I think it moved people in terms of the direction of EMRs.  So we’re moving in the right direction, and meaningful use is an example of a regulatory development that got the industry moving in the right direction, and it’s our responsibility to continue to move that forward to do what’s right for the patient.

You and your colleagues at UPMC have really helped to lead the way in so many areas when it comes to leveraging healthcare IT for innovation. What should your CIO peers be thinking and doing in the next few years?


I know I’m in an enviable position here. When you work for a company in which innovation is in the DNA of everything you do, that makes it great for a CIO. But for other CIOs, I would say, first, be at the table for the early discussions so you’re part of formulating the strategy with the business leaders in your organization. And not only is it more functionally efficient to do things that way; it’s much more proactive and cost-efficient. You need to be much more proactive than reactive. And my advice would be, be prepared around the consumer-facing applications that are out there. The traditional business platforms are becoming a commodity. And the investment should be on the consumer-facing side. And I would say, 10 years ago, HIMSS was much more about product. It was a shopping-cart technology. Now, you start with a strategic partnership with a vendor or the vendor community, and you need to start not with a product but with a problem. And I think the right product will evolve forward if you have the right discussion. And starting with vendor partners, that’s a much different prospect.


You seem very optimistic about the future.


I think the healthcare industry is at a tipping point in a very good direction. You hear a lot of talk about the unsustainable cost trajectory, but when you place the focus on the consumer, the conversation changes. It does come down to higher quality and lower cost, and a customer service wrapper that creates a good experience for the consumer. That’s where you start. And mobility will be an incredibly important element in all this. But I think we’re in a great industry today, we have tons of opportunity, and if we do things the right way, it will create an amazing experience for the consumers of healthcare. And analytics will drive action.


more...
No comment yet.
Scoop.it!

How one health system is putting an end to insider snooping

How one health system is putting an end to insider snooping | Healthcare and Technology news | Scoop.it

Insider snooping into patient records is nothing to take lightly. It often ends in a compliance nightmare – costly and time-consuming – not to mention the patient trust levels that take a serious hit. By making patient privacy an utmost priority, executives at the West Virginia United Health System have tackled this issue head on through a variety of different avenues and have already seen marked success. 

There's no one magic bullet to ensuring patient record snooping doesn't happen, said Mark Combs, assistant chief information officer for the West Virginia United Health System. But by implementing a host of initiatives, comprehensive training and tapping into information technology for audits, Combs and his team have shown it can be done.

Combs, who will be presenting WVU Healthcare's privacy case study at HIMSS15 this April in the session "Stop Insider Snooping and Protect Your Patient Trust," says the six-hospital healthcare system goes far beyond the traditional computer modules that have a privacy component, as "there's no real learning that occurs in that; it's more of just a sign off," he said. Rather, they get to all employees as soon as they come on board with the organization. They have a privacy officer present to all new employees about the importance of patient privacy and what their responsibilities and expectations are.

What's more, the health system sends out monthly security reminders that come from the individual hospital's privacy and security officer. They also have digital media boards with privacy and security reminders; they present to enterprise management and leadership groups within the organization. And even more significant? They're not afraid to audit their employees.

There's an old saying Combs loves to use that describes his philosophy: "What's measured is what matters," he said. "So people know we're measuring and watching their access; it gives them pause when they start to consider to do something like this," he added. And it certainly doesn't hurt that the health system's HR department has been supportive of this all along.

Audits are done at the organization "almost daily," he said, amounting to several millions of accesses audited each year. The access audits from multiple applications enterprise-wide are consolidated, and then, as Combs described, WVU has an application that consolidates those and runs reports, which are analyzed by a special team.

And though their efforts have been successful, this holistic approach to curbing unauthorized access into patient medical records did not happen overnight, Combs explained. 

“It's been many years in the making. We keep striving to improve, and we keep looking at our risk assessments, and we keep looking at our surveys, and we keep looking at our incidences and situations that do occur in the organization that drive us to change,” he said. “And I think that's one of the most important things: it's an iterative process. You can't just set up a program and walk away and expect it to run. It takes people that are dedicated, people that are focused and people who really care about the privacy and security of the patient's information.”


more...
No comment yet.