Cloud Boon

Taken from http://www.healthcareitnews.com/news/forecasts-look-clear-cloud-computing:

DALLAS – Video may have killed the radio star, but the cloud is expected to rain on its parade, according to a new July report by MarketsandMarkets. Report authors announced Monday that the global healthcare cloud computing market is projected to precipitate a value of more than $5.4 billion by 2017.

The “Healthcare Cloud Computing Market – Global Trends, Challenges, Opportunities & Forecasts” report predicts that cloud computing will serve as a boon to the healthcare industry, as the market has already witnessed a deluge of this technology.

In an increasingly IT-driven world, healthcare providers are using cloud-based technologies to facilitate the exchange of patient information and to provide IT services at lower costs and faster speeds. In 2011, the penetration of cloud in the healthcare industry was estimated at 4 percent and valued at $1.7 billion. Moreover, according to report forecasts, the compound annual growth rate of the cloud computing market will grow 20.5 percent from 2010 to 2017.

Because healthcare organizations (HCOs) are expected to deliver more while simultaneously reining in healthcare costs with the technology, a large number of HCOs are allocating funds for migration to cloud computing over the next five years, the report noted.

North America represents the biggest share in the global cloud computing market, with the biggest players being CareCloud, Carestream Health, Merge Healthcare and GE Healthcare.

Kalyani Jekkaraju, author of the MarketsandMarkets report, explained that his study examines numerous aspects of the cloud computing market, from the business end to the challenges faced by the technology, such as security challenges and shifting market trends. “There is a lot of data in terms of how the cloud has evolved into the market and why it is believed to grow at a very faster pace compared to the other healthcare IT offerings," she said.

The report also finds that despite the shower of promises cloud computing brings, the entire healthcare industry isn’t singing in the rain quite yet. Private, public and hybrid clouds are the three deployment models available to healthcare, but the industry has been slow to adopt public clouds due to their highly regulated nature. Moreover, there has been increased scrutiny over potential privacy and security issues the technology poses – issues that further stymie the adoption process within the industry.

“The reason we took this particular market and we made a report on it is because cloud computing in the healthcare market is getting so much attraction," said Jekkaraju. "As it is, the cloud computing market is ever-growing in terms of its adaptability and its advantages.”

No More He-Said She-Said

A new smartphone app records patient calls and stores them in their electronic medical record.  Now a reliable account of doctor-patient conversations can be made available in case of legal disputes, such as the one in this article. 

Taken from http://www.healthcareitnews.com/news/new-smartphone-app-targets-clinical-miscommunication:

MENDHAM, NJ – With more and more doctors using their smartphones to conduct business outside of the office, the potential for communication errors – ranging from misunderstood directions to "he-said-she-said" moments – is increasing dramatically.

A New Jersey-based surgeon has created a mobile app designed to help doctors make sure their phone conversations are understood properly. The MedXCom app, part of a line of mHealth products developed by Giffen Solutions, records and stores the phone conversation between doctor and patient, giving both parties a HIPAA-compliant means of checking the facts.

"All we're doing is creating an environment where these messages are secure," said Michael Nusbaum, a bariatric surgeon at Morristown Medical Center who launched Giffen Solutions in 2010. "If (both doctor and patient) know their conversation is being recorded, this makes them more comfortable. This actually bumps up the level of conversation and improves the level of care."

Nusbaum said the idea of securely recording doctor-patient conversations came out of an unfortunate legal situation faced by a colleague. A woman had filed suit against his colleague over medical instructions given over the phone for her husband, and Nusbaum was drawn into the court battle over exactly what was said in the phone conversation.

"We need to avoid those 'he-said-she-said' moments and make sure there are no mistakes," said Nusbaum. "The future is in smartphones, and they're becoming a comfort tool for doctors."

Nusbaum began his career in mobile health IT back in 1998, when he founded Hamilton Scientific on the concept of creating a cloud-based electronic medical record. He eventually sold the company to MeridianEMR, and continued to explore how EMRs could evolve from what he called static data repositories to systems that could be more dynamic. Giffen Solutions was borne out of that idea, and MedXCom was created to connect EMRs to mobile devices and allow for real-time access and adjustments.

MedXCom, which is designed to work with any EMR, enables the physician to access a patient's medical records on a smartphone before or during the conversation, and to add the conversation to the medical record. The patient-facing side of the product enables patients to add information to the app, make appointments and receive reminders. Another product, MedXVault, allows consumers to use the app regardless of whether their physician is a MedXCom subscriber.

Nusbaum, who sees MedXCom as an alternative to answering services and after-hours messaging services that many physicians now use, said he's hoping to have more than 50,000 physicians in all 50 states using MedXCom by the end of the year.

Among the physicians using the app now is Richard Garden, DDS, an oral and maxillofacial surgeon with Chesapeake Oral Surgery Associates in Wayne, N.J.

"As a surgeon, I receive numerous phone calls via my smartphone on the weekend and after hours," Garden said in a press release issued on June 6. "MedXCom allows me to record all calls in order to improve the quality of care I deliver to my patients. My primary goal is to make sure that my patients are comfortable and well cared for in all instances, and the technology allows me to deliver superior service and communication."

"MedXCom's platform allows me to connect instantly with my patients and their health profiles," Garden added. "The ability to have all secure pertinent information at my fingertips while all communications are recorded and archived is critical."

Top 10 Security Bloopers

Taken from http://www.healthcareitnews.com/news/10-largest-data-breaches-2012-so-far?page=0,0:

1. Utah Department of Health. On March 30, approximately 780,000 Medicaid patients and recipients of the Children's Health Insurance Plan in Utah had personal information stolen after a hacker from Eastern Europe accessed the Utah Department of Technology Service's server. Initially, the number of those affected stood at 24,000, yet, according to UDOH, that number grew to 780,000, with Social Security numbers stolen from approximately 280,000 individuals and less-sensitive personal data stolen from approximately 500,000 others. The reason the hacker was able to access this information? Ultimately, it was due to a weak password.

2. Emory Healthcare. On April 18, Emory Healthcare in Atlanta announced a data breach after the organization misplaced 10 backup disks, which contained information for more than 315,000 patients. The 10 disks held information on surgical patients treated between 1990 and 2007 at Emory University Hospital Midtown and the Emory Clinic Ambulatory Surgery Center. Of the 315,000 patient files, approximately 228,000 included Social Security numbers, with other sensitive information at risk including names, dates of surgery, diagnoses, and procedure codes.

3. South Carolina Department of Health. An employee of the South Carolina Department of Health and Human Services was arrested on April 19 after he compiled data on more than 228,000 people and sent it to a private email account. Approximately 22,600 people had their Medicaid ID numbers taken, which were linked to their Social Security numbers. Others had names, addresses, phone numbers, and birth dates stolen as a result of the act. The former employee, Christopher Lykes Jr., was charged with five counts of violating medical confidentiality laws and one count of disclosure of confidential information. 

4. Howard University Hospital. Toward the end of March, Howard University Hospital in Washington D.C. notified approximately 34,503 patients of a potential disclosure of their PHI that supposedly occurred in late January. A laptop, which was password protected, was stolen from a contractor's vehicle, yet, according to the hospital, no evidence suggested any patient files were accessed. The records stolen did contain Social Security numbers for many of the patients affected. Today, the hospital requires all laptops issued to Howard University Health Sciences employees to be encrypted.

5. St. Joseph Health System. In February, St. Joseph Health System, in California, alerted approximately 31,800 patients of a possible security breach at three of their organizations throughout the state. According to the system, security settings were "incorrect," which allowed for the potential breach. Information accessed didn't include Social Security numbers, addresses, or financial data, yet patients' names and medical data were vulnerable. The records at risk were mostly for inpatients who received care from February through August of 2011. The data, the organization said, would have been available through Internet search engines from early 2011 to February 2012.

6. Indiana Internal Medicine Consultants. In early February, a stolen laptop resulted in a breach of 20,000 patient records at the Indiana Internal Medicine Consultants. The organization reported the incident about a month later, and the records were recovered. Although little information about the case exists, a lawsuit was filed as a result and an arrest was made. 

7. Our Lady of the Lake Regional Medical Center. Between March 16 and March 20, a laptop was stolen from a local physician office at the Our Lady of the Lake Regional Medical Center in Baton Rouge, La. The laptop contained limited health information for more than 17,000 former ICU patients, including patient names, ages, races, and dates of admission and discharge from the ICU. The organization said there is no evidence the information had been misused, or that there was any malicious intent. As of May, the investigation was still underway. 

8. Memorial Healthcare System. On January 27, Memorial Healthcare System in South Florida learned of an employee who accessed patient information, as well as a second employee who accessed patient information with the intent to process fraudulent tax returns. The organization notified 9,497 patients that information including names, dates of birth, and Social Security numbers were accessed, yet, according to their statement, no medical records were taken. Letters weren't sent out to those affected until April 12^th, in an effort to not impede on investigations conducted by law enforcement. The two employees have since been fired. 

9. The Kansas Department of Aging. In January, a laptop computer, flash drive, and paper files were stolen out of a car belonging to an employee of the Kansas Department of Aging. The Social Security numbers of approximately 100 patients were stolen, while 7,000 other seniors, and their information, were put at risk. The stolen data included names, addresses, dates of birth, gender, in-home services program participation information, Medicaid identification numbers, and more. The Social Security numbers stolen were of those patients participating in the Senior Care Act program. The organization contacted those patients via phone and sent mail notifications to all others affected.  

10. The University of Arkansas for Medical Sciences. In April, the University of Arkansas for Medical Sciences investigated a breach after a document wasn't properly redacted. Approximately 7,000 patients were affected after an unidentified physician sent financial information on a patient to someone outside of the UAMS offices in mid-February. The physician didn't remove all identifiers of the patients, such as names, account numbers and dates of services. Of those affected, most were in the interventional radiology program at UAMS between 2009 and 2011. The man who received the information via email claimed he hadn't released it to anyone.

Yes, I know... these security breaches are not bloopers, they're disasters.  Yet, a lot of these breaches could've been easily prevented.  Take, for example, the two instances where a laptop was stolen and confidential data was compromised.  1 of these situations, in my opinion, shouldn't be in the top 10 and that's the one where the laptop was stolen, but the files were encrypted.  There was no evidence that the info had been decrypted or that it was in harm's way.  Yet the other scenario involved a laptop without encryption, which should be standard when deploying any type of mobile device.  Bottom line is we need to make sure that we've covered all of our basis when information security is involved.  Patient data is too sensitive.

Do's and Don'ts of Cloud Computing

Taken from http://www.healthcareitnews.com/news/9-dos-and-donts-cloud-computing:

At this point, the trend toward cloud-computing is strong, even though some are still skeptical of its "chaotic" use and its ability to meet the needs of health IT professionals. Mariano Maluf, CTO at Atlanta-based GNAX, says now is the time to strongly consider the cloud – while keeping some basic tips in mind.

"The shifting IT landscape is prompting more and more questions around cloud computing models and their immediate value proposition," said Maluf. "Changes in work style and device formats, coupled with new application platforms and delivery methods, all coalesce to challenge the IT status quo."

"Given the state of technology today, it's clear that when used in the right context, cloud computing and storage models can be effectively leveraged today, with tangible benefits and real value," he added. "This is an irreversible trend, so caution does not mean inaction; you will be better off by learning how to live in this new reality sooner rather than later."

Maluf outlines nine basic dos and don'ts of cloud computing.

 1. Do learn about cloud technologies. This includes industry trends and available services, said Maluf. "All clouds are not created equal, and there are important distinctions, [like] consumer-oriented versus enterprise-grade," he said. "Research cloud service providers and their capabilities and services."

2. Don't be fooled by pitches. Beware of the one-size-fits-all pitch, said Maluf. "Seek a blend of prescriptive and flexible strategies, focused on your particular set of challenges."

3. Do assess your environment and capabilities. This will allow you to identify short-term and long-term opportunities, Maluf said. "Understand your application landscape, and categorize and prioritize environments."

4. Don't assume the cloud is a "cure-all" remedy. There are environments that can't – and shouldn't – be migrated initially, said Maluf. "Cloud is a multi-dimensional solution, so there's life beyond the private cloud," he said. "Hybrid models, secure, multi-tenant public cloud infrastructures, or enterprise-grade cloud storage platforms can be very effective answers."

5. Do map certain services. This includes DR, image archiving, and application delivery against your assessment, said Maluf. "Some cloud quick-wins will hopefully become obvious next steps."

6. Don't forget the details. Maluf said to be sure to review aspects such as architectural dependencies, refresh cycles and application latency tolerance. And, he added, don't neglect application performance management analysis, "otherwise, pre- and post-cloud migration user experience will be hard to quantify, and SLAs will be tough to agree upon and effectively manage."

7. Do start with a strategy. Start building an integrated cloud strategy, and an associated roadmap, said Maluf. "Focus on incremental value by emphasizing infrastructure delivery and management simplification," he said. 

8. Don't delay. Now is the time to start thinking about the cloud, said Maluf. "There's a price for waiting, so pursue your cloud strategy with caution, but do take incremental steps."

9. Do remember that change management matters. "A cloud strategy isn't just about changing the 'plumbing,'" said Maluf. "Abstracting infrastructure layers and providing metered, self-service elastic growth requite a multi-layer approach."

This article offers good advice for businesses in general interested in moving over to a cloud environment of some sort.  The underlying truth in this article... cloud computing is the future, might as well embrace it now.  The article places a sense of urgency on migrating to the cloud.  Healthcare still thinks cloud computing is murky waters, however, strides have been made to make sure data is secure and that the cloud is healthcare friendly.

Legalities of Social Media

Taken from http://www.healthcareitnews.com/news/5-keys-legal-issues-social-media:

Social media is without a doubt playing a major part in patient engagement, marketing efforts, and an overall sense of communication within the industry. Yet with the growth of these tools come other issues to keep in mind — like the legal ramifications of using outlets like Twitter, Facebook, and LinkedIn within a healthcare setting.

"These social media sites have moved beyond the novelty stage and into the mainstream," read a recent whitepaper by Actiance. "They have become so pervasive that they have emerged as effective tools within the corporate setting as well. The line separating the recreational use of these tools from legitimate business purposes has become increasingly blurred."

"The potential legal issues that can arise from social networking activities run the gamut," it continued. "Privacy, unauthorized activities, and intellectual property issues stand top-of-mind for many individuals and enterprises. Other areas, such as content ownership, regulatory compliance, and even criminal activity, are impacted by social media, too."

Here are five keys to the legal issues of social media, as outlined in the report.

1. Privacy. According to the report, no issue resonates so strongly with the legal aspects of social media as privacy. "With so much content out there, and so many ways to access these social media tools, privacy has become somewhat elusive for many," it reads. "From a legal standpoint, whether an individual has a reasonable expectation of privacy or not is the critical factor in determining whether one’s actions are protected by privacy laws." When thinking about social media in the workplace, the report notes that determining if an employee has a reasonable expectation of privacy hinges on whether or not the website is password protected. "If it is, then the argument that the employee has a reasonable expectation of privacy is strengthened. If not, then employers may have the justification to monitor the activities of that site." The key takeaway, the report concludes, is individuals should always be mindful of privacy settings on these sites, along with the corporate policy for using social media tools within the enterprise.

2. Content ownership. As with many sites that are "content-rich," the issue about who owns the content is inevitable, according to the report. "Typically, each site has its own 'Terms of Use page,' detailing the extent of its rights over end users' content," it reads. "Great care must be taken by end users to fully understand what they are getting into." For example, it continued, when you close a Facebook account, do you no longer own the rights to your content? "At the very least, end users should think twice about disclosing sensitive or proprietary information on social networking sites," it notes.

3. Intellectual property infringement. "Not surprisingly, given the abundance of content and the myriad ways to access it, intellectual property infringement is an area generating much legal interest," reads the report. For example, copyright infringement comes into play when there are photos, videos, graphics and blogs being exchanged and posted on social media sites. "From posting someone else's photo on a Facebook wall to sending a song to a friend via Twitter, using any third-party content without permission can result in both criminal and civil liability." It adds that protection of trade secrets is another aspect of intellectual property infringement that warrants attention; for example, if an ex-employee shares a former employer's confidential information, they would be held liable.

4. Unauthorized activities. Several legal issues fall under the umbrella of unauthorized activities, according to the report, with many of these issues evaluated under the same criteria that existed before the advent of social media platforms. The report outlined several unauthorized activities – including harassment, discrimination, defamation, disclosure of confidential information and criminal activity – which are all addressed in the same manner as if they happened offline.

5. Regulatory compliance. The last key area were social sites have gained more scrutiny is in regard to regulatory compliance. "The high-profile financial scandals of the last 10 years have brought to the fore front tighter regulation of certain industries," the report reads. "The rapid growth of social networking sites has driven these industries to develop or refine guidelines specifically for social networking, or, at the very least, electronic communications." When looking at healthcare, HIPAA requires a patient's identity and personal health information to be protected. "Specifically, it applies to 'covered entities' and 'business associates' – essentially anyone with patient demographic or clinical information."

Social Media has clearly taken over all aspects of business including healthcare.  Most hospitals have a social media account of some sort.  Usually the postings revolve around accomplishments or recognition received and serve as a means to market the hospital.  A lot of the legal issues of social media are obvious, yet some are not that cut and dry.  For example, would you ever think that something you post on facebook could get you accused of intellectual property infringement?

Tech Team for Docs

Taken from http://blogs.computerworld.com/17068/supporting_technology_infrastructure_for_physician_practices:

Technology is being used to create an integrated system of care that connects patients, clinicians, payers, and support organizations so that all key stakeholders can exchange information more effectively. Among the business challenges that confront the healthcare industry are service, quality, safety, rising costs, and a shortage of skilled staff to meet the needs of an expanding number of stakeholders.

With an ever increasing amount of information being transferred electronically -- from not only healthcare providers but all stakeholders in the US healthcare system -- IT professionals are taking a stake in how to design and implement electronic healthcare records (EHR). When the EHR system is down, it can cripple a healthcare organization and trickle down to the key stakeholders involved. For instance, physicians cannot effectively see patients if they can't pull up their patient records.  When systems are down, they are unable to document visits for insurance, order tests with labs, or provide referrals with associated hospitals or specialty groups.  Physician practices would benefit tremendously from support across a spectrum of services, including remote monitoring, help desk and technical field support.

Stabilize Your IT Efforts

Supporting the automation of an EHR within a healthcare network creates many challenges. For instance, one physician practice may seem insignificant from an IT perspective but usually it's hundreds of practices that need to be tied back to a hospital and associated payers. This can be an IT nightmare, and happens when practices do not have an in-house healthcare IT professional and use outsourced IT resources that are not experienced working within healthcare IT.  Today, such resources are woefully inadequate, falling short of correctly automating and supporting practices. 

Ultimately a "Tech Team for Docs" comprised of healthcare IT professionals, would remedy such a situation.  The team would evaluate the current state of the target model office environment to understand the primary applications being used in order to automate processes.  An initial assessment would include the examination of gaps in coverage for meeting a secure and effective healthcare IT network infrastructure. The next step would be the development of a clear roadmap of all milestones, activities, timelines and costs associated with meeting the specific requirements derived from an initial assessment.   

Workflow in healthcare is an important term for the healthcare IT Professional and needs to be part of an initial assessment.  The workflow describes the full process of how the office, patient, hospital, payers and associated groups work with each other -- from the moment the patient calls to setup an exam, to the billers working on the claims.  Healthcare organizations receives hundreds, maybe thousands, of documents each day --all of which contain data that needs to be entered into back-end systems.

There is a need for ongoing support that proactively and remotely monitors mission critical systems (early indicators, rapid responses), and offers help desk support or on-site field service support.  Help desk support can troubleshoot and correct the majority of practice-level issues.  It looks at the most current and most requested research, and interprets how that affects the day-to-day clinical practice.  With so much involved in installing a new system, it's not possible for an office to learn everything about the software in the first couple of months. The help desk provides information and assistance to a practice's users of the computer network, streamlining traffic, activity, and third parties on behalf of a physician practice.  It also helps in minimizing communications that can occur when multiple vendors are involved.  If remote monitoring or help desk support can't resolve such issues, then on-site field service support can be valuable.

"With EHR implementation comes the need to have a trained and skilled IT manager to oversee issues like hardware and software upgrades, network connectivity, and the assured privacy and security of patient health information," states Dr. Amanda Parsons, Assistant Commissioner for the Primary Care Information Project at the NYC Health Department.  "In fact, we have made it a mandatory component for practices who wish to receive subsidized licenses or technical assistance from us because we have learned over time that those who don't get IT support end up with complications that hinder practice workflows and negatively impact patient care."

IT managers don't want to be called into the physician group in the midst of a crisis. By being proactive before any issue causes a surprise and working with a carefully chosen IT resource -- a "Tech Team for Docs" -- should prevent calamities and offer support across the entire spectrum of a physician organization for remote monitoring, help desk, and field service.

This is actually something that we've had at St. Francis Hospital for quite some time now.  We call this team Physician Support Services and it is a team that I used to work for.  PSS basically works with doctor's offices and oversees their implementation of EMR and a practice management system.  PSS then provides ongoing support of these applications and IT infrastructure.

What Mobilty Really Means to Healthcare

Taken from http://blogs.computerworld.com/healthcare-it/20545/what-mobility:

Much thought and focus is being devoted to the future of health care delivery and the role that  mobility will play. For example, Fierce Mobile Healthcare’s Sara Jackson recently brought up an interesting question: will hospitals need chief mobility officers? She argues that mobility represents a transformational paradigm shift in our ability to deliver and receive care, and such a shift needs an enterprise-level focus that crosses people (HR/COO), process (COO) and technology (CIO/CTO) functions.

But while organizations and solution providers are identifying mobility needs and executing mobility programs, they often fail to think deeply about what mobility truly means. As a result, mobility is often defined in narrowly technical terms, with the focus placed on devices (iPhone, Blackberry), operating systems (Android, Blackberry OS, iOS, Symbian, and others), and the related issues of signal coverage, bandwidth (3G/4G/LTE), system security, and data management.

However, mobility in health care is about more than just mobile devices. For example, when I asked fifteen Kaiser Permanente physicians what mobility meant to them, I got many answers: “remote monitoring,” “care anywhere,” “telemedicine,” and “virtual diagnosis.” All focused on the ability to provide service anywhere; none dwelled on technology.

All of which brings me to my central stance: The most effective way to frame a mobile strategy is as an ecosystem comprised of multiple components that work together to enable mobile behavior.

Patients, providers, and payers are already buying into the mobile way because it is convenient and effective. Care interactions are happening in an increasingly wide range of locations: hospitals, rural clinics, mobile health vans, homes, or even during the course of a person’s daily activities. The core objective of a mobility strategy should be to develop processes, organizational structure, and technologies that support and nurture these interactions.

With a mobile strategy focused on outcomes, we can make these experiences even richer and more capable, delivering daily care and monitoring, critical care, health administration, specialty care, and ancillary support services “anywhere, anytime.” As David Aylward points out in his HBR Blog, mobile health could be a major force multiplier, empowering multiple constituents by breaking physical boundaries and providing true end-to-end information transparency across the care continuum.

By thinking about mobility as a business and functional proposition, not merely a technical one, we can use the familiar “people, process, technology” framework to develop some useful models for a mobile environment.

We already know that the people will be mobile. The process—the health care organization’s core operating model, its end-to-end process of delivering care to its customers, its malleability to the new care continuum—should be amenable to a world where physical boundaries are immaterial—even irrelevant.
The technology then becomes whatever is necessary to deliver that experience in a scalable, secure manner while adhering to the needs and standards of each health care organization. Take some simple examples: a patient’s health records should be instantly available no matter where they are: hospital, clinic, or pharmacy. From the care professional’s perspective, mobility might mean the consistent ability to access support resources no matter where they are, whether it’s traveling from location to location, or even room-to-room within a single facility. Mobile devices may play a part in delivering these services, but they’re only the visible tip of a much broader supporting infrastructure. In some cases, the endpoints that deliver these mobile services may not be mobile themselves.

So, while gadgets and applications are glamorous and exciting, the true measure of mobility is far broader and multi-dimensional than just the devices we hold in our hands.

I guess you can say this article is all about perception.  For us IT folk, we think of mobility in terms of phones, tablets, and laptops.  In this article, we learn that healthcare professionals have an entirely different meaning for it.  For the most part, technology in terms of electronics devices was not their idea of mobility.  It's also not that far off, however, as technology does play an important part in things like remote monitoring, care anywhere, telemedicine.