As state and federal insurance exchanges struggle to open their portals to millions of new insureds, the Affordable Care Act is spawning myriad opportunities for startup entrepreneurs in the healthcare IT space.
The 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 handed physicians generous incentives to invest in healthcare information technology. Unprecedented investment has been finding its way to to electronic medical record (EMR) vendors. Use of these systems has exploded, roughly doubling since 2012.
That other familiar new legislation, the Affordable Care Act, affectionately dubbed "Obamacare," seems to be awakening the sleeping giant of American capital investment, as the largest growth in the history of healthcare insurance is being launched this month. Private exchanges have offered one such opportunity, but many more are on the horizon, as healthcare providers turn to technology to cope with increases in patient services, and as new providers hang out their shingles to capture the burgeoning patient market. Coupled with the aging of the Baby Boom generation, healthcare industry fortunes have never looked so good.
Remote patient monitoring tools, including wearable sensor/transmitters, represents one of the early forays for startups. Mobile devices will monitor patients and report bio data to patients' healthcare provider teams. As the ACA changes the game from the existing volume-based model to a value-based revenue system, physicians will no longer have an incentive to order a flurry of expensive tests, but to maintain a 360-degree view of patients' health, catching threats while intervention is relatively less costly, and to prevent hospital re-admissions by remote monitoring of biometrics during at-home recovery and on an ongoing basis. Federal incentives to treat patients under outpatient conditions will be an initial major driver. A recent estimate by Rock Health pegs recent investment in this technology at $102 million.
MedTronic, a manufacturer of mobile insulin delivery technologies, recently announced FDA approval of its new "artificial pancreas," a mobile device that combines automated constant glucose testing with insulin delivery. The device, already in use in Europe, collects and can report patient blood glucose levels and insulin pump interventions on a minute-to-minute basis, and will be rolling out in the U.S. over the next year. The device does not yet transmit data, but must be downloaded.
Fitness-tracking devices are among the new direct-to-consumer devices finding acceptance in the market. Some see this development as helping to bring down the cost of mobile biometrics, and providing the data stream needed to feed the emerging preventive care and early intervention movement. The presence of such technology in the consumer market could ease consumer acceptance of more clinically-oriented mobile technologies related to population health management, a potentially enormous new segment in the industry.
Population health management encompasses tools and expertise to capture and analyze vast streams of biometric data and broader patient health information in order to identify trends that threaten particular populations. Hospitals are the current market for these tools, but new markets can be imagined among outpatient services providers of many types, in supply chain management, pharmaceuticals and medical devices, as well as government-based public health entities.
New ways of delivering primary and specialty care represent another area of growth. Concierge clinics, and clinics that cater to niche patient populations make heavy use of technology in acquiring and keeping patients, frequently commanding higher fees than broader-based clinics.
The emerging "maker community" also represents a new force in the healthcare technology and medical device development markets. New technologies that democratize the prototyping of new technologies, utilizing $35 computers, smart phones and inexpensive 3D printing, are attracting record numbers of individual inventors to the once-stodgy healthcare industry dominated by huge conglomerates like GE and 3M. What healthcare will look like after the coming boom is anyone's guess, but it will almost certainly involve more people applying more intelligence and effort to our health, and, as their achievements emerge, so may vast new wealth.
CarePrecise provides data products to the healthcare IT market, and marketing tools to vendors of health IT, medical devices, pharmaceuticals, including numerous startups.
Showing posts with label ehr. Show all posts
Showing posts with label ehr. Show all posts
October 11, 2013
Patient Portal Segment to Soar
Driven by federal Stage 2 Meaningful Use requirements, patient portal use is taking off across the United States. Healthcare IT News wrote last week that "the patient portal market is poised to absolutely boom." The article refers to a Frost and Sullivan report that has the market soaring towards $900 million in about three years - a spike of 221%. CarePrecise provides marketing tools to patient portal vendors and other healthcare IT companies.
May 21, 2013
Health Information Exchange Saves Moore Hospital Records
 |
| "Worst tornado in history" devastates Moore, OK, Moore Medical Center, and two elementary schools. |
SMRTnet performs these services for 26 hospitals, 99 clinics, and many more individual providers. 1,400 registered provider users' data represents approximately 2.4 million patient records.
This is a far cry from the 2005 devastation in New Orleans by Hurricane Katrina, where waterlogged hospital medical records were sent blowing around the streets, or were pinned to patients' chests; with the exception of the VA hospital, where electronic records were preserved.
Moore Medical Center is located about two and a half hours southwest of Tulsa, Oklahoma, home of CarePrecise Technology.
Healthcare IT Spending Optimism
As federal support for EHR implementation ebbs, other HIT projects are crowding in to keep spending strong. Aging financial management systems will need to be replaced as pay-for-performance ramps up as a result of the Patient Protection and Affordable Care Act. The mandated switch to the ICD-10 diagnostic and procedural code set, requiring updates in IT systems, as well as more advanced coding systems to handle the vastly increased code granularity, not to mention the new technical complexities felt by state Medicaids and CMS itself, is already making good business for firms like Cognosante, a brain trust of some of the most talented healthcare IT people in the country.
BCC Research recently predicted that total spending on clinical health IT would soar to $26.1 billion a year in five years, up from $9.5 billion in 2011 and $11.2 billion in 2012. CarePrecise builds provider databases targeting various applications within the healthcare industry, including EHR, HIE, HIX and Sunshine Law (Open Payments) applications.
Joseph Conn has an excellent article in Modern Healthcare will more details.
BCC Research recently predicted that total spending on clinical health IT would soar to $26.1 billion a year in five years, up from $9.5 billion in 2011 and $11.2 billion in 2012. CarePrecise builds provider databases targeting various applications within the healthcare industry, including EHR, HIE, HIX and Sunshine Law (Open Payments) applications.
Joseph Conn has an excellent article in Modern Healthcare will more details.
January 31, 2013
Patients Resist Digital Doctoring
Modern Physician reports that "The pull-down menus, alerts and point-of-care information contained in computerized clinical decision-support systems [CDSS] can distract physicians from their face-to-face encounters and leave patients feeling ignored and dissatisfied with their care." This comes from a study at the University of Missouri at Columbia that evaluated patient perceptions of doctors using digital diagnostic tools.
"Get over it!" is the first thing that comes to mind. Would you begrudge your mechanic hooking up your car to the diagnostic computer and scrutinizing the bars and gauges and charts on the screen? The physician has to use tools, just like everyone else, to achieve peak performance in treating patients. Personally, I'd rather see the back of his head researching my complaint to take advantage of every inspiration and precaution, than to look at a smiling face telling me "Shucks, I don't know, let's try some drugs!"
The time has come for us as patients to embrace the new technology, just as we insist that our doctors do the best job possible in our behalf, and to get used to some changes in the doctor-patient relationship.
"Get over it!" is the first thing that comes to mind. Would you begrudge your mechanic hooking up your car to the diagnostic computer and scrutinizing the bars and gauges and charts on the screen? The physician has to use tools, just like everyone else, to achieve peak performance in treating patients. Personally, I'd rather see the back of his head researching my complaint to take advantage of every inspiration and precaution, than to look at a smiling face telling me "Shucks, I don't know, let's try some drugs!"
The time has come for us as patients to embrace the new technology, just as we insist that our doctors do the best job possible in our behalf, and to get used to some changes in the doctor-patient relationship.
January 18, 2013
Surprise: You May Now Be Liable Under HIPAA
When the HIPAA privacy rule first went into effect, business associates of hospitals, physicians, etc. didn't have to worry about getting in trouble for releasing data in ways that violate patients' privacy.
No more.
In light of several years of clumsy handling of patient data by contractors and employees, it's perhaps not surprising that HHS is changing the rules to extend the strict HIPAA privacy rules -- and penalties for violations -- to external vendors and IT communities.
If you work in any way with patients' medical data -- whether as a data processor, consultant, IT contractor, EHR installer, whatever -- you'd better get familiar with the new rule that goes into effect March 26. It clarifies when breaches need to be reported to the Office for Civil Rights, scraps the old standards for the use of patient-identifiable data for marketing and fundraising purposes, and expands direct liability under the law to so-called “business associates” of HIPAA-covered entities.
Perhaps equally interesting is that patients once again will have the right to limit release of treatment records to insurance companies if they paid out-of-pocket on that treatment. Look out for problems and potential fines related to goof-ups related to granting access to the wrong business partners on the wrong data. Greatly increased penalties for privacy and security violations under the ARRA are explained in the new ruling.
Read the HHS news release.
Read the rule in the federal register (you've still got time to comment).
January 9, 2013
$1.25 Billion in December EHR Incentives
The Centers for Medicare and Medicaid Services announced that a record $1.25 billion was paid in December to hospitals, physicians and other professionals in electronic health-record (EHR) incentive payments. The program awards healthcare providers for adopting electronic health records systems.
The December pay out is three times the size of the previous largest one-month awards total. Medicare and Medicaid awarded $255 million to physicians and other professionals, and $1 billion to hospitals. So far, EHR incentive programs have paid out $10.3 billion to improve the quality of US healthcare information technology, which for decades has lagged behind other industries.
June 30, 2012
Population Healthcare Is Health Reform
Michael Christopher
Chief Chigger, CarePrecise Technology
We have heard many people say that the Affordable Care Act is not health reform, but an attempt at health insurance reform. But a broad shift in the focus and delivery of healthcare has begun, shaped in part by the ACA, and poised to bring significant change to American healthcare. At the heart of that change is population-based healthcare.
"With the Supreme Court upholding the ACA, we all now understand that population healthcare is what we're all going to be doing going forward," says Dr. Steven Davidson, senior vice president and chief medical informatics officer for New York's Maimonides Medical Center in a June 28 Modern Healthcare article. What is "population healthcare," what does it have to do with the Affordable Care Act, and what does it mean to industry vendors?
The term refers to "the ability to assess the health needs of a specific population; implement and evaluate interventions to improve the health of that population; and provide care for individual patients in the context of the culture, health status, and health needs of the populations" according to the Association of American Medical Colleges. Population healthcare is a broadening of focus to see beyond the individual patient to the broad context of that patient's health issues, and to understand the issues of the patient's population to better serve both the individual patient and broader communities of patients.
This perspective becomes ever more critical when cost efficiencies are taken seriously into account, as they must be in an "affordable care" paradigm. In a Tufts Managed Care Institute's white paper on population health, we find
When viewed through the lens of health reform's quality focus, public health data collection and bringing the technologies that enable collection to every point of care, population healthcare is seen as a key - if not the key - strategy for both implementing the provider side of health reform, and rewiring its financial backbone of health insurance.
* Boland P., editor. Redesigning Heath Care
Delivery. Boland Health Care, Berkeley,
1996. pp. 159-163.
** Zeich R. Patient identification as a key to
population health management. New
Medicine. 1998;2:109-116.
Chief Chigger, CarePrecise Technology
We have heard many people say that the Affordable Care Act is not health reform, but an attempt at health insurance reform. But a broad shift in the focus and delivery of healthcare has begun, shaped in part by the ACA, and poised to bring significant change to American healthcare. At the heart of that change is population-based healthcare.
"With the Supreme Court upholding the ACA, we all now understand that population healthcare is what we're all going to be doing going forward," says Dr. Steven Davidson, senior vice president and chief medical informatics officer for New York's Maimonides Medical Center in a June 28 Modern Healthcare article. What is "population healthcare," what does it have to do with the Affordable Care Act, and what does it mean to industry vendors?
The term refers to "the ability to assess the health needs of a specific population; implement and evaluate interventions to improve the health of that population; and provide care for individual patients in the context of the culture, health status, and health needs of the populations" according to the Association of American Medical Colleges. Population healthcare is a broadening of focus to see beyond the individual patient to the broad context of that patient's health issues, and to understand the issues of the patient's population to better serve both the individual patient and broader communities of patients.
This perspective becomes ever more critical when cost efficiencies are taken seriously into account, as they must be in an "affordable care" paradigm. In a Tufts Managed Care Institute's white paper on population health, we find
"Population-based care involves a new way of seeing the masses of individuals seeking health care. It is a way of looking at patients not just as individuals but as members of groups with shared health care needs. This approach does not detract from individuality but rather adds another dimension, as individuals benefit from the guidelines developed for the populations to which they belong.* Members with a particular disease must be prioritized so that disease management interventions are targeted toward those members most likely to cost-effectively benefit.**"The Affordable Care Act package as it now stands places the emphasis on results, rather than on specific means to obtain results. Despite what has been said by opponents, providers are given wide freedom in achieving improved quality and reach of care, and are provided with new resources, such as advanced electronic health records, paid for in part by the taxpayer. Population healthcare is a strategy for deploying these resources and creative latitudes, in a package of practical tactics and achievable objectives, and at scale.
When viewed through the lens of health reform's quality focus, public health data collection and bringing the technologies that enable collection to every point of care, population healthcare is seen as a key - if not the key - strategy for both implementing the provider side of health reform, and rewiring its financial backbone of health insurance.
* Boland P., editor. Redesigning Heath Care
Delivery. Boland Health Care, Berkeley,
1996. pp. 159-163.
** Zeich R. Patient identification as a key to
population health management. New
Medicine. 1998;2:109-116.
June 6, 2012
Medical Data Breaches Unnecessary
The problem of breaches involving healthcare data is getting worse, not better. As more medical information is stored electronically, the risk of unauthorized access grows. But a significant portion of the risk could be reduced to near zero if the primary users of the data - practitioners, healthcare information technology staff and contractors, administrative staff - would take one simple step. One simple and completely free step. Really; it costs nothing, and places nearly zero burden on the user.
We made this same recommendation about six years ago, when reports of stolen laptops first began coming in. But it seems as though no one in the industry has applied our simple fix. In January of 2012, a contractor copied the records of 34,000 patients of Howard University Hospital, containing SSNs, birthdates, and diagnosis-related information, onto a laptop. The data was not encrypted; the laptop, of course, was stolen from the contractor's car. This same scenario has been reported numerous times. Data, laptop, car, repeat.
Last month, federal prosecutors charged a worker at the same hospital with selling hospital data. She's set for a plea hearing on June 12. Clearly, this is a different situation, and would not have been mitigated by encrypting the data, since the worker was entrusted with full access. But you can be sure that Howard University Hospital wishes that the stolen laptop had not preceded this incident. Patients and regulators are rightly outraged.
Simply put, had the data been stored on an encrypted drive partition on those laptops, it would have been safe from prying eyes. How difficult is it to do that? If a free, open source program like TrueCrypt is installed on the computer, it's as easy as typing in a password to open the protected drive, copying the data onto it, and using the data just as though it were on any ordinary drive. After so many minutes of idleness, or when the computer sleeps, hibernates or is shut down, the program can be set to close the protected drive, rendering its contents completely unusable until the password is given again.
Along with encryption, passwords must be strong, which means hard to guess. But they don't have to be hard to remember and type. A good rule is to have 20 or more characters, but a simple phrase can be easy to remember. Stop thinking pass word, and think pass phrase instead. Here's an extremely strong password: Theylike2bheld/theseKitties ("they like to be held, these kitties"). Easy to remember and type, but it has upper and lower case letters, a numeral and a punctuation character, and totals 27 characters in all. That's one strong password. It works in TrueCrypt and virtually all other encryption programs. And it even has kittens!
Some encryption software, including TrueCrypt, offer an additional important feature. Let's say you are carrying extremely valuable data, being mugged, and are forced to enter your password to start the computer. Let's go so far as to say that the mugger is savvy enough to search the computer for an encrypted file, and finds it. TrueCrypt actually lets you use a different password when you mount the protected drive, which opens a phony data trove on which you've stored some bogus data. Plausible deniability saves you and your data.
There is simply no reason not to require all staff members and contractors to use encryption for all medical and other personal data. Essentially zero ownership cost, and it doesn't slow anybody down. No excuses.
Encryption and strong passwords. Take these two pills and sleep better tonight.
TrueCrypt is a free open source project, available at http://www.truecrypt.org/
We made this same recommendation about six years ago, when reports of stolen laptops first began coming in. But it seems as though no one in the industry has applied our simple fix. In January of 2012, a contractor copied the records of 34,000 patients of Howard University Hospital, containing SSNs, birthdates, and diagnosis-related information, onto a laptop. The data was not encrypted; the laptop, of course, was stolen from the contractor's car. This same scenario has been reported numerous times. Data, laptop, car, repeat.
Last month, federal prosecutors charged a worker at the same hospital with selling hospital data. She's set for a plea hearing on June 12. Clearly, this is a different situation, and would not have been mitigated by encrypting the data, since the worker was entrusted with full access. But you can be sure that Howard University Hospital wishes that the stolen laptop had not preceded this incident. Patients and regulators are rightly outraged.
Simply put, had the data been stored on an encrypted drive partition on those laptops, it would have been safe from prying eyes. How difficult is it to do that? If a free, open source program like TrueCrypt is installed on the computer, it's as easy as typing in a password to open the protected drive, copying the data onto it, and using the data just as though it were on any ordinary drive. After so many minutes of idleness, or when the computer sleeps, hibernates or is shut down, the program can be set to close the protected drive, rendering its contents completely unusable until the password is given again.
Along with encryption, passwords must be strong, which means hard to guess. But they don't have to be hard to remember and type. A good rule is to have 20 or more characters, but a simple phrase can be easy to remember. Stop thinking pass word, and think pass phrase instead. Here's an extremely strong password: Theylike2bheld/theseKitties ("they like to be held, these kitties"). Easy to remember and type, but it has upper and lower case letters, a numeral and a punctuation character, and totals 27 characters in all. That's one strong password. It works in TrueCrypt and virtually all other encryption programs. And it even has kittens!
Some encryption software, including TrueCrypt, offer an additional important feature. Let's say you are carrying extremely valuable data, being mugged, and are forced to enter your password to start the computer. Let's go so far as to say that the mugger is savvy enough to search the computer for an encrypted file, and finds it. TrueCrypt actually lets you use a different password when you mount the protected drive, which opens a phony data trove on which you've stored some bogus data. Plausible deniability saves you and your data.
There is simply no reason not to require all staff members and contractors to use encryption for all medical and other personal data. Essentially zero ownership cost, and it doesn't slow anybody down. No excuses.
Encryption and strong passwords. Take these two pills and sleep better tonight.
TrueCrypt is a free open source project, available at http://www.truecrypt.org/
December 24, 2011
Five Steps to EHR: A .Gov Primer
Now that electronic health record software is a virtual necessity for a productive practice, HealthIT.gov offers a common-sensical five-step plan for implementing EHR in a practice. A number of years ago, we worked with the national Blue Cross and Blue Shield Association to create a case-based analysis of the EHR scenario. That publication outlined the efforts of many practices to incorporate EHR into multi-physician practcies. Check out the current wisdom at HealthIT.gov.
October 10, 2011
Phone Messaging: New Channel to Physicians
It's wildly hit-and-miss -- much like email spam -- but marketers are increasingly using bulk text messaging to penetrate the armor cladding of physician offices. And it's a wide open opportunity; physician office phone numbers are openly published, unlike email addresses. Fax numbers are available too (CarePrecise provider data includes both phone and fax numbers, up to four numbers per record, and we know that it is widely used for marketing to physicians), but "faxpam" doesn't have the same high-tech glamor. Unlike a fax broadcast, text messaging allows marketers to embed a live link to a web landing page, as well as an instantly accessible means for recipients to opt out, making bulk SMS marketing just a little bit more respectable. (Ever tried to get a faxpammer to stop? Ha!)
So what's the difference between bulk SMS cold-calling and plain old spam? Not much, except that it's newer and less fraught with sleaze. And here's something more: It's not free, so spammers can't just set up a computer and start sending 100 million spam messages a day at essentially no cost. Text messaging to phones requires that you have an SMS gateway, or an account with a service provider who has one. These are available to bulk senders, but at a price. Okay, it's not exactly postage, but it's at least a price.
Among the numerous offerings for bulk SMS gateway and software services are Mobomix and TXTwire. Both offer essentially unlimited sending with premium accounts, but both enforce opt-in requirements. That is, you can't just upload a database of phone numbers, such as the 5 million or so in the CarePrecise database, and start texting. Instead, these services require that you are sending only to your own customers or others who have explicitly said, "Yeah, okay, text me spam."
Of course, there's always a workaround. Another company, SMScountry, offers an Excel plug in that lets you send personalized text messages. While they have a similar anti-spam policy, the way the system works would make it difficult to police. As with all bulk SMS systems, it isn't particularly easy for a recipient to contact the carrier to complain. The carrier backbone for SMS is a bit primitive compared with that of email, and there are fewer hooks for filtering messages by the carriers, should they ever want to do what ISPs are doing about email spam. It's pretty much up to the owner of the gateway.
In the war between marketers and physicians, both sides escalate as new weapons or defenses arise. A fax isn't likely to ever see a doctor's spectacles, but that same unreachable physician isn't really that unreachable if you can get his email address or phone number. Naturally, it helps to have her mobile number rather than just the office phone, for obvious reasons. But if you've got a product to sell to docs, any opening is a huge gaping hole, and, even if the text message gets converted to a computer-voiced voice mail message, and, even if only the smallest percentage reach a bona fide phyz, maybe paying $60 a month for a bulk gateway account with few limits sounds good to you. And a good many of those published numbers are cell phones, some portion of them presumably reaching right into a doctor's pocket.
Bulk SMS has its Whitehat side, of course. Services that allow you to enter your customers' account info and send text billing notices, patient appointment reminders, among a host of other applications, are opening up the commercial use of phone messaging. I opted in for a J.C. Penney's coupon texting service, and I use it.
But let's say you've got a nice big customer list, folks who freely gave you their phone numbers (long before the advent of SMSpam, but still...). Can you send em all a coupon, or a new product announcement, or an offer of a free EHR assessment? I want to say no, but we send these same customers more-or-less "unsolicited" email, at least in the sense that they never explicitely said "Send me your coupons," but something more like "Send me product update notices via your monthly newsletter." That phone number was optional, right? Houston, we have achieved opt-in.
Certain advantages of smartphones, such as the ability to blacklist messagers, are a helpful control. The barriers to entry are currently very high for an SMSpammer who wants to set up his own unrestricted gateway, so he'll be using these third party services and, perhaps, have to behave himself. But look for text marketing to grow wildly in the near future.
Check out our page on Marketing to Healthcare Providers.
So what's the difference between bulk SMS cold-calling and plain old spam? Not much, except that it's newer and less fraught with sleaze. And here's something more: It's not free, so spammers can't just set up a computer and start sending 100 million spam messages a day at essentially no cost. Text messaging to phones requires that you have an SMS gateway, or an account with a service provider who has one. These are available to bulk senders, but at a price. Okay, it's not exactly postage, but it's at least a price.
Among the numerous offerings for bulk SMS gateway and software services are Mobomix and TXTwire. Both offer essentially unlimited sending with premium accounts, but both enforce opt-in requirements. That is, you can't just upload a database of phone numbers, such as the 5 million or so in the CarePrecise database, and start texting. Instead, these services require that you are sending only to your own customers or others who have explicitly said, "Yeah, okay, text me spam."
Of course, there's always a workaround. Another company, SMScountry, offers an Excel plug in that lets you send personalized text messages. While they have a similar anti-spam policy, the way the system works would make it difficult to police. As with all bulk SMS systems, it isn't particularly easy for a recipient to contact the carrier to complain. The carrier backbone for SMS is a bit primitive compared with that of email, and there are fewer hooks for filtering messages by the carriers, should they ever want to do what ISPs are doing about email spam. It's pretty much up to the owner of the gateway.
In the war between marketers and physicians, both sides escalate as new weapons or defenses arise. A fax isn't likely to ever see a doctor's spectacles, but that same unreachable physician isn't really that unreachable if you can get his email address or phone number. Naturally, it helps to have her mobile number rather than just the office phone, for obvious reasons. But if you've got a product to sell to docs, any opening is a huge gaping hole, and, even if the text message gets converted to a computer-voiced voice mail message, and, even if only the smallest percentage reach a bona fide phyz, maybe paying $60 a month for a bulk gateway account with few limits sounds good to you. And a good many of those published numbers are cell phones, some portion of them presumably reaching right into a doctor's pocket.
Bulk SMS has its Whitehat side, of course. Services that allow you to enter your customers' account info and send text billing notices, patient appointment reminders, among a host of other applications, are opening up the commercial use of phone messaging. I opted in for a J.C. Penney's coupon texting service, and I use it.
But let's say you've got a nice big customer list, folks who freely gave you their phone numbers (long before the advent of SMSpam, but still...). Can you send em all a coupon, or a new product announcement, or an offer of a free EHR assessment? I want to say no, but we send these same customers more-or-less "unsolicited" email, at least in the sense that they never explicitely said "Send me your coupons," but something more like "Send me product update notices via your monthly newsletter." That phone number was optional, right? Houston, we have achieved opt-in.
Certain advantages of smartphones, such as the ability to blacklist messagers, are a helpful control. The barriers to entry are currently very high for an SMSpammer who wants to set up his own unrestricted gateway, so he'll be using these third party services and, perhaps, have to behave himself. But look for text marketing to grow wildly in the near future.
Check out our page on Marketing to Healthcare Providers.
July 1, 2011
Health IT Talent at a Premium, or Take 2 Aspirin and Call Me a Headhunter
It's hardly news that the pool of qualified healthcare information technology professionals is drying up as providers and vendors race to meet tech deadlines associated with federal HIT funding programs. For HIT folk like us, this rocks! Except, of course, when we're trying to flesh out project staff and we learn that the talent is beginning to know what it's worth.
At stake is the $25 billion allocated in 2009 by the American Recovery and Reinvestment Act for EHR and other health IT outlays. Providers can be compensated for costs if they jump through the hoops by certain dates, with several important deadlines coming through the next several months. July 3 is the last day for hospitals to begin the 90-day reporting period in which they must demonstrate Meaningful Use for the Medicare EHR incentive program for federal FY 2011.
Oct. 3, 2011 is the last day for physicians to begin their Meaningful Use reporting period for EHR, and November 30 the curtain drops on general and critical access hospitals registering for payments. And that's just a handful of the headaches.
In addition to all of this activity, ICD-10 and 5010 implementations are also looming. If you're in HIT and you haven't asked for a raise, as my daddy used to say, "What's wrong, cat got your tongue?" (Apologies to our CIO friends.)
At stake is the $25 billion allocated in 2009 by the American Recovery and Reinvestment Act for EHR and other health IT outlays. Providers can be compensated for costs if they jump through the hoops by certain dates, with several important deadlines coming through the next several months. July 3 is the last day for hospitals to begin the 90-day reporting period in which they must demonstrate Meaningful Use for the Medicare EHR incentive program for federal FY 2011.
Oct. 3, 2011 is the last day for physicians to begin their Meaningful Use reporting period for EHR, and November 30 the curtain drops on general and critical access hospitals registering for payments. And that's just a handful of the headaches.
In addition to all of this activity, ICD-10 and 5010 implementations are also looming. If you're in HIT and you haven't asked for a raise, as my daddy used to say, "What's wrong, cat got your tongue?" (Apologies to our CIO friends.)
March 18, 2011
Health Information Exchange Finance Study
Lately I've been asked by multiple people about the RHIO/HIE work we did a few years ago. With wider adoption of EHR and EMR, health information exchanges are finally beginning to be able to sink their teeth into data, and their value is being better understood. Still the most detailed analysis of HIE finance is the two-year study conducted while I was senior analyst at Healthcare IT Transition Group. The full 129-page study is now available online again.
November 22, 2010
Again: Why Is It You Don't Protect My Health Data?
Why do health plans and providers refuse to secure sensitive data when encrypting it costs nothing at all?
According to a study out of HHS that tracks healthcare data breaches, laptop computer theft was the most prevalent cause of data theft, involved in 24% of breaches. Desktop computers accounted for 16% of the breaches. Physical security is cited as an issue; had computers been kept behind locked doors, fewer would have been stolen. But that's just silly. You can't be locking and unlocking office doors all day long, and keeping a laptop in a locked room is sort of not the whole point of a portable computer.
So, why wasn't the data encrypted? "Ah," you say, "Let me explain our reasons: (1) encryption isn't really secure, (2) it costs money and wastes my time, (3) difficult to administer in an organization, and (4) I could be forced to type in my password at gunpoint."
Well, (1), wrong. Encryption is really secure; the chances of anyone being able to break modern layered encryption are somewhere between zero and non-existent* (except for pure random chance, unfortunately, like when they guess your password is hGRw5k9oBn28, or Let's1andallGo(straight)2Shaneequah'sHouse). Despite what the movies would have you believe, random strings and big long phrases with numbers and punctuation are easy to remember, but astronomically difficult to guess, even using brute force cracking software. ILoveMyCat isn't.
And, (2), wrong. Once setup on a laptop, an "encrypted volume" is just like another hard drive, and to use data on it you simply type in a password. No wasted time (oh, well, alright, however long it takes you to type in a handful of characters -- how bad are your keyboarding skills?).
And, (3), wrong. Are you just OK with losing my data, or is work too hard for you? And that old saw about not being able to administer open source software is inapplicable. Who cares if an admin can tweak and fiddle with the copies of copies of copies of redundantly off-site backed-up data that some lower-down has on his laptop?
And, (4), wrong again. The fear of being held at gunpoint while you type in a password for a file your attacker can see on your computer is simply a waste of good adrenaline. Modern encryption software provides full deniability, such that even the sensitive files themselves are invisible; which is to say, they are hidden encrypted inside another file, one that opens to reveal some non-sensitive content when you use one password, and the sensitive stuff when you use another password. Unless the attacker can see inside your head, he doesn't know the data is even there.
And it's free. Yup. Free, open source, downloadable, and you can have it on your laptop and running beautifully in minutes. We don't have any connection with the product, but we've been using it for years. It's called TrueCrypt. Setup took all of 15 minutes. Five years ago. If you don't use it and you lose my healthcare data, I'm going to be really ticked.
Okay, end of rant. Until the next stupid data breach.
*Alright, let's just say that the odds against are so unfavorable that even the most seasoned hackers won't take the bet.
According to a study out of HHS that tracks healthcare data breaches, laptop computer theft was the most prevalent cause of data theft, involved in 24% of breaches. Desktop computers accounted for 16% of the breaches. Physical security is cited as an issue; had computers been kept behind locked doors, fewer would have been stolen. But that's just silly. You can't be locking and unlocking office doors all day long, and keeping a laptop in a locked room is sort of not the whole point of a portable computer.
So, why wasn't the data encrypted? "Ah," you say, "Let me explain our reasons: (1) encryption isn't really secure, (2) it costs money and wastes my time, (3) difficult to administer in an organization, and (4) I could be forced to type in my password at gunpoint."
Well, (1), wrong. Encryption is really secure; the chances of anyone being able to break modern layered encryption are somewhere between zero and non-existent* (except for pure random chance, unfortunately, like when they guess your password is hGRw5k9oBn28, or Let's1andallGo(straight)2Shaneequah'sHouse). Despite what the movies would have you believe, random strings and big long phrases with numbers and punctuation are easy to remember, but astronomically difficult to guess, even using brute force cracking software. ILoveMyCat isn't.
And, (2), wrong. Once setup on a laptop, an "encrypted volume" is just like another hard drive, and to use data on it you simply type in a password. No wasted time (oh, well, alright, however long it takes you to type in a handful of characters -- how bad are your keyboarding skills?).
And, (3), wrong. Are you just OK with losing my data, or is work too hard for you? And that old saw about not being able to administer open source software is inapplicable. Who cares if an admin can tweak and fiddle with the copies of copies of copies of redundantly off-site backed-up data that some lower-down has on his laptop?
And, (4), wrong again. The fear of being held at gunpoint while you type in a password for a file your attacker can see on your computer is simply a waste of good adrenaline. Modern encryption software provides full deniability, such that even the sensitive files themselves are invisible; which is to say, they are hidden encrypted inside another file, one that opens to reveal some non-sensitive content when you use one password, and the sensitive stuff when you use another password. Unless the attacker can see inside your head, he doesn't know the data is even there.
And it's free. Yup. Free, open source, downloadable, and you can have it on your laptop and running beautifully in minutes. We don't have any connection with the product, but we've been using it for years. It's called TrueCrypt. Setup took all of 15 minutes. Five years ago. If you don't use it and you lose my healthcare data, I'm going to be really ticked.
Okay, end of rant. Until the next stupid data breach.
*Alright, let's just say that the odds against are so unfavorable that even the most seasoned hackers won't take the bet.
October 19, 2010
Three More EHRs Make the Certified List
Three more electronic health record products have received certification under the federal program: RxNT EHR from Networking Technology, PrimeSUITE 2011 from Greenway Medical Technologies, and a system designed for use in behavioral health, the Avatar 2011 from Netsmart Technology.
PHR-Lite for Medicare Members
The Centers for Medicare and Medicaid Services has launched a new "Blue Button" feature on its MyMedicare.gov website. The app makes it possible for the 47 million Medicare members to access, print or download specific medical information. "Having ready access to personal health information from Medicare claims can help beneficiaries understand their medical history and partner more effectively with providers," the agency says. Having access to Medicare claims means having access to a virtually complete record of your healthcare incidents, the next-best thing to a personal health record (PHR), and it's updated for you by the government. Sweet!
October 18, 2010
Oops: EHR Final Rule Gaffe
If you downloaded the EHR vendor guides from the Office of the National Coordinator for Health IT (ONC), you'll want to download the fixes. The original releases did not include technical descriptions to enable electronic health records to exchange symptom surveillance data. They were “adopted in error” in the final rule for the initial standard for electronic health records, says ONC. As a result of numerous complaints since the flawed rule's release in July, an interim final rule "fix" has now been published in the October 13 Federal Register, to take effect November 12.
What's the flap all about? The rule didn't cover enabling EHR users to “electronically record, modify, retrieve and submit syndrome-based public health surveillance information,” according to language in the interim final rule, stating that the "purpose is to facilitate the electronic exchange of de-identified nationally notifiable conditions." The spec gave public health agencies methodology for reporting conditions, but no guidance on designing EHRs that could meet the standard.
If you liked the final rule, you're gonna love the sequel! Get the interim final rule here.
What's the flap all about? The rule didn't cover enabling EHR users to “electronically record, modify, retrieve and submit syndrome-based public health surveillance information,” according to language in the interim final rule, stating that the "purpose is to facilitate the electronic exchange of de-identified nationally notifiable conditions." The spec gave public health agencies methodology for reporting conditions, but no guidance on designing EHRs that could meet the standard.
If you liked the final rule, you're gonna love the sequel! Get the interim final rule here.
October 14, 2010
Ingenix Buys Even Deeper Provider Position
Nobody much thinks of Ingenix as a provider-centric company. As one of the cleverest helpmates to the payer side, providers might wonder at the company's sincerity in the provider vendor space. But a look at recent Ingenix acquisitions over recent months reveals a striking shift. Acquiring four companies serving the provider health IT market, Ingenix further expanded a portfolio that has been growing more provider-side for over a year now. The company claims that about 50% of its revenue now comes from the provider market, making it a significant provider vendor, despite its ownership by UnitedHealth Group. The recent acquisitions include A-Life Medical, Picis, Axolotl and Executive Health Resources. Over the past year, QualityMetric and CareMedic fell under the Ingenix umbrella. SaaS-based ambulatory EMR vendor LighthouseMD, now marketed as CareTracker, was purchased in 2007.
October 11, 2010
$727 Million to Health Centers
The Washington Post reports that the Obama administration announced $742 million from HHS will go to community health centers nationwide to build new medical clinics and bring technology in older clinics up to speed. This is in addition to the more than $2 billion already allocated to health centers from stimulus funds.
October 8, 2010
New Web-based Tool Improves Chronic Care
Say you're a physician caring for diabetes and heart disease patients. Would you like to have a tireless chronic care expert elf poring over your patients' records every night, comparing their care with evidence-based practices, looking for things you might not notice? Kaiser Permanente's lead author of an American Journal of Managed Care study, Adrianne Feldstein, MD, thinks maybe you should. "Patients in the U.S. receive only about half of the preventive and follow-up care now recommended by national guidelines," says Dr. Feldstein. A new web-based Panel Support Tool (PST) extracts information from the electronic medical record and compares it to care recommended by national guidelines. Read the article in Healthcare IT News.
Subscribe to:
Posts (Atom)