Health Technology Critics Are Missing the Point (Part 2)

Modern smart devices effectively put personal computers in the pockets of a hospital’s entire staff. Along with that convenience comes the siren call of workplace distractions. It is all too easy to whip out a phone for a quick text, a few Facebook posts, and a round of Words with Friends on the job. While that may not be the end of the world in other office positions, a poorly timed conversation in healthcare could be the difference between lifeand death.

A recent email blast from Plexus Institute entitled "Do Electronic Devices in Health Care Present New Risks for Patient Safety" resonated with me on a very deep level, confirming suspicions gathered from informal conversations across the country. Fifty-five percent of perfusion technicians admitted having cell phone conversations while monitoring machines--and half had texted during surgery. Then a New York Times story by Matt Richtel highlighted a malpractice case in which a neurosurgeon made more than 10 personal calls during surgery to family members and business associates.

Phone calls during surgery? Texting while checking on patients? Those seem like fairly large red flags begging for regulation. As it turns out, those regulations already exist, they just aren’t enforced. “Managers are noticeably absent from the front line. It happened very slowly over a long period of time; their workload increased and changed, demanding that they spend more time in meetings and their offices,” says Hospital Impact’s Kathleen Bartholomew. “While most hospitals have a policy regarding the use of technology for personal reasons during work, very, very few actually enforce that rule…If it's not enforced, then it's not a rule. It's the norm.”

This is yet another case where simple education and enforcement would make the world of difference. Social media, if handled in perfect conditions, could provide medical professionals with the opportunity to communicate large concepts in real-time. Physicians could provide the medical advice that consumers are looking for, but accurately. They could share updates, pharmaceutical recalls, and outbreak information in a timely way.

There are plenty of good arguments against new technologies, but at the end of the day, it comes down to using technology in the best possible way, not just sweeping it under the rug.

-------------------------------------------------------------------------------------------

Pam Argeris is a thought leader in the Healthcare Industry and possesses extensive, hands-on experience with CMS compliance, and multiple regulatory bodies such as NCQA, JACHO, and DOI. In her role at Merrill Corp., Pam focuses on developing solutions for compliance and quality assurance, delivered in a cost effective manner to improve beneficiary and prospect communications. You can contact Pam at Pamela.Argeris@merrillcorp.com.

Health Technology Critics Are Missing The Point (Part 1)

In our past blogs, we have always approached the concept of revolutionary health technology with open arms. We feel that healthcare, like any industry, needs to constantly evolve and improve in order to stay relevant. After all, if WebMD ever becomes more up-to-date than a family physician, who would bother paying for an appointment? However, there is another side to this argument. Many industry experts, including members of the Department Health and Human Services (HHS) and the Centers for Medicare and Medicaid Services (CMS), feel that too much tech, too quickly, will cause massive compliance issues and will put the data of millions at risk. Is there truth to what they're saying?

There are serious arguments on both sides, but since we have been favoring one view over the other, it’s time to look at some of the reasons many in the health industry are hoping that social media and mobile technology simply fade away. Among the most common of these is the thought that technology has simply moved along too quickly, and that protective best practices have yet to catch up. Many in the industry are looking to HIPAA for answers, expecting laws to be passed down from above, but this is likely going to remain an issue for individual hospital managers to deal with; at least for the time being.

A few weeks ago, we posted some Ponemon Study statistics revealing that, despite being used by 80% of health organizations, only half of the country’s healthcare facilities have any regulations for the use of smart phones and other mobile devices. Until HHS can catch up with the shockingly fast wave of consumer demand, the number of mobile-related data breaches is only going to rise. And this isn’t the only risk mobile devices create. On the consumer end of the spectrum, things aren’t looking much better.

The lack of regulated health apps for mobile devices means that many consumers are turning to whatever options are out there. They are being fed inaccurate information from applications and websites that are, for the moment, unregulated and unmonitored. Those consumers are going into medical practices with their own (frequently incorrect) opinions of their symptoms, giving docs a false impression. Even worse, some consumers are taking these web-sourced diagnosis apps at face value, and seeking out prescriptions or over-the-counter medications they don’t actually need. This is a space where the medical industry really has a chance to make a difference. The social benefits of creating a physician-run network of medical advice are staggering, yet no such initiative has come to fruition.

In our next blog, we’ll focus in further on how mobile technology is impacting the workers on the floors of hospitals and private practices.

-------------------------------------------------------------------------------------------

Pam Argeris is a thought leader in the Healthcare Industry and possesses extensive, hands-on experience with CMS compliance, and multiple regulatory bodies such as NCQA, JACHO, and DOI. In her role at Merrill Corp., Pam focuses on developing solutions for compliance and quality assurance, delivered in a cost effective manner to improve beneficiary and prospect communications. You can contact Pam at Pamela.Argeris@merrillcorp.com.

CMS Calls for Sunshine

On Wednesday, CMS announced their proposed Sunshine Rule, an addendum to the Affordable Care Act (ACA) that would require a very specific kind of transparency. The overarching goal of the rule, much like the remainder of the ACA, is “better care at reduced costs.” Under this new regulation, certain drug or device producers would need to report on any financial relationships they share with healthcare providers.

“When people are faced with the difficult task of choosing the right doctor, they need all the information they can gather. If your doctor is taking money from manufacturers of prescription drugs, suppliers of wheelchairs or other devices, you deserve to know about it,” said Peter Budetti, M.D. CMS deputy administrator for Program Integrity.  “Disclosure of these relationships will discourage the inappropriate influence on clinical decision-making that sometimes occurs while still allowing legitimate partnerships.”

If accepted, the rule will take effect on January 1, 2012.

CMS stressed that the purpose of the rule was not to end the endorsement of medical devices or prescriptions, but simply to make consumers more aware that these financial relationships exist. Effected manufacturers would include, “manufacturers of drugs, devices, biologicals, and medical supplies covered by Medicare, Medicaid, or the Children’s Health Insurance Program.” These manufacturers would be required to report any financial compensation or “transfers of value” made to teaching hospitals or physicians. Both parties would have the opportunity to review the report before it is made public.

Healthcare transparency is rarely a negative thing, and the consumer benefits of Sunshine seem obvious. However, there will always be opponents to new compliance legislation, and we’d love to hear those opinions. If you have strong feelings or evidence against (or in support of) the Sunshine Rule, leave them in the comments below.

-------------------------------------------------------------------------------------------

Pam Argeris is a thought leader in the Healthcare Industry and possesses extensive, hands-on experience with CMS compliance, and multiple regulatory bodies such as NCQA, JACHO, and DOI. In her role at Merrill Corp., Pam focuses on developing solutions for compliance and quality assurance, delivered in a cost effective manner to improve beneficiary and prospect communications. You can contact Pam at Pamela.Argeris@merrillcorp.com.

Is There a Solution for Healthcare Data Breaches?

Last week, we brought up some startling statistics about data breaches in the health industry. Among the most significant of those was the fact that the number and severity of breaches has not decreased since we last wrote about them in 2010. Instead, the number of breaches had increased by 32%. We looked at the causes of those breaches and found that, as usual, the majority of them were due to employee error, lack of security, and lazy or “sloppy” security practices.

It seems clear, then, that the first step in solving the issue of data security in health care is to start with the workers.

Accidents will always happen. No amount of security can prevent that, but that doesn’t mean that security training is a wasted effort. “More than 80 percent of healthcare organizations use mobile devices that collect, store and/or transmit some form of PHI,” says last week’s Ponemon study. “Yet, half of all respondents do nothing to protect these devices.” File encryption, passwords, and limited remote access are simple steps that could prevent stolen devices from spreading sensitive data.

Even more simply, employees could be better trained to monitor and protect mobile devices. We used the example last year of a sensitive file left in the back seat of a public cab, and now the same thing is happening with cell phones, tablets, and laptops. Health workers need to be trained in the dangers of such careless behavior, if we are ever going to see a change. But, there is a larger problem at the core of the issue.

Health administrators need to re-think their security policies. Ponemon’s study pointed out some very large flaws in this area.

Only 22 percent of organizations say their budgets are sufficient to minimize data breaches. 83 percent of hospitals have clearly written policies and procedures to notify authorities of a data breach, but 57 percent don't believe their policies are effective. The research indicates that the closer the personnel are to the data-such as billing and IT-the higher the probability of not following policies and procedures. 42 percent of respondents say administrative personnel in their organizations do not understand the importance of protecting patient data.

The numbers here tell the whole story. Nearly half of the participating health organizations do not see any importance in protecting patient data. Even more feel that existing policies aren’t effective. If so many people see problems in existing security policies, why is no one looking at improving them?

-------------------------------------------------------------------------------------------

Pam Argeris is a thought leader in the Healthcare Industry and possesses extensive, hands-on experience with CMS compliance, and multiple regulatory bodies such as NCQA, JACHO, and DOI. In her role at Merrill Corp., Pam focuses on developing solutions for compliance and quality assurance, delivered in a cost effective manner to improve beneficiary and prospect communications. You can contact Pam at Pamela.Argeris@merrillcorp.com.

Why Are Health-Related Data Breaches Increasing?

We’ve been writing about healthcare data breaches since the first months of our blog, and the problem has yet to improve. A Ponemon Health press release this afternoon showed a 32% increase in health industry data breaches since 2010. Some analysts continue to blame controversial electronic health record legislation, but just as we reported back in August, most of this year’s data insecurities have been related to sloppy security practices and employee error. Here are the raw statistics from Ponemon’s release:

• 41% of surveyed health care organizations attributed their breaches to “sloppy employee mistakes.”
• 80% of organizations carry sensitive information on mobile devices, including laptops, mobile phones, external hard drives, or other technology, and…
• 49% of the breaches were caused by lost or stolen mobile devices, and even worse…
• Around 50% “said theirorganization does nothing to protect the information contained on mobiledevices.”
• 55% of health care organizations claim to have no confidence in their ability to detect a privacy breach.

All of the evidence points directly to mobile devices, and thus, EHR’s.  And it is hard to argue with the logic that electronic records can’t get stolen if they don’t exist, but there is an inherent flaw in that thinking.

A popular Ukrainian song contains a similar sentiment, “If you don’t have a house, house fires won’t scare you…Think on your own, decide on your own, to have or not to have.” Of course there is a risk of EHR theft, but that is no reason to dismiss a largely beneficial system. Not to mention the fact that printed documents are just as easily lost as cell phones are.

Next week, we’ll look at some ways to improve data security while still embracing the positive aspects of health care technology.

-------------------------------------------------------------------------------------------

Pam Argeris is a thought leader in the Healthcare Industry and possesses extensive, hands-on experience with CMS compliance, and multiple regulatory bodies such as NCQA, JACHO, and DOI. In her role at Merrill Corp., Pam focuses on developing solutions for compliance and quality assurance, delivered in a cost effective manner to improve beneficiary and prospect communications. You can contact Pam at Pamela.Argeris@merrillcorp.com.