Healthcare Technology

Archive for Healthcare Technology

Consumerization Is Not A Bad Word

When you say consumerization, especially with respect to healthcare, people often jump to conclusions about valuing service over substance. There’s a lot of confusion over the meaning of consumerization, whether it’s possible in healthcare, and whether it’s happening. I recently had the privilege of speaking at the Washington State Health Exchange’s Annual Board Retreat on this topic. (Perhaps you saw it, the event was live-streamed to the public. 😉 ). The Health Exchange is pondering questions of how to attract new users, how to better serve their needs, and how to make the experience more useful and engaging. And, this my friends is consumerism, or at least one facet of it: user focus, better service, understanding needs. Doesn’t sound bad at all, does it? In fact, it sounds like something any good service or organization should be doing for its customers.

Consumer-centered pain scale. Baymax from Disney's Big Hero Six

Consumer-centered pain scale. Baymax from Disney’s Big Hero Six

And there’s that word, customers. That’s the debate. Are patients really customers? Not really, often they don’t have a choice, either because of their insurance coverage or from the necessity of an emergency where decisions are often made for patients. However, patients, and everyone else for that matter (except people in North Korea), are consumers, and they judge healthcare experiences both service delivery and technology as consumers. Think of it like this, your patients will judge your experiences through the lens of any other service they’ve interacted with. Fair or not, they will do that. Why do they do this? It’s human nature to remember positive experiences and try to seek them out. Although there’s another reason: high-deductibles are also driving people to examine where they are spending their healthcare dollars, and they evaluate based on outcomes, convenience, and the overall experience.

Since healthcare technology is my area of expertise, let’s stick to that rather than critiquing hospital parking, food, or beds. (Although these are often things that impact HCAHPS scores.) Consumerization when applied to health IT means that patients have an expectation that any technology you ask them to engage with, and especially technology you ask them to install on their own devices, will be as usable as any other app they’ve installed.

Consumerization also impacts internal health IT. Doctors were the first wave, when they pushed using their own devices to text with other providers within the hospital setting. (In IT this is often referred to as “bring your own device.”) The pager became obsolete and replaced with our own always on, always connected mobile devices. (Sadly, the fax machine, like a cockroach, keeps hanging in there.)

Patients are also bringing their own devices, and using them in waiting rooms and hospital beds. We’ve had patients reporting their own symptoms using Wellpepper interactive care plans from their hospital beds. This presents an opportunity to engage, and at a low cost: they are supplying the hardware. The final wave of consumerism will happen when clinicians and other hospital staff also demand convenient, usable, and well-designed tools for clinical care.

Consumerization is late to arrive in healthcare IT. Other industries have already reached tail end of this wave, and have already realized that technology needs to be easy to use, accessible, interoperable, and designed with the end-user foremost. However, consumerization is coming, both from internal staff demands and patients. Technology, healthcare IT, and the people that build and support it are facing scrutiny, being held to higher standards, and becoming part of the strategic decision-making healthcare organizations. This is a great thing, as it will result in better clinician and patient experiences overall, because at its core consumerism is about expecting value, and ease and getting it, and who doesn’t want that?

Posted in: Healthcare Disruption, Healthcare Technology, Healthcare transformation, Interoperability, M-health, Outcomes, Patient Satisfaction

Leave a Comment (0) →

Mary Meeker’s 2017 Healthcare Trends Report Shows Opportunity

An annual highlight of Recode’s CodeConf is Mary Meeker’s internet trends report. Last year, I had the pleasure of hearing her in person, and I’m not sure I’ve ever heard a presentation with so much good data, presented so quickly. This year, I wasn’t able to attend, but she also ran out of time for some of the most important slides for a healthcare entrepreneur like me. Based on a quick run-through of the deck, these three slides struck me. (If you want to see the full section on healthcare, it starts at Slide 288.)

Not surprising that consumers expect digital health services, or that Millenials lead in most categories. It’s also not surprising that Boomers have sought the most remote care–they have probably sought the most care overall. It might be interesting to see this pro-rated by care usage. That Boomers are not looking at online reviews is very interesting given how much attention the surgeons we work with give to them.

 

 

 

 

 

 

 

 

 

 

 

 

Even with all their consumer device troubles, Samsung squeaks above Apple, and Facebook and Amazon both with a tremendous amount of data about you, are still reasonably well trusted. Both Microsoft and Google have tried and failed previously to own your personal health record, but they are well positioned to do so. What would also be interesting is to see these trust levels against traditional healthcare companies like GE or Johnson & Johnson.

 

 

 

 

 

 

 

 

 

 

 

 

EHR adoption is not surprising since it was mandated through meaningful use. It’s a bit depressing to look at the 2004 stats, and think back to which parts of your life weren’t digital in 2004, and compare that to your medical records. However, the biggest opportunity we see in this slide is dramatically expanding the data points available by tracking patients outside the clinic. Physicians are making decisions with only a few data points when there is so much richer information available through patient-entered and patient generated data.

Posted in: Healthcare Research, Healthcare Technology, Healthcare transformation

Leave a Comment (0) →

Comprehensiveness + Comprehension: effect of technology on discharge instructions

Whether patients are leaving the emergency department or being released from an extensive hospitalization, they need discharge instructions in order to solve their initial problem, better self-manage, and coordinate the appropriate follow-up. These instructions are typically written and are also articulated to the patient. We know that due to varying levels of health literacy, or the degree to which individuals have the capacity to process and understand basic health information needed to make appropriate health decisions [1], a patient is especially vulnerable during the process of discharge in terms of overall understanding and appropriate follow through. Can technology empower patients operating from a position of weakness in this transition?

  • According to the 2013 study entitled Information Technology Improves Emergency Department Patient Discharge Instructions Completeness and Performance on a National Quality Measure, researchers were able to show that electronic discharge instructions were more complete than paper-based information. The electronic discharge instructions had 97.3% compliance to a CMS quality measure while the paper-based discharge instructions were at 46.7%. This compliance is more than doubled with electronic discharge documentation (relative risk 2.09, 95%CI 1.75-2.48) [2]; however, there were no statistically significant differences in documentation of patient care instructions nor diagnosis between paper-based and electronic formats.
  • In a 2015 study entitled Readability of patient discharge instructions with and without the use of electronically available disease-specific templates, patient readability of a web based discharge module, which has diagnosis-specific templated discharge instructions, was assessed. Patients had better readability with electronic templated discharge instructions than those that were clinician-generated (p< .001). Furthermore, the primary reason doctors created discharge instructions by themselves was due to lack of disease specific template availability.

The most exciting time in medicine is now, where the application of information technology during vulnerable transitions can provide a patient more complete information that he/she can actually act upon. Taken together, these studies suggest enhancement of both comprehensiveness and comprehension; the former very important for the primary care physician who will assume care of this patient status post hospitalization and the latter important for the patient’s overall health literacy necessary for improvement. The next logical extension is to have web based applications assist a patient in the transition from the hospital to the outpatient setting, something that innovative companies like Wellpepper are doing.

References

  1. Nielsen-Bohlman, L.; Panzer, AM.; Kindig, DA. Health literacy: A prescription to end confusion. National Academies Press; Washington, DC: 2004.
  2. Bell EJ et al. Information Technology Improves Emergency Department Patient Discharge Instructions Completeness and Performance on a National Quality Measure: A Quasi-Experimental Study. Appl Clin Inform. 2013; 4(4): 499–514.
  3. Mueller SK et al. Readability of patient discharge instructions with and without the use of electronically available disease-specific templates. J Am Med Inform Assoc. 2015; 22(4): 857-63.

Posted in: Healthcare Technology, Patient Satisfaction

Leave a Comment (0) →

Falls Challenge

How might we enable older adults to live their best possible life by preventing falls? We have entered a challenge with AARP and IDEO to bring our proven falls solutions to the masses. Along side our partners at Harvard and Boston University, we believe that using mobile technology to enhance and scale a proven falls prevention program will lead to better life by increasing access to care and decreasing costs.

The challenge started with over 220 submissions and recently weeded down to the top 40. We’re thrilled to have made the first cut. Our method is proven and we invite you to participate in the next round to refine our idea and help achieve greater impact.

Click here to check out our entry!

 

 

Posted in: Aging, Clinical Research, Healthcare Technology, Outcomes, Physical Therapy, Research, Uncategorized

Leave a Comment (0) →

Home Sweet Home

Our goal at Wellpepper has always been to make sure patients have a top-notch experience with our Partners. What better experience can patients have than being in the comfort of their own home while rehabilitating from a joint replacement? An article was recently published in the New York Times that really hits home for us. Not only is in-home therapy more cost-effective than inpatient rehabilitation, but it significantly decreases the risk for adverse events.

More and more studies are showing that patients are generally happier and actually prefer being at home during their recovery from a joint replacement. A study published earlier this year in Australia found that inpatient rehabilitation did not provide an increase in mobility when compared to patients participating in a monitored home-based program.

Don’t get me wrong, inpatient rehabilitation is extremely valuable to have. In fact, we are starting to see more patients interact with their Wellpepper digital treatment plans in an inpatient setting and then continuing once discharged home.

Rehabilitation is not a one size fits all solution and much depends on a patient’s general health and attitude. The ability to be flexible and innovative in providing treatment is crucial when evaluating a patient’s needs for rehabilitation. With Wellpepper digital treatment plans, we enable health systems to bring the expertise and personalization of inpatient rehabilitation to their patient’s mobile devices, so that they may recover from their surgery in the comfort of their own homes.

Posted in: Behavior Change, Healthcare motivation, Healthcare Technology, patient engagement, Patient Satisfaction, Physical Therapy

Leave a Comment (0) →

T2 Telehealth aka ATA 2017 aka ATA 23: Part 2, How Did We Get Here and Where Are We Going?

This was my second trip to Orange County Convention Center this year, so it was hard not to compare and contrast the annual American Telemedicine conference to HIMSS, the biggest health IT conference. As well, it was my third time at the ATA conference, back after skipping in 2016, and the gap made it easier to reflect on previous years as well.

The ATA annual is almost 10 times smaller than HIMSS, which makes it a lot less exhausting and easier to focus. There’s not a feeling that for every second you’re talking to someone you’re missing out on talking to someone else equally as interesting and valuable. (There is no shortage of interesting people, just a more manageable group.) The size also makes it a bit easier to talk to people as they’re not rushing off to walk a few miles across the convention center to the next session.

The first year I attended, 2014, the tradeshow floor was full of integrated hardware and software solutions, and Rubbermaid was even a vendor selling telemedicine carts. It was almost as though the iPad hadn’t been invented.  It was the year that Mercy Virtual launched their services as a provider of telestroke and telemonitoring for other health systems. A provider as a vendor caused a bit of a stir on the tradeshow floor.

By the next year, the integrated hardware and software vendors were dwindling, but talks were largely still given by academics and were focused on pilot projects that while showed success, talks often ended with a plea for thoughts on how to scale the program.

ATA evolved out of an academic conference and that’s still quite prevalent in the presenters who are often from academic medical centers, and reporting on studies rather than implementation. Data was important in all sessions, but measurement of value was inconsistent. In addition to academic medical centers, most leaders in telehealth seemed to be faith-based not-for-profits, like Mercy and Dignity, and as well as rural organizations where the value was clear.

That said, a welcome addition to this year’s content was two new tracks on Transformation and Value. I spoke in the Value track at ATA, along with Reflexion Health and Hartford Healthcare about the value of telerehab in total joint replacement, and we were able to share data points from real patient implementations, in addition to clinical studies. (If you’re interested, in the Wellpepper segment, get in touch.)

Although, harkening back to the day 1 keynote, the definition of value depended on the business model of the telemedicine platform being implemented. There’s no question that telestroke and neurology programs, and telebehavior programs deliver value especially in rural areas without direct access. At Wellpepper, we’ve seen definite results in post-acute care, both in recovery speed and readmissions.

In other sessions the value was not as clear and no one was able to fully refute the study that when offered the choice, patients used telemedicine in addition to in-person visits, thus driving up costs. In fact, the director of telemedicine for a prominent healthcare organization confirmed that patients were using televisits for surgical prep when they could have just read the instructions given to them. (Or interacted with a digital care plan like Wellpepper.)

As with every technology conference the voice of the patient was absent, with the exception of head of Mercy Virtual Randall Moore, MD who started all his presentations by introducing us to patient Naomi who was able to live out her life at home, attend bingo, and enjoy herself due to the benefits of the wrap-around telemedicine program that Mercy put In place. Oh, and it cost a lot less than the path of hospital admissions she’d been on previously. Sounds like triple aim, and what we all need to aspire to.

So, based on the keynotes, the sessions, and the show floor, I’d characterize this year’s conference as a world in flux, like what’s going on elsewhere. There was a sense of relief that the ACA had not been repealed. HIMSS took place before the proposed repeal and replace plan died, and there was a lot more fear and uncertainty. Vendors and providers alike are looking to strengthen the value chain. Unlike HIMSS, there was a lot less hype. Machine learning and AI were barely mentioned except in keynotes possibly because telemedicine is still largely a world of real-time visits, and extracting meaning from video is a lot harder than from records. We see promise, people want to do the right thing, but it’s not clear which direction will help us ride out the storm.

 

Still trying to figure out what this has to do with Telemedicine. Look better on realtime visits?

Posted in: Healthcare Disruption, Healthcare Legislation, Healthcare motivation, Healthcare Policy, Healthcare Technology, M-health, Prehabilitation, Rehabilitation Business, Telemedicine

Leave a Comment (0) →

Telehealth 2.0: Our picks for Orlando

File-2016-3478-2017_ATATradeshow_1920_25I am really looking forward to heading to Orlando for the American Telemedicine Conference, aka Telehealth 2.0. Seattle has been under a rain cloud this entire year, and I want to see the sun. I’m also looking forward to sharing our findings in using asynchronous mobile telehealth for remote rehabilitation with patients recovering from total joint replacement. I’ll be speaking with our colleagues from Hartford Health, Reflexion, and Miami Children’s Hospital on Sunday during the first breakout sessions. Hope to see you there!

In addition to the topics about legislation and regulations, it’s great to see these sessions on value, quality, and new treatment models. Here are some of Wellpepper’s picks for the conference.

Sunday

Monday

Tuesday

Now with all this great content, networking and a talk to prepare, when will I see the sun?

Posted in: Adherence, Behavior Change, Health Regulations, Healthcare Disruption, Healthcare Legislation, Healthcare Policy, Healthcare Research, Healthcare Technology, patient engagement, Telemedicine

Leave a Comment (0) →

EvergreenHealth: Evolving Care Outside The Clinic for Better Outcomes

In 2016 we formally announced our collaboration with EvergreenHealth to deliver interactive care plans for Total Joint Replacement.

“Across our organization, we strive to be a trusted source for innovative care solutions for our patients and families, and our partnership with Wellpepper helps us deliver on that commitment,” said EvergreenHealth CEO Bob Malte. “Since we began using Wellpepper in 2014, we’ve seen how the solution enhances the interaction between patients and providers and ultimately leads to optimal recovery and the best possible outcomes for our patients.”

EvergreenHealth is an integrated health care system that serves nearly 1 million residents in King and Snohomish counties in Washington State, and offers a breadth of services and programs that is among the most comprehensive in the region. More than 1,300 physicians provide clinical excellence in over 80 specialties, including heart and vascular care, oncology, surgical care, orthopedics, neurosciences, women’s and children’s services, pulmonary care and home care and hospice services. With expansion into more rural areas, and a catchment area that serves Seattle’s ‘eastside’ home to Microsoft and other major technology companies, delivering virtual care is both an imperative for an an expectation of EvergreenHealth patients.

Since our initial announcement, we’ve seen thousands of patients complete care plans and outcome surveys, and expanded within the musculoskeletal service line to include preventive care, spine surgery, and general rehabilitation.

User Experience

EvergreenHealth has a white labeled version of the Wellpepper patient application called MyEvergreen and available in Android and Apple App Stores. Clinicians use the Wellpepper clinic portal, and receive alerts to their email inbox if patients report any issues or unexpected outcomes.

EvergreenHealth has deployed care plans based on their own clinical best practices. 

Outcomes

  • Thousands of patients have used Wellpepper interactive care plans at EvergreenHealth
  • Interactive care plan users show higher scores on standardized outcome reports than those tracking outcomes without an interactive care plan
  • EvergreenHealth patients show a higher engagement level than Wellpepper’s overall 70% engagement

I would not want to have another knee surgery without the app. I was 81 and it wasn’t hard for me at all!

Total Knee Replacement Patient at EvergreenHealth

Technology

This deployment used a white labeled Android and iOS application for patients, and a clinic portal for clinicians. Patient invitation is synched with the Cerner medical records software using an ADT feed. Clinicians are notified of patients requiring additional help with an email alert. Wellpepper’s entire HIPAA secure platform was leveraged for this implementation, and EvergreenHealth deployed custom care plans based on their own best practices. They continue to add innovative features as they are added to the Wellpepper platform.

Posted in: Exercise Physiology, Healthcare costs, Healthcare Technology, HIPAA, Interoperability, M-health, Outcomes, patient engagement, Prehabilitation, Seattle

Leave a Comment (0) →

Wellpepper attends Episodes of Care Summit at Cambia Grove

Last week, Wellpepper CEO, Anne Weiler and I attended a half-day Episodes of Care Summit put on by Cambia Grove. It was great to see payers, providers and technologists come together to focus on initiatives that directly impact the patient experience. Here are some of our takeaways:

Horizon BCBS of New Jersey is an episodes of care pioneer

Focus on retroactive bundles before proactive. Episodes of care and bundled payments are often used interchangeably. An episode of care typically refers to a payment made retrospectively while a bundled payment typically refers to a payment made prospectively. Horizon BCBS of New Jersey first launched retrospective pilots in 2010 (total hip and total knee replacements). In this model, savings are shared with the physician or practice once quality benchmarks and patient experience thresholds are met and costs come in below budget. After 7 years of scale and success, Horizon is now launching more immediate, risk-based, prospective initiatives in 2017.

Drive success through quality. Horizon piloted with over 200 quality metrics with member-specific, risk-adjusted financial targets. Metrics are key in driving success. Identify 3-5 standard quality metrics and 2-4 episode-specific metrics.

Community involvement is imperative

It’s great to see continued focus on community involvement in innovation and healthcare. The Bree Collaborative is an excellent example of bringing together community and industry leaders to identify and promote strategies that directly impact patient outcomes, quality and affordability. Wellpepper firmly believes in the work that the Bree Collaborative is doing. In fact, our total joint and lumbar fusion care plans follow Bree recommendations.

The Episodes of Care Summit held breakout sessions that mapped out the ideal episode of care/bundle experience through the lens of people, process and technology. Think of people, process and technology as a three-legged table. Remove one leg and the table falls. If the three legs are not the same size, the table does not function properly. Effort needs to be allocated equally across people, processes and technology to drive behavior change. Reimbursement seemed to take a precedence in every conversation rather than the patient’s needs or the provider’s care. Until this mindset is fixed, it’s hard to focus on what healthcare is really about. Dr. Hugh Stanley, from the Bree Collaborative did an excellent job bringing the focus of the conversation back to the patient.

Memorable quotes from breakout sessions:

  • “Patients need to be at the center of episodes of care.”
  • “We need to capture patient satisfaction in real time.”
  • “I’m blown away I can get more info on a dog bed than a provider.”
  • “We need to rebuild the patient deductible and copay mindset.”
  • “The payer community has a responsibility to share information to publicize data that drives provider readiness.”
  • “Creating episodes vs bundles benefits providers and ultimately patients.”

Posted in: Healthcare Policy, Healthcare Technology, Healthcare transformation, patient engagement, Patient Satisfaction, Uncategorized

Leave a Comment (0) →

Using AWS with HIPAA-Protected Data – A Practical Primer

When we started building the Wellpepper platform four years ago, we thought carefully about how to build for privacy and security best practices as well as HIPAA compliance, since we work with customers in the healthcare industry. We chose to build the system entirely on Amazon Web Services (AWS), and learned a few things in the process about building HIPAA compliant applications on AWS. Hopefully this will be helpful to others considering AWS as the home for their healthcare online service, whether you’re a software company hoping to sell to healthcare systems (as a “Business Associate” in HIPAA terminology) or an internal development team at a health system (a “Covered Entity”).

It’s Not Rocket Science

As you probably already know, the Health Insurance Portability and Accountability Act (HIPAA) is made up of several parts. Usually when IT people talk about “HIPAA compliance”, they are talking about the Title II Security Rule which governs privacy and security practices for electronic protected health information (ePHI).

Many of the requirements in the HIPAA Security Rule are simply best practices for security and data privacy that have been written into law. Things like encrypting traffic travelling over a network. Anyone building good, secure software, should be following these principles anyway. You need to be informed of the requirements, and you need to make sure you establish ongoing practices for maintaining security and privacy, but it’s not rocket science. In fact, your health system (or healthcare customers) may actually have more stringent or additional data security requirements to what is required by HIPAA.

Our experience is that HIPAA isn’t a major departure from what we would have built anyway.

Stay Up To Date

HIPAA was established in 1996, with the final Security Rule being published in 2003. In some cases, the guidance has not kept up with current threats and practices in 2017. If you are developing healthcare software, you should be applying industry best practices in combination with the HIPAA requirements. Your ultimate goal needs to be protecting patient data, not just regulatory compliance. Invest in training yourself and your team and staying current. Some resources we found helpful:

Take Responsibility

Compliance usually isn’t at the top of an engineering team’s list of fun things, so it’s tempting to look for solutions that can abstract away the responsibility. There are a few online healthcare platform-as-a-service hosters that make claims in this direction. Be wary of these. No service can remove your responsibility for compliance.

We decided that using AWS infrastructure services was the best level of abstraction. This let us build new services, host data, and install 3rd party applications in our VPC with high confidence that we were living up to our promises to protect patient data.

In addition to thinking about your software solution, compliance also covers your business practices and policies for things like training, background checks, and corporate device security – securing your people. These are often overlooked areas that are really important, since security researchers complain that people are the weakest link in the security chain. As with your software design, the application of commonsense practices and good documentation will go a long way.

There is no single group that certifies systems as HIPAA compliant. However, HHS can audit you at any time, whether you’re a covered entity or a business associate. You should do your own internal assessments against the HIPAA Security Rule both when you are building new capabilities, and on an annual basis. Augment this with external third party reviews. You’ll want to be able to show summarized reports of both your internal process and a stamp of approval from an external auditor.

HHS produces a tool called the SRA tool which you might find useful in performing security rule assessments: https://www.healthit.gov/providers-professionals/security-risk-assessment-tool. We used this for a couple years, but now just use an Excel Spreadsheet to evaluate ourselves. Bonus: this is probably what your auditor will want to see.

This Risk Toolkit from the HIPAA Collaborative of Wisconsin is a good starting point, and looks very similar to the spreadsheet we use: http://hipaacow.org/resources/hipaa-cow-documents/risk-toolkit/ (look at the Risk Assessment Template).

Share the Responsibility

AWS certifies a subset of their services for HIPAA compliance. This includes restrictions on how these services are used, and requires that you enter into a Business Associate Agreement (BAA) with AWS. This agreement establishes the legal relationship needed to handle ePHI, and ensures that you’ll be notified in the unlikely event that there is a data breach.

When you sign a BAA, you enter into a shared responsibility model with AWS to protect ePHI. AWS largely covers physical security for their facilities and networks. You can view their SOC audit results on request. You own the security for your applications and anything else from the OS on up. For example, if you use Elastic Compute Cloud (EC2) instances, it’s your responsibility to keep those instances patched.

AWS occasionally adds new services to their HIPAA-certified services, so you’ll want to check occasionally to see if there are new services you might be able to take advantage of.

Draw a Bright Line Around Your ePHI

At any time, you should be able to quickly say exactly which parts of your system (which servers, which network segments, which databases, which services) have or store ePHI. These systems are inside your bright line defense perimeter, are subject to HIPAA regulations including breach notifications. That means if you lose data on one of these systems, you need to notify your patients (or if you are a Business Associate, notify the Covered Entity so that they can notify the patients).

EC2, Simple Storage System (S3), Elastic Load Balancing (ELB), when used in accordance with guidelines can be HIPAA compliant. Make sure you read the guidelines – there are usually certain restrictions on usage in order to be covered. Many of AWS’ platform-as-a-service offerings are currently not offered under the AWS HIPAA umbrella (for example Kinesis and Lambda). You can still use these services, just not with ePHI.

Many modern systems designs make use of 3rd party framworks and SaaS offerings for things like analytics, monitoring, customer support, etc. When you are holding and conveying ePHI, you will need to be careful about which dependencies you take. For example, in one of our recent product updates we were considering using an external web & mobile analytics platform to better understand our traffic patterns. We walked through our use cases and decided that while none of them required us to send any ePHI to the analytics platform, the risk of accidentally sending some piece of protected data was too high. So we came up with a different plan that allowed us to keep PHI within our safe boundary and under our direct control. Many of your decisions will be grey-area tradeoffs like this.

Secure at Rest and Over the Wire

This is often the first question we see on any healthcare IT security review. How do you protect data at rest and over the wire? Use strong SSL certs with robust SSL termination implementations like ELB. If you terminate your own SSL connections, they need to be well patched due to evolving threats like Heartbleed, POODLE, etc. You may choose to do further application-level encryption in addition to SSL, but SSL should usually be sufficient to satisfy the over-the-wire encryption requirements.

For at-rest storage, there are many options (symmetric/asymmetric) that will depend on what you are trying to do. As a baseline, AWS makes it incredibly easy to encrypt data with AES-256 both in S3 or in the Elastic Block Store (EBS) drives attached to your EC2 instances. There’s almost no reason not to use this, even if you are using additional encryption in other layers of your architecture. AES-256 is usually the “right answer” for IT reviews. Don’t use smaller keys, don’t use outdated algorithms, and especially never try to roll your own encryption.

Good guidance in this area is easy to find:

Logging and Auditing

A key HIPAA requirement is being able to track who accessed and changed patient records and verify the validity of a record. Even if you don’t make this available through a user interface, you need to log these actions and be able to produce a report in the case of an audit or a breach. Keeping these logs in encrypted storage in S3 is a good way to do this. You’ll want to restrict who has access to read/write these audit logs as well.

In addition to automatic audit trails generated by your application-level software systems, remember to carefully keep track of business-process events like granting someone access to a system or revoking access. AWS CloudTrail can help track system changes made to AWS resources like servers, S3 buckets, etc.

Authentication

All healthcare applications will need a way to identify their users and what permissions those users have. HIPAA is not specific about authentication systems beyond being “reasonable and appropriate” (164.308(a)(5)(ii)(D)), but does require that you have good policies in place for this. Here you should follow well-established security best practices.

For starters, you should try not to build your own authentication system. In purpose-built systems, you may be able to integrate into an existing authentication system using oAuth, or SAML (or maybe something more exotic if you’re plugging into some legacy healthcare application). In patient-facing applications, you may be able to integrate with a patient portal for credentials – this is something that will probably show up on your requirements list at some point anyway. If neither of these apply, you may be able to use another identity provider like AWS’ Identity and Access Management (IAM) system to manage user credentials. We briefly tried using consumer-facing oAuth using Facebook, but quickly found that consumers are (rightly) worried about privacy and chose not to use this method.

If you find that you need to build an authentication system, be sure to follow current best practices on things like how to store passwords securely, as well as other tricky areas like password resets.

Since Wellpepper is often deployed standalone before being integrated into other back-end systems, we offer a built-in username + password authentication system. One silver lining to building this ourselves is the ability to build meaningful password complexity rules, especially for patients. Some of the traditional healthcare systems have truly draconian rules that are not only user un-friendly, but actively user-hostile. Thankfully, the best practices in this area are changing. Even the draft NIST password recommendations, updated in August 2016, trade some of the human-unfriendly parts of passwords (multiple character classes) for more easily memorable, but still secure ones (length). Also, consider the difference between health-system password requirements for clinicians with access to thousands of records and those for patients who only access a single record.

Once your users are authenticated, they will need to be authorized to access some set of resources. As with authentication, if you can delegate this responsibility to another established system, this is probably the best approach. If you are adding unique resources with unique access control rules, you will need to make sure that your authorization mechanisms are secure and auditable.

Conclusion

Creating a HIPAA-compliant service doesn’t have to be a big scary problem, but you do want to make sure you have your ducks in a row. If you’re reading this blog post (and hopefully others!), you’re off to a good start. Here are some additional resources that we found handy:

Posted in: Data Protection, Health Regulations, Healthcare Policy, Healthcare Technology, Uncategorized

Leave a Comment (0) →

Wellpepper Receives Seattle Business Magazine’s 2017 Leaders in Healthcare Gold Award for Achievement in Digital Health

We are honored to have been named the Gold Award winner for outstanding achievement in digital health from Seattle Business Magazine’s 2017 Leaders in Health Care!

Thank you to our amazing team and partners!

 

Posted in: Healthcare Technology, Healthcare transformation, M-health, patient engagement, Press Release, Seattle, Uncategorized

Leave a Comment (0) →

SEATTLE BUSINESS MAGAZINE HONORS 18 INDIVIDUALS AND ORGANIZATIONS AT THE 2017 LEADERS IN HEALTH CARE AWARDS

SEATTLE (March 2, 2017) – Eighteen of Washington’s most accomplished health care leaders were recognized at Seattle Business magazine’s 2017 Leaders in Health Care Awards gala March 2 at Bell Harbor International Conference Center in Seattle.

“In this time of great turmoil in the health care industry, it’s more important than ever to recognize the institutions and individuals who are doing so much to make Washington state among the best places in the nation to receive health care,” said Leslie Helm, executive editor of Seattle Business magazine.

Judges selected gold and silver award honorees in 11 categories. The awards program was supported by presenting sponsor West Monroe and supporting sponsors Seattle Cancer Care Alliance and MacDonald-Miller.

The award winners are:

OUTSTANDING MEDICAL CENTER EXECUTIVE — SEATTLE GOLD: Norm Hubbard, Executive Vice President, Seattle Cancer Care Alliance, Seattle SILVER: Cynthia J. Hecker, Executive Director, Northwest Hospital & Medical Center, Seattle

OUTSTANDING MEDICAL CENTER EXECUTIVE — OUTSIDE SEATTLE GOLD: Preston Simmons, Chief Operating and Administrative Officer, Western Washington Market, Providence Health & Services, Everett SILVER: Bryce Helgerson, President, Legacy Salmon Creek Medical Center, Vancouver

OUTSTANDING MEDICAL GROUP EXECUTIVE GOLD: Dr. Albert Fisk, Chief Medical Officer, The Everett Clinic, Everett

OUTSTANDING MEDICAL DIRECTOR/CHIEF MEDICAL OFFICER GOLD: Dr. Jeffrey Tomlin, SVP & Chief Medical and Quality Officer, EvergreenHealth, Kirkland

OUTSTANDING MEDICAL DIRECTOR/CHIEF MEDICAL OFFICER GOLD: Dr. Peter McGough, Medical Director, UW Neighborhood Clinics, Seattle

ACHIEVEMENT IN COMMUNITY OUTREACH GOLD: Pacific Medical Centers, Seattle

ACHIEVEMENT IN DIGITAL HEALTH GOLD: Wellpepper, Seattle SILVER: SCI Solutions, Seattle

INNOVATION IN HEALTH CARE DELIVERY GOLD: Navos, Seattle/Burien SILVER: Genoa, Tukwila

ACHIEVEMENT IN MEDICAL TECHNOLOGY GOLD: Seattle Genetics, Bothell

ACHIEVEMENT IN MEDICAL RESEARCH GOLD: Dr. Oliver Press, Acting Director, Clinical Research Division, and Acting SVP, Fred Hutchinson Cancer Research Center, Seattle SILVER: Dr. Jane Buckner, President, Benaroya Research Institute at Virginia Mason, Seattle

MEDICAL GROUP PERFORMANCE (in partnership with Washington Health Alliance) GOLD: Group Health Cooperative, Seattle SILVER: Virginia Mason Medical Center, Seattle

JUDGES’ AWARD Dr. Paul Ramsey, CEO, UW Medicine

—-

Read more about the Leaders in Health Care Awards 2017 at seattlebusinessmag.com.

ABOUT SEATTLE BUSINESS: Seattle Business is an award-winning monthly magazine read by thousands of business executives across the state. It delivers insight into the key people, enterprises and trends that drive business in the Pacific Northwest, providing perspective on the region’s ever-changing economic environment.

Posted in: M-health, patient engagement, Press Release

Leave a Comment (0) →

HIMSS17 Checklist

HIMSS17 is only a few days away and we at Wellpepper have our checklist complete!

  • Coffee
  • Chocolate
  • Wellpepper swag bags
  • iOS and Android devices
  • List of partners, colleagues and friends to meet with
  • Wellpepper CEO, Anne Weiler‘s awesome sessions on the books

Venture+ Forum

Designing Empathetic Care Through Telehealth for Seniors

The “P” is for Participation, Partnering and Empowerment

Importance of Narrative: Open Notes, Patient Stories, Human Connections

Emerging Impacts of Artificial Intelligence on Healthcare IT

  • Twitter account primed to follow the following hashtags:

#Engage4Health

#HITcloud

#WomenInHIT

#EmpowerHIT

#Connected2Health

#Aim2Innovate

#PutData2Work

#HX360

#HITventure

#IHeartHIT

See you there!

Posted in: Healthcare Technology, patient engagement

Leave a Comment (0) →

HIMSS17 Sessions of Interest

We are thrilled to attend a number of sessions at HIMSS17 with topics pertaining to Wellpepper’s Vision and Goals!

Patient Engagement

Sessions that impact our ability to deliver an engaging patient experience that helps people manage their care to improve outcomes and lower cost:

Insight from Data

Sessions that impact our ability to derive insight from data to improve outcomes and lower cost:

Clinical Experience

Sessions that impact our ability to deliver more efficient experience for existing workflows and are non-disruptive for new workflows:

 

Posted in: big data, Healthcare Technology, Interoperability, M-health, patient engagement

Leave a Comment (0) →

Our Picks for HIMSS17

himss17-exhibitor-ad-design-300x250-copyHIMSS17 is right around the corner and we at Wellpepper have a lot to be excited about! By empowering and engaging patients, deriving insight from the data we collect, and delivering new value to clinical users without major disruption to existing clinical workflows, we can continue to improve outcomes and lower costs of care. At HIMSS17, we look forward to connecting with friends, partners, colleagues and industry leaders to continue the journey towards an amazing patient experience.

Sessions that we look forward to:

Our CEO and co-founder, Anne Weiler, will be speaking at 2 sessions:

  • Anne will be a featured speaker at the Venture+ Forum, where former competition winners will be sharing how their business has grown, lessons learned and plans for the future. Since being named a winner of the 2015 Venture+ Forum Pitch competition, Wellpepper has continued to bridge the gap between the patient and care team and we are excited to share our progress and vision.
  • Anne will also be presenting a session titled, Designing Empathetic Care Through Telehealth for Seniors, which will explore the role of design-thinking in design empathetic applications to deliver remote care for seniors based on studies completed by Boston University and researchers from Harvard Medical School.

Patient engagement expert Jan Oldenburg, who was featured in our August 2016 webinar, will be speaking at 2 sessions:

  • Jan will be presenting a session titled, The “P” is for Participation, Partnering and Empowerment. This session will highlight what it takes to create a truly participatory healthcare system that incorporates patients and caregivers, using digital health technology to reinforce and support participatory frameworks.
  • Jan will also be presenting a session titled, Importance of Narrative: Open Notes, Patient Stories, Human Connections. This session will focus on how Open Notes enhance the patient’s narrative of their journey through their condition and how this both strengthens the patient-physician relationship and empowers patients to take charge of their illness and wellness.

Christopher Ross, Chief Information Officer at Mayo Clinic will be leading a session on Emerging Impacts of Artificial Intelligence on Healthcare IT. This session will discuss how the advancement of Artificial Intelligence (AI) and Machine Learning (ML) are having a profound impact on how insights are generated from healthcare data.

Posted in: big data, M-health, patient engagement

Leave a Comment (0) →

Population Health and Patient Engagement: A Reckoning Is Coming

Population health and patient engagement should be best friends. To draw conclusions for population health, you need a lot of data, and patient engagement that is, patients interacting digitally with treatment plans and healthcare providers, generates a ton of data. Population health tries to analyze the general to get to the specific and identify patients at risk. Patient engagement starts with the specific patient, and with enough data recorded by those patients, can find general trends.

With patient engagement, the information is real-time. With population health it is backwards-looking. Population health has the richness of the medical teams notes and diagnosis but it is missing the patient perspective. Patient-generated data will have diagnosis if it’s part of a treatment plan prescribed by a physician, but it won’t have the full notes. A blurring of the boundaries between population health and patient engagement presents a way forward to greater insights about both individuals and groups, and can make population health actionable at the individual patient level by providing personalized instructions (with or without care managers).

However, to get to this desired end-state, we need to clear some obstacles, first of which is the idea that patient engagement generates too much data for physicians.

Yes, an individual physician does not want to see or review each data point that a true patient engagement solution generates. However, this information can be extremely interesting to the patient, especially when looking for trends to help self-manage a chronic condition so it is worth enabling patients to collect it. For example, looking at whether certain foods trigger arthritis, or whether certain activities trigger headaches. However, to draw conclusions like this, you must record a lot of data points and in real-time, and this makes physicians nervous. They have enough to do, and not enough time to do it in, so this data cannot add to that workload.

As well, patient-generated data is messy, which can be intimidating, especially in an industry that is looking for deviations from norms. The challenge with patient-generated data is that it can uncover that the long-tail is actually longer than previously thought, that there are sub-groups within previously thought to be homogeneous groups of patients with a similar condition. In the long run, this will result in medical breakthroughs and personalized medicine. In the short run this can be difficult to deal with in the current systems.

the long-tail is actually longer than previously thought

Does that mean that we shouldn’t collect patient-generated data? Not at all. Helping patients track their experiences is a great first step to self-management. Knowing whether they are following a treatment plan, and what their experiences are with that treatment plan can help healthcare systems determine the impact of their instructions outside the clinic.

Although physicians don’t want all this data, healthcare organizations both providers and payers, should want it. Other industries would kill for this type of data. Data scientists and population health managers at health systems should be clamoring for this valuable patient-generated data.

Patient-generated data is usually collected in real-time so it may be more representative of the actual current population. The benefit of real-time collection is that further exploration of the actual patient experience is possible and can be used to prevent issues from escalating. With backwards looking data whatever was going to happen has happened, so you can only use it to impact new groups of patients not current groups.Patient-Generated Data

Finally, patient-generated data is less likely to be siloed, like clinical data often is, because the patient experience is broad and often messy and crosses clinical department thresholds (or more simply, patients are usually treated for more than one issue at a time.) Being relatively new to market, patient-engagement systems are built on modern and interoperable technology which also makes accessing data for analysis easier.

So where will we end up? To our team at Wellpepper, it seems inevitable that influencing and understanding patient experience outside the clinic. If you are making decisions for an individual patient with only a few clinical touch points, this is a very thin slice, often with a specific clinician’s specialty lenses on the actual situation. While healthcare systems are currently dipping their toes in the water on collecting and analyzing this data, if they don’t embrace the whole patient, patients will vote with their feet and pocket books towards organizations that are data and technology driven.

Posted in: Adherence, big data, Healthcare Technology, Healthcare transformation, Interoperability, M-health, patient engagement, population health

Leave a Comment (0) →

Not Patient Engagement with Jan Oldenburg

When it comes to talking about patient engagement, nationally recognized consumer health information strategy leader Jan Oldenburg of Participatory Health Consulting chooses to delve deeper into what it means to engage patients in healthcare. With her wide range of experience, she focuses on helping organizations create and implement strategies related to patient/provider engagement and activation with a focus on digital health technology.

In this podcast, Ms. Oldenburg addresses a variety of topics ranging from shifting the healthcare mindset to utilizing digital tools to assist physicians.

Also check out more of Jan Oldenburg’s webinars: “Patient Engagement: Creating Digital Programs that Work.”

Posted in: Behavior Change, Healthcare Technology, patient engagement, Patient Satisfaction

Leave a Comment (0) →
Page 3 of 8 12345...»
Google+