Blog

Using AWS with HIPAA-Protected Data – A Practical Primer

When we started building the Wellpepper platform four years ago, we thought carefully about how to build for privacy and security best practices as well as HIPAA compliance, since we work with customers in the healthcare industry. We chose to build the system entirely on Amazon Web Services (AWS), and learned a few things in the process about building HIPAA compliant applications on AWS. Hopefully this will be helpful to others considering AWS as the home for their healthcare online service, whether you’re a software company hoping to sell to healthcare systems (as a “Business Associate” in HIPAA terminology) or an internal development team at a health system (a “Covered Entity”).

It’s Not Rocket Science

As you probably already know, the Health Insurance Portability and Accountability Act (HIPAA) is made up of several parts. Usually when IT people talk about “HIPAA compliance”, they are talking about the Title II Security Rule which governs privacy and security practices for electronic protected health information (ePHI).

Many of the requirements in the HIPAA Security Rule are simply best practices for security and data privacy that have been written into law. Things like encrypting traffic travelling over a network. Anyone building good, secure software, should be following these principles anyway. You need to be informed of the requirements, and you need to make sure you establish ongoing practices for maintaining security and privacy, but it’s not rocket science. In fact, your health system (or healthcare customers) may actually have more stringent or additional data security requirements to what is required by HIPAA.

Our experience is that HIPAA isn’t a major departure from what we would have built anyway.

Stay Up To Date

HIPAA was established in 1996, with the final Security Rule being published in 2003. In some cases, the guidance has not kept up with current threats and practices in 2017. If you are developing healthcare software, you should be applying industry best practices in combination with the HIPAA requirements. Your ultimate goal needs to be protecting patient data, not just regulatory compliance. Invest in training yourself and your team and staying current. Some resources we found helpful:

Take Responsibility

Compliance usually isn’t at the top of an engineering team’s list of fun things, so it’s tempting to look for solutions that can abstract away the responsibility. There are a few online healthcare platform-as-a-service hosters that make claims in this direction. Be wary of these. No service can remove your responsibility for compliance.

We decided that using AWS infrastructure services was the best level of abstraction. This let us build new services, host data, and install 3rd party applications in our VPC with high confidence that we were living up to our promises to protect patient data.

In addition to thinking about your software solution, compliance also covers your business practices and policies for things like training, background checks, and corporate device security – securing your people. These are often overlooked areas that are really important, since security researchers complain that people are the weakest link in the security chain. As with your software design, the application of commonsense practices and good documentation will go a long way.

There is no single group that certifies systems as HIPAA compliant. However, HHS can audit you at any time, whether you’re a covered entity or a business associate. You should do your own internal assessments against the HIPAA Security Rule both when you are building new capabilities, and on an annual basis. Augment this with external third party reviews. You’ll want to be able to show summarized reports of both your internal process and a stamp of approval from an external auditor.

HHS produces a tool called the SRA tool which you might find useful in performing security rule assessments: https://www.healthit.gov/providers-professionals/security-risk-assessment-tool. We used this for a couple years, but now just use an Excel Spreadsheet to evaluate ourselves. Bonus: this is probably what your auditor will want to see.

This Risk Toolkit from the HIPAA Collaborative of Wisconsin is a good starting point, and looks very similar to the spreadsheet we use: http://hipaacow.org/resources/hipaa-cow-documents/risk-toolkit/ (look at the Risk Assessment Template).

Share the Responsibility

AWS certifies a subset of their services for HIPAA compliance. This includes restrictions on how these services are used, and requires that you enter into a Business Associate Agreement (BAA) with AWS. This agreement establishes the legal relationship needed to handle ePHI, and ensures that you’ll be notified in the unlikely event that there is a data breach.

When you sign a BAA, you enter into a shared responsibility model with AWS to protect ePHI. AWS largely covers physical security for their facilities and networks. You can view their SOC audit results on request. You own the security for your applications and anything else from the OS on up. For example, if you use Elastic Compute Cloud (EC2) instances, it’s your responsibility to keep those instances patched.

AWS occasionally adds new services to their HIPAA-certified services, so you’ll want to check occasionally to see if there are new services you might be able to take advantage of.

Draw a Bright Line Around Your ePHI

At any time, you should be able to quickly say exactly which parts of your system (which servers, which network segments, which databases, which services) have or store ePHI. These systems are inside your bright line defense perimeter, are subject to HIPAA regulations including breach notifications. That means if you lose data on one of these systems, you need to notify your patients (or if you are a Business Associate, notify the Covered Entity so that they can notify the patients).

EC2, Simple Storage System (S3), Elastic Load Balancing (ELB), when used in accordance with guidelines can be HIPAA compliant. Make sure you read the guidelines – there are usually certain restrictions on usage in order to be covered. Many of AWS’ platform-as-a-service offerings are currently not offered under the AWS HIPAA umbrella (for example Kinesis and Lambda). You can still use these services, just not with ePHI.

Many modern systems designs make use of 3rd party framworks and SaaS offerings for things like analytics, monitoring, customer support, etc. When you are holding and conveying ePHI, you will need to be careful about which dependencies you take. For example, in one of our recent product updates we were considering using an external web & mobile analytics platform to better understand our traffic patterns. We walked through our use cases and decided that while none of them required us to send any ePHI to the analytics platform, the risk of accidentally sending some piece of protected data was too high. So we came up with a different plan that allowed us to keep PHI within our safe boundary and under our direct control. Many of your decisions will be grey-area tradeoffs like this.

Secure at Rest and Over the Wire

This is often the first question we see on any healthcare IT security review. How do you protect data at rest and over the wire? Use strong SSL certs with robust SSL termination implementations like ELB. If you terminate your own SSL connections, they need to be well patched due to evolving threats like Heartbleed, POODLE, etc. You may choose to do further application-level encryption in addition to SSL, but SSL should usually be sufficient to satisfy the over-the-wire encryption requirements.

For at-rest storage, there are many options (symmetric/asymmetric) that will depend on what you are trying to do. As a baseline, AWS makes it incredibly easy to encrypt data with AES-256 both in S3 or in the Elastic Block Store (EBS) drives attached to your EC2 instances. There’s almost no reason not to use this, even if you are using additional encryption in other layers of your architecture. AES-256 is usually the “right answer” for IT reviews. Don’t use smaller keys, don’t use outdated algorithms, and especially never try to roll your own encryption.

Good guidance in this area is easy to find:

Logging and Auditing

A key HIPAA requirement is being able to track who accessed and changed patient records and verify the validity of a record. Even if you don’t make this available through a user interface, you need to log these actions and be able to produce a report in the case of an audit or a breach. Keeping these logs in encrypted storage in S3 is a good way to do this. You’ll want to restrict who has access to read/write these audit logs as well.

In addition to automatic audit trails generated by your application-level software systems, remember to carefully keep track of business-process events like granting someone access to a system or revoking access. AWS CloudTrail can help track system changes made to AWS resources like servers, S3 buckets, etc.

Authentication

All healthcare applications will need a way to identify their users and what permissions those users have. HIPAA is not specific about authentication systems beyond being “reasonable and appropriate” (164.308(a)(5)(ii)(D)), but does require that you have good policies in place for this. Here you should follow well-established security best practices.

For starters, you should try not to build your own authentication system. In purpose-built systems, you may be able to integrate into an existing authentication system using oAuth, or SAML (or maybe something more exotic if you’re plugging into some legacy healthcare application). In patient-facing applications, you may be able to integrate with a patient portal for credentials – this is something that will probably show up on your requirements list at some point anyway. If neither of these apply, you may be able to use another identity provider like AWS’ Identity and Access Management (IAM) system to manage user credentials. We briefly tried using consumer-facing oAuth using Facebook, but quickly found that consumers are (rightly) worried about privacy and chose not to use this method.

If you find that you need to build an authentication system, be sure to follow current best practices on things like how to store passwords securely, as well as other tricky areas like password resets.

Since Wellpepper is often deployed standalone before being integrated into other back-end systems, we offer a built-in username + password authentication system. One silver lining to building this ourselves is the ability to build meaningful password complexity rules, especially for patients. Some of the traditional healthcare systems have truly draconian rules that are not only user un-friendly, but actively user-hostile. Thankfully, the best practices in this area are changing. Even the draft NIST password recommendations, updated in August 2016, trade some of the human-unfriendly parts of passwords (multiple character classes) for more easily memorable, but still secure ones (length). Also, consider the difference between health-system password requirements for clinicians with access to thousands of records and those for patients who only access a single record.

Once your users are authenticated, they will need to be authorized to access some set of resources. As with authentication, if you can delegate this responsibility to another established system, this is probably the best approach. If you are adding unique resources with unique access control rules, you will need to make sure that your authorization mechanisms are secure and auditable.

Conclusion

Creating a HIPAA-compliant service doesn’t have to be a big scary problem, but you do want to make sure you have your ducks in a row. If you’re reading this blog post (and hopefully others!), you’re off to a good start. Here are some additional resources that we found handy:

Posted in: Data Protection, Health Regulations, Healthcare Policy, Healthcare Technology, Uncategorized

Leave a Comment (0) →

Wellpepper Receives Seattle Business Magazine’s 2017 Leaders in Healthcare Gold Award for Achievement in Digital Health

We are honored to have been named the Gold Award winner for outstanding achievement in digital health from Seattle Business Magazine’s 2017 Leaders in Health Care!

Thank you to our amazing team and partners!

 

Posted in: Healthcare Technology, Healthcare transformation, M-health, patient engagement, Press Release, Seattle, Uncategorized

Leave a Comment (0) →

SEATTLE BUSINESS MAGAZINE HONORS 18 INDIVIDUALS AND ORGANIZATIONS AT THE 2017 LEADERS IN HEALTH CARE AWARDS

SEATTLE (March 2, 2017) – Eighteen of Washington’s most accomplished health care leaders were recognized at Seattle Business magazine’s 2017 Leaders in Health Care Awards gala March 2 at Bell Harbor International Conference Center in Seattle.

“In this time of great turmoil in the health care industry, it’s more important than ever to recognize the institutions and individuals who are doing so much to make Washington state among the best places in the nation to receive health care,” said Leslie Helm, executive editor of Seattle Business magazine.

Judges selected gold and silver award honorees in 11 categories. The awards program was supported by presenting sponsor West Monroe and supporting sponsors Seattle Cancer Care Alliance and MacDonald-Miller.

The award winners are:

OUTSTANDING MEDICAL CENTER EXECUTIVE — SEATTLE GOLD: Norm Hubbard, Executive Vice President, Seattle Cancer Care Alliance, Seattle SILVER: Cynthia J. Hecker, Executive Director, Northwest Hospital & Medical Center, Seattle

OUTSTANDING MEDICAL CENTER EXECUTIVE — OUTSIDE SEATTLE GOLD: Preston Simmons, Chief Operating and Administrative Officer, Western Washington Market, Providence Health & Services, Everett SILVER: Bryce Helgerson, President, Legacy Salmon Creek Medical Center, Vancouver

OUTSTANDING MEDICAL GROUP EXECUTIVE GOLD: Dr. Albert Fisk, Chief Medical Officer, The Everett Clinic, Everett

OUTSTANDING MEDICAL DIRECTOR/CHIEF MEDICAL OFFICER GOLD: Dr. Jeffrey Tomlin, SVP & Chief Medical and Quality Officer, EvergreenHealth, Kirkland

OUTSTANDING MEDICAL DIRECTOR/CHIEF MEDICAL OFFICER GOLD: Dr. Peter McGough, Medical Director, UW Neighborhood Clinics, Seattle

ACHIEVEMENT IN COMMUNITY OUTREACH GOLD: Pacific Medical Centers, Seattle

ACHIEVEMENT IN DIGITAL HEALTH GOLD: Wellpepper, Seattle SILVER: SCI Solutions, Seattle

INNOVATION IN HEALTH CARE DELIVERY GOLD: Navos, Seattle/Burien SILVER: Genoa, Tukwila

ACHIEVEMENT IN MEDICAL TECHNOLOGY GOLD: Seattle Genetics, Bothell

ACHIEVEMENT IN MEDICAL RESEARCH GOLD: Dr. Oliver Press, Acting Director, Clinical Research Division, and Acting SVP, Fred Hutchinson Cancer Research Center, Seattle SILVER: Dr. Jane Buckner, President, Benaroya Research Institute at Virginia Mason, Seattle

MEDICAL GROUP PERFORMANCE (in partnership with Washington Health Alliance) GOLD: Group Health Cooperative, Seattle SILVER: Virginia Mason Medical Center, Seattle

JUDGES’ AWARD Dr. Paul Ramsey, CEO, UW Medicine

—-

Read more about the Leaders in Health Care Awards 2017 at seattlebusinessmag.com.

ABOUT SEATTLE BUSINESS: Seattle Business is an award-winning monthly magazine read by thousands of business executives across the state. It delivers insight into the key people, enterprises and trends that drive business in the Pacific Northwest, providing perspective on the region’s ever-changing economic environment.

Posted in: M-health, patient engagement, Press Release

Leave a Comment (0) →

HIMSS 2017 Recap: What’s Hot and What’s Hype

Wellpepper had a great HIMSS 2017 Conference with a very busy booth in the Innovation Zone, a panel on the current state of innovation, and a talk on Delivering Empathy Through Telehealth. Here are a few of our thoughts on the conference compiled from our team.Empathetic Care Through Telehealth

Cognitive and AI: Hype

Starting with Ginni Romety’s keynote, Cognitive and AI were definitely the buzzwords of the conference. Everyone is excited about the promise but it seems like the current status is not ready for takeoff. First, there’s a lot of work to get data out of the EMR, and second, no one seems quite sure what the killer use case is going to be. Immediately before HIMSS, MD Anderson announced that after a $62M investment they weren’t seeing value in IBM Watson and were pulling out of the program. That did not stop them from co-presenting with Mayo Clinic and Watson at the conference. The main use case seemed to be shortening the time to identify cancer patients for clinical trials from 30 minutes to 8 minutes. Another example, which just highlights the sorry state of clincial technology, was to use Watson on top of Epic to help staff figure out how to use features. During the session, Mayo CIO Christopher Ross referred to Watson as a toddler. While all of this was disappointing, it’s heartening that for once healthcare is on trend with the rest of the tech world, and possibly pointing to an accelerated evolution of health IT.

IMG_0611Patient Engagement: Hot

In 2016, patient engagement was also hot, but this year, we’d also say it was real. Buyers visited our booth with checklists of capabilities they wanted to see. Pilots were completed last year, and now they are making platform decisions for patient engagement. We’ve noticed this ourselves in the past 6 months, we’ve seen the patient engagement purchase decision elevated to the C-suite, and the decision being made based on capabilities that will address the needs of all patients and all service lines.

Interoperability: Hot

Compared to the previous year, we saw a lot more talk about interoperability, whether that was EMRs building out APIs and developer programs, the CommonWell Alliance, or talk about how block-chain could be used to both secure and transfer healthcare data. Understanding that data needs to flow with the patient, and also that a heck of a lot of data is being created outside the EMR (in patient engagement solutions for example), is driving a greater commitment to interoperability in the industry.

Healthcare Investment: Hot

The Sharks said so, so it must be hot. The HIMSS Venture+ Investment forum this year had a much more diverse set of pitches than previously, including a social venture. and was won by DiaCardio, a woman-led company from Israel automating evaluation of heart ultrasound.

The Affordable Care Act: Prognosis Unclear

Make no mistake, the potential repeal of the ACA is looming heavy even in health IT. Health systems Boehner, HIMSSare concerned about impact on Medicare and Medicaid revenue. While bundles and value-based care have been quite positively received, the current uncertainty is putting a hold on capital expenditures. (Did we mention that Saas can be accounted for as operating expense?) Possibly the most entertaining speculation on the ACA came from former house speaker John Boehner and former governor Ed Rendell. Rendell suggested that we repeal Obamacare and replace it with the Affordable Care Act. Boehner mused that repealing without a plan would place all the blame and problems with the current system firmly on the sitting government, and recommended that it not be repealed.

The Takeway?

We’re still optimistic. IT is increasingly having a seat at the table within healthcare. Although not all EMR implementations have been seen as a success for clinicians, we are seeing a shift to an expectation of better software for both patients and providers, for data to move smoothly, and the promise of insights and better care when that data can be analyzed and acted on. We’re already looking forward to HIMSS 2018 Las Vegas.

Posted in: big data, Clinical Research, Interoperability, patient engagement

Leave a Comment (0) →

HIMSS17 Checklist

HIMSS17 is only a few days away and we at Wellpepper have our checklist complete!

  • Coffee
  • Chocolate
  • Wellpepper swag bags
  • iOS and Android devices
  • List of partners, colleagues and friends to meet with
  • Wellpepper CEO, Anne Weiler‘s awesome sessions on the books

Venture+ Forum

Designing Empathetic Care Through Telehealth for Seniors

The “P” is for Participation, Partnering and Empowerment

Importance of Narrative: Open Notes, Patient Stories, Human Connections

Emerging Impacts of Artificial Intelligence on Healthcare IT

  • Twitter account primed to follow the following hashtags:

#Engage4Health

#HITcloud

#WomenInHIT

#EmpowerHIT

#Connected2Health

#Aim2Innovate

#PutData2Work

#HX360

#HITventure

#IHeartHIT

See you there!

Posted in: Healthcare Technology, patient engagement

Leave a Comment (0) →

HIMSS17 Sessions of Interest

We are thrilled to attend a number of sessions at HIMSS17 with topics pertaining to Wellpepper’s Vision and Goals!

Patient Engagement

Sessions that impact our ability to deliver an engaging patient experience that helps people manage their care to improve outcomes and lower cost:

Insight from Data

Sessions that impact our ability to derive insight from data to improve outcomes and lower cost:

Clinical Experience

Sessions that impact our ability to deliver more efficient experience for existing workflows and are non-disruptive for new workflows:

 

Posted in: big data, Healthcare Technology, Interoperability, M-health, patient engagement

Leave a Comment (0) →

Our Picks for HIMSS17

himss17-exhibitor-ad-design-300x250-copyHIMSS17 is right around the corner and we at Wellpepper have a lot to be excited about! By empowering and engaging patients, deriving insight from the data we collect, and delivering new value to clinical users without major disruption to existing clinical workflows, we can continue to improve outcomes and lower costs of care. At HIMSS17, we look forward to connecting with friends, partners, colleagues and industry leaders to continue the journey towards an amazing patient experience.

Sessions that we look forward to:

Our CEO and co-founder, Anne Weiler, will be speaking at 2 sessions:

  • Anne will be a featured speaker at the Venture+ Forum, where former competition winners will be sharing how their business has grown, lessons learned and plans for the future. Since being named a winner of the 2015 Venture+ Forum Pitch competition, Wellpepper has continued to bridge the gap between the patient and care team and we are excited to share our progress and vision.
  • Anne will also be presenting a session titled, Designing Empathetic Care Through Telehealth for Seniors, which will explore the role of design-thinking in design empathetic applications to deliver remote care for seniors based on studies completed by Boston University and researchers from Harvard Medical School.

Patient engagement expert Jan Oldenburg, who was featured in our August 2016 webinar, will be speaking at 2 sessions:

  • Jan will be presenting a session titled, The “P” is for Participation, Partnering and Empowerment. This session will highlight what it takes to create a truly participatory healthcare system that incorporates patients and caregivers, using digital health technology to reinforce and support participatory frameworks.
  • Jan will also be presenting a session titled, Importance of Narrative: Open Notes, Patient Stories, Human Connections. This session will focus on how Open Notes enhance the patient’s narrative of their journey through their condition and how this both strengthens the patient-physician relationship and empowers patients to take charge of their illness and wellness.

Christopher Ross, Chief Information Officer at Mayo Clinic will be leading a session on Emerging Impacts of Artificial Intelligence on Healthcare IT. This session will discuss how the advancement of Artificial Intelligence (AI) and Machine Learning (ML) are having a profound impact on how insights are generated from healthcare data.

Posted in: big data, M-health, patient engagement

Leave a Comment (0) →

Population Health and Patient Engagement: A Reckoning Is Coming

Population health and patient engagement should be best friends. To draw conclusions for population health, you need a lot of data, and patient engagement that is, patients interacting digitally with treatment plans and healthcare providers, generates a ton of data. Population health tries to analyze the general to get to the specific and identify patients at risk. Patient engagement starts with the specific patient, and with enough data recorded by those patients, can find general trends.

With patient engagement, the information is real-time. With population health it is backwards-looking. Population health has the richness of the medical teams notes and diagnosis but it is missing the patient perspective. Patient-generated data will have diagnosis if it’s part of a treatment plan prescribed by a physician, but it won’t have the full notes. A blurring of the boundaries between population health and patient engagement presents a way forward to greater insights about both individuals and groups, and can make population health actionable at the individual patient level by providing personalized instructions (with or without care managers).

However, to get to this desired end-state, we need to clear some obstacles, first of which is the idea that patient engagement generates too much data for physicians.

Yes, an individual physician does not want to see or review each data point that a true patient engagement solution generates. However, this information can be extremely interesting to the patient, especially when looking for trends to help self-manage a chronic condition so it is worth enabling patients to collect it. For example, looking at whether certain foods trigger arthritis, or whether certain activities trigger headaches. However, to draw conclusions like this, you must record a lot of data points and in real-time, and this makes physicians nervous. They have enough to do, and not enough time to do it in, so this data cannot add to that workload.

As well, patient-generated data is messy, which can be intimidating, especially in an industry that is looking for deviations from norms. The challenge with patient-generated data is that it can uncover that the long-tail is actually longer than previously thought, that there are sub-groups within previously thought to be homogeneous groups of patients with a similar condition. In the long run, this will result in medical breakthroughs and personalized medicine. In the short run this can be difficult to deal with in the current systems.

the long-tail is actually longer than previously thought

Does that mean that we shouldn’t collect patient-generated data? Not at all. Helping patients track their experiences is a great first step to self-management. Knowing whether they are following a treatment plan, and what their experiences are with that treatment plan can help healthcare systems determine the impact of their instructions outside the clinic.

Although physicians don’t want all this data, healthcare organizations both providers and payers, should want it. Other industries would kill for this type of data. Data scientists and population health managers at health systems should be clamoring for this valuable patient-generated data.

Patient-generated data is usually collected in real-time so it may be more representative of the actual current population. The benefit of real-time collection is that further exploration of the actual patient experience is possible and can be used to prevent issues from escalating. With backwards looking data whatever was going to happen has happened, so you can only use it to impact new groups of patients not current groups.Patient-Generated Data

Finally, patient-generated data is less likely to be siloed, like clinical data often is, because the patient experience is broad and often messy and crosses clinical department thresholds (or more simply, patients are usually treated for more than one issue at a time.) Being relatively new to market, patient-engagement systems are built on modern and interoperable technology which also makes accessing data for analysis easier.

So where will we end up? To our team at Wellpepper, it seems inevitable that influencing and understanding patient experience outside the clinic. If you are making decisions for an individual patient with only a few clinical touch points, this is a very thin slice, often with a specific clinician’s specialty lenses on the actual situation. While healthcare systems are currently dipping their toes in the water on collecting and analyzing this data, if they don’t embrace the whole patient, patients will vote with their feet and pocket books towards organizations that are data and technology driven.

Posted in: Adherence, big data, Healthcare Technology, Healthcare transformation, Interoperability, M-health, patient engagement, population health

Leave a Comment (0) →

The Disneyfication or Consumerization of Healthcare

I had the privilege of participating in my second panel hosted by Curtis Kopf, Senior VP of Customer Experience at Premera, at the recent Washington State of Reform Health Policy Conference. Curtis was formerly of Alaska Airlines and is new enough to healthcare to be able to point out idiosyncrasies of healthcare, and he led the audience, my fellow panelists, Elizabeth Fleming, VP of Group Health Cooperative, Tabitha Dunn, VP of Customer Experience at Concur, and me on a rollicking discussion of who excels in customer service, how to emulate consumer organizations, and how not to emulate consumer organizations.

I enjoy panels as they afford the opportunity to evaluate my own perspective based on the insights of others usually in extremely different roles. This panel was unique as we represented payer, provider, employer, and digital health/technology: practically a cross-section of the industry.

Both over coffee prior to the panel and on the panel, we talked a lot about the influence and guiding principles of Disney as the quintessential consumer experience focused organization. Tabitha had just returned from a holiday trip with her family, and Curtis had the opportunity to attend the Disney Institute for customer service training during his time at Alaska airlines.

Before getting into the takeaways from our experiences and thinking about what to take away from Disney, we started the panel by discussing why consumerization was a topic in healthcare at all.

A number of factors have converged to drive consumer or patient-centric approach we now see in healthcare:

  • 20M newly insured people offered an opportunity that brought new players, like Walgreens, Walmart, Medical One, and Zoom+ into primary and urgent care market
  • On demand services like Uber and constant communication through messaging apps, and the ubiquity of smart phones created an expectation of healthcare on demand.
  • High-deductibles made consumers evaluate more closely how they were spending their healthcare dollars
  • Getting over the hump of initial EMR integration made physicians ask why they couldn’t have consumer-quality tools to do their jobs

Regardless of what happens with the ACA with the incoming administration, we don’t expect many of these things to change, although there may be more competition in primary care as these new players put pressure on incumbents.

How do you react when there is more competition? A customer-centric approach is a good place to start, which brings us back to Disney. As a child, I did a school project on Walt and his empire, but have to admit I didn’t know as much about them as my fellow panelists.

Here are my key takeaways from the discussion:

  • Disney is extremely consistent, which provides autonomy for their staff to make good decisions within the 4 values that Disney holds. Although you may think that the brand is the highest value, it is actually safety. A Disney cast member is allowed to break character only when safety is at risk. Consider this as you think about the healthcare experience: safety and good experience are not mutually exclusive.
  • If you’re going to try to emulate an experience from another industry, make sure you fully understand that company’s or industries core values. The that resulted when executives managed to the HCHAPS survey: Nurses were given scripts to follow rather than making decisions, which is the exact opposite of how Disney actually operates. Nurses should have been given autonomy to work within the values of the health system and the needs of the patient.
  • Disney has an entire underground operations center that supports what guests experience above ground. This supports both the safety but also the experience of the park. Curtis toured this facility while at the Disney Institute. What struck me the most about this was the realization that the hospital has no back-office. We’ve met with administrators in their offices that are converted hospital rooms. First, think how uninspiring this is for employees as an office. Second, these are usually on active hospital floors, so patients experience random water cooler conversation as they are in care.

As an outsider to healthcare, it took me a while to get used to going to the hospital to have meetings, and it still makes me uncomfortable to pass patients waiting in hospital beds in the hallway while I’m going to negotiate a contract. This lack of a “back-office” impacts patients and staff alike, and really extends to every patient interaction. The EMR is essentially back-office software. Why hospitals run their patient-facing experience from this essentially line of business technology is beyond me.

Although at Wellpepper our client is the health system, our most important user is the patient. We want to ensure that the patient experience is as good or better than any popular-patient facing applications, and represents how the patient understands their care. As a result, we are able to enable patients to participate, and self-manage, and still deliver valuable information to help the internal health system operations center be more effective, which is why I’m always happy to talk about the consumer experience in healthcare.

 

Posted in: Behavior Change, Patient Advocacy, Patient Satisfaction, Seattle

Leave a Comment (0) →

Seattle Business Magazine’s 2017 Leaders in Health Care Awards

Among many individuals and organizations leading the charge in Washington’s world-class health care industry, we are elated to be listed as a finalist in Seattle Business magazine’s 2017 Leaders in Health Care Awards. It is truly a privilege to be nominated as well as to serve as a member of Seattle’s innovative community.

We are very excited for Seattle Business’ gala awards ceremony on March 2nd.

Posted in: Seattle

Leave a Comment (1) →

Wellpepper Top Healthcare Blog Posts of 2016

We had a terrific year at Wellpepper and are anticipating great things in 2017. We’re looking forward to further improvement in the efficacy and effectiveness of mobile health and telehealth as well as advancement of new business models, value-based care, and interoperability between EMRs.

As we move forward, we’d like to take a moment to reflect and recap some of our most popular blog posts of 2016. In order of popularity they are:

Wellpepper Healthcare Christmas Wish List

Given the rush of the holiday season, it was a pleasant surprise to have gotten so many viewers (other than Santa) looking over our healthcare wish list, making it our most popular post of the year.

Not Patient Engagement with Jan Oldenburg

Unsurprisingly, our second most popular blog post happens to discuss a variety of topics ranging from shifting the healthcare mindset to utilizing digital tools to assist physicians, with nationally recognized consumer health information strategy leader Jan Oldenburg in this lively podcast that has listeners eagerly tuning in.

What’s True Now

With the uneasy condition of health systems and polices following the recent changes in leadership after the election, we are glad to see many turning to our blog post for some clarity. Will these factors remain true for the following years to come? We certainly hope so.

Better Living Through Big Data

We love sharing with our readers what we’ve gathered from panels and talks. This summary of our CEO discussing the benefits of collecting big data with the Seattle Health Innovator’s panel made this blog post our fourth most popular.

What Keeps Healthcare CEOs Up at Night

Last but not least, this recap of MATTER’s study about Accenture made our Top 5 by addressing the important values and actions that need to be implemented by healthcare CEOs in order to take a more patient-centered approach.

This next year, we are looking forward to sharing our new discoveries as we continue to tackle the challenges in healthcare and find more ways to improve mobile health and patient-centered technology.

Posted in: Healthcare motivation, Healthcare transformation

Leave a Comment (0) →

Wellpepper’s Healthcare Christmas Wish List

santa

Dear Santa,

This year for Christmas we would like:

  • Real interoperability between EMRs and other systems so that data flows smoothly from patient to provider applications and between organizations. Make sure it comes with APIs and real reference architectures.
  • Modern, scalable, and reliable healthcare technology so CIOs and IT teams can spend more time innovating and bringing new ideas for patients and providers, and less time keeping systems up and running.
  • Patient-centered care where the goals of the patient are the most important outcomes considered. Make sure patients and providers can communicate about these goals and consider their impact on care.
  • Value-based care where cost and outcomes are evaluated to determine the right course of action. Let’s lower costs of care AND improve outcomes.
  • All people to have affordable healthcare regardless of pre-existing conditions. No one should go without healthcare.
  • When you deliver all the presents, please take away all the fax machines!

 

Thanks, Santa!

Good luck on your travels around the world on Christmas Eve.

 

Love, Wellpepper

 

PS We care about your health, so we’re leaving you an apple and some carrots for the reindeer rather than cookies this year.

Posted in: Healthcare motivation, Healthcare transformation, patient engagement

Leave a Comment (0) →

What Keeps Healthcare CEOs Up At Night?

This week I had a double whammy of healthcare value from the comfort of my desk when MATTER Chicago live-streamed their event “What Keeps Healthcare CEOs Up At Night.” In addition to participating online with 40 others and engaging on Twitter on the topic, I’m pretty sure that Accenture charges big bucks to healthcare organizations to present these findings from interviews with over 50 healthcare CEOs. I got great info, some online networking, and no traffic!

So what does keep healthcare CEOs up at night? It seems that there are differing levels of awareness regarding the health of one’s own organization, changes in population health, as well as changes in healthcare in general. Perhaps the only thing keeping them all up at night is the delicate balance in shifting to outcome and value based payments without disrupting today’s revenue streams. It’s a classic innovator’s dilemma, but nonetheless, interviews and research with over 50 healthcare CEOs have shown that only some are effectively straddling these two worlds. Michael Main, managing director at Accenture Strategy, walked the full-house crowd at Matter and 40 of us on the live stream through the research, looking at winners and losers as well as making a few predictions for how the change would happen.

According to presenter Michael Main and the Accenture team’s analysis, only 5 out of these 50 CEOs were actually successfully making the shift to value based care, and of the rest, only 15 were capable of making that shift.

screen-shot

See full report on Accenture here

To make the shift, Main identified some key criteria:

  • The CEO must have a strong passion for what healthcare can be, not what it is today. He or she must have vision and be motivated to make his or her system the #1 or #2 in their area.
  • The shift from volume to value needs to also include a shift back to volume but with the volume being serving a larger population base, not doing more to each patient. The only way to do this is to really understand a health system’s catchment area and the population. Main used the example of the 1,500 data points that Experian, the credit check company, has on each person and compared that to how few data points health systems have.
  • Care must move from being physician-centered to patient centered, but there must be strong physician leaders on board.

Main also identified barriers to change today:

  • Perverse incentives that reward for doing more to a patient rather than what’s actually best for the patient. Here, Main provided a couple of personal examples, including his father who was admitted to the hospital for 48 hours because of protocol when he would have been better at home waiting for test results.
  • People being worried about their own jobs. Main mentioned working with a nurse’s union on a patient-centered medical home project. Everything was positive until they realized the model would require fewer nurses than first expected. Demonstrating the basic adage that you can’t get someone to believe in something if their own livelihood depends on them not believing it.
  • Too much gray hair in the C-suite. Main believes that many hospital CEOs are too close to retirement to want to tackle the risk. They are looking to ride out the current fee for service world, and hand over the reins when the real change needs to be implemented. Most CEOs estimated the change will take another 7-10 years so they had time to wrap up their retirement packages. (Shades of physicians retiring around the deadlines for implementing electronic medical records.)

As you can imagine, there will be winners and losers in this new world of capitated and value-based payments. Basically, aside from the 20 CEOs that Main identified as either already changing or capable of it, the rest he felt were in the loser category. As care is pushed to the lowest cost delivery, hospitals could lose out if they don’t build integrated networks with primary care and urgent care in addition to emergency and inpatient. Smart CEOs are looking at consolidation by buying the best systems or smaller organizations instead of looking for bargains. They know that those bargain competitors will end up out of business. Winners will figure out how to incubate models that will cannibalize their own business rather that fending off upstarts who are looking to do it to them.

screen-shot1

Winners will have the right leaders who can take a patient-centered approach: both in aggregate and for individuals. In aggregate, they will better understand the patient base they serve in their geography and they will look at treatments that are outcome-driven and patient centered as well as looking at treatments that will impact each individual rather than the standard protocols like what Main described with his father’s treatment.

The Accenture research definitely pointed to answers in the transformation. Unfortunately, it seems like a number of CEOs today aren’t even asking the right questions. And of course, as with every healthcare event for the next while, with the looming threat to repeal the ACA, there are even more questions we need to be asking.

Posted in: Healthcare motivation, Healthcare transformation, Patient Advocacy

Leave a Comment (0) →

What’s True Now?

 

Health systems and payers alike are scrambling to figure out what the incoming administration means by repealing Obamacare. The payers admitted to having no contingency plans if Trump won. Trump doesn’t have a clear model, and the Republican party has a number of proposals. Some involve changing the names of programs or offering them in a different way. Some involve scrapping large sections of the affordable care act.

Rather than second-guessing what’s to come, at Wellpepper, we are focusing on what’s true now and what will remain true going forward.

We believe these things will continue to hold true:

  • Innovation will continue. If anything we hope that new innovation in healthcare, and technology innovation in particular is driven by market forces rather than legislation which created winners out of what was not always the best technology.
  • Consumer-focus is good. 20M newly insured individuals and high-deductibles helped create a market for new care organizations like local urgent care and patient-focused primary care. This consumer evolution will continue as patients demand that their healthcare dollars deliver good service.
  • Value and outcome focused approaches will be rewarded. Whether it’s traditional payers or self-insured employers, the light has been shone on areas to improve care AND reduce costs. Healthcare organizations have seen investments in outcomes pay off as well.

It’s time for a new patient experience that is real-time, connected, and based on the individual. We need to take advantage of the ability of technology to scale, analyze, and deliver personal experiences to leapfrog the current technology implementations in healthcare and deliver better outcomes and greater value in healthcare.

Posted in: Health Regulations, Healthcare Legislation, Healthcare Policy, Outcomes

Leave a Comment (0) →

Not Patient Engagement with Jan Oldenburg

When it comes to talking about patient engagement, nationally recognized consumer health information strategy leader Jan Oldenburg of Participatory Health Consulting chooses to delve deeper into what it means to engage patients in healthcare. With her wide range of experience, she focuses on helping organizations create and implement strategies related to patient/provider engagement and activation with a focus on digital health technology.

In this podcast, Ms. Oldenburg addresses a variety of topics ranging from shifting the healthcare mindset to utilizing digital tools to assist physicians.

Also check out more of Jan Oldenburg’s webinars: “Patient Engagement: Creating Digital Programs that Work.”

Posted in: Behavior Change, Healthcare Technology, patient engagement, Patient Satisfaction

Leave a Comment (0) →

Better Living Through Big Data

This week I had the opportunity to participate on a lively panel at General Assembly Seattle organized by Seattle Health Innovators, and moderated by Corinne Stroum of Caradigm. Fellow panelists included Randy Wise formerly of Group Health and now at EveryMove, Ang Sun of Regence/Cambia, Lifesprite founder Swatee Surve, and Daniel Newton of Accolade.

Corrine sent us a series of great questions in advance, and we had a rich discussion and so many questions from the audience that we didn’t even get to half of them. It’s a big topic, and with payers, providers, and technologists on the panel there was a lot of opportunity for broad perspectives. There’s a discussion of having a follow-up to this panel to continue the conversation—stay tuned for more on that. The general themes of the discussion included the value of big data to influence individual health with examples like the quantified-self movement, but more generally how our ability to collect and analyze can lead to more personalized and better healthcare. img_3265

At Wellpepper, we have a lot of data to analyze. As Wellpepper CTO Mike Van Snellenberg pointed out in his Stanford MedX talk and I’ve also talked about in this paper in The Journal of MHealth, having data provides an opportunity to get answers faster than using the traditional scientific method. Rather than formulating a hypothesis, setting up an experiment, collecting data, analyzing the data, and then going back to the drawing board if your hypothesis is not born out, data enables you to ask a series of questions and get immediate and sometimes surprising answers.

The panel kicked off with the sharing of some surprising things that we’ve found from the data,  ranging from which mental health tools were favored by different populations to the ability to predict hospital readmissions. In addition to finding trends from explicit patient input, we also discussed the ability to draw insight from activities including social media and mobile usage patterns. Swatee mentioned the Instagram analysis that showed color scheme on photos was a predictor of depression.

The ability to combine both passive and active patient-generated data, and draw conclusions from broad date sets these data sources can help to deliver better care – resulting in what Daniel Newton referred to as “small data.” That is, I’m going to learn as much as I can about you, and then tailor care to you, which is the approach Accolade takes.

As with any talk on tracking and data, questions of privacy came up. While all the panelists thought that there have become standard terms for people to opt-in to sharing health data, describing the use of that data was deemed important. At this point, Ang Sun from Cambia (who admitted that, as a healthcare plan, they had a heck of a lot of data on people), mused that he wished his physician knew as much about him as Google did. Generally, there was consensus that, if the purpose of the data sharing was for connecting people with the appropriate healthcare services, people would opt in.

Our panel was pretty aligned on the idea that there is big value in big data for healthcare, but that the general applications and usage are still in early days. First, there are the privacy concerns and even laws. Second, current healthcare organizations using this first generation of EMRs have limited ability to look at aggregate data for trends. However, with new technology and personalized approaches to care, we see great promise in big data and predictive analytics for healthcare.

Posted in: Clinical Research, Healthcare Research, Research, Seattle

Leave a Comment (0) →

Justin Sledge Transforms Senior Care at Aegis Living

When it comes to delivering quality care, Chef Justin Sledge rebels against the idea of senior homes being “retirement homes” by providing great nutrition and interactive design.

Justin aims to combine compassion and creativity to provide the best care for senior residents at Aegis Living. The chef has tremendous influence in the senior home’s decision-making process in nutrition and design due to his wide range of experience and passion to help senior residents. While it is often believed for senior care homes to be quiet and slow, Aegis Living – under Justin’s guidance – blossomed into lively space for the community.

“I believe the best treatment and care is through spending time with loved ones,” says Justin, chef of Aegis Living for five years. “We want to make this a place where everyone wants to visit.”

1028161200bAegis Living has several locations throughout the west coast – each with a different decorative theme, but same core values.  Justin is currently at the helm of the Victorian themed Aegis Living’s kitchen. Every detail that goes into the many floors such intricate dining room, archaic-style movie theater, and hand-painted pizza kitchen spoke volumes about the staff’s care and compassion towards the residents.

The chef of twenty-three years has made the decision to switch from restaurants to senior care and has been there ever since. Justin was also known for baking treats for Seattle’s charitable Queen Bee Café where profits are donated to the city’s selected charities.

I had the privilege to be Justin’s guest as he gave me a tour of what appeared to be a magnificent manor located in Seattle’s Queen Anne area. The windows are wide with a perfect view of the soccer field next door where children often come to play – and visit Aegis Living for tours and activities with the senior residents. A lavish private dining room seats sixteen guests and serves lobster for family holiday dinners. One floor hosts a game room with a handmade painted golf course for residents to play with visiting grandchildren. It seems the entire home was brimming with delightful activities for the senior residents and their guests to enjoy.1028161225b

At the large kitchen, the chef presented the menu of the day – Alaskan salmon, classic Caesar salad, and grilled beef tenderloin – all made with fresh local ingredients. Justin oversees the menus throughout all the Aegis Living homes.

Justin lead me through the Memory Care floor with a multitude of family paintings such as a grandfather laughing with his grandson on a fishing trip and an elderly couple smiling and walking together. He explained that photos like these help trigger good memories for seniors and improves their mood. All the décor and structure are carefully chosen to elicit positive emotions and memories in senior residents. There were also multiple studios for crafts and leatherwork, lavish salons and a beautiful pool. There were even rooms decked out to look like a jungle with screens that play hiking and wildlife documentaries for seniors to calm themselves from anxiety.

The tremendous amount of compassion in each care is what makes Aegis Living stand out most. There is a large social aspect that heavily influenced the design of Aegis Living homes and encourages frequent interactions with friends and family.

Lastly, I was able ask Justin a few questions about his work with Aegis.

 

Q: Why all the focus on design and aesthetics?

JS: Art helps to bring out positive emotions in our residents. It is not a place to put away some of the most important people in our lives who have helped shaped our future. We want to make it as nice an experience as we can for the residents.

 

Q: Why did you decide to choose Aegis Living over your previous career as a restaurant chef?

JS: This was the best decision of my life. I was a chef for twenty-three years and it was like Hell’s Kitchen. The job was demanding and the hours even more so – I hardly had time to see my kids. There would be countless weekends where I had to skip out on ballet recitals and family picnics because of work. This is much more fulfilling and I’ve never been happier. Here, I get the best of both worlds where I have more time to see my kids and I still get to do what I love – being a chef.

 

Q: How do you deal with competitors?

JS: We hope to inspire competitors to do what we do. We hope they try to recreate the same level of care towards their senior residents as well. This might mean switching to more local fresh ingredients or quality of life programs and activities.

 

Q: What are the next steps for you and for Aegis Living?

JS: We are expanding and building six more senior care homes throughout the west coast these next few years. I will be there to help train new staff and help plan everything from what the place should look like to what’s on today’s menu for our senior residents.

Posted in: Aging, patient engagement, Patient Satisfaction, Seattle

Leave a Comment (0) →
Page 1 of 13 12345...»
Google+