Blog

Evaluating A Patient Engagement Solution

In the past year, patient engagement has evolved past pilots to enterprise-wide deployments, and standards are emerging to evaluate patient engagement platforms. We definite patient engagement platform as a comprehensive system to enable patients to participate in their care, follow treatment plans, and get support from their care team. These patient interactions may occur outside the clinic or inside the hospital setting or clinic. What’s key is that they occur on the patient terms, and the patient device.

Here’s a checklist to get you started, and you’ll find in this check-list why your EMR will not deliver a compelling patient engagement experience.

  • Engagement: The first job of a patient engagement system, is of course, engaging patients. You should expect significantly better uptake in user interactions from a patient engagement system than from your patient portal. What percentage of patients login and use the platform? Do they show the ability to engage patients over time? Are there statistics for engagement for different patient demographics?
  • Usability: Patients are consumers, and their expectations for usability of your application are the same as for any other application on their devices. Can you deliver an experience on par with great consumer applications? Can patients of all ages and abilities use the application without help?
  • Multi-modal Interactions: This is a fancy way of saying that the system needs to support different ways of interacting with patients, for example, SMS, email, web, mobile application, and emerging technologies like voice. Can the system deliver patient interactions in ways that are appropriate for the patient and the content?

multimodal patient interactions

  • Interoperability: Your patient system will need to interface with other systems, like your EMR, scheduling, referral management, and possibly even billing systems. Interoperability needs to be built in from the initial design of the system. Does the patient engagement system have an API? Does it charge extra for application integration interfaces? If the answer to either of these is no, you don’t have an interoperable.
  • Scalability: Scalability takes two forms. Does the system help you to scale care? Can you see more patients, or see patients more efficiently because they can self-manage? Does it provide recommendations for providers and alerts that are at the right level for the interactions? The second form of scalability, is in interventions. Point solutions may address one type of intervention very well, but both patients and health systems need to manage multiple problems. Does the system scale to any type of intervention?

You’ll notice that this list does not include HIPAA compliance: that’s a given. Security and the protection of PHI are table stakes that any good system can show you before you start the rest of the evaluation.

In addition to the technical and usability criteria, your patient engagement solution needs to deliver on value. Determining value will be different for each organization, but we have some tips to help you make the case for yours.

Posted in: Adherence, patient engagement

Leave a Comment (0) →

Trends That Survive Healthcare Reform

While many aspects of the Affordable Care Act drove significant new opportunities, innovation and change in healthcare, this recent article from Harvard Business Review points out that there are trends that are not dependent on the system. In particular they identify three trends that are not dependent on the act in its current form:

  1. Aging population
  2. Technology adoption
  3. Discoveries in life sciences

However, we think there are at least three more that will mean that the momentum in technology innovation and a patient-centered approach will continue.

  1. Consumer focus: High deductibles are driving two types of behavior. Patients are acting more like consumers and are shopping with their healthcare dollars. Healthcare organizations are trying to attract patients and better understand their experiences and pathways through the organization. The expectation of good and real-time service is high.
  2. People are getting less healthy: While we would like to see this change on its own, through diet and exercise, the fact is that people are not eating well or active enough, and the rates of diabetes and pre-diabetes are increasing. By 2030, it’s estimated that over 470M people world-wide will have pre-diabetes.
    Leading causes of death

    Leading Causes of Death from http://www.independent.co.uk/news/health/the-things-most-likely-to-kill-you-in-one-infographic-a7747386.html

  3. Value stays top of mind: Our healthcare costs cannot keep rising indefinitely, and experiments in value-based payments have shown to work. Payer/provider organizations are looking to deliver better outcomes at lower costs, and patient self-management and self activation can help with that.

While patient engagement is not the only solution, we believe activated people and patients are an under-utilized source of positive health outcomes. Regardless in of changes in the healthcare act, that will remain true.

Patient engagement has been a mantra for those seeking to reform health care, as it’s widely accepted that patients who are engaged in their own health care have better outcomes. Frank Baitman & Kenneth Karpay

 

Posted in: Healthcare Policy, Healthcare transformation, Outcomes, patient engagement, Uncategorized

Leave a Comment (0) →

Mary Meeker’s 2017 Healthcare Trends Report Shows Opportunity

An annual highlight of Recode’s CodeConf is Mary Meeker’s internet trends report. Last year, I had the pleasure of hearing her in person, and I’m not sure I’ve ever heard a presentation with so much good data, presented so quickly. This year, I wasn’t able to attend, but she also ran out of time for some of the most important slides for a healthcare entrepreneur like me. Based on a quick run-through of the deck, these three slides struck me. (If you want to see the full section on healthcare, it starts at Slide 288.)

Not surprising that consumers expect digital health services, or that Millenials lead in most categories. It’s also not surprising that Boomers have sought the most remote care–they have probably sought the most care overall. It might be interesting to see this pro-rated by care usage. That Boomers are not looking at online reviews is very interesting given how much attention the surgeons we work with give to them.

 

 

 

 

 

 

 

 

 

 

 

 

Even with all their consumer device troubles, Samsung squeaks above Apple, and Facebook and Amazon both with a tremendous amount of data about you, are still reasonably well trusted. Both Microsoft and Google have tried and failed previously to own your personal health record, but they are well positioned to do so. What would also be interesting is to see these trust levels against traditional healthcare companies like GE or Johnson & Johnson.

 

 

 

 

 

 

 

 

 

 

 

 

EHR adoption is not surprising since it was mandated through meaningful use. It’s a bit depressing to look at the 2004 stats, and think back to which parts of your life weren’t digital in 2004, and compare that to your medical records. However, the biggest opportunity we see in this slide is dramatically expanding the data points available by tracking patients outside the clinic. Physicians are making decisions with only a few data points when there is so much richer information available through patient-entered and patient generated data.

Posted in: Healthcare Research, Healthcare Technology, Healthcare transformation

Leave a Comment (0) →

Patient engagement and design in the art of medicine

Patient engagement is controversial for many physicians because it interferes with the traditional values that arise from the several hundred-year old guild of medicine. Per the NEJM Catalyst Insights Council, patient engagement is characterized as patients interested in participating in choices about their health care, taking ownership of those choices, and having an active role in improving their outcomes. Given the current epidemiology of chronic diseases, it is not surprising that many patients have low levels of engagement as well as health literacy. As someone who is preoccupied with the diagnosis and treatment of diseases, it is difficult for me to view any problem solving from the patient’s lens; yet, I know through the literature and intuitively that how patients feel impacts their outcomes. The following are a few of the things I have learned and will work on as I improve my ability to deliver care:

  • Time = effectiveness Opinions of clinicians and leaders in patient care have determined that increased patient time with a health care team lends to increased engagement. A basic concept in human dynamics is that the mere exposure to someone over time is enough to start an unlikely relationship. Tack onto that high quality communication and understanding nuances of healthcare literacy, and you have a more engaged patient. In modern medicine, this would be accomplished through a multidisciplinary team effort. This task is challenging given the constraints of our current healthcare system. Could I increase time with patients through mobile technology? If there was an automated way for me or another care team provider to connect with patients via text or a quick phone call at specific intervals, I would be able to increase exposure and augment time.
  • Shared decision making is key Another finding of the NEJM Catalyst is that shared decision making is one of the most effective strategies in improving engagement. We learn about this academically through the interpretative model (as opposed to paternalistic, etc.) of provider-patient relations; but this is also just common sense. I like to think this gives patients a sense of control, a sense of choice in a matter, where frankly, a lot make be out of your control. We are also better able to accept the consequences of the decisions we make, rather than the ones that are placed upon us. One of the reasons that UNICEF has been effective in helping children around the world is from the core guiding principle that children inherently have rights. American political views are reflected in the current model of access, but I would like to practice medicine with the belief that patients have inherent rights. It is a slippery slope because patients’ actions can be counterproductive to their health – but my preference is still to protect patient autonomy.
  • Technology alone cannot solve the problem The concept of remote monitoring with wireless devices doesn’t appear to improve chronic disease management or outcomes. Technology alone cannot solve a dilemma in a people’s “business”. I would opt to use adaptive technologies that improve my relationship and sense of connectedness to the patient over technology that would offer mostly education or content to the patient. The idea of people taking ownership for a difficult problem is non-trivial. It requires motivation at a level that is primarily internal. How do you access that in people? In the self-help world, the most effective motivational coaches tend to elicit a hyper-emotional state in people along with placing a high premium on discipline. I think it’s logical to work on building a relationship, connecting, allowing a safe space for vulnerability, and witnessing the struggle to achieve begin from that foundation. While patient engagement is primarily a patient responsibility, I think providers have a responsibility to elicit patient activation as this directly affects outcomes.
  • Design-thinking can help When Indra Nooyi became the CEO of Pepsi, one of her top priorities was to explore her staff’s beliefs on the concept of design. She asked business executives to take photographs of anything that they believed constituted design. After such an abstract request, she noticed that not only did people not care to complete the assignment, that some had even hired professional photographers to complete the task. My interpretation of this story is that she believes that there is an artistic aspect in the most unsuspecting of transactions. According to IDEO, human-centered-design is about building a deep empathy with the people you are designing for. In the process of being inspired, ideating, and implementing, a design researcher explores the texture and what matters most to a person before execution of a solution. How is this any different from delivering empathetic, tailored care to a patient? What we do well in medicine, some of the time, is already done at a higher level of sophistication in the real world outside of our clinics and hospitals. While design-centric thinking may lead to innovations in healthcare, for the provider I think the greatest advantage is that you amplify the relationship you have with the patient and increase overall engagement.

Whether it’s the creation of something that didn’t exist before or making decisions that are influenced by intuition, everyone is at one level involved in artwork. Improving patient engagement particularly with design-centric thinking would bring more value and meaning to the art of medicine, a skill I look forward to building throughout my career.

Posted in: Behavior Change, Healthcare transformation, patient engagement

Leave a Comment (0) →

Comprehensiveness + Comprehension: effect of technology on discharge instructions

Whether patients are leaving the emergency department or being released from an extensive hospitalization, they need discharge instructions in order to solve their initial problem, better self-manage, and coordinate the appropriate follow-up. These instructions are typically written and are also articulated to the patient. We know that due to varying levels of health literacy, or the degree to which individuals have the capacity to process and understand basic health information needed to make appropriate health decisions [1], a patient is especially vulnerable during the process of discharge in terms of overall understanding and appropriate follow through. Can technology empower patients operating from a position of weakness in this transition?

  • According to the 2013 study entitled Information Technology Improves Emergency Department Patient Discharge Instructions Completeness and Performance on a National Quality Measure, researchers were able to show that electronic discharge instructions were more complete than paper-based information. The electronic discharge instructions had 97.3% compliance to a CMS quality measure while the paper-based discharge instructions were at 46.7%. This compliance is more than doubled with electronic discharge documentation (relative risk 2.09, 95%CI 1.75-2.48) [2]; however, there were no statistically significant differences in documentation of patient care instructions nor diagnosis between paper-based and electronic formats.
  • In a 2015 study entitled Readability of patient discharge instructions with and without the use of electronically available disease-specific templates, patient readability of a web based discharge module, which has diagnosis-specific templated discharge instructions, was assessed. Patients had better readability with electronic templated discharge instructions than those that were clinician-generated (p< .001). Furthermore, the primary reason doctors created discharge instructions by themselves was due to lack of disease specific template availability.

The most exciting time in medicine is now, where the application of information technology during vulnerable transitions can provide a patient more complete information that he/she can actually act upon. Taken together, these studies suggest enhancement of both comprehensiveness and comprehension; the former very important for the primary care physician who will assume care of this patient status post hospitalization and the latter important for the patient’s overall health literacy necessary for improvement. The next logical extension is to have web based applications assist a patient in the transition from the hospital to the outpatient setting, something that innovative companies like Wellpepper are doing.

References

  1. Nielsen-Bohlman, L.; Panzer, AM.; Kindig, DA. Health literacy: A prescription to end confusion. National Academies Press; Washington, DC: 2004.
  2. Bell EJ et al. Information Technology Improves Emergency Department Patient Discharge Instructions Completeness and Performance on a National Quality Measure: A Quasi-Experimental Study. Appl Clin Inform. 2013; 4(4): 499–514.
  3. Mueller SK et al. Readability of patient discharge instructions with and without the use of electronically available disease-specific templates. J Am Med Inform Assoc. 2015; 22(4): 857-63.

Posted in: Healthcare Technology, Patient Satisfaction

Leave a Comment (0) →

Falls Challenge

How might we enable older adults to live their best possible life by preventing falls? We have entered a challenge with AARP and IDEO to bring our proven falls solutions to the masses. Along side our partners at Harvard and Boston University, we believe that using mobile technology to enhance and scale a proven falls prevention program will lead to better life by increasing access to care and decreasing costs.

The challenge started with over 220 submissions and recently weeded down to the top 40. We’re thrilled to have made the first cut. Our method is proven and we invite you to participate in the next round to refine our idea and help achieve greater impact.

Click here to check out our entry!

 

 

Posted in: Aging, Clinical Research, Healthcare Technology, Outcomes, Physical Therapy, Research, Uncategorized

Leave a Comment (0) →

Exposure at a digital health startup

Physicians typically endure years of training by being put in a pressure cooker with no safety valve. They persist through sheer brute force and discipline within a highly regulated, high barrier to entry industry. The high stakes culture of medicine often lends to emotional immaturity and an inability to relate to most of the world around. Ironic and sad, given that one of the core principles in patient care is to demonstrate empathy towards the human condition. The information asymmetry that exists between patient and provider further puts more onus on the physician to have character and compassion. In addition to being out of touch with reality, physicians also grapple with the changing times. Technological advancements and accessibility of information through technology has influenced the way physicians learn and practice medicine. Physicians who are uncomfortable with technology tend to find it harder to keep up with the latest innovations and research that affects patient care.

I chose to do a rotation at a digital health startup because of the fear of being disconnected and clueless. Plus there are a few other beliefs of mine that I wanted to more fully explore during my time at Wellpepper:

  • Understanding patients in the aggregate is important. Understanding what patients want, feel, and expect is not just an interesting data set, but is essential for me in providing optimal care. While a physician still deals with a patient one on one and the experience is influenced by patient characteristics, knowing the context in where the patient is coming from provides the best chance for an optimal encounter.
  • Technology that enhances the patient-physician relationship is a top priority. The physicians I have respected the most have tier 1 communication skills and relationships with their patients. A good relationship can literally bend the physics of the situation (e.g. that’s why doctors who have good bedside manner don’t get sued).
  • Technology that promotes value based care is the current landscape. It is no longer around the corner. Every stakeholder in healthcare is interested in improvement of care from an outcomes and cost perspective. Current practices in medicine are rapidly adapting in order to keep up.
  • Betting against yourself is a great strategy for growth. Based on the culture of medicine, it has always been more important for me to implement care that is standardized and in service of saving a patient’s life rather than considering how he/she feels. Something as simple as a patient having to give five histories within the same hospital admission is normal to me and also has value due to the difficulties in eliciting accurate information. But what if I considered that a patient doesn’t want to hear the same question repeatedly and that ultimately effects his/her perception of care? What if their lives were saved but they didn’t believe that anyone truly cared for them in the hospitalization? Would this be a meaningful experience, or a shallow one sided win? Challenging the way I think, the way I was indoctrinated into thinking and behaving, is something I look forward to in this process.

In summary, I chose to do a rotation at Wellpepper because I have a growth mindset. I want to consciously be a part of the most exciting time in medicine, where the hard work of innovative and creative minds improve patient lives.

Posted in: Behavior Change, Healthcare motivation, patient engagement, Patient Satisfaction

Leave a Comment (0) →

Home Sweet Home

Our goal at Wellpepper has always been to make sure patients have a top-notch experience with our Partners. What better experience can patients have than being in the comfort of their own home while rehabilitating from a joint replacement? An article was recently published in the New York Times that really hits home for us. Not only is in-home therapy more cost-effective than inpatient rehabilitation, but it significantly decreases the risk for adverse events.

More and more studies are showing that patients are generally happier and actually prefer being at home during their recovery from a joint replacement. A study published earlier this year in Australia found that inpatient rehabilitation did not provide an increase in mobility when compared to patients participating in a monitored home-based program.

Don’t get me wrong, inpatient rehabilitation is extremely valuable to have. In fact, we are starting to see more patients interact with their Wellpepper digital treatment plans in an inpatient setting and then continuing once discharged home.

Rehabilitation is not a one size fits all solution and much depends on a patient’s general health and attitude. The ability to be flexible and innovative in providing treatment is crucial when evaluating a patient’s needs for rehabilitation. With Wellpepper digital treatment plans, we enable health systems to bring the expertise and personalization of inpatient rehabilitation to their patient’s mobile devices, so that they may recover from their surgery in the comfort of their own homes.

Posted in: Behavior Change, Healthcare motivation, Healthcare Technology, patient engagement, Patient Satisfaction, Physical Therapy

Leave a Comment (0) →

T2 Telehealth aka ATA 2017 aka ATA 23: Part 2, How Did We Get Here and Where Are We Going?

This was my second trip to Orange County Convention Center this year, so it was hard not to compare and contrast the annual American Telemedicine conference to HIMSS, the biggest health IT conference. As well, it was my third time at the ATA conference, back after skipping in 2016, and the gap made it easier to reflect on previous years as well.

The ATA annual is almost 10 times smaller than HIMSS, which makes it a lot less exhausting and easier to focus. There’s not a feeling that for every second you’re talking to someone you’re missing out on talking to someone else equally as interesting and valuable. (There is no shortage of interesting people, just a more manageable group.) The size also makes it a bit easier to talk to people as they’re not rushing off to walk a few miles across the convention center to the next session.

The first year I attended, 2014, the tradeshow floor was full of integrated hardware and software solutions, and Rubbermaid was even a vendor selling telemedicine carts. It was almost as though the iPad hadn’t been invented.  It was the year that Mercy Virtual launched their services as a provider of telestroke and telemonitoring for other health systems. A provider as a vendor caused a bit of a stir on the tradeshow floor.

By the next year, the integrated hardware and software vendors were dwindling, but talks were largely still given by academics and were focused on pilot projects that while showed success, talks often ended with a plea for thoughts on how to scale the program.

ATA evolved out of an academic conference and that’s still quite prevalent in the presenters who are often from academic medical centers, and reporting on studies rather than implementation. Data was important in all sessions, but measurement of value was inconsistent. In addition to academic medical centers, most leaders in telehealth seemed to be faith-based not-for-profits, like Mercy and Dignity, and as well as rural organizations where the value was clear.

That said, a welcome addition to this year’s content was two new tracks on Transformation and Value. I spoke in the Value track at ATA, along with Reflexion Health and Hartford Healthcare about the value of telerehab in total joint replacement, and we were able to share data points from real patient implementations, in addition to clinical studies. (If you’re interested, in the Wellpepper segment, get in touch.)

Although, harkening back to the day 1 keynote, the definition of value depended on the business model of the telemedicine platform being implemented. There’s no question that telestroke and neurology programs, and telebehavior programs deliver value especially in rural areas without direct access. At Wellpepper, we’ve seen definite results in post-acute care, both in recovery speed and readmissions.

In other sessions the value was not as clear and no one was able to fully refute the study that when offered the choice, patients used telemedicine in addition to in-person visits, thus driving up costs. In fact, the director of telemedicine for a prominent healthcare organization confirmed that patients were using televisits for surgical prep when they could have just read the instructions given to them. (Or interacted with a digital care plan like Wellpepper.)

As with every technology conference the voice of the patient was absent, with the exception of head of Mercy Virtual Randall Moore, MD who started all his presentations by introducing us to patient Naomi who was able to live out her life at home, attend bingo, and enjoy herself due to the benefits of the wrap-around telemedicine program that Mercy put In place. Oh, and it cost a lot less than the path of hospital admissions she’d been on previously. Sounds like triple aim, and what we all need to aspire to.

So, based on the keynotes, the sessions, and the show floor, I’d characterize this year’s conference as a world in flux, like what’s going on elsewhere. There was a sense of relief that the ACA had not been repealed. HIMSS took place before the proposed repeal and replace plan died, and there was a lot more fear and uncertainty. Vendors and providers alike are looking to strengthen the value chain. Unlike HIMSS, there was a lot less hype. Machine learning and AI were barely mentioned except in keynotes possibly because telemedicine is still largely a world of real-time visits, and extracting meaning from video is a lot harder than from records. We see promise, people want to do the right thing, but it’s not clear which direction will help us ride out the storm.

 

Still trying to figure out what this has to do with Telemedicine. Look better on realtime visits?

Posted in: Healthcare Disruption, Healthcare Legislation, Healthcare motivation, Healthcare Policy, Healthcare Technology, M-health, Prehabilitation, Rehabilitation Business, Telemedicine

Leave a Comment (0) →

T2 Telehealth aka ATA 2017 aka ATA 23: Part 1, The Eye of the Hurricane

While there is a focus on transformation, value, and outcomes going on, if the keynotes are any indication it may be a rough road ahead for telemedicine.

“It’s the 23rd year for the American Telemedicine Association conference, why are we still talking about how to get paid?”, admonished Pamela Peele, PhD economist and Chief Analytics Officer of UPMC during the opening keynote of the annual conference of the American Telemedicine Association.

Pamela Peele at ATA2017

Pamela Peele at ATA2017

“Especially since, as this audience knows, telemedicine is the best thing since sliced bread?

Why indeed? Well, it’s complicated. The problem is that each person in the value chain, the payer, the physician, the healthcare organization, the patient, and the patient’s closest adult daughter (aka primary caregiver), only see the value of one slice of that loaf of bread, and we collectively as purveyors of telemedicine have to sell the entire loaf. There’s no clear solution to this problem. However, with unsustainable costs of healthcare, and increasing consumerization we have got to figure it out. The taxpayer is bearing the brunt of the costs right now, and Peele characterized the shift of baby boomers to skilled nursing facilities as a hurricane we are unprepared for. One way out is to keep people at home, and for that we need Medicare to fund a cross-state multi-facility study to determine efficacy, value, and best practices. Fragmentation of trials is keeping us from wide scale adoption.

The Adaptation Curve

The Adaptation Curve

“We have got to figure it out” was also the theme of best-selling author and New York Times columnist Tom Friedman’s keynote promoting his new book “Thank-You For Being Late.” Friedman claimed to be more right than the rightest Republican and suggested abolishing corporate taxes and at the same time more left than the leftist Bernie Sander’s supporter suggesting we need an adaptable safety net. His major thesis is that we are undergoing 3 climate changes right now: globalization, climate, and technological. To survive and thrive in this new world, we need to adapt and evolve, and take our cues from Mother Nature, not from some sort of top-down regulation. Like Peele on the previous day, Friedman also sees a hurricane coming and suggests that the only way to survive is to find the eye of the storm not by building a wall.

Adapting and evolving will come in handy with the harder times for healthcare investment ahead predicted by the venture investing panel in the day 3 keynote. Tom Rodgers of McKesson Ventures, and Rob Coppedge of the newly formed Echo Health Ventures pulled no punches, as they tossed of tweet worthy statements like “Don’t tell me you’re the SnapChat of healthcare” and “it seems like there are only 3 business models for telemedicine.” The later was Coppedge’s comment on walking the tradeshow floor. (The models are direct to consumer, platform, and as a combined technology and service.) Rodgers had no love for direct to consumer models or anything that targeted millennials who he deemed low and inconsistent users of services. Platform vendors were advised to surround themselves with services: video was seen as a commodity.

So where does that leave us? Value, value, value. The challenge is that the value is different depending on the intervention, the patient, the payer, and the provider. Preventing readmissions, aging at home, decreasing travel costs, all provide benefits to one or more of the key stake holders. Can we figure out how to reimburse based on slices of value? How do we get together to realize that value? And how do we do it before the hurricane hits?

Posted in: Behavior Change, Healthcare Disruption, Healthcare Policy, Healthcare Research, Healthcare transformation, Telemedicine

Leave a Comment (0) →

Telehealth 2.0: Our picks for Orlando

File-2016-3478-2017_ATATradeshow_1920_25I am really looking forward to heading to Orlando for the American Telemedicine Conference, aka Telehealth 2.0. Seattle has been under a rain cloud this entire year, and I want to see the sun. I’m also looking forward to sharing our findings in using asynchronous mobile telehealth for remote rehabilitation with patients recovering from total joint replacement. I’ll be speaking with our colleagues from Hartford Health, Reflexion, and Miami Children’s Hospital on Sunday during the first breakout sessions. Hope to see you there!

In addition to the topics about legislation and regulations, it’s great to see these sessions on value, quality, and new treatment models. Here are some of Wellpepper’s picks for the conference.

Sunday

Monday

Tuesday

Now with all this great content, networking and a talk to prepare, when will I see the sun?

Posted in: Adherence, Behavior Change, Health Regulations, Healthcare Disruption, Healthcare Legislation, Healthcare Policy, Healthcare Research, Healthcare Technology, patient engagement, Telemedicine

Leave a Comment (0) →

Wellpepper Security Bulletin April 14, 2017: Unplanned Critical Maintenance

Update 4/16/17: Issues have been mitigated, maintenance is now complete.


On April 14, a batch of Windows-targeting exploits, including several suspected 0-day exploits, were released by Shadow Brokers. We have no reason to believe that any Wellpepper systems were targeted or affected. Most of the exploits target the SMB file sharing protocol, which our firewalls block. Additionally, most of Wellpepper’s infrastructure is Linux-based, and is unaffected. However, we do have some Windows systems (fully patched) in our environment that support non-critical functions. Out of an abundance of caution, we are temporarily suspending these systems until the risks are better understood and properly mitigated as needed. 

As a result, the following features will be offline until further notice:

  1. Uploading images or videos attached to secure messages
  2. PDF Export in the iPad Clinic App

We are working hard to deploy workarounds for these issues where possible. All other Wellpepper functions, including sending/receiving secure messages, and image/video upload for tasks are operating as expected.

Currently, there is not comprehensive information on these exploits. We will be monitoring news sources and updating as information is available.

  

We will update this blog entry by April 17th with additional information on any impact. If you have any questions about your Wellpepper deployment, please contact Wellpepper Support.

 

Mike Van Snellenberg, Wellpepper CTO

Posted in: Security, Wellpepper Support

Leave a Comment (0) →

EvergreenHealth: Evolving Care Outside The Clinic for Better Outcomes

In 2016 we formally announced our collaboration with EvergreenHealth to deliver interactive care plans for Total Joint Replacement.

“Across our organization, we strive to be a trusted source for innovative care solutions for our patients and families, and our partnership with Wellpepper helps us deliver on that commitment,” said EvergreenHealth CEO Bob Malte. “Since we began using Wellpepper in 2014, we’ve seen how the solution enhances the interaction between patients and providers and ultimately leads to optimal recovery and the best possible outcomes for our patients.”

EvergreenHealth is an integrated health care system that serves nearly 1 million residents in King and Snohomish counties in Washington State, and offers a breadth of services and programs that is among the most comprehensive in the region. More than 1,300 physicians provide clinical excellence in over 80 specialties, including heart and vascular care, oncology, surgical care, orthopedics, neurosciences, women’s and children’s services, pulmonary care and home care and hospice services. With expansion into more rural areas, and a catchment area that serves Seattle’s ‘eastside’ home to Microsoft and other major technology companies, delivering virtual care is both an imperative for an an expectation of EvergreenHealth patients.

Since our initial announcement, we’ve seen thousands of patients complete care plans and outcome surveys, and expanded within the musculoskeletal service line to include preventive care, spine surgery, and general rehabilitation.

User Experience

EvergreenHealth has a white labeled version of the Wellpepper patient application called MyEvergreen and available in Android and Apple App Stores. Clinicians use the Wellpepper clinic portal, and receive alerts to their email inbox if patients report any issues or unexpected outcomes.

EvergreenHealth has deployed care plans based on their own clinical best practices. 

Outcomes

  • Thousands of patients have used Wellpepper interactive care plans at EvergreenHealth
  • Interactive care plan users show higher scores on standardized outcome reports than those tracking outcomes without an interactive care plan
  • EvergreenHealth patients show a higher engagement level than Wellpepper’s overall 70% engagement

I would not want to have another knee surgery without the app. I was 81 and it wasn’t hard for me at all!

Total Knee Replacement Patient at EvergreenHealth

Technology

This deployment used a white labeled Android and iOS application for patients, and a clinic portal for clinicians. Patient invitation is synched with the Cerner medical records software using an ADT feed. Clinicians are notified of patients requiring additional help with an email alert. Wellpepper’s entire HIPAA secure platform was leveraged for this implementation, and EvergreenHealth deployed custom care plans based on their own best practices. They continue to add innovative features as they are added to the Wellpepper platform.

Posted in: Exercise Physiology, Healthcare costs, Healthcare Technology, HIPAA, Interoperability, M-health, Outcomes, patient engagement, Prehabilitation, Seattle

Leave a Comment (0) →

Wellpepper attends Episodes of Care Summit at Cambia Grove

Last week, Wellpepper CEO, Anne Weiler and I attended a half-day Episodes of Care Summit put on by Cambia Grove. It was great to see payers, providers and technologists come together to focus on initiatives that directly impact the patient experience. Here are some of our takeaways:

Horizon BCBS of New Jersey is an episodes of care pioneer

Focus on retroactive bundles before proactive. Episodes of care and bundled payments are often used interchangeably. An episode of care typically refers to a payment made retrospectively while a bundled payment typically refers to a payment made prospectively. Horizon BCBS of New Jersey first launched retrospective pilots in 2010 (total hip and total knee replacements). In this model, savings are shared with the physician or practice once quality benchmarks and patient experience thresholds are met and costs come in below budget. After 7 years of scale and success, Horizon is now launching more immediate, risk-based, prospective initiatives in 2017.

Drive success through quality. Horizon piloted with over 200 quality metrics with member-specific, risk-adjusted financial targets. Metrics are key in driving success. Identify 3-5 standard quality metrics and 2-4 episode-specific metrics.

Community involvement is imperative

It’s great to see continued focus on community involvement in innovation and healthcare. The Bree Collaborative is an excellent example of bringing together community and industry leaders to identify and promote strategies that directly impact patient outcomes, quality and affordability. Wellpepper firmly believes in the work that the Bree Collaborative is doing. In fact, our total joint and lumbar fusion care plans follow Bree recommendations.

The Episodes of Care Summit held breakout sessions that mapped out the ideal episode of care/bundle experience through the lens of people, process and technology. Think of people, process and technology as a three-legged table. Remove one leg and the table falls. If the three legs are not the same size, the table does not function properly. Effort needs to be allocated equally across people, processes and technology to drive behavior change. Reimbursement seemed to take a precedence in every conversation rather than the patient’s needs or the provider’s care. Until this mindset is fixed, it’s hard to focus on what healthcare is really about. Dr. Hugh Stanley, from the Bree Collaborative did an excellent job bringing the focus of the conversation back to the patient.

Memorable quotes from breakout sessions:

  • “Patients need to be at the center of episodes of care.”
  • “We need to capture patient satisfaction in real time.”
  • “I’m blown away I can get more info on a dog bed than a provider.”
  • “We need to rebuild the patient deductible and copay mindset.”
  • “The payer community has a responsibility to share information to publicize data that drives provider readiness.”
  • “Creating episodes vs bundles benefits providers and ultimately patients.”

Posted in: Healthcare Policy, Healthcare Technology, Healthcare transformation, patient engagement, Patient Satisfaction, Uncategorized

Leave a Comment (0) →

Using AWS with HIPAA-Protected Data – A Practical Primer

When we started building the Wellpepper platform four years ago, we thought carefully about how to build for privacy and security best practices as well as HIPAA compliance, since we work with customers in the healthcare industry. We chose to build the system entirely on Amazon Web Services (AWS), and learned a few things in the process about building HIPAA compliant applications on AWS. Hopefully this will be helpful to others considering AWS as the home for their healthcare online service, whether you’re a software company hoping to sell to healthcare systems (as a “Business Associate” in HIPAA terminology) or an internal development team at a health system (a “Covered Entity”).

It’s Not Rocket Science

As you probably already know, the Health Insurance Portability and Accountability Act (HIPAA) is made up of several parts. Usually when IT people talk about “HIPAA compliance”, they are talking about the Title II Security Rule which governs privacy and security practices for electronic protected health information (ePHI).

Many of the requirements in the HIPAA Security Rule are simply best practices for security and data privacy that have been written into law. Things like encrypting traffic travelling over a network. Anyone building good, secure software, should be following these principles anyway. You need to be informed of the requirements, and you need to make sure you establish ongoing practices for maintaining security and privacy, but it’s not rocket science. In fact, your health system (or healthcare customers) may actually have more stringent or additional data security requirements to what is required by HIPAA.

Our experience is that HIPAA isn’t a major departure from what we would have built anyway.

Stay Up To Date

HIPAA was established in 1996, with the final Security Rule being published in 2003. In some cases, the guidance has not kept up with current threats and practices in 2017. If you are developing healthcare software, you should be applying industry best practices in combination with the HIPAA requirements. Your ultimate goal needs to be protecting patient data, not just regulatory compliance. Invest in training yourself and your team and staying current. Some resources we found helpful:

Take Responsibility

Compliance usually isn’t at the top of an engineering team’s list of fun things, so it’s tempting to look for solutions that can abstract away the responsibility. There are a few online healthcare platform-as-a-service hosters that make claims in this direction. Be wary of these. No service can remove your responsibility for compliance.

We decided that using AWS infrastructure services was the best level of abstraction. This let us build new services, host data, and install 3rd party applications in our VPC with high confidence that we were living up to our promises to protect patient data.

In addition to thinking about your software solution, compliance also covers your business practices and policies for things like training, background checks, and corporate device security – securing your people. These are often overlooked areas that are really important, since security researchers complain that people are the weakest link in the security chain. As with your software design, the application of commonsense practices and good documentation will go a long way.

There is no single group that certifies systems as HIPAA compliant. However, HHS can audit you at any time, whether you’re a covered entity or a business associate. You should do your own internal assessments against the HIPAA Security Rule both when you are building new capabilities, and on an annual basis. Augment this with external third party reviews. You’ll want to be able to show summarized reports of both your internal process and a stamp of approval from an external auditor.

HHS produces a tool called the SRA tool which you might find useful in performing security rule assessments: https://www.healthit.gov/providers-professionals/security-risk-assessment-tool. We used this for a couple years, but now just use an Excel Spreadsheet to evaluate ourselves. Bonus: this is probably what your auditor will want to see.

This Risk Toolkit from the HIPAA Collaborative of Wisconsin is a good starting point, and looks very similar to the spreadsheet we use: http://hipaacow.org/resources/hipaa-cow-documents/risk-toolkit/ (look at the Risk Assessment Template).

Share the Responsibility

AWS certifies a subset of their services for HIPAA compliance. This includes restrictions on how these services are used, and requires that you enter into a Business Associate Agreement (BAA) with AWS. This agreement establishes the legal relationship needed to handle ePHI, and ensures that you’ll be notified in the unlikely event that there is a data breach.

When you sign a BAA, you enter into a shared responsibility model with AWS to protect ePHI. AWS largely covers physical security for their facilities and networks. You can view their SOC audit results on request. You own the security for your applications and anything else from the OS on up. For example, if you use Elastic Compute Cloud (EC2) instances, it’s your responsibility to keep those instances patched.

AWS occasionally adds new services to their HIPAA-certified services, so you’ll want to check occasionally to see if there are new services you might be able to take advantage of.

Draw a Bright Line Around Your ePHI

At any time, you should be able to quickly say exactly which parts of your system (which servers, which network segments, which databases, which services) have or store ePHI. These systems are inside your bright line defense perimeter, are subject to HIPAA regulations including breach notifications. That means if you lose data on one of these systems, you need to notify your patients (or if you are a Business Associate, notify the Covered Entity so that they can notify the patients).

EC2, Simple Storage System (S3), Elastic Load Balancing (ELB), when used in accordance with guidelines can be HIPAA compliant. Make sure you read the guidelines – there are usually certain restrictions on usage in order to be covered. Many of AWS’ platform-as-a-service offerings are currently not offered under the AWS HIPAA umbrella (for example Kinesis and Lambda). You can still use these services, just not with ePHI.

Many modern systems designs make use of 3rd party framworks and SaaS offerings for things like analytics, monitoring, customer support, etc. When you are holding and conveying ePHI, you will need to be careful about which dependencies you take. For example, in one of our recent product updates we were considering using an external web & mobile analytics platform to better understand our traffic patterns. We walked through our use cases and decided that while none of them required us to send any ePHI to the analytics platform, the risk of accidentally sending some piece of protected data was too high. So we came up with a different plan that allowed us to keep PHI within our safe boundary and under our direct control. Many of your decisions will be grey-area tradeoffs like this.

Secure at Rest and Over the Wire

This is often the first question we see on any healthcare IT security review. How do you protect data at rest and over the wire? Use strong SSL certs with robust SSL termination implementations like ELB. If you terminate your own SSL connections, they need to be well patched due to evolving threats like Heartbleed, POODLE, etc. You may choose to do further application-level encryption in addition to SSL, but SSL should usually be sufficient to satisfy the over-the-wire encryption requirements.

For at-rest storage, there are many options (symmetric/asymmetric) that will depend on what you are trying to do. As a baseline, AWS makes it incredibly easy to encrypt data with AES-256 both in S3 or in the Elastic Block Store (EBS) drives attached to your EC2 instances. There’s almost no reason not to use this, even if you are using additional encryption in other layers of your architecture. AES-256 is usually the “right answer” for IT reviews. Don’t use smaller keys, don’t use outdated algorithms, and especially never try to roll your own encryption.

Good guidance in this area is easy to find:

Logging and Auditing

A key HIPAA requirement is being able to track who accessed and changed patient records and verify the validity of a record. Even if you don’t make this available through a user interface, you need to log these actions and be able to produce a report in the case of an audit or a breach. Keeping these logs in encrypted storage in S3 is a good way to do this. You’ll want to restrict who has access to read/write these audit logs as well.

In addition to automatic audit trails generated by your application-level software systems, remember to carefully keep track of business-process events like granting someone access to a system or revoking access. AWS CloudTrail can help track system changes made to AWS resources like servers, S3 buckets, etc.

Authentication

All healthcare applications will need a way to identify their users and what permissions those users have. HIPAA is not specific about authentication systems beyond being “reasonable and appropriate” (164.308(a)(5)(ii)(D)), but does require that you have good policies in place for this. Here you should follow well-established security best practices.

For starters, you should try not to build your own authentication system. In purpose-built systems, you may be able to integrate into an existing authentication system using oAuth, or SAML (or maybe something more exotic if you’re plugging into some legacy healthcare application). In patient-facing applications, you may be able to integrate with a patient portal for credentials – this is something that will probably show up on your requirements list at some point anyway. If neither of these apply, you may be able to use another identity provider like AWS’ Identity and Access Management (IAM) system to manage user credentials. We briefly tried using consumer-facing oAuth using Facebook, but quickly found that consumers are (rightly) worried about privacy and chose not to use this method.

If you find that you need to build an authentication system, be sure to follow current best practices on things like how to store passwords securely, as well as other tricky areas like password resets.

Since Wellpepper is often deployed standalone before being integrated into other back-end systems, we offer a built-in username + password authentication system. One silver lining to building this ourselves is the ability to build meaningful password complexity rules, especially for patients. Some of the traditional healthcare systems have truly draconian rules that are not only user un-friendly, but actively user-hostile. Thankfully, the best practices in this area are changing. Even the draft NIST password recommendations, updated in August 2016, trade some of the human-unfriendly parts of passwords (multiple character classes) for more easily memorable, but still secure ones (length). Also, consider the difference between health-system password requirements for clinicians with access to thousands of records and those for patients who only access a single record.

Once your users are authenticated, they will need to be authorized to access some set of resources. As with authentication, if you can delegate this responsibility to another established system, this is probably the best approach. If you are adding unique resources with unique access control rules, you will need to make sure that your authorization mechanisms are secure and auditable.

Conclusion

Creating a HIPAA-compliant service doesn’t have to be a big scary problem, but you do want to make sure you have your ducks in a row. If you’re reading this blog post (and hopefully others!), you’re off to a good start. Here are some additional resources that we found handy:

Posted in: Data Protection, Health Regulations, Healthcare Policy, Healthcare Technology, Uncategorized

Leave a Comment (0) →

Wellpepper Receives Seattle Business Magazine’s 2017 Leaders in Healthcare Gold Award for Achievement in Digital Health

We are honored to have been named the Gold Award winner for outstanding achievement in digital health from Seattle Business Magazine’s 2017 Leaders in Health Care!

Thank you to our amazing team and partners!

 

Posted in: Healthcare Technology, Healthcare transformation, M-health, patient engagement, Press Release, Seattle, Uncategorized

Leave a Comment (0) →

SEATTLE BUSINESS MAGAZINE HONORS 18 INDIVIDUALS AND ORGANIZATIONS AT THE 2017 LEADERS IN HEALTH CARE AWARDS

SEATTLE (March 2, 2017) – Eighteen of Washington’s most accomplished health care leaders were recognized at Seattle Business magazine’s 2017 Leaders in Health Care Awards gala March 2 at Bell Harbor International Conference Center in Seattle.

“In this time of great turmoil in the health care industry, it’s more important than ever to recognize the institutions and individuals who are doing so much to make Washington state among the best places in the nation to receive health care,” said Leslie Helm, executive editor of Seattle Business magazine.

Judges selected gold and silver award honorees in 11 categories. The awards program was supported by presenting sponsor West Monroe and supporting sponsors Seattle Cancer Care Alliance and MacDonald-Miller.

The award winners are:

OUTSTANDING MEDICAL CENTER EXECUTIVE — SEATTLE GOLD: Norm Hubbard, Executive Vice President, Seattle Cancer Care Alliance, Seattle SILVER: Cynthia J. Hecker, Executive Director, Northwest Hospital & Medical Center, Seattle

OUTSTANDING MEDICAL CENTER EXECUTIVE — OUTSIDE SEATTLE GOLD: Preston Simmons, Chief Operating and Administrative Officer, Western Washington Market, Providence Health & Services, Everett SILVER: Bryce Helgerson, President, Legacy Salmon Creek Medical Center, Vancouver

OUTSTANDING MEDICAL GROUP EXECUTIVE GOLD: Dr. Albert Fisk, Chief Medical Officer, The Everett Clinic, Everett

OUTSTANDING MEDICAL DIRECTOR/CHIEF MEDICAL OFFICER GOLD: Dr. Jeffrey Tomlin, SVP & Chief Medical and Quality Officer, EvergreenHealth, Kirkland

OUTSTANDING MEDICAL DIRECTOR/CHIEF MEDICAL OFFICER GOLD: Dr. Peter McGough, Medical Director, UW Neighborhood Clinics, Seattle

ACHIEVEMENT IN COMMUNITY OUTREACH GOLD: Pacific Medical Centers, Seattle

ACHIEVEMENT IN DIGITAL HEALTH GOLD: Wellpepper, Seattle SILVER: SCI Solutions, Seattle

INNOVATION IN HEALTH CARE DELIVERY GOLD: Navos, Seattle/Burien SILVER: Genoa, Tukwila

ACHIEVEMENT IN MEDICAL TECHNOLOGY GOLD: Seattle Genetics, Bothell

ACHIEVEMENT IN MEDICAL RESEARCH GOLD: Dr. Oliver Press, Acting Director, Clinical Research Division, and Acting SVP, Fred Hutchinson Cancer Research Center, Seattle SILVER: Dr. Jane Buckner, President, Benaroya Research Institute at Virginia Mason, Seattle

MEDICAL GROUP PERFORMANCE (in partnership with Washington Health Alliance) GOLD: Group Health Cooperative, Seattle SILVER: Virginia Mason Medical Center, Seattle

JUDGES’ AWARD Dr. Paul Ramsey, CEO, UW Medicine

—-

Read more about the Leaders in Health Care Awards 2017 at seattlebusinessmag.com.

ABOUT SEATTLE BUSINESS: Seattle Business is an award-winning monthly magazine read by thousands of business executives across the state. It delivers insight into the key people, enterprises and trends that drive business in the Pacific Northwest, providing perspective on the region’s ever-changing economic environment.

Posted in: M-health, patient engagement, Press Release

Leave a Comment (0) →
Page 4 of 17 «...23456...»
Google+