Posts Tagged ‘BYOD’

Guest Post: Are You Preparing to Fail Healthcare Compliance in 2018?

December 19th, 2017 by Tim Feldman and Darci L. Friedman

A 2018 roadmap to healthcare compliance should focus on cybersecurity, vendor management and telehealth.

As the year winds down, we see numerous lists of priorities healthcare organizations should focus on in the coming year. However, if you are looking to those end-of-year lists for guidance on what your organization should pay attention to in 2018, you are already behind. If you do find yourself playing catch-up, drafting your 2018 compliance work plan is the best place to start.

As the roadmap for your compliance efforts throughout the year, your annual work plan should indicate key high-risk areas. The Office of Inspector General (OIG) of the Department of Health & Human Services (HHS) has indicated that developing an annual compliance work plan is integral to the administration of an effective compliance program (Measuring Compliance Program Effectiveness – A Resource Guide).

The annual work plan and compliance program administration are but one portion of what is required for an organization to have a robust and effective compliance program. The required elements of a compliance program are the following:

  • Standards, Policies and Procedures;
  • Compliance Program Administration;
  • Screening and Evaluation of Employees, Physicians, Vendors and Other Agents;
  • Communication, Education and Training;
  • Monitoring, Auditing and Internal Reporting Systems;
  • Discipline for Non-Compliance; and
  • Investigations and Remedial Measures.

These elements provide a broad framework for your organization to identify risk, proactively remediate and provide a response mechanism to mitigate when there is an exposure. Working the plan and program throughout the year helps your organization achieve a state of ongoing readiness.

Cybersecurity

Cybersecurity is one item that will likely factor more heavily in your work plan, and appropriately so. Last June, the HHS Health Care Industry Cybersecurity Task Force released a report on improving cybersecurity in the industry. The Task Force concluded that cybersecurity, at its core, is a patient safety issue and a “public health concern that needs immediate and aggressive attention.”

Some of the areas to address in the broader realm of cybersecurity include:

  • Ransomware;
  • Email security, including phishing;
  • Internet of Things (IoT) and devices;
  • Bring your own device (BYOD); and
  • Medical identity theft.

As the Task Force report notes, cybersecurity must be thought about across the continuum of care in your organization. Work to shift the culture and thinking that cybersecurity is simply a technology issue, of concern only to the IT department.

Do this by implementing policies and procedures for key cybersecurity issues and then communicating them across the organization. Follow that with training, including everyone in your organization, from staff to board members. The training should: define cybersecurity; explain how it may manifest in the organization, and address your policies and procedures, making it evident to all what they can and cannot do and how to respond.

Third-Party Vendor Management

The outsourcing of services to third-party vendors is increasingly common and for good reason. Such relationships offer great benefits, but at the same time, these relationships also carry legal, financial, reputational and compliance-related risks. Here are seven questions to evaluate your third-party vendor relationships:

  • Does your organization, as a covered entity (CE) under HIPAA, have a vendor compliance program to help you identify, manage and report on these risks?
  • Do you review and assess your vendors’ risk profile?
  • Are you familiar with each vendor’s hiring practices?
  • Do you know which vendors’ products connect to other IT systems that contain critical data, including protected health information (PHI)?
  • Do you have insight into each vendor’s information security and data privacy capabilities?
  • Do you know with which vendors you have a business associate agreement (BAA)?

For many healthcare organizations, the answer to several of these questions is likely “no,” which creates risk for those organizations. The OIG’s position is clear: healthcare entities have a responsibility to proactively identify, assess and manage the risks associated with their vendor relationships.

All vendors are NOT created equal. A good starting point in managing an effective and efficient third-party compliance program is to perform a risk-ranking of vendors based on their access to critical assets or information. By segmenting your vendor population into “risk tiers” you can focus limited resources on the most serious exposures.

Components of third-party compliance assessment should include, among other things:

  • Due diligence (background, reputation, strategy);
  • Knowledge of, and compliance with, security and privacy requirements;
  • Operations and internal controls (policies and procedures);
  • Workforce controls, background and exclusion checks; and
  • Training and education.

And, of course, with every vendor that meets the criteria of a Business Associate, ensure that a written BAA is in place. BAAs can be complex and are often daunting, but they must be carefully negotiated and acknowledged by both parties.

By ensuring your vendors have strong compliance programs in place and that they are following through on the BAA requirements, your organization is meeting its compliance obligations and doing its best to minimize its risks.

Telehealth

The compliance concerns related to the delivery of care via telehealth are numerous and include the following:

  • Licensing;
  • Credentialing;
  • Security;
  • Regulatory requirements for billing; and
  • Fraud and abuse.

An area to focus some attention on is payment under federal healthcare programs. The OIG currently has two active work items on telehealth, one for Medicaid and one for Medicare. Both of the items relate to the propriety of payment for telehealth services.

If your organization provides telehealth services, consider conducting a risk assessment to determine if you have any exposure in the area. Risk assessments are not strictly one of the 7 required elements of a compliance program, but they are often referred to as the “8th Element” given the focus on them in the Federal Sentencing Guidelines and OIG documents.
Risk assessments, along with the other elements of a compliance program, provide your organization the means to identify, prioritize, remediate and/or mitigate the myriad on-going risks it will encounter. If you are not working your compliance program and specific risk areas throughout the year, you are failing to adequately prepare for an event. By failing to prepare, as one wise man said, you are preparing to fail.

About the Authors: Tim Feldman is Vice President and General Manager of Healthcare Compliance & Reimbursement at Wolters Kluwer Legal & Regulatory U.S. He oversees product development across a vast suite of practice tools and workflow solutions to help professionals stay ahead of regulatory developments and effectively manage compliance activities. Darci L. Friedman, JD, CHPC, CSPO, PMC-III, is the Director of Content Strategy & Author Acquisitions for Healthcare Compliance, Coding & Reimbursement at Wolters Kluwer Legal & Regulatory U.S. She is responsible for supporting the overall strategy for developing new content and features, innovating new product models, and recruiting top content contributors.

HIN Disclaimer: The opinions, representations and statements made within this guest article are those of the author and not of the Healthcare Intelligence Network as a whole. Any copyright remains with the author and any liability with regard to infringement of intellectual property rights remain with them. The company accepts no liability for any errors, omissions or representations.

Infographic: 10 Things Healthcare Organizations Should Know About BYOD

October 13th, 2017 by Melanie Matthews

Healthcare organizations continue to struggle with allowing staff to use their personal mobile devices for work, according to a new infographic by Spok.

The infographic examines bring your own device (BYOD) policies, drivers for supporting a BYOD environment and challenges for BYOD environments.

Remote Patient Monitoring for Chronic Condition Management: Leveraging Technology in a Value-Based System Encouraged by early success in coaching 23 patients to wellness at home via remote monitoring, CHRISTUS Health expanded its remote patient monitoring (RPM) enrollment to 170 high-risk, high-cost patients. At that scaling-up juncture, the challenge for CHRISTUS shifted to balancing its mission of keeping patients healthy and in their homes with maintaining revenue streams sufficient to keep its doors open in a largely fee-for-service environment.

Remote Patient Monitoring for Chronic Condition Management: Leveraging Technology in a Value-Based System chronicles the evolution of the CHRISTUS RPM pilot, which is framed around a Bluetooth®-enabled monitoring kit sent home with patients at hospital discharge.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: How Do You BYOD?

October 9th, 2015 by Melanie Matthews

“Bring your own device” (BYOD) is a challenging issue for healthcare organizations because it encompasses so many questions related to an organization’s costs, security risks, IT availability, and the varying needs of different groups of staff, according to a new infographic by Spok.

The infographic presents the findings from a June 2015 Spok survey that assessed the current state of BYOD at healthcare organizations across the United States.

How Do You BYOD?

Encouraged by early success in coaching 23 patients to wellness at home via remote monitoring, CHRISTUS Health expanded its remote patient monitoring (RPM) enrollment to 170 high-risk, high-cost patients. At that scaling-up juncture, the challenge for CHRISTUS shifted to balancing its mission of keeping patients healthy and in their homes with maintaining revenue streams sufficient to keep its doors open in a largely fee-for-service environment.

Remote Patient Monitoring for Chronic Condition Management: Leveraging Technology in a Value-Based System chronicles the evolution of the CHRISTUS RPM pilot, which is framed around a Bluetooth®-enabled monitoring kit sent home with patients at hospital discharge.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Guest Post: 4 Tech Trends That Will Increase Patient Engagement in 2014

February 13th, 2014 by Jim Rock

Improvements in healthcare information technology in the last decade have led to a fundamental shift in the way healthcare providers operate. The use of electronic health records is now widespread and healthcare professionals have access to immense amounts of data. While technology has improved clinical performance in many ways, patient engagement has certainly suffered a setback.

Today’s healthcare professionals are tied to technology. Whether documenting care at a computer terminal or looking up patient history on a tablet, clinicians are left with less time to engage directly with patients. In fact, data entry can take up to one-third of a clinician’s day.

Clinicians want to spend more time interacting with patients versus engaging with technology, and patients deserve it. By increasing the time spent working with and educating patients, clinicians can improve patient satisfaction, increase Hospital Consumer Assessment of Healthcare Providers and Systems (HCAHPS®) survey scores, and provide a better overall patient experience.

The following are four technology trends that will impact patient engagement in 2014:

  • Voice Enablement: Traditional voice recognition systems in the healthcare industry aren’t designed for mobile healthcare providers. Clinicians, nurses and therapists who are constantly on the move need speech recognition and audio output technologies optimized for their unique workflow. In 2014, mobile voice recognition systems will increase clinical efficiency and allow clinicians to document care in an intuitive manner, in real time, at the point of care. Technology that overlays voice capabilities on the EMR will give clinicians greater mobility and allow them to spend more time with patients at the bedside.
  • Big Data Mobile Access: Now that clinicians have access to more data than ever before, they need a way to access the information easily and remotely. Clinicians should be able to access vital health information without being tied to a computer screen. Mobile EMR solutions can help bring big data to the bedside where clinicians can focus on making important decisions that impact the patient’s safety and satisfaction.
  • BYOD: Bring Your Own Device (BYOD) policies are growing in popularity and will continue to do so in 2014. The ability to access records and data from any location on a mobile device gives clinicians more freedom and increased mobility. BYOD policies have been found to increase clinical efficiency, improve clinical productivity, and in turn increase patient engagement.
  • Secure Texting: Secure texting solutions for healthcare organizations offer many benefits to clinicians and patients. Clinicians can feel confident sending health information with a secure solution, which leads to open communication between staff and patients. Patients will welcome the convenience of communicating with their healthcare providers via text message, and a secure solution will ensure patient information remains safe and private.
  • In summary, all members of the healthcare industry, from care providers and healthcare organizations to vendors and engineers, must work together in 2014 to make sure new technologies pay off for patients in the form of increased time with clinicians, higher patient satisfaction and a more collaborative healthcare experience.

Jim Rock has been the president of Vocollect Healthcare Systems, a division of Honeywell, Inc., since 2009. Rock leads the team that delivers voice-enabled, mobile technology solutions for the healthcare market, including VoiceFirst by Honeywell. Throughout his career, he has been at the forefront of highly complex product development and market launch efforts in extremely competitive business climates both domestically and internationally. Prior to Vocollect, Rock was CEO of Akustica, Inc., a semiconductor designer and manufacturer, where his team successfully competed against blue chip organizations in global technology markets. Prior to Akustica, Rock was an EVP and GM at Cambridge Technology Partners, a leading information technology company.

HIN Disclaimer: The opinions, representations and statements made within this guest article are those of the author and not of the Healthcare Intelligence Network as a whole. Any copyright remains with the author and any liability with regard to infringement of intellectual property rights remain with them. The company accepts no liability for any errors, omissions or representations.