Posts Tagged ‘IoT’

Guest Post: Are You Preparing to Fail Healthcare Compliance in 2018?

December 19th, 2017 by Tim Feldman and Darci L. Friedman

A 2018 roadmap to healthcare compliance should focus on cybersecurity, vendor management and telehealth.

As the year winds down, we see numerous lists of priorities healthcare organizations should focus on in the coming year. However, if you are looking to those end-of-year lists for guidance on what your organization should pay attention to in 2018, you are already behind. If you do find yourself playing catch-up, drafting your 2018 compliance work plan is the best place to start.

As the roadmap for your compliance efforts throughout the year, your annual work plan should indicate key high-risk areas. The Office of Inspector General (OIG) of the Department of Health & Human Services (HHS) has indicated that developing an annual compliance work plan is integral to the administration of an effective compliance program (Measuring Compliance Program Effectiveness – A Resource Guide).

The annual work plan and compliance program administration are but one portion of what is required for an organization to have a robust and effective compliance program. The required elements of a compliance program are the following:

  • Standards, Policies and Procedures;
  • Compliance Program Administration;
  • Screening and Evaluation of Employees, Physicians, Vendors and Other Agents;
  • Communication, Education and Training;
  • Monitoring, Auditing and Internal Reporting Systems;
  • Discipline for Non-Compliance; and
  • Investigations and Remedial Measures.

These elements provide a broad framework for your organization to identify risk, proactively remediate and provide a response mechanism to mitigate when there is an exposure. Working the plan and program throughout the year helps your organization achieve a state of ongoing readiness.

Cybersecurity

Cybersecurity is one item that will likely factor more heavily in your work plan, and appropriately so. Last June, the HHS Health Care Industry Cybersecurity Task Force released a report on improving cybersecurity in the industry. The Task Force concluded that cybersecurity, at its core, is a patient safety issue and a “public health concern that needs immediate and aggressive attention.”

Some of the areas to address in the broader realm of cybersecurity include:

  • Ransomware;
  • Email security, including phishing;
  • Internet of Things (IoT) and devices;
  • Bring your own device (BYOD); and
  • Medical identity theft.

As the Task Force report notes, cybersecurity must be thought about across the continuum of care in your organization. Work to shift the culture and thinking that cybersecurity is simply a technology issue, of concern only to the IT department.

Do this by implementing policies and procedures for key cybersecurity issues and then communicating them across the organization. Follow that with training, including everyone in your organization, from staff to board members. The training should: define cybersecurity; explain how it may manifest in the organization, and address your policies and procedures, making it evident to all what they can and cannot do and how to respond.

Third-Party Vendor Management

The outsourcing of services to third-party vendors is increasingly common and for good reason. Such relationships offer great benefits, but at the same time, these relationships also carry legal, financial, reputational and compliance-related risks. Here are seven questions to evaluate your third-party vendor relationships:

  • Does your organization, as a covered entity (CE) under HIPAA, have a vendor compliance program to help you identify, manage and report on these risks?
  • Do you review and assess your vendors’ risk profile?
  • Are you familiar with each vendor’s hiring practices?
  • Do you know which vendors’ products connect to other IT systems that contain critical data, including protected health information (PHI)?
  • Do you have insight into each vendor’s information security and data privacy capabilities?
  • Do you know with which vendors you have a business associate agreement (BAA)?

For many healthcare organizations, the answer to several of these questions is likely “no,” which creates risk for those organizations. The OIG’s position is clear: healthcare entities have a responsibility to proactively identify, assess and manage the risks associated with their vendor relationships.

All vendors are NOT created equal. A good starting point in managing an effective and efficient third-party compliance program is to perform a risk-ranking of vendors based on their access to critical assets or information. By segmenting your vendor population into “risk tiers” you can focus limited resources on the most serious exposures.

Components of third-party compliance assessment should include, among other things:

  • Due diligence (background, reputation, strategy);
  • Knowledge of, and compliance with, security and privacy requirements;
  • Operations and internal controls (policies and procedures);
  • Workforce controls, background and exclusion checks; and
  • Training and education.

And, of course, with every vendor that meets the criteria of a Business Associate, ensure that a written BAA is in place. BAAs can be complex and are often daunting, but they must be carefully negotiated and acknowledged by both parties.

By ensuring your vendors have strong compliance programs in place and that they are following through on the BAA requirements, your organization is meeting its compliance obligations and doing its best to minimize its risks.

Telehealth

The compliance concerns related to the delivery of care via telehealth are numerous and include the following:

  • Licensing;
  • Credentialing;
  • Security;
  • Regulatory requirements for billing; and
  • Fraud and abuse.

An area to focus some attention on is payment under federal healthcare programs. The OIG currently has two active work items on telehealth, one for Medicaid and one for Medicare. Both of the items relate to the propriety of payment for telehealth services.

If your organization provides telehealth services, consider conducting a risk assessment to determine if you have any exposure in the area. Risk assessments are not strictly one of the 7 required elements of a compliance program, but they are often referred to as the “8th Element” given the focus on them in the Federal Sentencing Guidelines and OIG documents.
Risk assessments, along with the other elements of a compliance program, provide your organization the means to identify, prioritize, remediate and/or mitigate the myriad on-going risks it will encounter. If you are not working your compliance program and specific risk areas throughout the year, you are failing to adequately prepare for an event. By failing to prepare, as one wise man said, you are preparing to fail.

About the Authors: Tim Feldman is Vice President and General Manager of Healthcare Compliance & Reimbursement at Wolters Kluwer Legal & Regulatory U.S. He oversees product development across a vast suite of practice tools and workflow solutions to help professionals stay ahead of regulatory developments and effectively manage compliance activities. Darci L. Friedman, JD, CHPC, CSPO, PMC-III, is the Director of Content Strategy & Author Acquisitions for Healthcare Compliance, Coding & Reimbursement at Wolters Kluwer Legal & Regulatory U.S. She is responsible for supporting the overall strategy for developing new content and features, innovating new product models, and recruiting top content contributors.

HIN Disclaimer: The opinions, representations and statements made within this guest article are those of the author and not of the Healthcare Intelligence Network as a whole. Any copyright remains with the author and any liability with regard to infringement of intellectual property rights remain with them. The company accepts no liability for any errors, omissions or representations.

Guest Post: Combining Big Data, EHRs and IoT for Chronic Disease Management

November 7th, 2017 by Brian Geary, Senior Account Manager, AndPlus

Providers and developers can work together to create solutions that leverage big data, EHRs and the IoT.

Have you ever used a Fitbit® or an Apple Watch®, or downloaded a mHealth app? If so, are you using these tools as an integrated way to improve your health?

The more we use technology, the more we want it to do for us. With millions of people living with complex diseases such as diabetes, cancer and heart disease, the development of intuitive and secure chronic disease management tools has become indispensable.

Yet, these tools may not support successful, sustained disease management—at least, not without the help of providers themselves.

More than 40 percent of patients who had downloaded an mHealth app had stopped using it when the app failed to provide accurate, personalized and actionable strategies for achieving their health goals. High data entry burden, hidden fees, and poor usability were other sticking points for these patients.

Another study carried out by an international team of researchers tracked 800 people for a year to see what impact Fitbit had on their health. The experts concluded that such devices are unlikely to be a magic bullet for the early detection and monitoring of chronic diseases.

So how can providers and developers work together to create engaging and supportive solutions that leverage big data, electronic health records and the Internet of Things (IoT) to utmost effect?

Using Big Data to Make Wiser Medical Decisions

Big data analytics allow providers to discover certain patterns that assist them in making better predictions about certain diseases.

With the help of big data and IoT, including patient records, clinical trials, insurance claims, and wearables, providers can discern the extent to which each intervention, as well as its associated expenditures, contribute to the improvement of their patients’ health.

However, in order to achieve measurable cost savings and long-lasting chronic disease control for patients, software models are required to help clinicians organize the data, recognize patterns, interpret results, and set thresholds for actions.

For example, to avoid the failure of an EHR to keep up with one’s sudden healthcare changes, hospitals should look at its software as being only the foundation of their health information, risking a negative impact on patient care.

Through department-appropriate software customization, hospitals can cut down wasted time spent scrolling through irrelevant screens and unnecessary fields, tracking down patient histories and reviewing duplicate data.

Having an intuitive, user-friendly EHR software also helps patients be more informed about their own health and prevents potential issues. They can access test results to see when follow-up appointments are due or communicate with their doctors to bring up any issues that may show significant health problems.

5 Things to Look for When Choosing an EHR System

    • Firstly, your EHR system should integrate easily with other systems within the hospital, such as clinical discussion support systems, laboratory information systems and other tools.
    • Further to considering the individual and specific departmental needs in a hospital, the other important feature of EHR software is customization (e.g. streamlining manual data entry). This is also advantageous for patients, as a customizable EHR system can be tailored to suit specific needs for data access, education and portability.
    • To make the most out of technological advancements and the benefits of customization, constant performance reviews of the chosen EHR systems in real-life scenarios are highly important. For example, when Medica conducted a research study to identify how they could improve their blood gas analyzer product line, it found out that its user interface needed a refresh. The outdated push button control system caused a lengthy training process for new users, so it required a radically improved user interface.
       
    • Make EHR software accessible with smartphones and tablets and provide easy access from connected devices, freeing clinicians from their workstations and creating access to patient data remotely. With accessibility, productivity soars and doctors can provide better care and reduce the lag between diagnosis and treatment, while lowering healthcare costs and improving patient’s compliance with treatment through consistent two-way communication.
    • Last but not least, a customized solution for your EHR can align workflows with the current processes a staff is already following, which can save time and prevent confusion when training users on the new EHR.

    By ensuring all your staff members receive thorough training and have access to ongoing support when questions or problems arise, the risk of the EHR becoming outdated is also minimized. Situations such as missing patient history or test results, which can lead to delayed diagnosis, unnecessary tests or even a misdiagnosis, are avoided.

    IoT Benefits for Healthcare Providers and Patients

    Doctors, nurses, and caregivers are not the only benefactors of IoT and healthcare apps. These devices can alert medical staff to wandering patients, monitor ICU patients or potentially dangerous procedures and treatments.

    Moreover, if a patient with a chronic illness needs immediate attention, the IoT can alert medical experts, and even connect the two to talk them through an emergency.

    In terms of direct patient benefits, IoT devices can remind patients when to take their medications, alert them about pending prescription refills or train them about upcoming medical procedures, while transferring relevant medical information back to the patient’s healthcare provider.

    To sum up, big data, electronic health records, and IoT devices have the potential to save money and often, even people’s lives. Together they contribute to increased efficiency, improved patient satisfaction and more time to focus on patient care.

    About the Author: Brian Geary is a senior account manager for AndPlus, LLC. Brian is a true believer in the Agile process. He often assists the development process by performing the product owner role. In addition to his technical background, he is an experienced account manager with a background in sales and customer service, as well as graphic design and marketing. Brian’s role at AndPlus ranges from marketing to sales and everything in between. Brian brings 10+ years of graphic design, marketing and account management experience to AndPlus.

    HIN Disclaimer: The opinions, representations and statements made within this guest article are those of the author and not of the Healthcare Intelligence Network as a whole. Any copyright remains with the author and any liability with regard to infringement of intellectual property rights remain with them. The company accepts no liability for any errors, omissions or representations.