Cloud Services Advancing in Healthcare Technology

Nine hospitals across the country have filed for bankruptcy thus far in 2017. Small facilities, in particular, continue to feel the pinch from a combination of dwindling patient volume, rising capital requirements, escalating costs of care, bad debt accruals and lack of Medicaid funding.

Clearly, something needs to be done to stem the flow of red ink.

Fortunately, we’re seeing a healthy response from health IT vendors, who’ve identified an opportunity among the chaos. Electronic health record (EHR) firms Meditech, athenahealth and eClinicalWorks have rolled out cloud-based versions of their platforms aimed at bringing cost-effective processing and simplified technology contracting to the small-hospital domain.

Even EHR stalwart Epic is joining the movement. On Nov. 1, Tahoe Forest Health System, which serves two rural counties across 3,500 square miles in California and Nevada, went live with a new version of Epic’s EHR. The health system’s CFO, Crystal Betts, anticipates “significant savings without the maintenance of eight EHRs and [retirement of] a host of third-party ancillary systems no longer needed.” Betts added, “The cherry on top is time saved and a boost to quality and safety with a tightly integrated EHR that just works.”

Likewise, athenahealth’s cloud-based EHR has made a significant impact at Coastal Orthopedics (Conway, S.C.), which implemented the technology a little over a year ago to replace separate EHR and practice management systems. “We wanted to be in a position to jump in quickly and effectively as population health management becomes [our] new top-of-mind issue,” noted practice administrator Andrew Wade. With the EHR taking on redundant data-collection tasks, providers and staff have been able to spend more time on patient care.

Above and Beyond

Meanwhile, the healthcare research/ academic community is also leveraging the power of cloud computing. For example, at the Icahn School of Medicine at Mount Sinai in New York, scientists and physicians have access to more than 100 terabytes of data generated by DNA sequences as they study the molecular basis of breast and ovarian cancer. They use Amazon Web Services’ cloud to support a genomics platform that dynamically scales to analyze tens of thousands of genomes in a matter of minutes.

In short, cloud computing has enabled management to shift from worrying about data storage, performance, and security to helping researchers understand the sequenced output data.

There’s more to come, too. “The cloud is poised to play a prominent role when healthcare organizations deploy telemedicine, mobile health applications, and remote monitoring tools — trends that are inevitable as organizations implement value-based care programs,” according to a HIMSS Analytics cloud computing survey.

Pathway to Progress

As healthcare organizations continue to put their faith in the cloud, they’re looking for partners who can facilitate implementation and replace layers of internal systems management and integration. And, not coincidentally, they want to do so with predictable ongoing costs.

NetDirector’s cloud-based HealthData Exchange fits the desired profile by normalizing data and documents to achieve EHR interoperability with an expanding array of trading partners, including physician groups, labs, registries and imaging centers. Subscription pricing meshes with organizations’ emerging reliance on scalable services made possible by cloud technology.

For more information, please contact us or request a free demo.

Healthcare, Ransomware, and Security Breaches

Ransomware, a treacherous malware exploit that encrypts victims’ data or prevents access to their devices, netted cybercriminals an estimated $1 billion in 2016.

Data-related extortion attacks on businesses rose three-fold during the first nine months of last year, equating to one every 40 seconds. Two-thirds of those hit by ransomware lost all or part of their corporate data and one-quarter spent weeks trying to restore access, according to Kaspersky Labs, a data security firm.

Perhaps even more alarming is a predicted shift from chaotic and sporadic ransomware incidents to steadier assaults in higher volumes. “There is no such thing as a low-risk sector anymore,” Kaspersky’s research warned.

Healthcare, with 16 percent of organizations having been hit by ransomware, ranks in the top 10 among targeted industries.

High stakes for healthcare

Hospitals and health systems, as HIPAA covered entities, must adopt safeguards to ensure the confidentiality, integrity and availability of electronic protected health information (ePHI). The Department of Health and Human Services’ Office for Civil Rights (OCR), which enforces HIPAA, issued guidance in 2016 presuming a breach in the event of a ransomware attack involving ePHI. In other words, it’s up to the provider organization to prove that a breach did not occur by demonstrating low probability that ePHI was not compromised.

Nonetheless, many organizations remain non-compliant or take a stance of “calculated non-compliance.” That means they deem any potential fine to be cheaper than the reporting costs or technical resources needed to investigate incidents to OCR’s satisfaction, according to James Scott, senior fellow at the Institute for Critical Infrastructure Technology.

All the same, providers should be concerned whether ePHI is properly encrypted and adequately protected against compromise by ransomware. And from a system-wide perspective, additional safeguards should include proper use of passwords, removal of outdated software and unauthorized apps, adherence to regular backup procedures, and educating users not to open attachments or click links from unknown senders. Additionally, operating systems, browsers and antivirus programs should be updated to the latest version on all devices.

Also worth noting: Security shortfalls may be present in system integrations written in-house or by contracted developers.

In any event, “negligence gives cyber criminals the incentive to continue to launch ransomware attacks,” notes security website CSO.

And — as if on cue — a newly discovered form of ransomware may be released this month, reports TechRepublic. The malware, known as RedBoot, not only encrypts files but also permanently repartitions hard drives, rendering data unrecoverable. The alert advises businesses to back up workstations to some form of network or cloud storage, refresh all antivirus software definitions, and train users to avoid phishing scams.

A big ask

Hospitals have their hands full providing the best care possible for patients, around the clock, every day of the week. In that light, they shouldn’t be expected to shoulder the entire load of locking down data against an ever-expanding array of intruders.

Networking companies such as NetDirector have the expertise and capabilities needed to properly secure and integrate healthcare data. All of our certifications and processes (e.g., HIPAA and SOC2) are maintained above industry standards in a fully redundant, cloud-based platform. Healthcare clients put their trust in NetDirector to securely handle more than 10 million data and document transactions per month.

Although ransomware and related intrusions are real concerns, NetDirector stands ready to consult and assist in hardening defenses across the healthcare ecosystem.

For more information, please contact us or request a free demo.

Why EHRs Don’t Have to be a Hindrance

Doctors persistently claim that electronic health record (EHR) systems take up too much of their time.

Bearing out that assertion, a just-published study in Annals of Family Medicine found that a cohort of 142 primary care physicians spent more than half their workday interacting with their EHR during and after clinic hours. Worse, the physicians, who were retrospectively followed through EHR event logs over the course of three years, allocated two-thirds of their computer-facing time to clerical and inbox work.

A separate commentary earlier this year issued a stark challenge to the healthcare IT industry: “[Talk] to ten practitioners at random who are involved in day-to-day emergency medicine or primary care medicine, the guys and gals on the busy front line, and find two of them who are enamored with their [EHR] tools.” The author, small-town physician Kenneth Bartholomew, MD, describes systems designed around billing and collections functions. Such EHRs, he argues, lack the ability to actually improve the workflow of diagnosis and patient management.

Closing the gap on EHR drawbacks

The clearly frustrated Dr. Bartholomew concludes that current EHRs put the wrong tools in the hands of everyday caregivers. While EHRs help assemble patient history, along with physical and laboratory evidence, the technology requires doctors to “push the chain” of information from behind — rather than “pulling it from the front.”

Nonetheless, it’s also important to recognize EHRs’ positive impacts within a digital, connected healthcare environment. Evidence of benefits include:

  • cost savings derived from prevention of adverse drug events;
  • enabling access by emergency personnel to patients’ pre-existing health information (such as medication lists, allergies, and medical histories);
  • use of medical histories to remind physicians of the best methods of care for specific patients; and
  • improvement of reporting, investigation, response, and communication between public health officials and clinicians.

What’s more, EHRs have been shown to mitigate risk for healthcare providers and health systems by enabling evidence-based decisions at the point of care, aiding in research directed toward improvements in care, and preventing liability actions by documenting complete records of care and informed consent.

Also, significant, EHRs can help drive up patient satisfaction. More than 90 percent of patients report being happy that their doctor used EHR-powered e-prescribing capabilities — and that they rarely encounter prescriptions not being ready at their connected pharmacy.

EHRs and interoperability

Looking ahead, the federal Office of the National Coordinator for Health IT (ONC) has prioritized enhancing EHR usability, as well as facilitating seamless exchange of information among different EHR systems. In fact, the 21st Century Cures Act, enacted at the end of 2016, specifies the development of a national framework and common agreement to promote comprehensive network-to-network health data sharing. ONC will be organizing work in these areas and expects to have preliminary plans in place by next year.

NetDirector actively supports strong, automated integration of EHR capabilities throughout the healthcare ecosystem. Hospitals and physicians can deploy NetDirector’s HealthData Exchange to normalize data to standard HL7 and other formats to achieve EHR interoperability while removing the bottlenecks of traditional interfacing — all without adding hours to the physician’s already hectic schedule.

For more information, please contact us or request a free demo.

NetDirector Continues to Provide Best in Class Automation to Improve Compliance in Default Servicing Firms

TAMPA, Fla.Oct. 5, 2017 /PRNewswire/ — NetDirector, a cloud-based data exchange and integration platform, provides several data/document automation options for default servicing firms to promote increased compliance throughout the industry. Additionally, NetDirector has maintained and standardized the SOC 2 Type II security procedures in-house to ensure compliance at all points in the flow of data.

With the ever-changing atmosphere of the default servicing industry, it is important for firms to maintain the quality and compliance of the work they do while focusing on efficiency and their bottom line. Among the services available to improve compliance through automation are:

SCRA Military Search

The Service members Civil Relief Act (SCRA) requires foreclosure attorneys/trustees check whether borrowers are active duty military members. NetDirector’s Military Search interface streamlines this process and allows subscribers to check active duty status without leaving their case management systems (CMS), alleviating data keying errors and improving timelines.

Firms are required to perform this search on a regular basis to maintain compliance – the most common solution is simply to dedicate employee hours to performing the searches and logging the information. This is an expensive and inefficient solution, that only mitigates the compliance risks to a certain degree – the human element of this solution leaves room for compliance errors that foreclosure firms simply cannot afford.

“NetDirector has allowed us to focus on our core competencies by managing our data & document integration needs. Our firms are seeing the benefits of eliminating data entry and manual business processes for military search, document uploads, and milestone events,” said Ron Llewellyn, Associate Director of Application Services at Barrett Daffin Frappier Turner & Engel L.L.P.

Additionally, the NetDirector automated military search is fully compatible with the recent DoD website enhancements – many firms are already utilizing NetDirector to solve the challenges of integrating with the new website without increasing dedicated labor and resources to an ongoing concern. For more detailed information on PACER automation, click here to visit our website.

PACER Bankruptcy Search

The Federal court has several bankruptcy court district and divisions upon which bankruptcy dockets are available for verifying bankruptcy filings. NetDirector’s Bankruptcy PACER integration suite alleviates the manual need to log in to multiple court sites (both National and Regional) and/or manually search for the bankruptcy filing -thereby reducing timelines.

The round-trip data interface allows NetDirector subscribers to send requests to the PACER Case Locator site to search for current and prior bankruptcy filings. The automated response can include information on cases filed in other districts/divisions and links to current and prior case dockets and documents. More importantly, returned searches and dockets have live hyperlinks within the PDF documents – saving time by eliminating the need to re-key search information and providing a direct link to cases and docket information for future retrievals. This directly increases a firm’s compliance while automating and simplifying the amount of work required for this mandatory step in the foreclosure process.  For more detailed information on PACER automation, click here to visit our website.

“NetDirector has played a key role in increasing system and workflow efficiency across multiple departments,” said a representative of Rubin Lublin, LLC. “With the processes and checks they have in place we can feel assured that the integration is working and accurate. I have worked in the foreclosure industry over 17 years, and NetDirector is by far the best thing to come along for firms in the past decade.”

Industry Leading Security Standards for Compliance

The SOC 2, or Service Organization Controls 2, is an examination under AICPA standards designed for technology service companies to demonstrate controls around data security and processing integrity. The SOC 2 reports are intended to meet the needs of a broad range of users that need to understand internal controls at a service organization as it relates to security, availability, process integrity, confidentiality and privacy. The Type II report is a report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.

“NetDirector displayed the necessary controls in their SOC 2 Type II attestation report,” said Scott Price of A-LIGN, the company that performed the SOC 2 analysis. “Their security and management teams were great to work with throughout the process. There is a strong attention to detail in the organization.”

In addition to the in-house attestations, the data centers utilized by NetDirector through Peak10 maintain the same security standards or higher in all aspects of their company. Many technology companies have recently been brought to light as claiming true “compliance” in their organization, when they really mean that their data center has gone through the rigorous examination. At NetDirector, the belief is in transparency and clear communication regarding security so that the boost in compliance and efficiency is ultimately passed along to the firms and servicers participating in the integration network.

Company Bio:

NetDirector provides a secure cloud-based data and document exchange solution for the healthcare and mortgage banking industries to deliver seamless data integration between parties. NetDirector bridges gaps created by disparate systems & technologies by allowing companies at any location to share data & documents securely over a single internet connection with any other member of the ecosystem. Our approach allows trading partners to collaborate and exchange data in a seamless, bi-directional, real-time manner. With security and longevity as a focus, NetDirector is a certified SOC 2 Type II and HIPAA Compliant company, a 6-year member of the prominent Inc. 5000, and currently, processes more than 9 million transactions per month.

NetDirector Enters Comprehensive Agreement to Partner with My Constant Care, LLC for Integration Services

TAMPA, Fla.Sept. 28, 2017 /PRNewswire/ — NetDirector, a cloud-based data exchange and integration platform, has expanded their Integration-Platform-as-a-Service (iPaaS) offerings once again. A strong partnership has been forged with My Constant Care, LLC to provide them with a cloud based integration suite for the already cloud-centric company.

My Constant Care (MCC) provides a unified cloud-based platform for integration and delivery of preventive services such as Annual Wellness Visits, Chronic Care Management, Advanced Care Planning, and Preventative Screenings. Their turnkey delivery model provides patients with the full spectrum of preventive services to enhance overall care delivery without disrupting day-to-day operations of the practice. My Constant Care focuses on maximizing value to both providers and patients. They do this with expert coordination of preventive care options available today while strategically shaping these services to meet performance requirements expected of their future providers in the future. They offer a no-financial-risk solution to the physicians, providing the staff, software, and technology to perform their services.

Utilizing the cloud for integration was a clear next step to elevate the services offered by MCC. NetDirector’s One-to-Many style integration allows MCC to connect to NetDirector once and exchange data seamlessly with EHR systems, billing platforms, and more as the hub expands. Now, MCC’s services can integrate with existing provider platforms as well as future additions to a provider’s suite of technology solutions without relying on internal resources to bridge the gap between solutions.

My Constant Care helps primary care physicians provide a level of service to their Medicare population previously not achievable by small practices,” says Kellie Privette, the Director of Sales and Business Development at MCC. Privette added that “NetDirector’s integration expertise and technology allows MCC to seamless transfer patient data into their customer’s EHR and billing systems, without double entry of a substantial amount of information.”

This integration also increases a provider’s compliance, allowing even small practices to provide the quality and timeliness of service of a larger provider while maintaining and exceeding compliance standards for the healthcare technology industry. By eliminating data entry steps and automating the exchange of patient information securely, the integration allows for providers utilizing My Constant Care to focus more on the patients, and less on the technology behind the scenes.

“We’re very enthusiastic about our partnership with My Constant Care,” said Harry Beisswenger, CEO of NetDirector. “Their services fill a gap in the healthcare industry, and we’re looking forward to helping them achieve their goals of seamless preventive care for everyone.”

Company Bio:

NetDirector provides a secure cloud-based data and document exchange solution for the healthcare and mortgage banking industries to deliver seamless data integration between parties. NetDirector bridges gaps created by disparate systems & technologies by allowing companies at any location to share data & documents securely over a single internet connection with any other member of the ecosystem. Our approach allows trading partners to collaborate and exchange data in a seamless, bi-directional, real-time manner. With security and longevity as a focus, NetDirector is a certified HIPAA Compliant and SOC II Type 2 certified company, a 6-year member of the prominent Inc. 5000, and currently processes more than 8 million transactions per month.

Disaster Recovery Planning Essential in a Connected Healthcare Environment

Disaster Recovery Planning Essential in a Connected Healthcare Environment

While we are successfully recovering from Hurricane Irma here in Tampa (with no major damage and no service outage, thankfully), the numbers have started to roll in from Harvey a few weeks ago. Despite Hurricane and Tropical Storm Harvey’s devastating impact in terms of lives lost/displaced and estimated $23 billion property damage in Texas’ Harris and Galveston counties, things could have been much worse if not for the region’s heads-up health IT disaster planning.

Four days after the storm’s landfall, all the electronic health record systems at all the hospitals in Houston appeared to be in “regular working order,” according to Nick Bonvino, CEO of Greater Houston Healthconnect (GHHC), the region’s health information exchange (HIE). GHHC had previously partnered with Health Access San Antonio, the HIE serving a large expanse of central Texas, to establish a statewide hub for Texas HIEs with remote siting and data storage in Salt Lake City.

“If a hospital backs up all of its information to a data center down the block, which is also flooded, that’s not a sufficient solution,” Andrew Gettinger, MD, chief medical information officer at the Office of the National Coordinator for Health IT, recently told Health Data Management. “You have to think about the geography that’s likely to be at risk and make sure that your backup solution takes care of that so you can recover.”

Indeed, when Hurricane Sandy hit New York and New Jersey in 2012, healthcare data centers situated in low-lying areas — many in hospital basements — suffered catastrophic flood damage, Gettinger emphasized. Those losses underscored the need for backup systems located out of harm’s way.

Disaster recovery planning

Aside from natural disasters, health care organizations also need to prepare for cyber-threats, such as denial-of-service and ransomware attacks, which can render IT systems inoperable or data inaccessible.

According to Jeremy Molnar, vice president of services for information security firm Cynergistek, proper disaster recovery (DR) planning starts with the assignment of a project manager responsible for implementing a cohesive strategy. Other organizational experts develop needed processes and documentation to support the project manager.

Additional key aspects include:

  • identification of critical data, applications, systems, and personnel;
  • requirements for data backup and emergency-mode operations planning;
  • ongoing testing of and revisions to each component of the DR plan; and
  • assurance of contingency planning in compliance with HIPAA rules, which mandate security risk assessments. Such assessments evaluate the likelihood and impact of exposing protected health information and document the security measures adopted to address identified risks.

State of the industry

Peak 10, an IT infrastructure solutions company, found in its “IT Trends in Healthcare” study that most healthcare organizations execute DR testing less than once annually. Only 25 percent test quarterly.

What’s more eye-opening, the Disaster Recovery Preparedness Council estimates that more than 65 percent of organizations who test their DR plan actually fail their own test. Since so many organizations don’t pass their own tests, Peak 10 points out that those who neglect — or elect not to — test “simply won’t recover IT operations sufficiently if disaster [occurs], which in a hospital setting, is a risk not worth taking.”

NetDirector helps mitigate DR concerns by partnering with best-in-class technology companies to provide an “industrial-strength” data exchange platform hosted at a Peak 10 data center. Peak 10 is current with all applicable data security certifications and regulations, including HIPAA.

Additionally, NetDirector connects to multiple data centers in different geographic locations that are continuously updated and available to seamlessly go live as needed. This fault-tolerant set-up provides clients with built-in DR and hot-site swapping capabilities, ensuring minimal to zero disruption. NetDirector’s HealthData Exchange also reduces the need for scheduled maintenance and its accompanying temporary downtime.

For more information, please contact us or request a free demo.

Blockchain Technology: An Emerging Force in Healthcare Integration

Back in March, at the conclusion of the HIMSS17 annual conference, we pointed to blockchain as one of the most noteworthy recent developments in the healthcare IT space. We emphasized that blockchain technology, which uses a distributed database and cryptography to securely manage records and create a permanent record of online transactions, deserves recognition for its potential to increase IT and organizational efficiencies — highly valued attributes in light of Healthcare’s perpetually constrained resources.

An IBM Institute for Business Value study explains that data captured on blockchains can be shared in real time across a scalable group of individuals and institutions. “Every event or transaction is time-stamped and becomes part of a long chain, or permanent record, that can’t be tampered with after the fact,” according to the study report, which finds 16 percent of healthcare organizations ready to commercialize blockchain at scale in 2017.

Where will things go from here?

Room to grow

In practical terms, blockchain could be used in areas such as population health to aggregate patient and financial data that formerly would have been available only from separate sources such as health information exchanges and claims databases.

Further, blockchain’s ability to enable secure and irrevocable data exchange systems would provide “seamless access to historic and real-time data, while eliminating the burden and cost of data reconciliation,” explains Reenita Das, senior vice president of transformational healthcare at research firm Frost & Sullivan.

Micah Winkelspecht, founder and CEO of blockchain start-up Gem, characterizes blockchain as a tool for interoperability — in essence, an open-source protocol layer incorporating rules to which software can be written. “It’s basically like a language that all [participating] companies agree to speak in order to be able to interoperate with each other,” he adds. Unlike the current EHR-centric healthcare system, blockchain would be the “underlying fabric” for the entire continuum of care, “a decentralized, distributed, global data repository that’s basically shared and controlled by everyone,” he envisions.

Cross-industry philosophy

Related, in the mortgage industry, a similar foundational approach has experts believing in blockchain as an enabling technology empowering lenders to overcome current challenges in electronic processes.

Blockchain would be applied as a thin layer atop an existing document management system to effectively “freeze” a copy of the signed documentation, thereby proving it has never been altered and that the original document resides in its original location. Focus would shift from e-signature tools to blockchain as the core technology structure for compliance and document management — without requiring a completely reworked electronic process.

NetDirector recognizes ongoing and changing security needs in industries such as healthcare and mortgage banking. Companies on the front lines shouldn’t have to rewrite existing integrations or pay multiple vendors in their respective networks to operationalize individual system connections.

Within the healthcare ecosystem, NetDirector’s HealthData Exchange builds on a standard data model to map to HL7 or other data formats and achieve EHR interoperability while removing the bottlenecks of traditional interfacing. Such integrative technology holds the promise of making future security updates and landscape changes far more manageable.

For more information, please contact us or request a free demo.

Security in Data Migration, and When Not to Migrate

There’s no turning back on the cloud computing revolution. By 2020, more than 90 percent of data center traffic will be cloud traffic, according to Cisco’s Global Cloud Index forecast.

Separate analysis from 451 Research finds enterprise spending on hosting and cloud services up by 26 percent in 2017 over 2016, outpacing a 12 percent increase in total IT budgets during the same span. “Hosting and cloud services are becoming a focus of IT investment, via both new projects and the migration of existing workloads,” observes Liam Eagle, research manager at the firm.

In healthcare, 76 percent of new or existing workloads are moving to the cloud, in areas such as data archiving, backups/disaster recovery, back-office applications and server virtualization.

Some might even say the transition to cloud is happening too quickly. In fact, the simplicity of initiating cloud projects has raised eyebrows among industry observers — especially since protected health information (PHI) is at stake. “The ease of spinning up a cloud application can create, in and of itself, a risk,” says Shane Whitlatch, enterprise vice president at data security firm FairWarning. “Because cloud projects are easy to start, it’s also easy to just leave them there and not monitor them.”

Does he have a point?

Setting the record straight

Without a doubt, companies across all industries have made some missteps in migrating data to the cloud. In certain cases, organizations have viewed data migration as a one-time event rather a process that will likely be repeated over the years. Therefore, it’s important to analyze whether an IT infrastructure can hold up to the demands of a full-scale migration, reports HealthITInfrastructure.

Closer to home in healthcare, organizations often fail to assess data-quality issues before embarking on a migration. This might come into play, for example, when moving data from a legacy electronic health record (EHR) system to a new EHR application.

And while it’s certainly possible for a healthcare provider to fall victim to the scenario Whitlatch envisions (e.g., gathering PHI for research purposes and later abandoning that data outside established controls on a cloud-based platform), most organizations would avoid that type of vulnerability through due diligence. They recognize that cybersecurity is a shared responsibility between cloud provider and customer. HIPAA’s Security Rule, for instance, applies in equal force to data protection whether the data resides in on-premise systems or in the cloud.

Additionally, above all other factors, healthcare organizations are concerned about adherence to regulatory requirements such as HIPAA when selecting a cloud services provider, according to a 2016 study conducted by HIMSS Analytics.

NetDirector’s HealthData Exchange, a cloud-based platform for exchanging data between healthcare entities, has been certified as HIPAA-compliant under audit by a third-party security and compliance solutions provider. This certification “strengthens the trust that our clients place in us to safely integrate their platforms and transform their data,” explains NetDirector CEO Harry Beisswenger.

For more information on the HealthData Exchange platform, please contact us or request a free demo.

Midyear Healthcare and Technology Progress Report

High availability, interoperability, and utility in population health management all figured prominently in an early 2017 forecast of areas where healthcare CIOs expect information technology (IT) to deliver significant impact for their organizations.

Here’s a look at how things are shaping up at the year’s midpoint.

Systems availability

While natural disasters or cyber-attacks can knock out — or lock out — critical IT systems without warning, healthcare entities still need to prepare for such events. In fact, the HIPAA Security Rule requires health care covered entities to have a contingency plan for responding to unavailability of electronic health information systems.

The Department of Health and Human Services’ Inspector General reported last year in a survey of 400 hospitals that about two-thirds have contingency plans addressing data backup, disaster recovery, emergency mode operations and testing/ revision procedures. Nonetheless, over half of the surveyed hospitals confirmed an unplanned disruption to their electronic health record (EHR) system, and about a quarter of those experienced delays in patient care as a result.

So far this year, EHR outages continue to make headlines:

  • An April 2017 poll, conducted by online physician community Sermo, found that 55 percent of 1,678 responding U.S. doctors had experienced an EHR outage or malfunction that jeopardized the health or safety of a patient.
  • Also in April, Erie County Medical Center and an associated long-term care facility experienced a system-wide shutdown attributed to a ransomware attack. The hospital’s backup process prevented loss of any patient records or financial data, but its EHR was taken offline for six weeks, during which time activities such as patient admissions and prescription writing had to be handled manually.
  • In a separate incident at the end of February, an ophthalmology-specific EHR experienced “technical difficulties” due to outages of Amazon’s S3 cloud-based hosting service.

Data center and cloud services provider Peak 10 recommends that healthcare entities not only review their IT privacy and security policies and procedures but also insist that their service level agreements with technology providers specify agreed-upon security objectives and how compliance will be ensured.

Interoperability

In late March, the Office of the National Coordinator for Health IT (ONC) shared several examples of what it described as “interoperability in action from coast to coast.” Among the programs ONC showcased:

  • An app that imports patient data — including personal and medical device data, remote monitoring and reminders — into a comprehensive family health dashboard.
  • A solution that allows clinicians to create customizable push notifications that can be tailored to individual patients or groups.
  • A smartphone app that allows patients to grant or revoke permission for providers to access, send or receive health information electronically.
  • A secure system for users to seamlessly store and share data with trusted care professionals.

Additional projects outside of ONC’s purview are taking aim at other aspects of interoperability. In April, Ascension Health, Cedars-Sinai Health System and Hospital Corporation of America opened the Center for Medical Interoperability. The lab will provide resources for researchers to test data-sharing connections for medical devices and EHRs. In February, the Personal Connected Health Alliance agreed to partner with the Integrating the Healthcare Enterprise initiative in efforts to improve health data exchange through conformity testing and certification with a focus on standards-based, open specifications.

Population health

No single type of data serves as a comprehensive source of information for population health management. For example, claims data includes patient demographics, diagnosis codes, and dates and costs of services; however, the information is retrospective and limited to just billable aspects of care, explains a recent HealthITAnalytics report. Likewise, EHR systems provide clinical details but often contain unstructured, free-text descriptions that are difficult to extract and analyze.

Still, healthcare organizations continue to press forward with population health initiatives. Vanderbilt University just released a report card — the first of its kind in the nation — intended to guide the planning, implementation, and evaluation of programs and policies to improve men’s health across the entire state of Tennessee. It identifies heart disease and cancer as the leading causes of death in the state and reveals a deficit in men having a personal health provider. Meanwhile, Stanford University’s Center for Population Health Sciences has awarded $275,000 in pilot grants to fund studies seeking to improve population and community health, including a mobile surveillance system that will map autism and gaps in treatment services.

Efforts such as these will help drive discovery of what works in real-world practice of population health management. “As an industry, we can increase the socialization of toolkits and case studies so that healthcare organizations can more clearly define all aspects of population health management model design,” observes Jennifer Rogers, an analyst at Chilmark Research. She adds that optimal IT deployment will speed up gains in value for current and future adopters of population health models.

Availability, interoperability, and population health projects face a balance of challenges and opportunities as we enter the second half of 2017. NetDirector continues to innovate with cloud-based, foundational integration solutions that will help healthcare organizations seamlessly handle the electronic exchange of information in each of these areas within their respective ecosystems. For more information, please contact us or request a free demo.

When a Health IT Rollout Runs Off the Rails

If ever a large-scale health IT project needed a reboot, it was the rollout of Healthcare.gov. Fortunately, it got one — in the form of an emergency, behind-the-scenes “tech surge” assembled to salvage the government’s new health insurance portal after a halting launch.

To recap, only six people completed the online enrollment process on Oct. 1, 2013, the day Healthcare.gov officially opened for business, according to notes from war room meetings at the Center for Medicare and Medicaid Services (CMS), the agency charged with implementing the site. Things didn’t improve much the next two days, with a cumulative total of 248 enrollments successfully submitted and at times up to 40,000 consumers stuck in a waiting stage.

Malfunctions crashed Healthcare.gov twice more the last week of October, the second time while Kathleen Sebelius, Secretary of Health and Human Services (HHS), the parent department of CMS, was testifying before Congress about the website’s problems.

Administration officials advised consumers who experienced trouble with the online process to apply by phone — or even mail in a hard copy form.

President Obama called it a “well-documented disaster” and pundits had a field day.

“Only the government could come up with a website that’s slower than sending something by mail.” — Jay Leno

“If you are in need of healthcare, you have two choices: You can wait for them to get the site fixed, or you can enroll in medical school, graduate, and then just take care of yourself.” — Jimmy Kimmel

“People are getting a busy signal when they try to apply over the phone. You can’t use the Internet and you can’t use the phone. So now fax machines are like, ‘Look who’s come crawling back!’” — Jimmy Fallon

To its credit, the administration retooled and relaunched the site by December 2013 and hit its stated goal of signing up 7 million people by the end of the first quarter of 2014. Nonetheless, substantial damage had already been done. Hundreds of millions of dollars had been spent, and by April 2014 Sebelius had resigned after taking ultimate responsibility for the launch debacle.

What went wrong

In retrospect, the management and technical problems that plagued Healthcare.gov throughout its development seem fairly apparent.

A February 2016 report issued by HHS’ Office of the Inspector General stated that the most critical misstep made by the project team leading up to launch was “absence of clear leadership, which caused delays in decision-making, lack of clarity in project tasks and the inability of CMS to recognize the magnitude of problems as the project deteriorated.” Other contributing factors included devoting too much time to policy issues rather than to actual site development, poor technical decisions and improper management of the key development contract. The report also criticized CMS’ organizational structure and culture, which hampered coordination, pushed back against warnings of “bad news” and failed to alter plans in the face of problems.

The Government Accountability Office (GAO), in a separate analysis, pointed out CMS shortcomings in the areas of capacity planning for the site, as well as failure to correct software coding errors and implement full functionality prior to launch. Additionally, GAO said, “Healthcare.gov and its supporting systems were not fully tested prior to launch, and test documentation was missing key elements such as criteria for determining whether a system passed a test.”

A CIO retrospective summarized the project’s faults and how the fiasco could have been prevented: “Healthcare.gov was a single, Big Bang rollout that couldn’t be stopped.” The huge undertaking should have been tracked forward in incremental stages, with early and complete testing, and a more flexible scope to find areas of risk before they unexpectedly appeared.

Not a singular instance

Despite all the negative fallout, perhaps we shouldn’t be surprised with Healthcare.gov’s early-phase stumbles. Standish Group, an advisory firm focusing on software project performance, studied 3,555 projects from 2003 through 2012 that had labor costs of at least $10 million.

The takeaway: Only about 6 percent were deemed successful. A majority, 52 percent were “challenged” — meaning over budget, behind schedule or failed to meet user expectations. The rest, about 42 percent, were either scrapped or started anew from scratch.

Further research, from Forrester Consulting, shows that less than 40 percent of IT executives believe their internal IT organizations can regularly deliver projects on time and within budget, due in large part to continually changing user requirements and overburdened departmental resources.

In general commercial environments, such a low success rate may be accepted as a “cost of doing business,” and the worst outcome could be scope creep or project delays. In healthcare, the stakes are higher, with patient lives potentially on the line when IT systems don’t work or aren’t available when needed. That’s why many healthcare entities are looking for trusted third-party help in gaining control over their interconnected systems and expanding ecosystems.

NetDirector has been around for almost 15 years, offering cloud-based services that are now considered a staple solution for data integration in healthcare and other industries. Learn more about the HealthData Exchange platform here or request a free demo.