NetDirector Enables Next-Generation Integration in Radiology with American Health Imaging

Tampa, FL – May 24, 2017 – NetDirector, a cloud-based data exchange and integration platform, has engaged in a rapid expansion strategy in the healthcare industry over the last few years. Recently, the Integration-Platform-as-a-Service (iPaaS) has completed implementation with American Health Imaging, a regional network of radiology providers across multiple states, to provide increased accessibility and data utility in their company.

American Health Imaging (AHI) began providing diagnostic imaging services in Decatur, Georgia, in 1998, and has since expanded to 21 locations. In each area, they distinguished themselves by providing excellent customer service and high quality diagnostic imaging for their patients and referring physicians. By partnering with NetDirector to provide cloud-based integration services, it is the goal of AHI to create an automation platform that will increase overall customer satisfaction through streamlined processes and to create internal manpower savings through enhancing their ability to scale the business without having to add staff.

“We want to provide the best possible patient care, to the maximum number of patients, while minimizing the need for human intervention in the process,” said Dan Balentine, Chief Operating Officer at AHI. “By utilizing the NetDirector integration, it has allowed us to take our staff’s focus off of the day to day busywork, and shift focus to providing unmatched patient care.”

With traditional integrations, a company like AHI could be paying upwards of $20,000 plus an 18% annual maintenance fee for each vendor that would be integrated with AHI’s EMR and other in-house systems. For AHI, this was clearly not the optimum solution. Several vendors might not have the volume of transactions to justify the integration cost, creating a system built around the exception and not the constant. NetDirector’s one-to-many integration approach allowed AHI to integrate once with NetDirector, and use that single integration to connect to the entire hub of HealthData Exchange participants.

Three main technologies formed the backbone of the AHI-NetDirector integration – HealthLogix, Exchange EDI, and IntScripts.

HealthLogix Integration – Patient Check-In, Appointment Confirmation, Patient Billing

AHI utilizes a patient engagement platform called HealthLogix to help follow up with patients after exams or appointments, confirm scheduling, prompt for surveys, create a seamless check-in process, and more. The cloud-based integration model helped AHI bring this information directly into their Fuji Radiology Information System (RIS) and patient billing databases, to keep patient records current and to leverage the data they were collecting most efficiently, and allowed the utilization of HealthLogix’s full functionality such as automating check-in procedures at a digital kiosk, and more.

Exchange EDI Integration – Insurance Coverage Confirmation & Verification

Additionally, in a time where high-deductible insurance policies are increasingly commonplace, insurance confirmation simply isn’t enough information. AHI utilized NetDirector to connect with Exchange EDI, which not only confirms the participation in an insurance policy or group but analyzes policy levels and remaining deductibles. This allows patients and providers alike to understand the patient’s responsibility up front – the transparency provided by this data allows for accurate collection of copays during visits, reduced collection costs down the line, and overall reduced revenue leakage for providers.

IntScripts Integration – Physician Referrals and Radiology Communication Integration

Finally, it was critical to make the ordering process for their referring physician population as simple as possible, so an integration was performed with IntScripts, which provided the ability to directly receive orders from the referrer’s EHR and have the results automatically dropped right into the patient’s chart.  This automation eliminates the traditional manual processes that were previously encountered by both AHI and referring physicians.

For patients, the NetDirector integration platform provides not only an elevated level of understanding of their coverage and responsibility through stronger integration between provider and vendor, but also makes life easier for their primary care doctor or other referring physician to communicate and refer patients. This increases the likelihood of single-service care, as primary care physicians are more likely to refer patients as needed, and patients can trust they are receiving the right treatment for them.

“The integration that we have created for American Health Imaging is a model case for the value of cloud-based integration in healthcare,” said Harry Beisswenger, NetDirector CEO. “When we set out to enter the healthcare industry, our primary goals were to reduce costs for providers, increase potential care level provided to patients, and create an environment of data transparency and communication. AHI’s integration has accomplished all of this and more.”

Company Bio:

NetDirector provides a secure cloud-based data and document exchange solution for the healthcare and mortgage banking industries to deliver seamless data integration between parties. NetDirector bridges gaps created by disparate systems & technologies by allowing companies at any location to share data & documents securely over a single internet connection with any other member of the ecosystem. Our approach allows trading partners to collaborate and exchange data in a seamless, bi-directional, real-time manner. With security and longevity as a focus, NetDirector is a certified HIPAA Compliant company, a 6-year member of the prominent Inc. 5000, and currently processes more than 8 million transactions per month.

Healthcare Innovation: New Threats, New Technology

On the heels of the May 12 WannaCry malware attack that infected more than 300,000 computers in at least 150 countries — the largest hack in nearly a decade — investigators continue to evaluate what happened while victims assess the resulting damage.

The exploit emerged as ransomware, which encrypted files stored in unprotected computers and effectively held them hostage to demands for money in exchange for decryption.

“The suspected syndicated attack is … using a particularly nasty form of malware that can move through a corporate network from a single entry point,” noted Simon Crosby, chief technology officer of cybersecurity firm Bromium. He added that healthcare organizations, governments, police and fire departments and military organizations are “massively vulnerable.

The outbreak started in Europe and in one of the most significant impact zones affected about 20 percent of the United Kingdom’s publicly funded National Health Service. Routine surgeries and outpatient appointments were canceled, while seven hospitals had to divert emergency patients due to disruptions, BBC reported, although media accounts said patient data had not been accessed.

WannaCry manipulated flaws in Microsoft’s Windows operating system that had not been updated by many of the targets. While analysts believe elements of the malicious software had been leaked by a hacking group from a trove of cyber-attack tools held by the U.S. National Security Agency (NSA), Microsoft reportedly was aware of the Windows weakness and had issued a free fix on March 14.

“Say what you want to say about the NSA or disclosure process, but this is one in which what’s broken is the system by which we fix,” commented Zeynep Tufeki, a professor at the University of North Carolina.

Hackers target healthcare

The 2017 Healthcare Breach Report, compiled by data protection firm Bitglass from U.S. Department of Health and Human Services records, reveals that 328 U.S. healthcare organizations disclosed data breaches in 2016, up from 268 the prior year. All five of the largest breaches were the result of hacking and IT incidents in 2016, according to the report. What’s more, network servers were almost always the targets for hacking-related breaches.

Robert Herjavec, CEO of a global information security company (but perhaps more widely known as one of the venture capitalist investors on the television show Shark Tank), recently told Healthcare IT News that the industry needs to prioritize a proactive approach to security.

Herjavec emphasized that providers are vulnerable to hacks in part because they are highly dependent on information systems, but it is difficult to keep them up-to-date and refreshed with current security patches. He added that large projects “can take years, and security considerations and proactive protection often fall by the wayside during these transitions.”

In general terms, he recommends increased use of account access management tools while restricting access to HIM systems to the greatest extent possible. Additionally, as shown in the WannaCry incident, operating systems must be updated regularly and endpoints patched aggressively — all while staff and clinicians receive training on cybersecurity risks and challenges.

NetDirector recognizes that unknowns in cybersecurity will always create gaps between emerging exploits and preventive measures. That’s all the more reason for the company to stay ahead of the curve in its technology development. With its HealthData Exchange platform, for example, clinical and financial data move electronically among disparate systems via a cloud-based solution that fully complies with HIPAA and SOC2 standards. NetDirector securely processes over 10 million data and document transactions per month for its healthcare clients.

For more information, please contact us or request a free demo.

Integration Can Power the Tools for Patient Engagement

Roughly 70 percent of health systems, hospitals and physician practices proactively work toward getting patients more involved in their own care, according to a 2016 NEJM Catalyst survey. However, considering the drive to implement and deliver value-based care, industry observers are wondering why that number isn’t closer to 100 percent.

“[We] need to engage patients outside the exam room with frequent, creative interactions that do not have to always include their physicians,” according to Kevin Volpp, MD, PhD, and Namita Mohta, MD, who analyzed the survey results.

Patient portals, secure email, online/mobile scheduling, patient-generated data and social networks lead the way among engagement initiatives currently being used at scale, according to respondents.

Nonetheless, portals in particular tend to be “systems of record, not systems of engagement,” observes analyst Brian Eastwood of Chilmark Research, a health IT advisory firm. Today’s portals aren’t optimized for value-based care or population health management because they’re geared toward the individual and don’t encourage behavior change, he adds.

Forward-looking solutions must be built on a broader engagement model that loops in coordinated community care teams and enables bi-directional information flow, Eastwood explains. “The point solutions that consumers use to access the healthcare system will get bigger,” he continues. “We need to try to connect to these solutions in some way — and integration is the best we can hope for.”

A pathway to future success

Design and usability will be the main drivers of behavior changes in patient engagement, predicts Sean Duffy, CEO of Omada Health, a tech-based company targeting diabetes care through analytically identified trends.

“It’s about fine-tuning and personalization, [which will spawn] an incredible wave of potential in the way we work to improve the health of the country,” Duffy tells FierceHealthcare. Optimizing the way patients interact with engagement technology is a core part of the process so that a wide range of individuals can be effectively served.

And there’s good reason to expect positive patient response to emerging engagement technology. CDW’s 2017 Patient Engagement Perspective Study finds 70 percent of patient respondents saying they’ve become more knowledgeable about their personal medical information because of online access. Half of the same sample said they’ve noticed increased engagement with their own healthcare.

At the same time, it’s essential to view patient engagement as a two-way street. To wit, 67 percent of providers surveyed by CDW consider patient engagement to be an important part of improving overall care and the top motivating factor in spurring their respective organizations into action.

Indeed, leading healthcare institutions such as Johns Hopkins Medicine are making sure employees understand patient data and know how to communicate it. That behavior is “becoming very ingrained in the way we do our work,” says chief patient experience officer Lisa Allen.

NetDirector’s HealthData Exchange platform supports such initiatives by electronically moving clinical and financial data among disparate systems — transparently mapping it to the correct format of the recipient. In this way, HealthData Exchange serves as an engine for integrating engagement technologies, increasing the likelihood of not only utilization, but also the accuracy of data circulating in multiple environments without human intervention.

For more information, please contact us or request a free demo.

What’s Top-of-Mind for Healthcare Provider Connectivity?

Healthcare connectivity covers a lot of virtual territories, evolving technologies, and boots-on-the-ground personnel. On the human side alone, stakeholders involved in the creation, exchange, and use of health information include individuals, patients, physicians, hospitals, payers, suppliers and ancillary service providers.

Concurrently, healthcare’s ecosystem relies on technical standards, policies, and protocols “to enable seamless and secure capture, discovery, exchange and utilization of information” in all its various forms among stakeholder parties, according to the HIMSS Interoperability & HIE Committee.

Healthcare organizations have been hammering away at this multi-faceted challenge for decades, making incremental progress. “The next step is taking data and using it to create a more accurate picture of the patient that drives better healthcare decisions,” observes Carla Smith, HIMSS executive vice president.

Industry-wide activity is trending toward population health initiatives. Case in point: Catholic Health Initiatives (CHI) in Englewood, Colo., has stepped up its population health strategy through the use of advanced data analytics. Since rolling out the program, CHI has cut pneumonia mortality by 21 percent; catheter-associated urinary tract infections by 27 percent; surgical site infections (SSIs) following colon surgery by 34 percent; and SSIs following hysterectomy by 45 percent.

Concurrently, Atrius Health in Newton, Mass., is focusing on lowering inappropriate hospitalizations and reducing lengths of stay in nursing facilities. Atrius pairs patient histories from its EHR with claims data for alternative payment contracts to identify at-risk groups who could benefit from early interventions (e.g., those with chronic kidney disease) while also managing patients already diagnosed with chronic conditions, reports Becker’s Hospital Review. The goal is to develop customized and comprehensive care and treatment plans.

Areas of opportunity

Aside from these types of leading-edge programs, hospitals and health systems are hard at work in more fundamental areas of health information exchange. The U.S. Department of Health and Human Services (HHS), in a 2016 statutorily required report to Congress, noted that about three-quarters of hospitals could electronically exchange health information with outside providers, highlighted by a spike of 23 percent between 2013 and 2014. However, physician practices lagged behind in their ability to electronically share patient health information in the same manner.

At the same time, HHS said it will pursue incentives “to stimulate more collaborative business arrangements and uninterrupted information flow.” In broad terms, these financial levers will be intended to motivate higher-value care, reward teamwork and integration in the delivery of care, pave the way for more effective coordination of providers across settings, and “harness the power of information” in improving care across populations of patients.

All this needs to happen in concert with more fully engaged patients. While 72 percent of hospitals enable patients to electronically request an amendment to their own health information, other areas must come up to speed. For instance, only about 40 percent of hospital patients can request prescription refills or schedule appointments online, and just slightly over half of hospitals allow patients to send and receive secure messages electronically.

Increasingly, healthcare providers are looking to build out capabilities in a unified, streamlined ecosystem. NetDirector’s cloud-based HealthData Exchange platform is designed to make this level of connectivity a reality. HealthData Exchange allows hospitals and physician practices to make a single connection that instantly gives them access to dozens — and potentially hundreds — of other providers and vendors via pre-defined integrations. NetDirector currently processes more than 10 million data and document transactions per month.

For more information, please contact us or request a free demo.

NetDirector Exceeds Demanding Security Standards with SOC2 and HIPAA Certifications

TAMPA, Fla., March 1, 2017 /PRNewswire/ — NetDirector, a cloud-based data exchange and integration platform, has recently completed work with A-LIGN to undergo rigorous and valuable security certifications. NetDirector was recently awarded attestations in compliance with HIPAA and SOC2 Type II standards, the leading security standards in Healthcare and Mortgage Banking, respectively.

The SOC 2, or Service Organization Controls 2, is an examination under AICPA standards designed for technology service companies to demonstrate controls around data security and processing integrity. The SOC 2 reports are intended to meet the needs of a broad range of users that need to understand internal controls at a service organization as it relates to security, availability, process integrity, confidentiality and privacy. The Type II report is a report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.

The Health Insurance Portability and Accountability Act, or HIPAA, defines policies and procedures, as well as processes, which are required of companies that store, process, or handle electronic health information that is considered “protected” (ePHI). HIPAA compliance is increasingly valuable to both technology service providers and integrators like NetDirector, as well as providers, electronic health records systems, billing platforms, and others integrating and utilizing healthcare data.

Both the SOC 2 and the HIPAA audit were performed by Tampa-headquartered nationwide security and compliance solutions provider A-LIGN. A-LIGN specializes in helping businesses across a variety of industries navigate the complexities of specific audits and security assessments, and both the SOC 2 and HIPAA reports of A-LIGN’s findings can be made available to prospective or current customers.

“NetDirector displayed the necessary controls in their HIPAA and SOC 2 attestation reports,” said Scott Price of A-LIGN. “Their security and management teams were great to work with throughout the process. There is a strong attention to detail in the organization.”

In addition to the in-house attestations, the data centers utilized by NetDirector through Peak10 maintain the same security standards or higher in all aspects of their company. Many technology companies have recently been brought to light as claiming true “compliance” in their organization, when they really mean that their data center has gone through the rigorous examination. At NetDirector, the belief is in transparency and clear communication regarding security, including compliance audits at all ends of the process.

“I am very proud of our team for successfully completing these important 3rd party audits,” said Harry Beisswenger, NetDirector CEO. “Both the mortgage default servicing industry and the health data environment come with very unique security and compliance requirements, and these certifications and reports strengthen the trust that our clients place in us to safely integrate their platforms and transform their data.”

Company Bio:

NetDirector provides a secure cloud-based data and document exchange solution for the healthcare and mortgage banking industries to deliver seamless data integration between parties. NetDirector bridges gaps created by disparate systems & technologies by allowing companies at any location to share data & documents securely over a single internet connection with any other member of the ecosystem. Our approach allows trading partners to collaborate and exchange data in a seamless, bi-directional, real-time manner. NetDirector currently processes more than 8 million transactions per month.

Healthcare Data in 2017

IT executives in healthcare face an expanding array of challenges in 2017 as the industry takes initial steps away from transactional-based, fee-for-service models and toward reimbursements tied to measures of value and quality. The clock has started ticking on Medicare reform’s implementation, with provider performance data gathered this year providing the basis for physician payments in 2019.

“To succeed in the value-based environment, health systems need to invest heavily in technology,” reports the Deloitte Center for Health Solutions.

The following areas should see significant impact.

IT as a key enabler

Healthcare organizations are recognizing IT’s mission-critical role in ensuring continuous high availability of systems and support of operational commitments, according to the 2016 Harvey Nash/KPMG CIO Survey. Fifty-two percent of healthcare CIOs expect their IT budget to increase over the next 12 months, compared to 45 percent across all industries. The boards of healthcare companies also place a higher priority than their counterparts in other industries on increasing operational efficiencies, improving business processes and delivering business intelligence/ analytics. Additionally, the report finds that “cloud and other collaborative digital technology enhancements have improved health IT access, scalability, reliability and sustainability.”

Interoperability essentials

Healthcare CIOs are enthusiastic about the transition to value-based models of care, but they admit it will be a tough task to actually implement population health management programs that can pull data from multiple organizations and analyze that information with a predictive component. Interoperability of data and technology will be an essential lever in making population health and wellness a reality. “Continuity-of-care documents, electronic health records (EHRs) and other types of data must all come together in an organized, orderly marriage,” observes Transcend Insights, Humana’s population health subsidiary. “A health information exchange for data and Fast Healthcare Interoperability Resources (FHIR) for application interfacing [will be] the easiest route forward.”

Interoperability also tops the list of EHR development projects slated for 2017, according to a Healthcare IT News survey of health technology executives. Specifically, respondents say top EHR projects will be geared toward improving interoperability, workflow and usability, as well as adding population health tools and migrating to the cloud. “EHRs were put in basically as dumb data communication systems without emphasis on exchange and workflow,” explains John Halamka, MD, CIO at Boston’s Beth Israel Deaconess health system. “But because of payment reform, we have incentives to do data exchange. Different things are bubbling to the top.”

Opportunity in digital health

Digital health tools such as health-related apps, activity trackers and smart watches have the potential to help consumers become more engaged in their own health. Unfortunately, that’s not happening yet. For instance, 75 percent of consumers who use mobile or Internet-connected health apps are willing to share the data they collect with their provider; however, only 32 percent say that type of exchange actually takes place, according to a digital health survey conducted by HealthMine. Additionally, 60 percent of digital health users say they have electronic health records, but only 22 percent use them to make medical decisions. HealthMine CEO Bryce Williams says, “Digital health is still crossing the chasm from lifestyle and fitness management to chronic disease and holistic healthcare management.” Williams looks for that gap to close during 2017 as health plan sponsors apply collected consumer health data to gain insights and manage populations toward improved health.

Tamper-proof technology

On December 12, Quest Diagnostics revealed that an unauthorized party obtained protected health information of approximately 34,000 individuals via an Internet application. Accessed data included names, dates of birth and lab results — but not Social Security numbers or credit card, insurance or other financial information. As such, it was a relatively mild intrusion measured against other data breaches during 2016. In comparison, a hacking of health insurer Anthem compromised tens of millions of patient records, all of which were stored unencrypted in a centralized database. In a New York Times op-ed, cybercrime expert Kathryn Haun and healthcare futurist Eric Topol call for a move away from health systems “storing and owning all our data.” They advocate for an encrypted data platform known as blockchain, which would “give patients digital wallets containing all their medical data, continually updated, that they can share at will.” The co-authors note that the private and academic sectors are working on the emerging technology.

Data in motion

Girish Pancha, CEO and founder of data flow management company StreamSets, views data as “the final frontier in the quest for continuous IT operations.” Pancha predicts 2017 will bring recognition of data management “as a living, breathing operation that must run reliably and automatically on a continuous basis” — on par with how IT oversees applications, networks and security. Organizations will need to analyze potential changes to their processes, tooling and structure to ensure the availability and accuracy of data in motion, he adds.

All told, it will be an eventful year with healthcare organizations planning for important challenges in their respective data and integration environments. NetDirector stands ready to assist with its proven cloud-based HealthData Exchange, which moves clinical records between providers and all trading partners in their ecosystem.

For more information, please contact us or request a free demo.

Healthcare Year in Review: The Data Perspective

As 2016 comes to a close, major developments in health information technology reveal continuing storylines for the year to come. Here’s a brief overview of progress made and ongoing opportunities for health information exchange to surmount pending challenges.

Value-based care

Medicare and commercial insurers are moving quickly toward valued-based payment models, leaving fee-for-service behind. Nonetheless, the implementation of supporting technology remains a work in progress. The 2016 HIMSS Cost Accounting Survey reveals that about half of healthcare provider organizations participate in some type of alternative payment model, but only 3 percent believe they are highly prepared to make the pay-for-value transition. “It will be critical that the industry reaches some level of consistency in terms of how providers should manage the exchange of clinical and financial information between all parties involved in an episode of care, regardless of whether they are part of the same healthcare delivery system,” explains Pam Jodock, HIMSS’ senior director of health business solutions.

Legislation

On December 13, President Obama signed into law the broad-reaching 21st Century Cures Act, which makes significant investments aimed at solving some of the nation’s biggest health challenges. Among its many varied provisions, the Cures Act seeks to improve health IT interoperability by promoting complete access, exchange and use of all electronically accessible health information for authorized use under applicable state or federal law. The legislation puts a priority  — and calls for a Government Accountability Office study — on patient-matching technology that would accurately identify patients for electronic exchange of health information among providers.

Cloud computing

The shared-resources, data-on-demand model known as cloud computing continues to evolve as a trusted healthcare technology core component “underpinning the continued development of electronic health records and big data analytics,” reports HIT Infrastructure. This aligns with increased use of software-as-a-service offerings in areas such as clinical data systems and technical support desks as organizations look to lower costs and improve overall operations, according to research firm Gartner. Cloud security and compliance concerns remain in play, however, especially in the handling of health data and protected health information.

Data sharing

Data is seemly everywhere these days, continually growing, with much of it available to be shared. Despite concerns about the privacy and security of health data, 77 percent of respondents to Rock Health’s 2016 Digital Health Consumer Adoption Report are interested in sharing their health information — especially to get better care from their doctor. Among those surveyed, 79 percent said they would divulge their health history, physical activity (76 percent) and genetic data (64 percent) with a physician. On the flip side, in regard to accessing health information, it matters most to those in poor health. Twenty-eight percent of respondents who self-rated their health status as poor or bad highly desired an electronic copy of their health records, while only 19 percent of those in good health were as interested.

Behavioral health and special care innovation

The U.S. Department of Health and Human Services projects treatment spending on mental and substance use disorders will total $280 billion in 2020. Including individuals with intellectual or developmental disabilities and those who require long-term services and support because of chronic medical conditions or physical disabilities, more than 35 percent of U.S. annual healthcare expenditures flow toward care for groups that constitute less than 20 percent of the population. Efforts to understand population health risks and intervene with preventive care models that reduce costs and improve care have started to gain traction, reports CIO. In one such initiative, Quest Diagnostics is working with University of California San Francisco to tap a database of 20 billion lab test records, combined with a five-minute cognitive assessment, for early detection and treatment of dementia.

NetDirector’s cloud-based HealthData Exchange comes into play in many areas of the developments that have shaped health IT during 2016. The service not only facilitates EHR integration and streamlines clinical workflow and communications with the extended provider community, but also complements existing IT investments.

For more information, please contact us or request a free demo.

Transaction Spotlight: Fees and Costs Request

HealthCare Cloud Computing Before It Was Cool

Like its atmospheric modifier, cloud computing comes together in boundless shapes and sizes. Some say it’s a simple feat — accessing and storing data and programs over the Internet instead of on a hard drive — but a mind-boggling combination of data processing, synchronization, communication, and protection takes place beyond the individual user’s confines.

In any case, it’s big business, with public cloud companies projected to stake out an estimated $500 billion in market cap by 2020. “The depth and breadth of cloud progress is pretty shocking,” investor Byron Deeter of Bessemer Venture Partners told Forbes.

That’s a long way from the roots of the dot-com era, when Application Server Providers (ASPs) connected people via the Web to software hosted in offsite data centers, and thereby offered businesses a viable alternative to buying hardware and hiring people to manage it. Still, the drawbacks at the time — sluggish connections and sky-high ASP operations costs — kept traditionally late-adopter industries like healthcare mostly on the ground rather than in the cloud.

Healthcare’s ascent

As recently as 2014 only about 22 percent of healthcare organizations surveyed by HIMSS Analytics were planning to use cloud computing for back-office functions. In 2016, nearly 47 percent of respondents have cloud usage in their back-office plans. The same holds true for business continuity/ disaster recovery functions and health information exchange: the former rising from 31 percent in 2014 to 47 percent in 2016, and the latter from 20 to 41 percent.

“In 2014, the cloud was primarily seen as a model that could support HIE and data storage, whereas, in 2016, it is being leveraged for a full range of functions including patient empowerment,” according to the survey report.

Indeed, healthcare entities cite the following factors (in order of importance) in their move to the cloud:

  • Cost savings
  • More complete disaster recovery capabilities
  • More scalability for internal requirements
  • Speed of deployment
  • Improved user access to applications
  • Plans to scale information and virtual care to patients
  • Freeing up internal storage/compute cycles
  • Accommodation of mobile workforce
  • Regulatory compliance
  • Accessibility to compute cycles

Another way to say it is that core health IT components, such as electronic health record (EHR) systems, cannot be at risk for downtime with vital patient care considerations hanging in the balance. With technologies coalescing in the background, tens of thousands of EHR users across multiple vendor platforms now use the cloud daily with complete trust.

Additional “hot spot” cloud applications in healthcare continue to emerge in the areas of telemedicine, medical imaging, public health and patient self-management, hospital management, therapeutic interventions, and secondary use of data for analysis and clinical research.

In response, cloud service providers “need to ensure uptime and performance, deliver on compliance and service level agreements, and offer reliable technical support,” the HIMSS Analytics report states.

NetDirector, one of the originators of the cloud-based integration platform, has built its healthcare business by ensuring the movement of clinical records between providers, helping them achieve a safer and more efficient level of care. The company’s HealthData Exchange combines cloud-based technology with world-class security levels to enhance workflow — which, in turn, allows providers to focus on patient care.

Learn more about the further emergence of cloud-based healthcare data integration or request a free demo.

 

 

HIPAA Incidents Highlight Need for Adherent Technology Approach

It’s been a busy summer for the Department of Health and Human Services’ HIPAA-compliance body, the Office for Civil Rights (OCR). Between late June and early August, OCR reached settlements totaling $11.65 million in four cases of HIPAA violations and vulnerabilities.

In chronological order:

A $650,000 settlement announced June 29 stated that Catholic Health Care Services (CHCS), which provided management and IT services as an HIPAA business associate to six skilled nursing facilities in the Philadelphia area, failed to safeguard residents’ electronic protected health information (ePHI). Theft of a CHCS-issued iPhone — unencrypted and not password-protected — compromised the ePHI of 412 residents. OCR determined that CHCS had no risk analysis or risk management plan in place for handling PHI, as required under HIPAA’s Security Rule.

OCR announced on July 18 a $2.7 million settlement with Oregon Health & Science University (OHSU) over “widespread and diverse problems” that will be addressed through a three-year corrective action plan. OCR’s investigation started after OHSU submitted breach reports involving unencrypted laptops and a stolen unencrypted thumb drive containing ePHI. Although OHSU performed risk analyses in six years between 2003 and 2013, the processes did not cover all ePHI in OHSU’s enterprise. “While the analyses identified vulnerabilities and risks to ePHI located in many areas of the organization, OHSU did not act in a timely manner to implement measures to address these documented risks and vulnerabilities to a reasonable and appropriate level,” according to OCR.

A statement released July 21 detailed multiple alleged HIPAA violations at the University of Mississippi Medical Center (UMMC) settled by a $2.75 resolution amount and corrective action plan. OCR found that ePHI stored on a UMMC network drive was vulnerable to unauthorized access via the organization’s wireless network. Users could access files in an active directory after entering a generic username and password. The directory included 328 files with the ePHI of an estimated 10,000 patients dating back to 2008. OCR determined that UMMC was aware of risks and vulnerabilities to its systems as early as 2005, but failed to take risk-management action until after the breach. The agency cited “organizational deficiencies and insufficient institutional oversight.”

Advocate Health Care Network agreed to settle potential HIPAA penalties for $5.5 million and by implementing a corrective action plan, OCR announced on Aug. 4. The settlement amount was the largest to date against a single entity, according to OCR, reflecting “the extent and duration of the alleged non-compliance.” The investigation began in 2013 after Advocate submitted three breach notification reports pertaining to separate incidents involving a subsidiary, Advocate Medical Group. The combined breaches affected the ePHI of approximately 4 million individuals, the agency reported. The incidents included the theft of four desktop computers from an administrative office building, unauthorized access to a billing service’s network, and theft from an employee vehicle of an unencrypted laptop — exposing ePHI in each case.

HIPAA audits also a consideration

OCR’s recent actions stemmed from investigations following breach notifications. However, healthcare organizations should also be prepared for the agency’s stepped-up HIPAA audit activity. Every HIPAA covered entity and business associate is eligible for an audit. So-called remote “desk audits” are currently underway and will be completed by the end of 2016. Onsite audits will follow, covering a broader scope of requirements from HIPAA’s rules.

As indicated, the stakes have never been higher for healthcare providers and vendors when handling ePHI. Technology such as NetDirector’s HealthData Exchange electronically moves data among disparate systems while adhering to HIPAA security standards. While helping to ensure compliance, the cloud-based solution frees up time that can be allocated to optimizing the patient care experience.

For more information on how to ease regulatory burdens, contact NetDirector or request a free demo.