Posts

Disaster Recovery Planning Essential in a Connected Healthcare Environment

Disaster Recovery Planning Essential in a Connected Healthcare Environment

While we are successfully recovering from Hurricane Irma here in Tampa (with no major damage and no service outage, thankfully), the numbers have started to roll in from Harvey a few weeks ago. Despite Hurricane and Tropical Storm Harvey’s devastating impact in terms of lives lost/displaced and estimated $23 billion property damage in Texas’ Harris and Galveston counties, things could have been much worse if not for the region’s heads-up health IT disaster planning.

Four days after the storm’s landfall, all the electronic health record systems at all the hospitals in Houston appeared to be in “regular working order,” according to Nick Bonvino, CEO of Greater Houston Healthconnect (GHHC), the region’s health information exchange (HIE). GHHC had previously partnered with Health Access San Antonio, the HIE serving a large expanse of central Texas, to establish a statewide hub for Texas HIEs with remote siting and data storage in Salt Lake City.

“If a hospital backs up all of its information to a data center down the block, which is also flooded, that’s not a sufficient solution,” Andrew Gettinger, MD, chief medical information officer at the Office of the National Coordinator for Health IT, recently told Health Data Management. “You have to think about the geography that’s likely to be at risk and make sure that your backup solution takes care of that so you can recover.”

Indeed, when Hurricane Sandy hit New York and New Jersey in 2012, healthcare data centers situated in low-lying areas — many in hospital basements — suffered catastrophic flood damage, Gettinger emphasized. Those losses underscored the need for backup systems located out of harm’s way.

Disaster recovery planning

Aside from natural disasters, health care organizations also need to prepare for cyber-threats, such as denial-of-service and ransomware attacks, which can render IT systems inoperable or data inaccessible.

According to Jeremy Molnar, vice president of services for information security firm Cynergistek, proper disaster recovery (DR) planning starts with the assignment of a project manager responsible for implementing a cohesive strategy. Other organizational experts develop needed processes and documentation to support the project manager.

Additional key aspects include:

  • identification of critical data, applications, systems, and personnel;
  • requirements for data backup and emergency-mode operations planning;
  • ongoing testing of and revisions to each component of the DR plan; and
  • assurance of contingency planning in compliance with HIPAA rules, which mandate security risk assessments. Such assessments evaluate the likelihood and impact of exposing protected health information and document the security measures adopted to address identified risks.

State of the industry

Peak 10, an IT infrastructure solutions company, found in its “IT Trends in Healthcare” study that most healthcare organizations execute DR testing less than once annually. Only 25 percent test quarterly.

What’s more eye-opening, the Disaster Recovery Preparedness Council estimates that more than 65 percent of organizations who test their DR plan actually fail their own test. Since so many organizations don’t pass their own tests, Peak 10 points out that those who neglect — or elect not to — test “simply won’t recover IT operations sufficiently if disaster [occurs], which in a hospital setting, is a risk not worth taking.”

NetDirector helps mitigate DR concerns by partnering with best-in-class technology companies to provide an “industrial-strength” data exchange platform hosted at a Peak 10 data center. Peak 10 is current with all applicable data security certifications and regulations, including HIPAA.

Additionally, NetDirector connects to multiple data centers in different geographic locations that are continuously updated and available to seamlessly go live as needed. This fault-tolerant set-up provides clients with built-in DR and hot-site swapping capabilities, ensuring minimal to zero disruption. NetDirector’s HealthData Exchange also reduces the need for scheduled maintenance and its accompanying temporary downtime.

For more information, please contact us or request a free demo.

When a Health IT Rollout Runs Off the Rails

If ever a large-scale health IT project needed a reboot, it was the rollout of Healthcare.gov. Fortunately, it got one — in the form of an emergency, behind-the-scenes “tech surge” assembled to salvage the government’s new health insurance portal after a halting launch.

To recap, only six people completed the online enrollment process on Oct. 1, 2013, the day Healthcare.gov officially opened for business, according to notes from war room meetings at the Center for Medicare and Medicaid Services (CMS), the agency charged with implementing the site. Things didn’t improve much the next two days, with a cumulative total of 248 enrollments successfully submitted and at times up to 40,000 consumers stuck in a waiting stage.

Malfunctions crashed Healthcare.gov twice more the last week of October, the second time while Kathleen Sebelius, Secretary of Health and Human Services (HHS), the parent department of CMS, was testifying before Congress about the website’s problems.

Administration officials advised consumers who experienced trouble with the online process to apply by phone — or even mail in a hard copy form.

President Obama called it a “well-documented disaster” and pundits had a field day.

“Only the government could come up with a website that’s slower than sending something by mail.” — Jay Leno

“If you are in need of healthcare, you have two choices: You can wait for them to get the site fixed, or you can enroll in medical school, graduate, and then just take care of yourself.” — Jimmy Kimmel

“People are getting a busy signal when they try to apply over the phone. You can’t use the Internet and you can’t use the phone. So now fax machines are like, ‘Look who’s come crawling back!’” — Jimmy Fallon

To its credit, the administration retooled and relaunched the site by December 2013 and hit its stated goal of signing up 7 million people by the end of the first quarter of 2014. Nonetheless, substantial damage had already been done. Hundreds of millions of dollars had been spent, and by April 2014 Sebelius had resigned after taking ultimate responsibility for the launch debacle.

What went wrong

In retrospect, the management and technical problems that plagued Healthcare.gov throughout its development seem fairly apparent.

A February 2016 report issued by HHS’ Office of the Inspector General stated that the most critical misstep made by the project team leading up to launch was “absence of clear leadership, which caused delays in decision-making, lack of clarity in project tasks and the inability of CMS to recognize the magnitude of problems as the project deteriorated.” Other contributing factors included devoting too much time to policy issues rather than to actual site development, poor technical decisions and improper management of the key development contract. The report also criticized CMS’ organizational structure and culture, which hampered coordination, pushed back against warnings of “bad news” and failed to alter plans in the face of problems.

The Government Accountability Office (GAO), in a separate analysis, pointed out CMS shortcomings in the areas of capacity planning for the site, as well as failure to correct software coding errors and implement full functionality prior to launch. Additionally, GAO said, “Healthcare.gov and its supporting systems were not fully tested prior to launch, and test documentation was missing key elements such as criteria for determining whether a system passed a test.”

A CIO retrospective summarized the project’s faults and how the fiasco could have been prevented: “Healthcare.gov was a single, Big Bang rollout that couldn’t be stopped.” The huge undertaking should have been tracked forward in incremental stages, with early and complete testing, and a more flexible scope to find areas of risk before they unexpectedly appeared.

Not a singular instance

Despite all the negative fallout, perhaps we shouldn’t be surprised with Healthcare.gov’s early-phase stumbles. Standish Group, an advisory firm focusing on software project performance, studied 3,555 projects from 2003 through 2012 that had labor costs of at least $10 million.

The takeaway: Only about 6 percent were deemed successful. A majority, 52 percent were “challenged” — meaning over budget, behind schedule or failed to meet user expectations. The rest, about 42 percent, were either scrapped or started anew from scratch.

Further research, from Forrester Consulting, shows that less than 40 percent of IT executives believe their internal IT organizations can regularly deliver projects on time and within budget, due in large part to continually changing user requirements and overburdened departmental resources.

In general commercial environments, such a low success rate may be accepted as a “cost of doing business,” and the worst outcome could be scope creep or project delays. In healthcare, the stakes are higher, with patient lives potentially on the line when IT systems don’t work or aren’t available when needed. That’s why many healthcare entities are looking for trusted third-party help in gaining control over their interconnected systems and expanding ecosystems.

NetDirector has been around for almost 15 years, offering cloud-based services that are now considered a staple solution for data integration in healthcare and other industries. Learn more about the HealthData Exchange platform here or request a free demo.

NetDirector Exceeds Demanding Security Standards with SOC2 and HIPAA Certifications

TAMPA, Fla., March 1, 2017 /PRNewswire/ — NetDirector, a cloud-based data exchange and integration platform, has recently completed work with A-LIGN to undergo rigorous and valuable security certifications. NetDirector was recently awarded attestations in compliance with HIPAA and SOC2 Type II standards, the leading security standards in Healthcare and Mortgage Banking, respectively.

The SOC 2, or Service Organization Controls 2, is an examination under AICPA standards designed for technology service companies to demonstrate controls around data security and processing integrity. The SOC 2 reports are intended to meet the needs of a broad range of users that need to understand internal controls at a service organization as it relates to security, availability, process integrity, confidentiality and privacy. The Type II report is a report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.

The Health Insurance Portability and Accountability Act, or HIPAA, defines policies and procedures, as well as processes, which are required of companies that store, process, or handle electronic health information that is considered “protected” (ePHI). HIPAA compliance is increasingly valuable to both technology service providers and integrators like NetDirector, as well as providers, electronic health records systems, billing platforms, and others integrating and utilizing healthcare data.

Both the SOC 2 and the HIPAA audit were performed by Tampa-headquartered nationwide security and compliance solutions provider A-LIGN. A-LIGN specializes in helping businesses across a variety of industries navigate the complexities of specific audits and security assessments, and both the SOC 2 and HIPAA reports of A-LIGN’s findings can be made available to prospective or current customers.

“NetDirector displayed the necessary controls in their HIPAA and SOC 2 attestation reports,” said Scott Price of A-LIGN. “Their security and management teams were great to work with throughout the process. There is a strong attention to detail in the organization.”

In addition to the in-house attestations, the data centers utilized by NetDirector through Peak10 maintain the same security standards or higher in all aspects of their company. Many technology companies have recently been brought to light as claiming true “compliance” in their organization, when they really mean that their data center has gone through the rigorous examination. At NetDirector, the belief is in transparency and clear communication regarding security, including compliance audits at all ends of the process.

“I am very proud of our team for successfully completing these important 3rd party audits,” said Harry Beisswenger, NetDirector CEO. “Both the mortgage default servicing industry and the health data environment come with very unique security and compliance requirements, and these certifications and reports strengthen the trust that our clients place in us to safely integrate their platforms and transform their data.”

Company Bio:

NetDirector provides a secure cloud-based data and document exchange solution for the healthcare and mortgage banking industries to deliver seamless data integration between parties. NetDirector bridges gaps created by disparate systems & technologies by allowing companies at any location to share data & documents securely over a single internet connection with any other member of the ecosystem. Our approach allows trading partners to collaborate and exchange data in a seamless, bi-directional, real-time manner. NetDirector currently processes more than 8 million transactions per month.

Improving Data Usage in the Healthcare Environment

HealthcareDataUsage2016At University of Colorado Health (UCHealth), continuous process improvement relies upon effective data usage and integration with the enterprise EHR system. Over the past year, UCHealth has leveraged data science to significantly improve resource utilization in cancer treatment. Now the health system is taking a comparable approach to operating room (OR) scheduling in a project that will roll out through the latter part of next year.

At a cancer treatment infusion facility, UCHealth optimizes scheduling to “level load” patients throughout the day and maximize chair usage. Daily reports, shared during staff huddles, indicate where unexpected patients can be added and when to expect peak loads. Additional performance reports include historic data and highlight areas for further improvement.

This merging of Lean production practices with data analytics has yielded 15 percent lower waiting times for cancer treatment patients — 33 percent lower at peak hours — amid a 16 percent increase in patient volume. What’s more, staff overtime dropped by 28 percent due to optimized scheduling.

The OR project will similarly mine data to maximize surgical resources across five hospitals.

And the forward thrust will lead to new opportunities, according to CIO Steve Hess: “So, inpatient is the natural next place to go after OR. But don’t stop there, think about radiology and imaging, think about lab tests, pharmacy needs, ambulatory clinics … Frankly, the canvas is blank in terms of what you can do with machine learning combined with process improvement philosophies.”

Areas of improvement

Sue Schade, recently identified as one of the “most powerful women in healthcare IT” by Health Data Management and currently interim CIO at University Hospitals in Cleveland, is a strong believer in “visual management” techniques that can help identify systems’ priorities. Her Lean-rooted philosophy takes aim at areas such as reducing cycle times, eliminating preventable incidents, decreasing variation, and increasing coordination and communication between teams.

Data derived from tracking systems helps hospital leadership zero in on the causes of major incidents to prevent reoccurrence and provides performance metrics that can be shared across departments.

Schade quotes from the book The Lean IT Field Guide, “If a picture is worth a thousand words, information made visible in the workplace is priceless.”

Simplifying healthcare data integration

However promising any improvement strategy may be, it would not be possible without properly formatted and integrated data. NetDirector’s HealthData Exchange meets this challenge by moving clinical and financial data among disparate systems within the healthcare ecosystem.

HealthData Exchange uses a “map once, use many” method — as opposed to custom point-to-point interfaces — to enable the sending and receiving of data to/from all of an organization’s providers and vendors. Connected hospitals and physician practices instantly have access to dozens (and potentially hundreds) of providers and vendors through pre-defined integrations.

And because it’s built and optimized for cloud deployment, HealthData Exchange incorporates redundancy and security at every level. The network currently processes more than 10 million data and document transactions per month, while enabling individual users with the means to proactively monitor all connections.

For more information, contact NetDirector or request a free demo.

NetDirector’s Roadmap to 2020 Part 1

We recently held our annual Strategic Planning meeting. This year, instead of doing the same old SWOT analysis (Strengths, Weaknesses, Opportunities, and Threats) we tried a new approach called SOAR (Strengths, Opportunities, Aspirations, and Results).

Drawing - Dare to DreamThe SWOT method has worked for many years, and is still a valid way to make a business plan and set goals. However, we were looking for a way to get more employees involved and to take a more positive approach to the overall process.

One of NetDirector’s owners and their daughter have been utilizing the SOAR method with other companies with much success and suggested that we try it too.

Drawing - Design Part 1 & 2The strategic planning meeting was open to the entire company, which over half were able to attend. It was a full day event and held off-site so that there were no major work distractions.

The main goal of this meeting was to get as many new ideas as possible with the underlying theme that no idea is bad, which kept the meeting on a positive note throughout the entire day.

Read more