Category: hipaa

Dr. Paul Hain, Chief Medical Officer of GoHealth

Telehealth is Here to Stay in 2021

Prior to the pandemic, telehealth was a limited ad-hoc service with geographic and provider restrictions. However, with both the pandemic restrictions on face to face interactions and a relaxation of governmental regulations, telehealth utilization has significantly increased from thousands of visits in a week to well over a million in the Medicare population. What we’ve learned is that telehealth allows patients, especially high-risk populations like seniors, to connect with their doctors in a safe and efficient way. Telehealth is valuable for many types of visits, mostly clearly ones that involve mental health or physical health issues that do not require a physical exam or procedure. It’s an efficient modality for both the member and provider.

With the growing popularity of telehealth services, we may see permanent changes in regulatory standards. Flexible regulatory standards, such as being able to use platforms like FaceTime or Skype, would lower the barrier to entry for providers to offer telehealth and also encourage adoption, especially among seniors. Second, it’s likely we’ll see an emergence of providers with aligned incentives around value, such as in many Medicare Advantage plans, trying very hard to encourage utilization with their members so that they get the right care at the right time. In theory, the shift towards value-based care will allow better care and lower costs than the traditional fee for service model. If we are able to evolve regulatory and payment environments, providers have an opportunity to grow these types of services into 2021 to improve patient wellness and health outcomes.

---

Dr. Salvatore Viscomi, Chief Medical Officer, GoodCell

2021 will be the year of patient controlled-health

The COVID-19 pandemic brought the realities of a global-scale health event – and our general lack of preparedness to address it – to the forefront. People are now laser-focused on how they can protect themselves and their families against the next inevitable threat. On top of this, social distancing and isolation accelerated the development and use of digital health tools, from wellness trackers to telehealth and virtual care, most of which can be accessed from the comfort of our homes. The convergence of these two forces is poised to make 2021 the year for patient-controlled health, whereby health decisions are not dictated by – but rather made in consultation with – a healthcare provider, leveraging insights and data pulled from a variety of health technology tools at people’s fingertips.

---

Anish Sebastian, CEO of Babyscripts

Beyond telemedicine

Telemedicine was the finger in the dyke at the beginning of pandemic panic, with healthcare providers grabbing whatever came to hand — encouraged by relaxed HIPAA regulations — to keep the dam from breaking. But as the dust settles, telemedicine is emerging as the commodity that it is, and value-add services are going to be the differentiating factors in an increasingly competitive marketplace. Offerings like remote patient monitoring and asynchronous communication, initially considered as “nice-to-haves,” are becoming standard offerings as healthcare providers see their value for continuous care beyond Covid.

---

Daniel Kivatinos, COO and Co-Founder of DrChrono

Telehealth visits are going to supersede in-person visits as time goes on.

Because of COVID-19, the world changed and Medicare and Medicaid, as well as other insurers, started paying out for telehealth visits. Telemedicine will continue to grow at a very quick rate, and verticals like mental health (psychology and psychiatry) and primary care fit perfectly into the telemedicine model, for tasks like administering prescription refills (ePrescribing) and ordering labs. Hyperlocal medical care will also move towards more of a telemedicine care team experience. Patients that are homebound families with young children or people that just recently had surgery can now get instant care when they need it. Location is less relevant because patients can see a provider from anywhere.

---

Dennis McLaughlin VP of Omni Operations + Product at ibi

Virtual Healthcare is Here to Stay (House Calls are Back)

This new normal however is going to put significant pressure on the data support and servicing requirements to do it effectively. As more services are offered to patients outside of established clinical locations, it also means there will be more opportunity to collect data and a higher degree of dependence on interoperability. Providers are going to have to up their game from just providing and recording facts to passing on critical insight back into these interactions to maximize the benefits to the patient.

---

Sarahjane Sacchetti, CEO at Cleo

Virtual care (of all types) will become a lasting form of care: The vastly accelerated and broadened use of virtual care spurred by the pandemic will become permanent. Although it started with one-off check-ins or virtual mental health coaching, 2021 will see the continued rise in the use and efficacy of virtual care services once thought to be in-person only such as maternity, postpartum, pediatric, and even tutoring. Employers are taking notice of this shift with 32% indicating that expanded virtual health services are a top priority, and this number will quickly rise as employers look to offer flexible and convenient benefits in support of employees and to drive productivity.

---

Omri Shor, CEO of Medisafe

Digital expansion: The pandemic has accelerated patient technology adoption, and innovation remains front-and-center for healthcare in 2021. Expect to see areas of telemedicine and digital health monitoring expand in new and novel ways, with increased uses in remote monitoring and behavioral health. CMS has approved telehealth for a number of new specialties and digital health tools continue to gain adoption among healthcare companies, drug makers, providers, and patients. 

Digital health companions will continue to become an important tool to monitor patients, provide support, and track behaviors – while remaining socially distant due to the pandemic.  Look for crossover between medical care, drug monitoring, and health and wellness – Apple 

Watch has already previewed this potential with heart rate and blood oxygen monitoring. Data output from devices will enable support to become more personalized and triggered by user behavior. 

---

Kelli Bravo, Vice President, Healthcare and Life Sciences, Pegasystems

The COVID-19 pandemic has not only changed and disrupted our lives, it has wreaked havoc on the entire healthcare industry at a scale we’ve never seen before. And it continues to alter almost every part of life across the globe. The way we access and receive healthcare has also changed as a result of social distancing requirements, patient concerns, provider availability, mobile capabilities, and newly implemented procedures at hospitals and healthcare facilities.

For example, hospitals and providers are postponing elective procedures again to help health systems prepare and reserve ICU beds amid the latest COVID-19 resurgence. While level of care is always important, in some areas, the inability to access a healthcare provider is equally concerning. And these challenges may become even more commonplace in the post-COVID-19 era. One significant transformation to help with the hurdle is telehealth, which went from a very small part of the care offering before the health crisis to one that is now a much more accepted way to access care.
As the rise in virtual health continues to serve consumers and provide a personalized and responsive care experience, healthcare consumers expect support services and care that are also fast and personalized – with digital apps, instant claims settlements, transparency, and advocacy. And to better help serve healthcare consumers, the industry has an opportunity to align with digital transformation that offers a personalized and responsive experience.

---

Brooke LeVasseur, CEO of AristaMD

Issues pertaining to the COVID-19 pandemic will continue to be front-and-center in 2021. Every available digital tool in the box will have to be employed to ensure patients with non-COVID related issues are not forgotten as we try to free up in-person space and resources for those who cannot get care in any other setting. Virtual front doors, patient/physician video and eConsults, which connect providers to collaborate electronically, will be part of a broadening continuum of care – ultimately aimed at optimizing every valuable resource we have.

---

Bret Larsen, CEO and Co-Founder, eVisit

By the end of 2021, virtual care paths will be fairly ubiquitous across the continuum of care, from urgent care and EDs to specialty care, all to serve patients where they are – at home and on mobile devices. This will be made possible through virtualized end-to-end processes that integrate every step in patient care from scheduling, waiting rooms, intake and patient queuing, to interpretation services, referral management, e-prescribe, billing and analytics, and more.

---

Laura Kreofsky, Vice President for Advisory & Telehealth for Pivot Point Consulting

2020 has been the year of rapid telehealth adoption and advancement due to the COVID pandemic. According to CDC reports, telehealth utilization spiked as much as 154% in late March compared to the same period in 2019. While usage has moderated, it’s clear telehealth is now an instrumental part of healthcare delivery. As provider organizations plan for telehealth in 2021 and beyond, we are going to have to expect and deliver a secure, scalable infrastructure, a streamlined patient experience and an approach that maximizes provider efficiency, all while seeing much-needed vendor consolidation.

---

Jeff Lew, SVP of Product Management, Nextech

Earlier this year, CMS enacted new rules to provide practices with the flexibility they need to use telehealth solutions in response to COVID-19, during which patients also needed an alternative to simply visiting the office. This was the impetus to the accelerated acceptance of telehealth as a means to both give and receive care. Specialty practices, in particular, are seeing successful and positive patient experiences due to telehealth visits. Dermatology practices specifically standout and I expect the strong adoption will continue to grow and certainly be the “new normal.” In addition, innovative practices that have embraced this omni-channel approach to delivering care are also establishing this as a “new normal” by selectively using telehealth visits for certain types of encounters, such as post-op visits or triaging patients. This gives patients a choice and the added convenience that comes with it and, in some cases, increases patient volume for the practice.

---

The HHS has proposed changes to the HIPAA Privacy Rule — the biggest in seven years, a healthcare lawyer said. But while the changes aim to improve information sharing, they could also bring about challenges for providers and payers.

When 2020 began, no one anticipated that complying with the Merit-based Incentive Payment System (MIPS)—the flagship payment model of the Centers for Medicare & Medicaid Services (CMS) Quality Payment Program (QPP)—would look so different halfway through the year. Like many other things, the COVID-19 crisis has delayed, diverted, or derailed many organizations’ reporting efforts and capabilities. Lower procedure volumes, new remote work scenarios, and shifting priorities have taken attention away from MIPS work. 

Despite the disruptions and uncertainties associated with the pandemic, healthcare organizations should not lose track of MIPS compliance and the program’s intent to improve care quality, reduce costs, and facilitate interoperability. Here are a few strategies for keeping a MIPS program top of mind. 

Understand the immediate effects of the pandemic on MIPS reporting 

Due to COVID-19, CMS granted several 2019 data reporting exceptions and extensions to clinicians and providers participating in Medicare quality reporting programs. These concessions were enacted to let providers focus 100% of their resources on caring for and ensuring the health and safety of patients and staff during the early weeks of the crisis. For the 2020 MIPS performance period, CMS has also chosen to use the Extreme and Uncontrollable Circumstances policy to allow requests to reweight any or all of the MIPS performance categories to 0%.

Clinicians and groups can complete the application any time before the end of this performance year. If practices are granted reweighting one or more categories but submit data during the attestation period, the reweighting will be void and the practice will receive the score earned in the categories for which they submit data

Seize the opportunity to improve interoperability 

Interoperability is a key area that organizations were focused on before the crisis, and this work still warrants attention. If an organization is not on the front lines of the COVID-19 response, it should use this time to shore up communications with other entities so, once things return to “normal,” it will be well prepared to seamlessly exchange information with peer organizations. 

Establishing processes for sending and receiving care summaries via direct messaging is important for practices to earn a high score in the Promoting Interoperability category. Direct messaging is a HIPAA-compliant method for securely exchanging health information between providers, which functions as an email but is much more secure due to encryption. A regular pain point organizations face is being unable to obtain direct messaging addresses from peer organizations, including referral partners.

To assist providers in this area, the Office of the National Coordinator for Health Information Technology (ONC) and CMS has created a mandatory centralized directory of provider electronic data exchange addresses published by the National Plan & Provider Enumeration System (NPPES). The NPPES directory is searchable through a public API and allows providers to look up the direct messaging addresses for other providers. To meet current interoperability requirements, providers must have entered their direct messaging address into the system by June 30, 2020. If they haven’t done so, the provider could be publicly reported for failure to comply with the requirement, which could constitute information blocking. 

Take time now to ensure direct messaging addresses have been entered correctly for all members of your practice. This is also a good time to begin reaching out to top referral sources to make sure they are also prepared to send and receive information.

Look for ways to streamline quality reporting 

Over the next few months, the focus will return to quality measure reporting. As such, it’s wise to take advantage of this time to ensure solid documentation and reporting methods. Electronic medical records (EMRs) can be helpful in streamlining these efforts.

For example, dropdown menus with frequently used descriptions and automated coding can enable greater accuracy and specificity while easing the documentation process for providers. Customizable screens that can be configured to include specialty-specific choices based on patient history and problem list can also smooth documentation and coding, especially if screen layouts mirror favored workflow.

Regarding MIPS compliance in particular, it can be helpful to use tools that offer predictive charting. This feature determines whether a patient qualifies for preselected MIPS measures in real-time and presents the provider with data fields related to those items during the patient encounter—allowing the physician to collect the appropriate information without adding additional charting time later on. 

With respect to reporting, providers may benefit from using their certified EMR in addition to reporting through a registry. At the beginning of the MIPS program, providers could report through both a registry and EMR directly and would be scored separately for their quality category through each method. They would then be awarded the higher score of the two. This method had the potential to leave some high-scoring measures on the table.

Beginning in 2019, providers reporting through both registry and EMR direct are scored across the two methods. CMS uses the six highest scoring measures between the two reporting sets to calculate the provider’s or group’s quality score, potentially resulting in a higher score than the provider would earn by reporting through either method alone. 

A knowledgeable partner can pave the way to better performance

COVID-19 has impacted healthcare like no other event in recent history, and it’s not surprising that MIPS compliance has taken a back seat to more pressing concerns. However, providers still have the opportunity to make meaningful progress in this area. By working with a technology partner that keeps up with the current requirements and offers strategies and solutions for optimizing data collection and reporting, a provider can realize solid MIPS performance during and beyond this unprecedented time.

---

About Courtney Tesvich, VP of Regulatory at Nextech

Courtney is a Registered Nurse with more than 20 years in the healthcare field, 15 of which have been focused on quality improvements and regulatory compliance. As VP of Regulatory at Nextech, Courtney is responsible for ensuring that Nextech’s products meet government certification requirements and client needs related to the regulatory environment.  

---

What You Should Know:

– Elation Health, which provides an easy-to-use and
affordable clinical technology platform for more than 7 million independent primary
care clinicians serving 14M+ patients – including an EHR raises $40M in Series
C funding from Al Gore’s sustainable investment firm, Generation Investment
Management.

– Elation’s API-enabled platform also allows
organizations to transform the patient and provider experience and implement
their own models of data-driven, value-based care.

– Company will surpass a milestone this year of
delivering more than 20 million in-office and virtual visits through their
provider network.

---

Elation
Health, a clinical-first technology company powering the future of
independent primary care, today announced a Series C financing round of $40
million led by Al Gore’s Generation Investment
Management, a firm that invests in sustainable businesses accelerating the
transition to a more healthy, fair, safe, and low-carbon society. The round
also included participation from existing investors, including Threshold Ventures and Kapor Capital.

Clinical-First Commitment to Independent Primary Care

Independent primary care is one of the few areas in healthcare where upfront investment leads to significant savings in the long term. For every dollar spent on primary care, studies suggest that as much as $13 in downstream healthcare costs are avoided. Increased spending on primary care is also associated with fewer emergency department visits and reduced total hospitalizations and specialty interventions for chronic conditions such as diabetes, high blood pressure, and congestive heart failure

Elation Health was founded in 2010 after siblings Kyna and
Conan Fong struggled to help their father transition his solo primary care
practice from paper charts to a digital system. Born from that experience,
today Elation Health powers the largest network for independent primary care,
with 14,000 independent clinicians caring for seven million patients. The
company offers an EHR
solution, enterprise APIs, revenue cycle services, patient engagement app, and
access to interoperability partners.

The company surpassed a milestone this year of delivering more than 20 million in-office and virtual visits through its provider network. In addition to serving small practices, Elation has partnered with primary care innovators such as Crossover Health and Cityblock Health to provide the underlying clinical platform for technology-enabled, team-based care.

Helping Intendent Practices Shift to Virtual Care Amid The
COVID-19 Pandemic

In 2020, Elation Health’s customer base of independent
practices has faced significant business challenges as primary care shifts to
virtual settings and the pace of insurance and government policy change has
accelerated. The company has responded by expanding its role as a critical
technology partner — including adding HIPAA-compliant telehealth to its core
offering, deepening support for Medicare and Medicaid quality programs, and
delivering new patient engagement capabilities for patients to schedule
appointments and interact with practices. Elation’s API-enabled platform also
allows organizations to transform the patient and provider experience and
implement their own models of data-driven, value-based care.

Expansion Plans

In the year ahead, Elation Health will continue to invest in
its core platform, while adding new capabilities to support business operations
for independent primary care. The company has plans to develop solutions in
billing and payment collection, patient population management, interoperability,
and quality reporting — ensuring practices have the tools to drive high-quality
patient outcomes and business success.

Telehealth and virtual care are not brand-new phenomena suddenly cobbled together as a rapid response to the onset of the COVID-19 pandemic, but the average US patient could be forgiven for thinking that it is. Indeed, virtual visits to care providers and remote patient monitoring have been available for quite some time, delivering two key benefits: 

– Providing a platform to address cost-efficiencies and accessibility to quality healthcare for the populace at large 

– Playing a key role in managing a growing population of chronically ill seniors. 

Prior to 2020, however, the rules of reimbursement and implementation for associated telehealth services were difficult to navigate, wildly differing at the state and federal level with a host of regulations further complicating matters. Federal reimbursement policies are centered on Medicare, via the Centers for Medicare and Medicaid Services (CMS) – the single largest payer for seniors and chronically ill patients. Additionally, compliance with the Health Insurance Portability and Accountability Act (HIPAA) dictated rigorous standards for direct and monitoring communications between care providers and patients. Complicating matters further, US states offered a patchwork of individual telehealth laws dictating separate Medicaid policies. 

The result was a lack of clarity of how healthcare providers could overcome regulatory and financial reimbursement barriers to implement effective telehealth programs as well as a lack of parity in coverage services and payments for patients. To address this at the federal level, CMS released new guidance in 2020 to relax reimbursement restrictions for providers. Now, we’re at the cusp of a new era of telemedicine where providers could widely offer:

– Virtual office visits that address traditionally in-person services such as primary care, behavioral health, and specialty care (e.g. pulmonary or cardiac health rehabilitation)

– On-demand virtual urgent care to address pressing concerns and urgently needed consultations

– Virtual broader home health services such as remote patient monitoring, outpatient disease management, and various forms of therapy (e.g. physical, speech)

– Tech-enabled home medication administration helping patients receive injectable or consumable medication via monitored self-administration

This is all, of course, dependent upon the mobile technology (e.g. tablets, wearables, etc.) and associated services that telehealth providers will rely upon to make these services happen at parity and scale for their patients. Even more importantly, virtual care programs being scaled up to cover a larger percentage of patients will fall apart if providers don’t have the resources to offer robust support and maintenance options for these devices and services. Quality of virtual care is highly dependent on persistent device and service availability and dependability. 

Whether providers have already begun purchasing the mobile devices needed or are still struggling with the choice of what devices and services they need and/or can afford, however, they now face a different quandary: How to stand up these virtual care services at scale in a sustainable way that works within current budget resources and doesn’t pass on ballooning costs to your patients?

One way to make complex mobile technology deployments financially manageable is opting for a mobile device as a service (mDaaS) model which allows you to shift from a CapEx-based spending model to an OpEx spending model for purchasing hardware and allows telehealth providers to bundle or roll up a range of devices, accessories, services, maintenance and support into a single, predictable monthly per-device price. With mobile device technology rapidly evolving, telemedicine providers will need the operational agility to pivot to different solutions and quick technology refreshes as the need arises. 

When done with the right third-party partner, it offers the additional advantages of outsourcing end-to-end support and lifecycle management to highly trained agents, who can free up precious IT resources. Most importantly, it creates a level of control over technology and spend that makes standing up virtual care programs convenient and stress-free.

There are many options to consider when expanding telemedicine services rapidly to larger patient bases, whether during disruptive events such as the COVID-19 pandemic or in the years to come. The key to making these services sustainable is finding a financing model that will free up internal resources, offer greater spending flexibility, and offer end-to-end support for your healthcare mobile technology ecosystem. 

---

About Don Godbee Senior Mobile Solutions Architect at Stratix

Don brings a unique perspective to mobility in the Healthcare Vertical with over 25 years of consulting and delivery of critical solutions. Don has delivered various solutions from OEM integration of sensors in medical devices to mobile point of care solutions and services with major EHR software solution providers such as Epic, Cerner, GE Healthcare, Allscripts, and McKesson.

What You Should Know:

– Amazon today announced the launch of Amazon HealthLake,
a new HIPAA-eligible service enables healthcare organizations to store, tag,
index, standardize, query, and apply machine learning to analyze data at
petabyte scale in the cloud.

– Cerner, Ciox Health, Konica Minolta Precision Medicine,
and Orion Health among customers using Amazon HealthLake.

---

Today at AWS re:Invent, Amazon
Web Services, Inc. (AWS), an Amazon.com company today announced Amazon HealthLake, a
HIPAA-eligible service for healthcare and life sciences organizations. Current
Amazon HealthLake customers include Cerner, Ciox Health, Konica Minolta
Precision Medicine, and Orion Health.

Health data is frequently incomplete and inconsistent, and is often unstructured, with the information contained in clinical notes, laboratory reports, insurance claims, medical images, recorded conversations, and time-series data (for example, heart ECG or brain EEG traces) across disparate formats and systems. Every healthcare provider, payer, and life sciences company is trying to solve the problem of structuring the data because if they do, they can make better patient support decisions, design better clinical trials, and operate more efficiently.

Store, transform, query, and analyze health data in
minutes

Amazon HealthLake aggregates an organization’s complete data across various silos and disparate formats into a centralized AWS data lake and automatically normalizes this information using machine learning. The service identifies each piece of clinical information, tags, and indexes events in a timeline view with standardized labels so it can be easily searched, and structures all of the data into the Fast Healthcare Interoperability Resources (FHIR) industry-standard format for a complete view of the health of individual patients and entire populations.

Benefits for Healthcare Organizations

As a result, Amazon HealthLake makes it easier for customers to query, perform analytics, and run machine learning to derive meaningful value from the newly normalized data. Organizations such as healthcare systems, pharmaceutical companies, clinical researchers, health insurers, and more can use Amazon HealthLake to help spot trends and anomalies in health data so they can make much more precise predictions about the progression of the disease, the efficacy of clinical trials, the accuracy of insurance premiums, and many other applications.

How It Works

Amazon HealthLake offers medical providers, health insurers,
and pharmaceutical companies a service that brings together and makes sense of
all their patient data, so healthcare organizations can make more precise
predictions about the health of patients and populations. The new
HIPAA-eligible service enables organizations to store, tag, index, standardize,
query, and apply machine learning to analyze data at petabyte scale in the
cloud.

Amazon HealthLake allows organizations to easily copy health
data from on-premises systems to a secure data lake in the cloud and normalize
every patient record across disparate formats automatically. Upon ingestion,
Amazon HealthLake uses machine learning trained to understand medical
terminology to identify and tag each piece of clinical information, index
events into a timeline view, and enrich the data with standardized labels
(e.g., medications, conditions, diagnoses, procedures, etc.) so all this
information can be easily searched.

For example, organizations can quickly and accurately find
answers to their questions like, “How has the use of cholesterol-lowering
medications helped our patients with high blood pressure last year?” To do this,
customers can create a list of patients by selecting “High Cholesterol” from a
standard list of medical conditions, “Oral Drugs” from a menu of treatments,
and blood pressure values from the “Blood Pressure” structured field – and then
they can further refine the list by choosing attributes like time frame,
gender, and age. Because Amazon HealthLake also automatically structures all of
a healthcare organization’s data into the FHIR industry format, the information
can be easily and securely shared between health systems and with third-party
applications, enabling providers to collaborate more effectively and allowing
patients unfettered access to their medical information.

“There has been an explosion of digitized health data in recent years with the advent of electronic medical records, but organizations are telling us that unlocking the value from this information using technology like machine learning is still challenging and riddled with barriers,” said Swami Sivasubramanian, Vice President of Amazon Machine Learning for AWS. “With Amazon HealthLake, healthcare organizations can reduce the time it takes to transform health data in the cloud from weeks to minutes so that it can be analyzed securely, even at petabyte scale. This completely reinvents what’s possible with healthcare and brings us that much closer to everyone’s goal of providing patients with more personalized and predictive treatment for individuals and across entire populations.”

The globalization of the pharmaceutical industry has forced pharma companies to outsource, increasing their reliance on third-party vendors and suppliers. As this supply chain grows in complexity, companies find themselves grappling with a growing amount of cyber risk. 

A data breach in the pharmaceutical industry can cost companies upwards of $5 million and costs can rise significantly if a third-party vendor or supplier is the cause of a data breach. For this reason, organizations must ensure the third-parties that exist within their supply chain remain secure. 

Challenges in the Pharmaceutical Supply Chain

There are innumerable logistical, compliance, and cost-related issues that organizations must consider as they add third-parties and vendors to their supply chain. 

From a logistics view, a growing number of touchpoints between production and consumers, shipments that require refrigeration, packaging coordination, and shipment delays related to third-parties all may increase risk. 

This risk is compounded by compliance-related issues. The highly-regulated pharmaceutical industry must comply with a number of healthcare-related regulations, like HIPAA, and must also be sure that their third-party suppliers abide by rules set by supply regulations like Good Distribution Practice (GDP). If these companies and their third-parties do not comply, the organization becomes subject to costly fines – which can range between $10 million and $1 billion depending on various factors. 

Pharmaceutical businesses must protect their organizations in this challenging risk environment by working to mitigate third-party cyber risk as they also work to limit their own. 

Why Third-Party Risk Management is Critical for Pharma 

Due to the high value of the intellectual property they house, pharmaceutical companies are subject to a high-level of cybercrime. In fact, according to a study conducted by Deloitte, the pharmaceutical industry has become the number one target of cybercriminals at a global level, especially in relation to IP theft.

For a pharma organization, data breaches can be devastating, costing companies grief over lost or stolen data and large sums of money to remedy any business hindrances caused by the breach. According to Ponemon’s Cost of a Data Breach report, data breaches cost pharmaceutical companies an average of $5.2 million. When a third-party supplier or vendor causes a breach, the average cost rises by $370,000. 

In order to protect drug production and patient well-being, the industry must take care to minimize its cyber risk, specifically when it comes to third-parties. 

Best Practices for Third-Party Risk Management in the Pharmaceutical Industry

It is crucial that pharmaceutical organizations work to limit the third-party risk that may stem from vendors and suppliers. Use the following seven best practices for developing your third-party risk management (TPRM) strategy: 

1. Identify Your Suppliers

Pharmaceutical companies have a large, outsourced supply chain and it is imperative to understand exactly who your suppliers are at all points on the chain. Cyber risk can stem from any size or type of vendor, so make sure to list each third-party you work with – from small vendors who may work with only one department, to large vendors who develop drug labels and bottle caps. 

2. Understand and Qualify Potential Cyber Risks

Each third-party has the potential to introduce numerous risks that must be identified at the start of your business relationship. Make note of the types of software, networks, devices, and data that each of your third-parties access. Then, develop a risk inventory and map them against a standardized risk taxonomy, estimate the likelihood and severity of each risk, and rank each third-party in order of potential risk.  

3. Determine a Risk Rating

Once each third-party has been analyzed from a risk-perspective, assign a risk rating to each. Risk ratings generally range from low to high, meaning high-risk vendors receive the most attention when prioritizing risk monitoring strategies and determining your risk appetite. 

4. Define Controls

It’s important to make sure that third-parties have the same level of risk tolerance as your organization. When developing a TPRM policy, you need to define the types of controls your third-parties should be using like encryption, regular security patching, and data segregation. If possible, these controls should be worked into your business contracts. 

5. Measure Third-Party Compliance 

After setting controls, you must set metrics to measure third-party compliance. These metrics may include time to risk detection, time to risk remediation, or time to risk recovery. Monitoring third-party compliance regularly requires a review of security questionnaires or self-audits provided by the third-party. 

6. Align with a Risk Management Framework

In order to properly manage third-party risk, pharmaceutical organizations must develop a third-party risk management framework. Common frameworks like NIST and ISO help to identify which third-party vendors pose the greatest risk and require an immediate response.  

7. Continuously Monitor Third-Parties

In order to ensure security, pharmaceutical companies must continuously monitor their third-party business partners. Many organizations incorporate platforms that can monitor ecosystem risk, providing real-time visibility into the complex IT risks associated with the rapidly expanding pharmaceutical attack surface.

Final Thoughts

The supply chain for the pharmaceutical industry is increasing in regulatory complexity, logistics, and costs. Globalization has expanded the threat landscape, leaving many companies forced to upgrade their risk-management capabilities. Now is the time to adopt the best practices highlighted above to protect drug IP and patient lives. 

---

About Dr. Aleksandr Yampolskiy, CEO of SecurityScorecard

Dr.Aleksandr Yampolskiy is a globally recognized cybersecurity innovator, leader, and expert. He is co-founder and chief executive officer of SecurityScorecard and strives to create a new language for cybersecurity by enabling people to work collaboratively across the enterprise and with external parties to build a more secure ecosystem. 

What You Should Know:

– Change Healthcare launches national data resource on
social determinants of health (SDoH) for doctors, insurers and life sciences
organizations to better understand the connection between where a person lives
and how they live their life to the care a patient receives and their health
outcome.

– 80% of U.S. health outcomes are tied to a patient’s
social and economic situation, ranging from food, housing, and transportation
insecurity to ethnicity.

---

Change Healthcare, today announced the launch of Social Determinants of Health (SDoH) Analytics solution that will serve as an innovative national data resource that connects the circumstances of people’s lives to the care they receive. The SDoH Analytics solution is designed for health systems, insurers, and life sciences organizations to explore how geodemographic factors affect patient outcomes.

---

Understanding Social Determinants of Health

SDoH includes factors such as socioeconomic status, education, demographics, employment, health behaviors, social support networks, and access to healthcare. Individuals who experience challenges in any of these areas can face significant risks to their overall health.

“All the work I do—for Mayo Clinic, the COVID-19 Healthcare Coalition, and The Fight Is In Us— is predicated on equity,” said John Halamka, president, Mayo Clinic Platform. “The only way we can eliminate racism and disparities in care is to better understand the challenges. Creating a national data resource on the social determinants of health is an impactful first step.”

The SDoH Portrait Analysis includes financial attributes, education
attributes, housing attributes, ethnicity, and health behavior attributes.

3 Ways Healthcare Organizations Can Leverage SDoH
Analytics

Healthcare organizations can now use SDoH Analytics to
assess, select, and implement effective programs to help reduce costs and
improve patient outcomes. Organizations can choose one of three ways to use
SDOH Analytics:

1. Receive customized reports identifying SDoH factors that
impact emergency room, inpatient, and outpatient visits across diverse
population health segments.

2. Append existing systems with SDoH data to close
information gaps and help optimize both patient engagement and outcomes.

3. Leverage a secure, hosted environment with ongoing
compliance monitoring for the development of unique data analytics, models, or
algorithms.

Why It Matters

Scientific research has shown that 80% of health outcomes
are SDoH-related. Barriers such as food and housing availability,
transportation insecurity, and education inequity must be addressed to reduce
health disparities and improve outcomes. Change Healthcare’s SDoH Analytics
links deidentified claims with factors such as financial stability, education
level, ethnicity, housing status, and household characteristics to reveal the
correlations between SDoH, clinical care, and patient outcomes. The resulting
dataset is de-identified in accordance with HIPAA privacy regulations.

“Health systems, insurers, and scientists can now use SDoH Analytics to make a direct connection between life’s circumstances and health outcomes,” said Tim Suther, senior vice president of Data Solutions at Change Healthcare. “This helps optimize healthcare utilization, member engagement, and employer wellness programs. Medical affairs and research are transformed. And most importantly, patient outcomes improve. SDoH Analytics makes these data-driven insights affordable and actionable.”

What You Should Know:

– Amwell just announced some new offerings Amwell Now, Touchpoint
Tablet software, and C500 to help increase doctor-to-patient virtual
connections as patient and doctor preferences change in light of the pandemic.

– The new solutions (a quick-to-deploy video visit offering, new tablet software, and a telemedicine cart) are designed to be easy-to-use but fully integrated in the provider’s systems and secure.

---

Amwell, a
national telehealth
leader, today announced new connectivity, device and cart offerings, all
tailored to meet the evolving needs of care teams and patients. Spurred by the
impact of the COVID-19 pandemic, Amwell is introducing Amwell Now,
new Touchpoint
Tablet software, and the C500
telemedicine cart to help health systems and other healthcare organizations
easily leverage telehealth as a safe, quality care option.

Amwell Now
and Amwell’s latest Carepoint tablets and carts are designed to make it easier
for providers to quickly onboard patients and use virtual care. These tools can
be integrated within and scaled across organizations’ current systems and
devices, making it simple to embed and launch telehealth across various
specialties and serve an entire care organization. New offerings include:

Amwell Now

Amwell Now
enables a simple connectivity experience for patients and providers,
streamlining entry to the Amwell platform, which is purposefully designed for
healthcare interactions. Amwell Now addresses physicians’ needs for easy, fast
video visits, all on Amwell’s HIPAA compliant, clinically tailored platform. It
delivers simple reporting functionality and the ability for organizations to
put forward their own brand versus that of Amwell. Providers can deploy Amwell
Now with only a few clicks, invite patients by text or email, launch an instant
video connection, and experience an adaptable video visit workflow that is easy
for both themselves and their patients.

Touchpoint Tablet Software

Amwell’s Touchpoint Tablet software offers a new and simple
way to connect remote providers to on-site patients and providers. With it,
health systems can use (existing or new) iPads to facilitate bedside video
connectivity and collaboration in a secure, reliable, HIPAA-compliant way. The
Touchpoint Tablet software is integrated with Amwell Fleet Monitoring, enabling
health systems to track their tablets as part of their Carepoint fleet.

C500: Lightweight Telemedicine Cart

The C500
is Amwell’s latest-generation, lightweight telemedicine cart that empowers providers
to conduct efficient, high-quality remote exams across a variety of
specialties. Featuring an embedded 4K camera that responds immediately to user
commands and smart sensors that make the cart environment-aware, the C500
provides a seamless care experience that is fully integrated with the Amwell
telehealth platform.

Why It Matters

“Amid COVID-19, healthcare organizations’ needs for and expectations surrounding telehealth have fundamentally changed,” said Ido Schoenberg, Chairman and Co-CEO, Amwell. “Increasingly, virtual care is being used as core to all types of care delivery, whether it’s to safeguard care teams, limit unnecessary exposure for patients, or to prioritize the home as a go-to care setting. Our latest offerings are responsive to industry calls for simplicity, integration, and quality, and in service to the evolving landscape of healthcare and our lives overall.”

What You Should Know:

– Cardiopulmonary digital health company Eko raises $65M
in Series C funding to close the gap between virtual and in-person heart and
lung care.

– The latest round of funding will enable Eko to expand
in-clinic use of its platform of telehealth and AI algorithms for disease
screening and to launch a monitoring program for cardiopulmonary patients at
home.

Eko, a
cardiopulmonary digital
health company,
today announced $65 million in Series C funding led by Highland Capital
Partners and Questa Capital, with participation from Artis Ventures, DigiTx
Partners, NTTVC, 3M Ventures, and other new and existing investors. The new
funding will be used to expand in-clinic use of the company’s platform of telehealth
and AI
algorithms for disease screening, and to launch a monitoring program for
cardiopulmonary patients at home.

Eko was founded in 2013 to improve heart and lung care for
patients through advanced sensors, digital technology, and novel AI algorithms.
The company reinvented the stethoscope and introduced the first combined
handheld digital stethoscope and electrocardiogram (ECG). Eko’s FDA-cleared AI
analysis algorithms help detect heart rhythm abnormalities and structural heart
disease. Eko seeks to make AI analysis the standard for every physical exam. The
company recently launched Eko AI and Eko Telehealth to combat the needs of the COVID-19
pandemic.

Eko Telehealth delivers:

– AI-powered and FDA-cleared identification of heart murmurs
and atrial fibrillation (AFib), assisting providers in the detection and
monitoring of heart disease during virtual visits

– Lung and heart sound live-streaming for a thorough virtual
examination

– Single-lead ECG live-streaming, enabling providers to
assess for rhythm abnormalities

– Embedded HIPAA-compliant video conferencing, or can work
alongside the video conferencing platform a health system has in place

Symptoms of valvular heart disease and AFib often go
undiagnosed during routine physical exams. With the development of Eko’s AI
screening algorithms, clinicians are able to harness state-of-the-art machine
learning to detect heart disease at the earliest point of care regardless if
the patient visit is in-person or remote.

“We are thrilled that our new investors have joined our journey and our existing investors have reaffirmed their support for Eko,” said Connor Landgraf, CEO and co-founder at Eko. “The explosion in demand for virtual cardiac and pulmonary care has driven Eko’s rapid expansion at thousands of hospitals and healthcare facilities, and we are excited for how this funding will accelerate the growth of our cardiopulmonary platform.”

What You Should Know:

– Apstar Pharma acquires the assets of respiratory health company Cohero Health to expands its digital portfolio with a focus on respiratory disease management.

– Cohero Health develops digital tools and technologies to improve respiratory care, reduce avoidable costs, and optimize medication utilization.

---

AptarGroup, Inc., a global leader in consumer dispensing, active packaging, drug delivery solutions, and services, announces that it has acquired all operating assets and the proprietary portfolio of Cohero Health, Inc. (“Cohero Health”), a digital therapeutics company transforming respiratory disease management for asthma and chronic obstructive pulmonary disorder (COPD). Financial details of the acquisition were not disclosed.

Start breathing smarter

Founded in 2013, New York-based Cohero Health develops innovative digital tools and technologies to improve respiratory care, reduce avoidable costs, and optimize medication utilization. With this transaction, Aptar Pharma acquires Cohero Health’s turnkey digital health platform and device assets including:

· BreatheSmart Connect digital health platform – care coordination and HIPAA-compliant SaaS cloud service which captures and securely stores data from Cohero Health’s devices and BreatheSmart® software for remote monitoring and patient communications to help manage patient therapy;

· BreatheSmart® App – designed for patient habit creating and behavior change, driving appropriate medication utilization. Provides real-time tracking of medication adherence and lung function, along with reminders, educational materials, and symptom/trigger recording;

·
HeroTracker® Sensors – Bluetooth enabled medication smart inhaler sensors
designed for both control and rescue medications. Attaches to respiratory
medications to automatically record time and date of doses taken

· mSpirometer™ and cSpirometer™lung function diagnostic sensors – enable comprehensive pulmonary lung function testing in a handheld wireless device.

Acquisition Expands Aptar’s Digital Portfolio

“Cohero Health further strengthens and expands Aptar’s digital portfolio, in this case, with a focus in respiratory disease management,” commented Sai Shankar, Aptar Pharma’s Vice President, Global Digital Healthcare Systems. “Aptar has made previous investments in digital respiratory company Sonmol in China and digital health company Navia Life Care in India. With this strategic bolt on, Aptar now has global capabilities to deploy digital respiratory health, utilizing either the Cohero or Aptar device portfolio/platform. The investment will also facilitate Aptar’s ability to provide diagnostic solutions in respiratory and a significant number of other disease categories.”

While most of the public’s attention is focused on the horse race for an approved COVID-19 vaccine, another major hurdle lies just around the corner: the distribution of hundreds of millions of vaccine doses. In today’s highly complex and disconnected health data landscape, technologies like AI, Machine Learning, and robotic process automation (RPA) will be essential to making sure that the highest-risk patients receive the vaccine first.  

---

Why identifying at-risk patients is incredibly difficult 

Once a vaccine is approved, it will take months or years to produce and distribute enough doses for the U.S.’ 330 million residents. Hospital systems, primary care physicians (PCPs), and provider networks will inevitably need to prioritize administration to at-risk patients, potentially focusing on those with underlying conditions and comorbidities. That will require an unimaginable amount of work by healthcare employees to identify patient cohorts, understand each patient’s individual priority level, and communicate pre- and post-visit instructions. The volume of coordination required between healthcare systems and the pressing need to get the vaccine to high risks groups makes the situation uniquely different than other nationally distributed vaccinations, like the flu. 

One key challenge is that there’s no existing infrastructure to facilitate this process – all of the data necessary to do so is locked away in disparate information silos. Many states have legacy information systems or rely on fax for information sharing, which will substantially hamper efforts to identify at-risk patients. Consider, in contrast, the data available in the U.S. regarding earthquake risk– you can simply open up a federal geological map and see whether you’re in a seismic hazard zone. All the information is in one place and can be sorted through quickly, but that’s just not the case with our healthcare system due to its fragmentation as well as HIPAA and patient privacy laws. 

There are several multidimensional barriers that make it nearly impossible for healthcare workers employed by providers and state healthcare organizations to compile patient cohorts manually: 

– Providers will need to follow CDC guidelines on prioritization factors, which based on current guidelines for those with increased risk could potentially include specific conditions, ethnicities, age groups, pregnancy, geographies, living situations (such as multigenerational homes), and disabilities. Identifying patients with these factors will require intelligent analysis of patient profiles from existing electronic health record data (EHR) used by a multitude of providers. 

– Some hospital networks use multiple EHR and care management systems that have a limited ability to share and correlate data. These information silos will prevent providers from viewing all information about patient population health data. 

– Data on out-of-network care that could require prioritization, like an emergency room visit, is often locked away in payer data systems and is difficult to access by hospital systems and PCPs. That means payer data systems must be analyzed as well to effectively prioritize patients. 

– All information must be shared and analyzed in accordance with HIPAA laws, and the mountain of scheduling communications and pre- and post-visit guidance shared with patients must also follow federal guidelines.  

– Patients with certain conditions, like heart disease, may need additional procedures or tests (such as a blood pressure reading) before the vaccine can be administered safely. Guidelines for each patient must be identified and clearly communicated to their care team. 

– Providers may not have the capacity to distribute vaccines to all of their priority patients, so providers will need to coordinate care and potentially send patients to third-party sites like Walgreens, Costco, etc.

All of these factors create a situation in which it’s extremely difficult – and time-consuming – for healthcare workers to roll out the vaccine to at-risk patients at scale. If the entire process to analyze, identify, and administer the vaccine takes only two hours per patient in the U.S., that’s 660 million hours of healthcare workers’ time. A combination of analytics, AI, and machine learning could be a solution that’s leveraged by healthcare workers and chief medical officers in identifying the priority of patients supplemented with CDC norms.

How RPA can automate administration to high-risk patients 

Technology is uniquely poised to enable health workers to get vaccines into the hands of those who need them most far faster than would be possible using humans alone. Robotic process automation (RPA) in the form of artificial intelligence-powered digital health workers can substantially reduce the time spent prioritizing and communicating with at-risk patients. These digital health workers can intelligently analyze patient records and send communications 24 hours a day, reducing the time needed per patient from hours to minutes. 

Consider, a hypothetical situation in which the CDC prioritizes certain risk profiles, which would put patients with diabetes among those likely to receive the vaccine first. In this scenario, RPA offers significant benefits in the form of its ability to: 

Analyze EHR and population health data: 

Thousands of intelligent digital health workers could prepare patient data for analysis and then separate patients into different cohorts based on hemoglobin levels. These digital health workers could then intelligently review documents to cross-reference hemoglobin levels with other CDC prioritization factors (like recent emergency room admittance or additional pre-existing or chronic conditions ), COVID-19 testing and antibody tests data to identify those most at risk, then identify a local provider with appointment availability.

Automate patient engagement, communications and scheduling: 

After patients with diabetes are identified and prioritized, communications will be essential to quickly schedule those at most risk and prepare them for their appointments, including making them feel comfortable and informed. For example, digital health workers could communicate with diabetes patients about the protocol they should follow before and after their appointment – should they eat before the visit, what they should expect during their visit, and is it safe for them to return to work after. It’s also highly likely that widespread vaccine administration will require a far greater amount of information than with other health communications, given that one in three Americans say they would be unwilling to be vaccinated if a vaccine were available today. At scale, communications and scheduling will take potentially millions of hours in total, and all of that time takes healthcare employees away from actually providing care. 

While the timeline for approval of a COVID-19 vaccine is unclear, now is the time for hospitals to prepare their technology and operations for the rollout. By adopting RPA, state healthcare organizations and providers can set themselves up for success and ensure that the patients most critically in need of a vaccine receive it first.  

---

 About Ram Sathia

Ram Sathia is Vice President of Intelligent Automation at PK. Ram has nearly 20 years of experience helping clients condense time-to-market, improve quality, and drive efficiency through transformative RPA, AI, machine learning, DevOps, and automation.

What You Should Know:

– Innovaccer launches its artificial
intelligence (AI)-enabled patient relationship management solution to
streamline communication between patients and their care teams.

– The solution enables
providers and member teams to move beyond treating illness to facilitating
proactive care by building productive, long-term relationships with patients.

---

Innovaccer, Inc., a San Francisco, CA-based healthcare technology
company, today launched its artificial
intelligence (AI)-enabled patient relationship management solution to streamline communication between patients and their care
teams. The solution increases revenue by helping care staff use their time more
efficiently, enabling personalized outreach over a broad patient base with
comprehensive, data-driven, and fully-coordinated care.

The absence
of widely available, easy-to-use systems that automate tasks, such as
scheduling follow-up calls, developing and distributing targeted
communications, and properly responding to questions, makes managing ongoing
relationships difficult, especially for patients with complex medical
conditions. To eliminate such communication barriers, the solution uses
powerful analytics to provide a 360-degree view of patients along with their
utilization trends to easily stratify the most vulnerable patients. With these
views in place, providers can take suitable steps and group patients based on
shared conditions or goals for improved medical management and care delivery.

Enabling
2-Way Communication at Population & Individual Levels

Built on top of Innovaccer’s proprietary FHIR-enabled Data Activation Platform, the solution enables HIPAA-compliant, two-way communication channels to engage patients at both the population and individual levels. The solution enables care teams to easily manage appointments, monitor patient ratings, and feedback, and conduct one-click appointment booking and prescription renewals. With the solution, the care teams can create patient cohorts based on disease, region, and various other parameters to send bulk outreach emails. It simplifies the process of connecting healthcare teams with patients to provide administrative and clinical support.

“Patient-centricity is the essence of healthcare, and artificial intelligence has always been viewed as the answer to achieving individualized, consumer-oriented healthcare,” says Abhinav Shashank, CEO at Innovaccer. “With our patient relationship management solution, we will   resolve the complexity that prevents healthcare organizations from building strong patient relationships. Our goal is to enable healthcare teams to care as one for their patients.”

Clinicians in healthcare settings typically have information coming at them from all directions, at all times, and often with little distinction as to the level of urgency. It makes for inefficiency and confusion for today’s busy doctor.

In today’s hospital setting, that disjointed communication creates dissonance and distraction. Even though the world has gravitated to the ubiquitous use of smartphones, that’s not the dominant form of connection for physicians. The vast majority of hospitals still depend on paging systems to quickly reach doctors as they circulate through a facility and even outside it.

In fact, a study published in the Journal of Hospital Medicine in 2017 found that hospitals provided pagers to 80 percent of hospital-based clinicians, and more than half of all physicians in the survey reported that they received patient care-related communication most commonly by pager. Other information sources reported in the study included unsecured standard text messaging (53 percent of clinicians), and 27 percent used a secure messaging application.

While paging systems seem like a throwback form of technology, they have a history of providing reliable connections between clinicians in hospital settings. They operate on a frequency that is less prone to interference, and they travel significantly farther than messages traveling on cellular networks or Wi-Fi. That means pager signals reach hospital areas that are likely to have bad reception, such as radiology departments or basements. In addition, pager signals are not susceptible to surges in demand or network overload situations, which may occur during emergencies.

However, many hospitals are taking steps to resolve some of these issues. For example, a variety of technologies, such as repeaters, range extenders, or boosters, can improve coverage to challenge areas for both Wi-Fi and cellular networks.

Even so, pagers – a technology that was patented in 1949 and first used in New York City’s Jewish Hospital – are now a duplicative device that does not match the capability of the smartphones that physicians rely on. Many report that it’s frustrating to have to carry a separate paging device that does not fully meet their communication needs.

Pagers don’t work like physicians need them to. For example, it’s frustrating to receive a page, then return the call as requested, only to find that the doctor or nurse who initiated the page is no longer on duty or otherwise inaccessible. That typically requires a message to voicemail or further calls to find out how to reach the other clinician. Communication that could be handled in two minutes with a smartphone could take as much as half an hour to complete with a pager-based system. And that interferes with other work that a clinician should be accomplishing during hospital rounds.

Here’s one real-life example from a surgeon at a major Boston-area hospital. The doctor needed to reach a radiology technologist after regular work hours to get post-surgery X-ray images of a patient uploaded to another EHR system. The physician eventually calls the technologist’s pager number, but there are no instructions for how to ensure the message was left or even if the page went through. The physician calls a nurse to have her call the technologist’s page number on his behalf, but still has no assurance that the call went through. Finally, the technologist returned the call after 35 minutes and multiple phone calls.

Paging systems also have security shortcomings. Many pagers are not fully secure, exposing messages sent over a system to anyone who can tap into the frequency being used. As a result, many pagers and pager messaging systems are not HIPAA compliant, exposing hospitals to potential liability or even hacking or service attacks that could impact communications.

To improve efficiency and security, healthcare organizations need to look to gravitate toward an all-encompassing medical communications system that captures all pager-like messages and seamlessly incorporates them into a collaboration platform that does not rely on store-and-forward functionality. 

Over recent years, clinicians have come to accept and widely use smartphones as a form factor, and their multi-tasking capability also enables clinicians to do more than one task – for example, communicate via text messages, consult an electronic health records system and engage in verbal communication with one or more clinicians.

While the utility of the pager network remains and pager systems are likely to stay in use for the foreseeable future, it is important for healthcare systems to keep the technology but get away from the pager form factor. Transforming the system won’t get rid of pagers completely but will enable physicians to get pager messages in a different way, connecting the current highly accessible pager network directly to a medical professional’s smartphone.

Such a strategy combines the ease of use and convenience of a smartphone with the advantages of a pager network.

---

About Fred Lizza

Fred Lizza is CEO of Statum Systems , a developer of advanced mobile collaboration platforms geared to caregivers. He was previously CEO of StrategicClaim, an insurance claims platform, and Freestyle Solutions, an e-commerce leader. Fred earned his MBA from Harvard University.

By GRACE CORDOVANO, DEVEN McGRAW, and AARON MIRI

The HIPAA Privacy Rule gives patients the right to copies of their medical records, with rare exceptions. When patients need a copy of their medical records, most start the process by calling their doctor’s office and asking for how to get access. The receptionist or office staff point them in the right direction, whether it’s instructing them to write down their request and sending it to the office, pointing them to contact the medical records or radiology department (if the practice is large enough), or assisting them in setting up their patient portal, if the practice is using an electronic health record (EHR). Being able to connect with a person inside the four walls of medicine is often crucial for many patients and their carepartners who may be unsure of exactly how to request their records.

But what happens to those records when a doctor closes or leaves the practice?

Independent practices close for a variety of reasons. Physicians may merge with a large practice or health system, retire, they may sell or close their practice for personal reasons, they may file for bankruptcy, or they may get sick and die. The COVID19 pandemic has had devastating financial consequences on many small, independent, and rural practices, leading to their consequent closure, acquisition, or merger.

What should patients do when their doctor’s office closes, and they need a copy of their medical records? This is especially challenging when a doctor may not have had an EHR, as is the case with many independent practices as well as more rural settings. On September 26, 2020, a tweet from Cait DesRoches, Executive Director of OpenNotes, inquired about how a family member may get access to medical records from her physican’s practice that closed, triggering a robust conversation that led to the realization that patients and families are not well informed in these circumstances.

Prevention is Worth a Pound of Cure

It can be much more difficult to get copies of records after a practice has closed. Patients should get copies of their medical records as they are generated instead of waiting until they’re needed. HIPAA Privacy Rule guidance states that individuals can get digital copies of digital information (or even digital copies of records kept on paper, as long as the practice has a scanner). Companies are developing tools and services that enable individuals and their care partners to collect, use, and store health records. Request digital (or paper, if that is preferred) copies of blood work, imaging, discharge instructions, and corresponding reports before you leave the practice.

What Happens to Medical Records When Offices Close? The Law

The Health Insurance Portability and Accountability Act (HIPAA) does not require a physician to retain medical records for any particular period of time. (HIPAA covered entities – which include physicians who bill health insurers for care – are required to keep records demonstrating compliance with HIPAA for at least six years – but those records are distinct from medical records.) However, if the physician still has those medical records – or has placed them in storage for safekeeping – the HIPAA requirements to produce them when a patient requests still apply.

State laws typically set medical record retention requirements for physicians and may also require the physician to take particular steps (such as notifying a patient) prior to or upon closure of a practice. 

An example of some of these state laws:

• In California, physicians must notify patients in advance of closure of the practice, and are still responsible for safeguarding records and making sure they are available to patients. The California Medical Association recommends physicians keep records for at least ten years from the last date the patient was seen.
• New York requires that medical records be retained for six years from the date of the most recent entry in the record, and patients are required to informed when a practice closes.
• Virginia prohibits the transfer of medical records as part of the closure or sale of a practice until the provider has first attempted to notify by the patient by mail or by publishing notice in a newspaper of general circulation in the area.
• Texas law requires physicians to keep records for a minimum of seven years after the date of last treatment, and physicians leaving a practice are required to notify patients.

During the record retention period, these records are considered to be still “available” and subject to the HIPAA right of access. Consult the medical board or the state medical society in the state where the physician has practiced for further information about physician requirements in the event of closure of a practice. The Medical Board should also have information about how to file a complaint if the physician’s practice has closed without any notice or information about how to obtain records. 

Irrespective of legal requirements, the American Academy of Family Physicians recommend that patients be notified by a letter that the office is closing, giving them the opportunity to obtain a copy of their medical records or have records forwarded to a physician of their choosing. The office may post an update on their website or social media page(s), if ones exist or run an ad in the local newspaper. Patients should be notified who will be the custodian of the medical records and their contact information.

Sorry! The Office Is Closed

Unfortunately, the reality is that most individuals do not get copies of their medical records throughout their care journey. This leaves patients and carepartners in need of records facing significant uncertainty, stress, and frustration when they unexpectedly find out that their doctor’s office has closed. Here are a number of critical tips to assist patients in gathering their medical records, directly and indirectly, in the event their doctor’s office has closed.

1. It is helpful to know when the office may have closed: was it recently or many years ago? As noted above, state laws govern how long records must be retained as well as how they must be handled with respect to confidentiality, privacy, and how they may be destroyed, when and if needed. Typically, records that are about 10 years from the last documented encounter, may be candidates to be destroyed and may be more difficult to obtain as a copy.  (As noted above, state laws may allow for them to be destroyed even sooner than 10 years.)

• Individuals should refer to the letter they may have received notifying them of the office closing and contact the designated records custodian. Updates may also have been posted to the physician or practice’s website or social media page, if available. The local librarian may assist with researching for the office closure notice in archived newspapers or posts in the public domain.

• Insurance companies, current and previous, should be contacted to request any claims that may have been received from the specific physician or provider’s practice. A supervisor should be requested and relayed specific information about the health information needed and why is it critical for one’s care. In the event individuals are encountering difficulty getting traction over the phone, individuals may turn to social media for help.  If the respective insurance company has a Twitter account, individuals may tweet their request while including the insurance company’s Twitter handle. Social media managers are often very responsive and may be an additional avenue for connecting individuals to the information they need if it is perceived that delays in response may be detrimental to their company’s reputation.

• Is there another doctor or professional now at the same physical office/facility location? Individuals should address the request in-person or via a call. The new office staff often receive many of the same questions from other previous patients and may have contact information for a point person on hand. They may also have the records in question if the practice was acquired (where applicable).

• Individuals should contact their local chamber of commerce, borough hall, or local Department of Health. If the office closure was recent, someone may know a way to connect with the doctor or a former staff member for more information.

• Did the doctor have other doctors on staff? If so, individuals may search for the other doctors who may still be in practice at another location to see if they may have a contact for where records have been retained.

• Individuals may quickly determine if their doctor is on social media, such as LinkedIn, Twitter, and Facebook, and respectfully direct message them with their request for more information.

• Individuals may search the internet for any recent press releases that may feature the doctor’s work, activism, or research and contact the respective article’s author or journalist. At minimum, they may be willing to forward the request for records to the doctor.

• If individuals need specific information on medications, they may contact the pharmacy that was used to fill respective prescriptions so as to request copies of prescription records.

1. Individuals should contact their primary care doctor, and other members of their  care team, to see if records were forwarded to them for continuity of care purposes.

1. If an individual’s doctor is deceased, the state medical licensing board may be contacted to determine the care provider’s county of residence. Consequently, the specific state’s county probate court may be contacted to confirm if there is a designated executor of estate that has authority over records retention processes. Alternatively, an obituary may list surviving next of kin which may also be contacted for more information on records retention.

1. If medical records were available digitally, individuals may look up their state and “health information exchange (HIE)”.  An HIE is a secure network that supports the electronic exchange of patient health information among trusted data entities typically across an entire state. Individuals should research if there is an HIE that may serve their local area. An HIE’s website will have a phone number and email to contact directly with your request.

1. If imaging was performed, individuals may reach out to the respective imaging center or the location where imaging was done to request copies of images on CDs and the corresponding reports.

1. If bloodwork was performed, individuals may contact the lab, such as Quest or LabCorp, that processed the tests directly for copies of final lab reports. Individuals may contact their insurance company, current or previous, if they are unsure of the names of the labs that may have been in-network via their plan; individuals can also use their right of access to get copies of claims from their health plan, which may identify the lab that processed the tests.

1.  If individuals are in need of immunization records they may contact their state Department of Health as they may have an immunization registry. The Immunization Action Coalition also has information on locating immunization records.

1. If individuals are working within the framework of a specific diagnosis or condition, they may research non-profits that support patients within that specific disease state and reach out for peer health support, where other individuals diagnosed with the same condition may also be able to assist in navigating these barriers to patient access based on their own lived experiences.

1. A state’s medical board, Office of the Attorney General (AG) and state’s Department of Health are all resources for additional support.

Individuals may also file a complaint with the Office of Civil Rights (OCR) at the Department of Health and Human Services (HHS) if all efforts have been exhausted and the needed medical records have not been obtained.

A closed practice does not need to be a dead end for patient access. Proactively requesting copies of medical records throughout one’s care journey can prevent encountering such patient access barriers. Continuing to share best practices for navigating patient access barriers, from legal, regulatory, and practical standpoints, is in the best interest of all patients.

Grace Cordovano, PhD, BCPA is a board-certified patient advocate specializing in the oncology space, a patient experience enhancer, and information unblocker.

Deven McGraw , JD, MPH, LLM (@healthprivacy) is the Chief Regulatory Officer at Ciitizen (and former official at OCR and ONC). She blogs at ciitizen.com.

Aaron Miri is the Chief Information Officer for The University of Texas at Austin comprising of the Dell Medical School, UT Health Austin clinical enterprise, research, and community impact missions.

What You Should Know:

– Augmedix closes $25 million in private placement
funding and completion of a reverse merger transaction with Malo Holdings Corp.

– Following the transaction, the merged entity will be
named “Augmedix, Inc.”, and will continue the historic and innovative
business of Augmedix. 

---

Augmedix, a company
specializing in providing remote medical documentation and live clinical
support services, today announced the closing of a $25 million private
placement financing and completion of a reverse merger with Malo Holdings Corp.
In connection with the financing, current investors Redmile Group, DCM, and
McKesson Ventures invested alongside new investors.  Financial advisory firms, Stifel, Nicolaus
& Company, Incorporated, B. Riley Securities, Inc., and GP Nurmenkari, Inc.
(as consulted by Intuitive Venture Partners) acted as placement agents for the
private placement.  Montrose Capital
Partners was the sponsor for this transaction.

Reverse Merger Details

Augmedix further announced the completion of a reverse
merger transaction with Malo Holdings Corp., an SEC-reporting public Delaware
corporation. Following the transaction, the merged entity will be named
“Augmedix, Inc.”, and will continue the historic and innovative
business of Augmedix.  In connection with
the financing and merger, Augmedix agreed to cause its common stock to be
quoted on the OTC Markets QB tier, subject to certain terms and conditions.

Remote Medical Documentation & Live Clinical Support

Founded in 2012, Augmedix converts natural clinician-patient
conversation into medical documentation and provides live support, including
referrals, orders, and reminders, so clinicians can focus on what matters most:
patient care. The Augmedix platform is powered by a combination of proprietary
automation modules and human-expert assistants operating in HIPAA-secure
locations to generate accurate, comprehensive, and timely-delivered medical
documentation.

Augmedix services are compatible with over 35 specialties
and are trusted by over one dozen American health systems supporting
telemedicine, medical offices, clinics, and hospitals.  We estimate that our solution saves
clinicians 2–3 hours per day, increases productivity by as much as 20%, and
increases certain clinicians’ satisfaction with work-life balance by 49%

Manny Krakaris, Augmedix Chief Executive Officer, said, “We’re thrilled to complete this financing, which we believe puts Augmedix on the path of accelerated expansion, and will enable us to broaden our operational capabilities, accelerate our technology research and product development, and strengthen our marketing and sales.”  Krakaris noted that the COVID-19 pandemic has accelerated the growth of telemedicine and enabled Augmedix to showcase its competitive advantages in the medical documentation market.  “Because the Augmedix service is accessed through mobile devices and is telemedicine application-agnostic, our innovative technology allows clinicians access to medical note documentation, regardless of their location,” Krakaris said.

Since COVID-19 emerged as a major health threat, virtual care has taken off. As many as 46% of patients reported in late April that they had used telehealth to replace a canceled healthcare visit in 2020, while 48% of physicians said they had started using telehealth to treat patients.  

While a shift in care models was necessary to address business continuity amid the pandemic, these trends also represent positive movements as a growing body of evidence supports the real-life benefits of telehealth. Remote models of care are connected to safe and effective consultations across many use cases, low exposure to viruses, and much-needed access to care.  

Yet the fact that physician adoption isn’t higher suggests two things:

1) Physicians may be taking a ‘wait and see’ approach in the hopes that patients will want to return to in-person care as economies reopen; or

2) Some physicians haven’t yet figured out their long-term telehealth strategy. In truth, many providers are treating telehealth as a “stop-gap” — or temporary — solution until life returns to normal.

But given the increasingly positive data around telehealth as a safe alternative to in-person care, as well as its track record in successfully treating patients, it’s time for providers to reframe their thinking. In the future, practices will need a healthcare strategy that balances virtual with in-person care.

Rethinking Telehealth 

As recently as ten years ago, telehealth reimbursement was largely limited to patients in rural areas, as payers didn’t yet see the value of compensating doctors for virtual encounters. 

Today, most payers and providers recognize the value of telehealth on some level amid rising demand for services and severe professional shortages. In particular, remote care models have proven their worth during the pandemic as an effective means of preventing the spread of disease. Greater acceptance of telehealth is further demonstrated by the recent decision to relax HIPAA requirements by HHS’ Office of Civil Rights (OCR), allowing more providers and patients to virtually connect through FaceTime, Zoom, or other two-way communications systems during the current pandemic. 

This is an important first step, although many providers remain resistant to change for a variety of valid reasons. Some of these include discomfort with remote care models, reimbursement concerns, and the cost of deploying telehealth. 

Performing medicine in a way that doesn’t align with one’s training feels unnatural, and some providers have said that virtual encounters feel less personal. The fact is that most clinicians weren’t trained to diagnose patients remotely or engage over a screen and are simply hesitant to embrace this approach to care.

Also, providers may have trepidation about not getting paid. While CMS and private payers have expanded coverage, multiple healthcare providers have reported that bills are being delayed or only partially paid by health plans. 

With limited insight into the potential return on that investment, concerns over the cost of implementing telehealth are also reasonable. A physician who is consulting with patients remotely through FaceTime, for example, might wonder if the investment in a more secure, robust telehealth platform will make sense in 12 months, should a COVID-19 vaccine materialize. 

Yet by not adopting a more permanent telehealth solution, providers may be hurting themselves down the road. Patients increasingly believe virtual care is highly effective, and some even prefer it. According to a SYKES consumer survey administered in March, 60% of 1,441 respondents said the COVID pandemic has increased their willingness to try telehealth.  

Also, while HHS has relaxed HIPAA enforcement at the moment, there’s no indication this will continue. Healthcare organizations will need to ensure that the platform or program they’re using is designed to keep protected health information (PHI) safe.  

Investing in the Future

Given the upward trajectory of telehealth, it benefits providers to thoughtfully invest in the right strategies and solutions now to extract the greatest value and return on investment down the road. Here are four steps to take, when shifting to a long-term telehealth strategy:  

– Identify needs. Many primary-care practices may have seen a bump in interest in telehealth due to COVID-19, while specialty practices may see increases stay steady, even when fears of the coronavirus fade. When planning long-term, put patient needs first: In what ways can telehealth improve care delivery, going forward? Look at data, such as virtual-visit utilization patterns, to see where there are opportunities to grow telemedicine (e.g., expanding chronic care management) based on needs.

– Consider workflows. The ideal telehealth program doesn’t interrupt clinical workflows – it enhances them. If you’re using a ‘stop-gap’ video conferencing solution to provide telemedicine, is it easy to integrate practice notes with your EHR? Or, do you have to take extra steps to document patient encounters for clinical and billing departments? 

– Seek supportive partners. You can use any number of technology platforms to conduct telemedicine encounters, but not all platforms are created equal. When looking at implementing a telehealth platform, consider not only ease of use, and interoperability, but also what a particular vendor is offering: How well the telehealth platform in question can accommodate the needs of a particular specialty? What are existing clients are saying about things like training, vendor support, and the patient experience?

– Proactively engage. Your patients have most likely heard of telehealth, but they may not realize that telehealth is multifaceted and can be used to diagnose conditions such as skin disorders or allergies and can be just as effective as in-person visits. Educating patients about telehealth’s benefits, and making it easy for them to try telehealth, is essential to success.  

Expanding telehealth’s role in the medical practice benefits everyone, from physicians to patients to payers. Moving past the “stop-gap” mentality now will reap greater benefits in the future, regardless of whether we’re in the midst of a pandemic, or simply trying to provide excellent care on a day-to-day basis.

---

About Roland Therriault

Roland Therriault
is the President and Executive Vice President of Sales at InSync Healthcare Solutions, a provider
of integrated EHR and practice management software, revenue cycle management
services and medical transcription to thousands of healthcare professionals
throughout the United States. Roland Therriault manages all operations of the
company, driving its go-to-market strategy and overseeing all sales activities.
His experience in healthcare and technology includes more than 20 years of
direct and channel sales, strategic planning and business development. Prior to
joining InSync, Roland served as Vice President of Sales for MD On-Line, a
provider of acute and ambulatory clinical and practice management solutions.

---

The coronavirus pandemic accelerated telemedicine exponentially as patients and doctors switched from in-person visits to remote consultations. Health providers rapidly scaled virtual offerings in March and April and traffic volumes soared to unprecedented levels, with practices “seeing 50 to 175 times the number of patients by telehealth than before the outbreak,” according to McKinsey. By early August, the U.S. Department of Health and Human Services expanded the list of allowable telehealth services in Medicare and there was an executive order supporting permanent telehealth provisions for rural areas.

But the surge in telemedicine adoption comes with a host of cybersecurity risks and regulatory compliance requirements unique to the healthcare sector.

As telemedicine traffic increases, so does the volume of hacking attempts. Recent cybersecurity news indicates healthcare organizations are top targets for cyberattacks and “providers remain the most compromised segment of the healthcare sector, accounting for nearly 75 percent of reported breaches.” The consequences are chilling: “The average cost of a healthcare data breach is $7.13 million globally and $8.6 million in the United States.

Further, whenever patient information is involved, HIPAA compliance is required. While HHS temporarily suspended pursuing HIPAA penalties on providers for “good faith provision of telehealth during the COVID-19 nationwide public health emergency,” such permissiveness will not last.

Luckily, most telemedicine providers can utilize managed services and cloud infrastructure to keep pace. Here are some best practices to meet IT compliance and cybersecurity demands for telemedicine.

Telemedicine Compliance Best Practices

Compliance should be viewed as a real-time process that drives security. Telemedicine tools and technology should therefore reflect significant expertise with all healthcare regulations (HIPAA, HITRUST, HITECH), with compliance functions permeating processes. Recommended compliance best practices include:

1. Automate Remediation

Healthcare applications cannot offer high reliability if every potential compliance problem is remediated manually; there’s just too much that can go wrong and never enough staff to address it when needed. The solution is to automate everything that can be automated, and rely on people to handle exceptions or potential violations that don’t impact reliability. Cloud-based services can integrate AI and operational intelligence to automatically remediate anomalies when possible, present recommendations to operations staff for cases that cannot be resolved automatically, and present clear choices such as:

·         Do Nothing: Take no action, delete ticket after [x number of days]

·         Fix Now: Implement the recommended actions immediately

·         Schedule: Perform the recommended actions during the next maintenance window

This approach speeds resolution and decreases service disruptions, and improves the reliability of telemedicine delivery. The automated response also plays a critical role in security (which will be discussed shortly).

2. Perform Formal Risk Assessments

Understanding the risk level and specific risk issues are critical components for an effective compliance plan. Many providers of healthcare services underestimate their level of risk, in part because it is difficult to quantify. The HHS has published guidance in its Quantitative Risk Management for Healthcare Cybersecurity, which offers insight. There are also cloud solutions that can aid the process. Cloud services providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud offer automated security assessment services that help improve the security and compliance of applications deployed on their cloud hosting platforms. They can generally assess applications for exposure, vulnerabilities, and deviations from best practices. A good inspection service should highlight network configurations that allow for potentially malicious access, and produces a detailed list of findings prioritized by level of severity.

3. Reduce Attack Surface

To provide secure access to sensitive information, hybrid architectures supporting telemedicine applications need a virtual private network (VPN) gateway between on-premises and cloud resources. However, developers, test engineers, remote employees, and others who need access to cloud-based protected health information (PHI) may bypass a VPN gateway by either cracking open the cloud firewall to allow direct unencrypted internet traffic or using peering connections. To prevent such potential exposures, secure desktop-as-a-service (DaaS) solutions provide an elegant way to allow cloud-based access to PHI without exposing connections or records. A DaaS is generally deployed within a VPC providing each user with access to persistent, encrypted cloud storage volumes using an encryption key management service. No user data is stored on the local device, which reduces overall risk surface area without impeding development capability.

Telemedicine Security Best Practices

While the full scope of cybersecurity strategies is beyond the scope of this article, here are three best practices that telemedicine providers can use bolster their security profile:

1. Deploy Proactive Network Security

Modern cyber threats have become steadily more sophisticated in evading traditional security measures and more devastating once they penetrate network perimeters. For that reason, telemedicine providers need a highly proactive, multilayered approach to prevent malware-based outages, theft of intellectual property, and exfiltration of protected health information (PHI).

A combination of network anti-malware, application control, and intrusion prevention systems (IPS) is recommended. Such proactive solutions are generally bundled in managed cloud services that should automatically detect suspicious system changes in real-time, isolate and quarantine affected resources, and prevent the spread of exploits by locking down any server whose configuration differs from the installed settings.

2. Encrypt Data Storage

Data encryption is the last line of cyber-defense for PHI and other critical information. Even if an attacker can penetrate the perimeter and proactive network security and exfiltrate data from the provider, those data are useless to the hacker if encrypted. It’s good practice to encrypt all web and application servers running on cloud instances using a unique master key from a key management service when creating volumes.

Encryption operations generally occur on the servers that host cloud database (DB) instances, ensuring the security of both data-at-rest and data-in-transit between an instance and its block storage. For additional protection, you can also opt to encrypt DB instances at rest, underlying storage for DB instances, its automated backups, and read replicas.

3. Harden Operating Systems

Both Microsoft Windows Server and Linux are ubiquitous operating systems in telemedicine. They are also both attractive targets for cybercriminals because they provide complex capabilities, frequently remediate vulnerabilities, and are so common (increasing attackers’ chances of finding an unpatched system). Hackers use OS-based techniques such as remote code execution and elevation of privilege to take advantage of unpatched operating system vulnerabilities. Hardened images of Windows Server and Linux virtual machines (VMs) should be used, employing default configurations recommended by the Center for Internet Security (CIS). Such hardened images make gaining OS administrative extremely difficult, and coordinate well with proactive security bundles described earlier.

Additional resources for telemedicine compliance and security are available from the American Medical Association (AMA), the US Department of Homeland Security, the U.S. Department of Health and Human Services, and HITRUST.

 While these best practices are targeted primarily at telemedicine companies, they can also be applied to a wide range of healthcare providers and organizations delivering vital services in the face of 2020’s dramatic swings in demand.

---

About Gerry Miller

Gerry Miller is the founder and chief executive officer at Cloudticity. He is a successful serial entrepreneur and healthcare fanatic. From starting his first company in elementary school to selling his successful technology consulting firm in 1998, Gerry has always marched to his own drummer, producing a series of successes. Gerry’s first major company was The Clarity Group, a Boston-based Internet technology firm he founded in 1992. Gerry presided over seven years of 100% aggregate annual growth and sold the company in 1998 when it had reached $10MM in revenue.

He was recruited by Microsoft to become their Central US Chief Technology Officer, eventually taking over a global business unit and growing its revenue from $20MM to over $100MM in less than three years. Gerry then joined ePrize as Chief Operating Officer, where he grew sales 38% to nearly $70MM while improving operating efficiency, quality, and both client and employee satisfaction. Gerry founded Cloudticity in 2011 with a passion for helping healthcare organizations radically reshape the industry by unlocking the full potential of the cloud.

What You Should Know:

– Today Vocera Communications acquires EASE Applications,
a provider of a secure communication platform and mobile application that
delivers updates, messages to patients’ loved ones, during surgeries and at
other times.

– The Orlando-based EASE offers a cloud-based service
that is built to improve the patient experience by enabling friends and family
members to receive timely updates about the progress of loved ones in the
hospitals. Care team members can send a patient’s loved ones HIPAA-compliant
texts, photos, and video updates putting them at ease and saving valuable time.

---

Vocera Communications,
Inc., a provider of clinical communication and workflow solutions,
today announced that it has acquired
EASE (Electronic Access to Surgical
Events), based in Orlando, FL. EASE offers a cloud-based communication
platform and mobile application built to improve the patient
experience by enabling friends and family members to receive timely updates
about the progress of their loved one in the hospital. The EASE app
enables nurses and other care team members to send HIPAA-compliant texts,
photos, and video updates to patients’ loved ones, putting them at ease and
saving valuable time.

Patients can add friends and family members to their distribution list; and with a simple tap, caregivers can keep them informed and ease their concerns. Messages, pictures, and videos sent disappear 60 seconds after being viewed, and nothing is saved on the mobile device, providing an additional layer of security and privacy. The application also provides secure two-way video conferencing between patients’ families and care teams. Additionally, EASE enables care team members to customize in-app surveys, offering a quick way to track and improve patient engagement and satisfaction in real-time, and giving feedback and support for the caregivers.

Return on Investment

With more than 1.6 million sent messages, the EASE
application has demonstrated improved patient and family satisfaction and
reduced the number of phone calls from loved ones to the hospital. In one study
with approximately 2,500 family members, 98% said that EASE reduced their
anxiety, and 81% reported that the availability of EASE would influence their
choice of hospital. Additionally, patient satisfaction scores increased by an
average of 6% for patients who used EASE compared to patients who did not use
the application.

Issuance of Restricted Stock Units

As part of the onboarding process, Vocera will issue
restricted stock units totaling approximately 60,000 shares of Vocera common
stock to approximately eleven employees of EASE. These restricted stock units
will vest over three years after the closing and will be made from an
inducement plan adopted by the company’s board of directors pursuant to the
inducement exemption provided under the NYSE listing rules.

The amount of data generated by the healthcare industry is staggering—and constantly increasing.  Healthcare data encompasses the personal information of patients, doctors, nurses, and administrators. It includes diagnostic information, test results, ultrasound images, x-ray images, and of course insurance and financial information. With so much sensitive patient information there for the taking, it comes as little surprise that the healthcare industry—perhaps more than any other sector—has become a primary target for cyberattacks. Now, more than ever, it is critical that healthcare organizations take decisive action to protect their data. 

There has been no shortage of major (and notably costly) data breaches in recent years. The Equifax breach, for example, affected nearly half of all Americans. Last year’s Facebook breach was also headline news, thanks in large part to the number of users affected. Then there was a lesser-known yet costly LifeLabs breach—the largest in Canadian history—affecting more than 15 million people and prompting a lawsuit seeking north of $1 billion in damages for failure to adequately protect data. 

Healthcare data heists yield a premium, making them particularly attractive to hackers. The Center for Internet Security (CIS) notes that the “average cost of a data breach incurred by a non-healthcare related agency, per stolen record, is $158,” compared with $355 for healthcare records.

Though large, the LifeLabs incident isn’t even close to the largest healthcare data breach in history. That dubious honor goes to Anthem, which suffered a breach in 2015 that resulted in nearly 80 million compromised records. Although Anthem was able to reach a settlement with the victims for the relatively paltry sum of $115 million, both the standards for data protection and the expected remediation for failure have changed considerably in the five years since the attack. 

Regulations Raise the Stakes for Security

As the regulatory environment surrounding data breaches of all types grows more strict, hospitals and insurers have found themselves in the crosshairs of an increasingly brazen and sophisticated set of attackers. Part of the reason for this targeting stems from the relative value of healthcare records. There is a reason why “HIPAA” is an acronym known to most Americans, while other data protection laws are not.

Personal Health Information (PHI) tends to be more valuable than standard Personally Identifiable Information (PII) in large part due to its static nature. Patients can change a compromised credit card number or social security number, but not their medical history—and scammers prepared to exploit that history may render victims more vulnerable to certain types of fraud. 

New regulations are further raising the stakes for compliance. Although the California Consumer Privacy Act (CCPA) is not specifically targeted at healthcare organizations, the sector represents potentially one of the most vulnerable industries under the new law. If an organization is found to be in violation of CCPA, they have 30 days to rectify the situation or be subject to a fine of up to $7,500 per record exposed.

To put this in context: if CCPA were adopted nationwide, the LifeLabs breach that affected 15 million individuals would potentially be subject to a fine of $112.5 billion. That $1 billion lawsuits that LifeLabs is facing might sound like a lot, but under CCPA, it might mean getting off easy. This should underscore the necessity of protecting data of any kind today—let alone healthcare records. 

Ecosystems Span Email to Equipment

With the healthcare industry becoming an increasingly popular target and the penalties for breaches growing steeper, it’s important to consider that every endpoint, from desktops to devices, present attack paths for hackers. Measures as simple as stronger email security can make a big difference: in 2018 alone, Business Email Compromise (BEC) attacks resulted in more than $1.2 billion in victim losses. Spear phishing attacks, which are carried out using social engineering techniques to convince the target to relay confidential personal or financial information to what they believe is a legitimate recipient, represent an increasingly common method for attackers to gain access to user credentials or even directly obtain PII or PHI. Securing email with S/MIME (Secure/Multipurpose Internet Mail Extensions), which authenticates the sender of an email, enables employees not only to digitally sign and encrypt email communications but also to detect whether an email received has been authenticated or should not be trusted or opened.

Digital certificates are an essential part of protecting medical devices. Because they can be incorporated during the manufacturing process, these certificates allow device identity and integrity to be established from the moment they are first powered on. They also eliminate the potential for device spoofing, which protects against the possibility of counterfeit devices connecting to the network. These certificates serve as an effective proof point for savvy healthcare organizations. When vetting device suppliers and manufacturers, asking about their approach to device identity is essential. By learning to trust only manufacturers with a responsible approach to authentication, healthcare organizations can help protect one of the areas most susceptible to costly breaches. 

Medical equipment itself has also become more vulnerable. Today’s diagnostic devices are rarely standalone—most are connected to the internet, and anything connected to the internet can potentially be compromised. In fact, this compromise could occur before devices even leave the factory, potentially undermining even the most secure networks and leading medical device manufacturers to consider security starting at the assembly line; the point where device identity measures and digital certificate authentication become critical. Technologies such as secure boot can protect the integrity of a device or piece of software from the first time it is powered on. Similarly, embedded firewall and secure remote update technologies help ensure that software updates are authenticated before installation and that any communication with unauthorized devices stops before harm can be done. 

Moving Forward with New Security Strategies

Today, health insurers, hospitals, and other patient care organizations must manage a truly massive amount of data. It is simply a fact of life. That data comes in many forms, and it can be valuable to cyber attackers for a multitude of reasons. At its core, this data is the healthcare industry’s most valuable asset—one that it must protect at all costs. 

Vulnerabilities can take many forms, from a human error to compromised devices. And while no solution can shield every possible form of attack, data and IT security administrators (and even OEMs) can take concrete steps to protect their organizations, patients, or chipsets against common attack vectors and better comply with today’s strict data protection regulations. Yes, the cloud has introduced new vulnerabilities, but it also has helped enable new security strategies and solutions that ensure every application, cell phone, server, or other connected “thing” has an authenticated digital identity.  The stakes are simply too high, and hackers have become too savvy, to rely on yesterday’s security status quo.

About Tim Callan, Senior Fellow at Sectigo

Senior Fellow Tim Callan contributes to the company’s standards and practices effort, industry relations, product roadmap, and go-to-market strategy. Tim has more than twenty years’ experience as a strategic marketing and product leader for successful B2B software and SaaS companies, with fifteen years’ experience in the SSL and PKI technology spaces.

COVID-19 has presented healthcare with a challenge like no other, with nearly nine million cases all over the world and over 470,000 lives lost. The speed of the outbreak and the disruption caused by it has created unforeseen challenges for communities and economies, and it’s especially apparent in healthcare delivery. Healthcare systems in nations around the globe have dedicated substantial resources to respond to the pandemic and the growth has only somewhat stymied. 

While the U.S. healthcare brings all hands on deck to treat the COVID-19 patients, we have seen a massive acceleration in the use of telehealth to make sure care delivery is not delayed for other patients. The U.S. telehealth market is expected to reach around $10 billion by the end of the year- a dynamic that will remain on its course after the pandemic as well. According to a report, the telehealth market is set to be valued at $175.5 billion by 2026. 

During this period, hospitals across the country will invest more in telehealth solutions to create familiarity with virtual care. However, virtual care encompasses many more benefits than video conferencing with patients. While many health systems have stepped up to leverage telehealth, there is still a long way to go. 

COVID-19 has led to wide-spread telehealth adoption

COVID-19 has certainly changed the outlook towards telehealth. While it was already experiencing significant momentum prior to the pandemic, it has gone from a ‘good-to-have’ to a vital component of care delivery today for providers and patients alike. A McKinsey survey revealed that the number of patients that had used telehealth increased from 11 percent in 2019 to 76 percent in 2020. Even the providers have witnessed 50 to 175 times the number of patients via telehealth than before. 

One of the most important considerations behind the increase in telehealth adoption is that while a significant number of the U.S. population is under stay-at-home orders, this is the only way people can communicate with their physicians. Additionally, the adoption of telehealth can also be instrumental in mitigating the competition for healthcare resources. The use of personal protective equipment (PPE) can be saved for medical staff on the line while other providers can care for their patients from the safety of their homes or clinics. Importantly, the recent CARES Act waived the historical restrictions of telehealth availability to patients in rural areas, and that these services could only be offered from an institutional setting. Telehealth can now be provided to patients at any location with physicians connecting with them from their preferred location.

Another important development is the relaxed HIPAA privacy standards to allow the use of standard video conferencing apps such as Zoom, Skype or FaceTime. As long as the use of these applications gives providers the flexibility to connect with patients remotely, this selective regulation could be in good faith. 

However, this begs the question: could non-HIPAA compliant solutions be a viable, long-term solution? Does the telehealth domain extend as far as video conferencing? How can telehealth be modified to suit the new normal in healthcare? 

Extending the use of telehealth to engage healthcare in a broader way

While the surge in telehealth adoption was somewhat dramatic, the shift to a new normal has to be step-wise and planned for a more efficient healthcare system. There are still factors to consider that could be a potential challenge in the adoption of telehealth, such as lack of awareness of telehealth offerings, poor infrastructure or access to support virtual care and suitable insurance coverage. 

The applications of telehealth can be leveraged in multiple ways. Healthcare organizations can leverage telehealth as an alternative to emergency departments (ED) and urgent care visits. Patients can connect with their physicians remotely regarding their immediate concerns such as an unexplained stomach ache or unusual skin rash to avoid a trip to the ED or urgent care. This could prove extremely important in reducing the number of ED visits and subsequently, lower the cost of care. 

Building on that, virtual consultations with an established provider can also be considered. These consultations can include primary care visits for regular check-ups for chronic conditions, a common cold or psychotherapy. Providers can also conduct follow-up visits and decide later if the patient requires in-person care. This combination of virtual care along with in-person care can help in devising a dynamic care plan for patients and better manage population health. 

Combining telehealth with a healthcare data platform can be the foundation of a connected care framework that can focus on improving access to care and its continuity. A platform that is HIPAA-compliant can be easily used by the providers to connect with their patients and is an optimal way to have effective virtual consultations. Ideally, providers and patients should connect on a platform that gives providers access to their patients’ previous clinical information from across the continuum of care. This would help in reducing the time that goes into shuffling patient files, gathering patient histories, and keying it back into electronic health records.

A virtual, connected care framework could be crucial in connecting all the dots in care. With virtual visits and remote monitoring being conducted on the same platform, providers can coordinate care among each other to ensure minimal friction in the care for patients. For example, real-time changes in the vital signs of a patient diagnosed with Type-2 diabetes can be recorded by the primary care physician and be communicated to the care team. The care team can devise a care plan to address the needs of the patient or direct them to an urgent care clinic to be further assessed. This could be followed by a virtual check-in call with the physician and appropriate follow-up care. 

Preparing for the new normal in healthcare

Amid the urgency of the pandemic, it is important to consider what the U.S. healthcare system may look like after the pandemic is over and how the strategies we have implemented during this time will evolve. 

For healthcare systems to truly embrace the potential for virtual care, physicians have to realize that telehealth is not just a substitute for face-to-face care delivery but a way of enhancing the care experience. To have telehealth as a concrete foundation for virtual care, all digital capabilities and patient information have to be accessible in real-time. Virtual care in healthcare has emerged as an enabler of change and healthcare organizations should sufficiently leverage this opportunity to improve their outcomes, their management of population health, and enhance the health of all of their patients.

COVID-19 will alter our healthcare permanently. The demand for care has changed and any future value-based care efforts will likely be accelerated. The goal is to achieve a lower cost of care while improving the quality of care leading to a healthier population- telehealth is an important tool to achieve that goal. The future of healthcare will be dependent on taking on risk, delivering care to patients in real-time and implementing strategies that are focused on providing care using the most efficient technologies. 

---

About Abhinav Shashank

Abhinav Shashank is the CEO and Co-founder of Innovaccer Inc., a leading healthcare data activation platform. In his role as the CEO, Abhinav has laid the foundation for Innovaccer’s success as a leading data activation platform company and registering a 400% y-o-y growth. Abhinav has also been given a coveted spot in ‘Forbes- 30 Under 30 Asia 2017: Enterprise Tech’ and recognized by Becker’s Hospital Review as one of the ‘Top 50 rising leaders in US healthcare under 40.’”

---

What You Should Know:

– Cerner expands its AI collaboration with Nuance to
provide joint customers with more advanced natural language virtual assistant
technology to navigate electronic health records (EHRs) using just
their voice, giving clinicians more time to spend with patients and less time
with a computer.

– As part of the expanded collaboration, Nuance will
offer Cerner deeply embedded virtual assistant technology that
delivers sophisticated conversational dialogues and skills to automate
high-value clinical tasks inside Cerner Millennium, such as chart
search, navigation, intelligent computerized physician order entry (CPOE), and
scheduling.

---

Nuance®
Communications, Inc. today announced that it has expanded its
long-standing AI collaboration with Cerner
to include the integration of Nuance’s virtual assistant technology into
the Cerner Millennium® electronic health record
(EHR). Building upon the existing integration between Nuance’s Dragon®
Medical platform and Cerner Millennium, joint clients can utilize
Nuance’s advanced natural language virtual assistant technology to navigate the
EHR using just their voice, giving clinicians more time to spend with their
patients and less time with their computer.

COVID-19 Underscores Importance of Addressing Physician
Burnout

The expanded Nuance-Cerner relationship is driven by the healthcare industry’s need to mitigate what the World Medical Association is calling a “pandemic of physician burnout” with 51 percent of physicians reporting frequent or constant feelings of burnout. This is caused by a staggering administrative workload of electronic paperwork to document patient care and to meet requirements for insurance coverage, financial reimbursement, and medicolegal liability protection. 

Research shows that more than 80 percent of physicians believe virtual assistants in health care can reduce the burden on care teams and improve the patient experience. Nuance’s virtual assistant technology helps physicians rapidly accomplish tasks and communicate more naturally while allowing them to use specialized medical terminology across a range of devices and applications with high accuracy.

Virtual Assistant Platform Integration Benefits

Nuance’s deeply embedded virtual assistant technology delivers sophisticated conversational dialogues and skills that automate high-value clinical tasks inside Cerner Millennium, such as chart search, navigation, intelligent computerized physician order entry (CPOE), and scheduling. Nuance technology’s high accuracy rates, rich set of voice-activated skills and ability to understand the user’s intent in context provides higher levels of workflow automation, and more efficient and complete documentation of patient care. Additionally, Nuance’s pre-built, HIPAA-compliant natural language understanding models and cloud platform will support Cerner to deploy the solution quickly and easily to joint clients.

“Together with Cerner, we’re bringing the next level of conversational AI directly to our joint clients with the goals of improving patient experiences, combating clinician burnout, and reducing costs,” said Joe Petro, CTO, Nuance. “Building on our Dragon Medical platform, already used by over 550,000 physicians in the U.S. alone, our new virtual assistant technology will help deliver solutions that automate time-consuming tasks, eliminate inefficiencies, and bring clinical intelligence and better decision-support to clinicians at the point of care.”

 Availability

Select joint Cerner and Nuance clients can expect
to start deploying this integrated virtual assistant technology late this
year.

The COVID-19 pandemic has had a tremendous ripple effect across all industries, with one of the most impacted being healthcare. Providers have had to quickly adapt to supporting patients ‘virtually’ in a secure manner, while simultaneously developing procedures to support accurate reporting to government organizations. These changes have placed added pressure on security and privacy professionals, as they struggle to keep up with urgent demand.

Mature healthcare organizations already have stringent policies and procedures in place to remain compliant with government regulatory requirements (i.e., HIPAA, HITECH Act, etc.) and protect patients’ privacy. However, with the new focus on telehealth, unprecedented patient growth, and strict regulations on reporting, the key threats healthcare security and privacy teams need to be able to detect are also evolving: 

• Unauthorized access to patient data by employees
• Patient data snooping (by employees, family members, co-workers, etc.)
• Compromised records (unusual access patters – new locations, multi-location access, etc.)
• Failed logins and download spikes 
• Terminated or dormant user accounts being used to gain access
• Accessing discharged patient records or deceased patient records

Identifying these threats and uncovering suspicious patterns or activities, however, is no easy feat. Most security monitoring solutions cannot integrate with and consume electronic medical records (EMR) in a usable format. As a result, these solutions have limited out of the box content, leaving a majority of threat detection engineering to the security operations teams, which are already overwhelmed. Legacy security tools are no longer cutting it, as they use rule-based security event monitoring methods that do not account for the need to protect patient data privacy required by regulations such as HIPAA, HITRUST, and GDPR. They also lack the ability to protect patient data from insider threats, advanced persistent threats, or targeted cyberattacks.

Successfully monitoring patient data privacy must focus on two key entities: the employees accessing records and the patients whose records are being accessed. Organizations need to be able to visualize and correlate events across these entities and throughout the IT infrastructure and EMR applications to detect suspicious patterns while adhering to reporting and compliance mandates.

Monitoring EMR applications is crucial to detect and prevent suspicious activity that may lead to data compromise. However, this can be a cumbersome process. Given that nearly all EMR records contain patient data information, organizations must maintain the confidentiality of this data while enabling security monitoring. Unfortunately, most traditional SIEMs do not provide solutions to this problem. As a result, organizations are forced to intermix sensitive patient data with other IT data, risking compliance violations.

To achieve these goals in the near term, there are five crucial areas where healthcare security and privacy teams need to focus attention:

1. Remote Access Protocol: Like all other industries, healthcare organizations must now grant remote access to a large percentage of their workforce. As they migrate workers to remote access these organizations must address logistical challenges such as ensuring IT support can keep up with requests and implementing multi-factor authentication. 

2. Security Training: Organizations must make sure that their employees are abreast of the unique challenges that accompany working remotely and associated security best practices (i.e., security hygiene, secure internet connections, strong vs. weak passwords, signs of phishing attacks, etc.)

3. Critical App Exposure: Typically, critical applications containing electronic health records are not exposed to the internet without very rigid security controls. However, with the need to share and access more information via apps, strict security is more critical than ever before. 

4. Use of Personal Devices: Many organizations do not issue corporate devices to all their employees. Therefore, there is a greater security risk as workers are being permitted to use their personal devices to access critical systems.

5. User Monitoring and Detection: Identity activity patterns are vastly different as employees adapt to the new normal. As a result, prospective attack vectors have changed drastically. Monitoring and detecting new patterns of human and non-human identities must happen quickly in order to adapt to the new reality and detect attacks.

With the entire world experiencing unprecedented changes, we must learn to adapt quickly and strategically. New threat patterns will emerge, but it is crucial to remain vigilant about all activity and access occurring across IT infrastructure. Stringent regulations and ethical codes of conduct also mean that organizations need to be more vigilant about protecting patient data privacy than ever before. 

The constantly evolving data landscape makes it hard to differentiate new and normal, from malicious and threatening. Healthcare organizations need to assess their security posture, ensuring that they have proper tools in place to accurately analyze and correlate events across the IT infrastructure and electronic records. Only with access to this full picture will they be able to detect any suspicious patterns and ultimately protect patient data.

---

About Sachin:

Sachin Nayyar is the CEO of Securonix, a company redefining Next-Gen SIEM using the power of big data and machine learning. drives the vision and overall business strategy for Securonix. Built on an open Hadoop platform, Securonix Next-Gen SIEM provides unlimited scalability and log management, behavior analytics-based advanced threat detection, and automated incident response on a single platform.

Prior to Securonix, Nayyar served as the founder & CEO of VAAU where he led the company from conception to acquisition by Sun Microsystems. Following the acquisition by Sun, Sachin served as the Chief Identity Strategist for Sun Microsystems where he led the vision and strategy for the Sun security portfolio. Sachin is a renowned thought leader in areas of risk, regulations, compliance, identity/access, and governance and speaks frequently at professional conferences and seminars.

Follow along with our new blog series #HealthcareNow and #PublicSectorNow, where we’ll addresses healthcare innovation around the world and how to maintain business continuity in today’s health climate. 

Even before in-person doctor’s visits paused to abide by social distancing measures, the use of video technology was starting to be used by clinicians to consult with patients virtually. Back in January, the Webex UX research team conducted a study with healthcare providers and patients who recently used or provided care through telehealth. We interviewed 9 patients and 9 providers, with specialties across cardiology, emergency medicine, patient education, pharmacy and orthopedics. A common belief among providers we spoke to was that their patients were not tech savvy. The providers thought their patients would be reluctant or unable to download an app or join a video appointment from a URL link. As a result, providers frequently resorted to applications that were already installed on patients’ smartphones.

In using such services, providers could unknowingly expose their patients, themselves, and their employers, to cybersecurity risks. In our survey, providers described taking privacy measures, like doing video calls from a private office, room, or even bathrooms to ensure no one overhead patient information. While some providers understood that the applications they used with patients did not support their HIPAA compliance, they still resorted to using them, often from the perception that their patients wouldn’t want to learn to use a new app or service. We also found in our survey that patients had even fewer security concerns — many assumed that since they’d already shared significant personal information with their healthcare providers, using video software for a telehealth appointment was no different. Combined, these lax attitudes may be exposing patients, providers, and employers to unnecessary risk.

As telehealth becomes the new normal, how can we make it easier for healthcare providers to use a secure video service for telehealth? At Cisco Webex, we take our customers’ data security seriously and we are dedicated to providing world-class collaboration that is simple, scalable, and designed to meet your HIPAA compliance needs.

As a result, we have a few ideas on how to strengthen virtual healthcare appointments and keep patients’ data safer.

• Educate providers on the importance of using a videoconferencing service that has security designed into the product and supports the provider’s HIPAA compliance requirements.
• Regularly update healthcare providers on cybersecurity best practices through training, documentation, and webinars. For example, educate providers about secure screensharing. When providers share their screen during a video appointment, they should choose to share by application instead of their entire desktop. That way, they avoid accidentally exposing patient data to the wrong person.
• An aspect of providers’ reliance on consumer apps stems from the perception that patients are not tech savvy. Providers and schedulers can instruct patients to take video calls from their computer’s browser to avoid having to download an app. Patients can also join meetings with audio-only options with one-touch join, allowing patients to join appointments over the phone’s audio without relying on data. By reducing the steps required when patients are joining a telehealth appointment, providers help keep their data secure.

To learn more about keeping patient and provider data safe, check out our Transitioning to Virtual Healthcare page, and this blog on how we protect your Webex healthcare data.

Additional contributors: Nishchala Singhal, UX Researcher and Mani Pande, UX Research Manager

We’d love to hear what you think. Comment below and stay tuned for the next blog in our #HealthcareNow series. 

The post Why Healthcare Providers Need Secure Telehealth Solutions appeared first on Cisco Blogs.

What You Should Know:

– Ciox Health has acquired Medal, Inc., a biomedical
Natural Language Processing (biomed-NLP) technology company.

– The acquisition will lead Ciox to better and more
quickly enable real-world data in support of research that advances patient
care.

---

Ciox
Health, a leading health technology company, today announced its acquisition
of San Francisco-based biomedical Natural Language Processing (biomed-NLP)
technology company, Medal, Inc., a leader
in the application of AI techniques to the interrogation of unstructured
medical record data. The acquisition accelerates capabilities to enable
real-world data (RWD) in support of research that advances patient care.

The Real-World Data Advantage

As more pharmaceutical and research organizations look to real-world data to accelerate clinical research, reliable identification, and interpretation of phenotypic data from deep inside medical records are becoming paramount. The most relevant information resides in the unstructured data: the surgical reports, pathology reports, imaging reports, discharge summaries, and other clinician-scribed narrative text. Medal’s software helps identify, contextualize, and interpret narrative-based medical notes, leading to the creation of research-grade data sets at scale. The company’s approach to biomed-NLP and deep learning AI is guided and informed by consensus from clinical expert reviewers across therapeutic areas.

“More than 100 million medical records are retrieved and reviewed by Ciox each year from the vast majority of U.S. providers, presenting an unprecedented opportunity to actually bring a true longitudinal perspective to clinical investigation. Ciox works at the first and last mile of U.S. healthcare data,” says Andy McMurry, Ph.D., Chief Science Officer of Medal. “Using Medal AI, Ciox will reduce human expert time and increase the utility of patient data to support biomedical discovery and clinical trials research across many disease areas, including COVID-19. Combining vast biomedical knowledge sources with clinically trained Artificial Intelligence enabling human experts, we are reinventing real-world data for clinical investigation.”

Acquisition Benefits for Ciox Health

This acquisition is the third major recent announcement from
Ciox’s growing Real World Data business, following two prior announcements of
strategic collaborations with LabCorp and Merck. As health data remains
fragmented throughout the U.S. healthcare ecosystem, Ciox is attracting
interest in its RWD division from medical research organizations and other
partners. This additional feature of the Ciox DataFit Platform through the
acquisition of Medal will enable faster and more consistent translational
research. 

Why It Matters

“We’re proud to bolster the Ciox Real World Data offering with Medal’s technology and team,” says Pete McCabe, CEO, Ciox. “The team and the biomed-NLP product, combined with Ciox’s technology-enabled ability to create longitudinal records across EHRs and provider systems, remove the friction related to medical records-based clinical research.  We will consistently supply consented, HIPAA-compliant, de-identified, research-grade RWD for complex clinical use cases to commercial researchers in pharma and biotech, as well as government sponsored researchers. The need is particularly highlighted in the COVID-19 research questions being asked by agencies like the FDA, CDC and NIH.”

What You Should Know:

– Innovaccer has recently partnered with Central Maine
Healthcare (CMH), an integrated healthcare delivery system that serves over
400,000 people in the central, western, and mid-coast regions of the state, to
connect providers with their patients through data-driven telehealth, powered
by its FHIR-enabled Data Activation Platform.

– The care delivery system will conduct data-enabled
virtual visits to assist its providers with efficient, remote care amid the
COVID-19 crisis and beyond.

---

Innovaccer, Inc., a
San Francisco, CA-based healthcare technology company, has partnered with Central Maine Healthcare (CMH), an integrated
healthcare delivery system that serves over 400,000 people in the central,
western, and mid-coast regions of the state, to connect providers with their
patients through data-driven telehealth,
powered by its FHIR-enabled Data Activation Platform. The collaboration will
empower physicians at CMH with the ability to care for their patients with
real-time virtual visits and remote consultation experiences during the
pandemic.

When many patients are reluctant to visit the clinic to
avoid potential exposure to the coronavirus, healthcare organizations are
implementing virtual exam rooms and data-enabled telehealth visits for
chronically-ill patients in their care. 

With Innovaccer’s Virtual Care solution built on top of its
FHIR-enabled Data Activation Platform and its data-driven telehealth
capabilities, the providers at CMH can conduct online patient consultations as
seamlessly as traditional onsite visits. The care teams at CMH can streamline
their workflows with the solution’s automated bulk messaging and outreach
capabilities. The platform will also assist providers in expediting the
follow-up process through telehealth consultations with secure messaging and
improve patient engagement with the health system. 

In addition to scheduling HIPAA-compliant HD video visits,
the solution’s virtual patient examination room can empower providers at CMH to
send and receive pre-visit assessments, texts, and email through secure
messaging.

Providers at CMH will be using the Virtual Care solution to
provide educational material for their patients, conduct smart outreach and
enable pre-visit planning with accurate patient self-assessments. With the
solution, providers at CMH can manage post-call logs to streamline their care
management approach.  

Given the situation we are all in, healthcare needed a new approach to tackle the pandemic. Central Maine Healthcare adopted a modern approach to care delivery where our primary focus was to offer our patients a virtual care option to make it easier for them to seek care, wherever they may be. Innovaccer’s FHIR-enabled Data Activation Platform expertise will be helpful for us in strengthening our virtual care and it will be a good addition to our strategy going forward,” says Steven Martel, MD, Chief Medical Information Officer, CMH

Healthcare IT consultants’ work involving health records may expose them – and their provider and payer clients – to regulatory, legal, financial, and reputational risk. These risks are potentially higher in the COVID-19 era, with many of their employees working from home and accessing sensitive records and networks from remote locations. According to the US Department of Homeland Security (DHS), there is a heightened risk of phishing, SMS phishing and other attacks using COVID-19 themes, and increased attacks on newly deployed remote access and teleworking infrastructure. Managing these risks requires a clear understanding of what a consultant’s potential exposures are, adopting best practices for mitigating risk, and considering appropriate insurance coverage to cover potential liabilities. 

How big is your risk?

Too often, cyber risk analysis is conducted with simplistic estimation methods based on broad assumptions. These methods may not tell the full story and may leave an organization uninformed about its true exposure. In my practice, we can use sophisticated scenario analysis to estimate cyber exposure – efficiently defining cyber event scenarios and estimate resulting losses using cost models tailored to specific impacts. Calculating the risk environment related to COVID-19 is part of this analysis.

Consultants and other vendors who have access to personal health information are organizations typically considered “covered entities” under HIPAA. As such, the consultants are “business associates” under HIPAA and subject to HIPAA requirements and penalties. These consultants may also be subject to claims and legal actions by affected patients who believe their personal health information privacy has been violated.

Because of the value of health records and the size of many of the clients, the average claim for a security or privacy breach can average $3.4 million for larger healthcare organizations, according to NetDiligence.  Consultants are also subject to the risk of claims and legal actions from their provider or payor clients for damages arising from data breaches and other cybersecurity incidents, interruption of service, and other problems. And whatever the merits of these claims, the cost of defending can be very high. 

Best practices for risk management

Best practices for risk management in the COVID-19 era start with employee education and ongoing communication. Focus on safeguarding personal health information, following your organization’s data security policies, proper management of emails that may include malware/ransomware, protecting mobile devices and sensitive paper documents in transit, and other measures. In an era of mass telecommuting, it means enhancing security controls around Security Application Gateway or VPN to access corporate systems and ensure multifactor authentication, where applicable. It also includes following best practices for virtual meetings, including the National Institute of Standards and Technology (NIST) Virtual Meetings Best Practices.  

An updated, regularly tested and reviewed, business continuity and incident response plan is essential – with copies of the plan available offline and off-site. This plan should include the contact information for incident response vendors who have been approved by your cyber insurance carrier(s). The incidence response plan should, at a minimum, follow HHS guidance.

How much insurance do you need?

It’s a good idea to evaluate your insurance needs at least once a year, and perhaps more often if your business is rapidly changing. Some organizations acquire insurance early on in their company history, just enough to meet the requirements of clients, lenders, investors, and other interested parties. As time goes on, there may be inefficiencies where you’re paying too much for some coverages, or not scaling up coverage for the current size of your business and the potential exposures. Also, coverage should specifically meet the nature and size of current threats. For example, ransomware demands have increased 33% on average to $111,605 from Q4 2019 to Q1 2020 according to a recent Coveware report.  A regular review, coupled with accurate risk assessment, will help you determine appropriate coverages.

Review your cyber liability insurance policy to ensure how it will respond to security/privacy infiltrations within a remote desktop employee environment. Most updated policy forms affirmatively cover unauthorized access into the organization’s network/system/environment when the software is managed by the insured organization, such as via a mobile device manager (MDM). However, each policy differs in coverage. Remind employees to report suspected activity or infiltrations of their home network to their IT/information security team in accordance with your incident response plan and cyber liability policy. 

Conclusion

With the expanded use of technology, such as cloud utilization and EMRs, the healthcare industry is more interconnected and dependent on service providers more than ever before.  The impact of the pandemic further stresses this reality and can cause implications that can pose numerous liabilities around the confidentiality, integrity, and accessibility of the data within your organization. Reviewing your vendor contracts and audit procedures of such critical vendors can be valuable in maintaining supply chain resiliency and limiting legal and incident response costs when security or privacy incidents occur. Cyber insurance may be an afterthought within some organizations. However, it is a crucial response mechanism that should be known and tested with various simulations to understand the adequacy of coverage and limits.  

---

Mario Paez, RPLU, CIPP/US is Director, Cyber & Technology E&O, with the Minneapolis office of Marsh & McLennan Agency LLC. He can be reached at [email protected]

---

Disclosure: This article is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Marsh & McLennan Agency LLC shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Any statements concerning actuarial, tax accounting or legal matters are based solely on our experience as consultants and are not to be relied upon as actuarial, accounting, tax or legal advice, for which you should consult your own professional advisers.

Healthcare providers are seeing between 50 and 175 times (1) more patients via telehealth than before. Telehealth platforms* offer solutions for a wide array of different healthcare issues. An estimated 20 percent of all emergency room visits and 24 percent of routine office visits and outpatient volume could be delivered virtually via telehealth.

Telehealth is a win-win for providers and patients. It both increases the availability of care while also reducing costs. However, telemedicine does have intrinsic privacy and security risks that all providers must minimize to protect sensitive patient data.

The Inherent Vulnerability of Connectivity

Providers have been eager to adapt to this care delivery method, but many platforms do not meet HIPAA requirements and lack adequate data safeguards. The same connectivity that makes telehealth possible also creates threats to patients. Protecting patient health information (PHI) and providing remote services doesn’t fit together easily.

Any data transferred over the internet runs the risk of interception by threat actors, and healthcare has long been a preferred target for cybercriminals. In 2019, healthcare data breaches cost the industry over $4 billion (2). 

This year is no exception with a further increase in ransomware (3) and other attacks that put millions of patients’ records in danger of exposure. These types of events have all happened within typically well-fortified hospital networks.

Connecting with patients via telehealth and transmitting biometric data via remote care devices only furthers these dangers. The biggest risk is that patients lack control of the collection, usage and sharing of their PHI.

For instance, remote monitoring devices built with sensors to detect falls may collect information on other activities patients wish to be kept private—including that their home is unoccupied at certain times and the types of activity they participate in. Even with security measures, any transfer does have a potential for a breach.

How to Prevent Security Risks in Telehealth

More secure telehealth begins by establishing best practices. Because of the sensitive information healthcare organizations possess, providers and the vendors they choose to work with must focus on core elements of data security through related tools and strategies such as:

1. Identity Authentication

Continuous identity authentication ensures authorized individuals have access to data. Identity authentication can be accomplished through a variety of approaches.

Multi-factor authentication, or the requirement of utilizing two pieces of evidence to sign in, is among the most common and has been proven effective in blocking 99.9 percent of all automated cyber-attacks.

Beyond this, users need to develop strong, unique passwords for, not just their telehealth platform accounts, but across their entire online logins and accounts.

2. Improve Telehealth Platform Safety

HIPAA requires that providers integrate encryption and other safeguards into their interactions with patients. However, patients’ devices on the receiving end of care often don’t have these safeguards while some medical devices have been shown to be vulnerable to hackers.

Ensuring the safety of all patient devices in the short term will be impossible. Thus, telehealth platforms must be as secure in themselves as possible. The software needs to be designed in a secure environment and contain numerous ways of establishing secure channels between patients and providers.

3. Investing in Patient Education

Outside of telehealth, cybersecurity ultimately relies on the end-user. As hackers continuously exploit new vulnerabilities, developers are in a constant race to keep up with new threats. Cybersecurity is only as strong as its weakest link. Secure telehealth apps must be complemented by other measures.

For this reason, healthcare providers should educate patients about cybersecurity and the steps they should take to improve the overall safety of their interactions online by:

●  Educating patients about the telehealth security threats;

●  Using a VPN both during telehealth services and for general device usage;

●  Frequently updating all apps and operating systems, not just telehealth platforms;

●  Enabling anti-malware and virus scans to run at all times;

●  Restricting app permissions to what’s necessary for app functionality only; and

●  Recognizing social engineering and other types of cyber-attacks.

How to Minimize Telehealth Security Risks

The one word providers must focus on when implementing telehealth is encryption. It needs to be everywhere. Since data is vulnerable in all stages of its life cycle, including during storage, transmission and access, encryption must be built into every step of this process.

Concerns about the privacy and security of these systems should not adversely affect people’s trust in telehealth. The benefits outweigh the risks. But providers must embrace more rigorous standards and minimize threats to ensure telehealth can deliver on its promises and live up to its potential.

Sources:

1. https://www.mckinsey.com/industries/healthcare-systems-and-services/our-insights/telehealth-a-quarter-trillion-dollar-post-covid-19-reality
2. https://healthitsecurity.com/news/data-breaches-will-cost-healthcare-4b-in-2019-threats-outpace-tech#:~:text=November%2005%2C%202019%20%2D%20Healthcare%20data,per%20each%20breach%20patient%20record.
3. https://www.securitymagazine.com/articles/92575-increase-in-reports-of-ransomware-attacks-on-health-care-entities
4. https://www.microsoft.com/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/

What You Should Know:

– Sharecare launches its offering for employers: [email protected],  a virtual solution for COVID-19 that’s integrated with its app-based digital health platform for managing consumer health and well-being.

– The offering is designed for employers – organizations
of any kind – to support their workforces as they return to work when the time
is right (and whether they’re working virtually or remotely).

– The solution features digital health pass, daily screener, telehealth integration, access to testing, and employee readiness surveying capabilities.

---

Sharecare, the digital health
company that helps people manage all their health in one place, announced [email protected],
Sharecare’s comprehensive COVID-19
readiness solution. Integrated into Sharecare’s robust health management and
engagement platform, [email protected] empowers U.S. employers to address the
evolving emotional, educational, clinical and operational challenges introduced
by the pandemic, while equipping their employees with tools and resources to
stay safe and build resilience, whether continuing to work remotely or
returning to the physical workplace.

[email protected] Areas of Focus

Through
[email protected], these tools, programs and content, among other new features,
are now available to Sharecare’s enterprise partners. Sharecare’s new COVID-19
readiness solution covers three distinct areas of focus to support U.S.
employers throughout the pandemic and beyond, including:

Assessment & Triage: Empowers employers with a real-time perspective on the overall health and safety of their workforce; while providing employees with a simple and convenient way to track their health status on a daily basis and gain confidence that their colleagues are doing the same. Components include:

• Readiness survey: Developed in partnership with Dr. Sandro
  Galea, dean of the Boston University School of Public Health; assesses
  employees’ willingness to resume activities and what will make them feel safe
  at work.
  • Daily screener & digital health pass: Securely monitor an employee’s health;
    employer receives reporting status and test results for each employee as well
    as aggregated data.
    • Daily screener: Clinically validated. Provides
      employees with a personalized COVID-19 report to view daily entries and monitor
      progress; locate nearby testing sites by state and county; and see lab results
      from employer-ordered COVID-19 tests.
    • Health pass: Secure QR code-powered
      certification within the Sharecare app, validating each employee’s health
      status as part of an organization’s return to work protocol.¹
  • Telehealth integration: Enables employers to seamlessly integrate Sharecare’s
    HIPAA-compliant telehealth solution or other third-party telehealth
    solutions.

Testing & Tracking: Provides a decision framework to ensure a safe, confident return to work for an employer and their employees. Features include:

• COVID-19 testing: Searchable database of all available sanctioned and credible
  testing options. Sharecare, in conjunction with testing and diagnostic service
  providers, guides employees through the process to understand if they need to
  get tested, which test is appropriate, where to get tested, and their results,
  which are privately available to them within the Sharecare app.
  • Contact tracing: Uses low-emission Bluetooth readings between
    mobile phones over time to approximate the proximity and duration of an
    encounter between Sharecare app users who opt-in.² Privately
    notifies individuals who may have been exposed to someone with COVID-19.
  • Reporting and analytics: Status and risks for each employee, including
    results of positive COVID-19 tests and exposure events. Additional dashboards
    can be segmented by geography, worksite locations, and segmentation tactics
    applicable to the organization; as well as real-time and actionable reporting
    analytics providing clients with insights on population outcomes.

Build & maximize
resilience: Tools and resources to foster resilience
by addressing the emotional, physical and financial challenges that many
employees encounter during the pandemic and as they return to work, including:

• Interactive map: Measures and monitors the progression of
  COVID-19 cases and mobility data across the country, down to a county-by-county
  basis.
  • Anxiety management: From its voice-based stress tracker to the
    award-winning relaxation and mindfulness videos, Sharecare has multiple tools
    to help people manage stress. Most recently, Sharecare acquired a digital
    therapeutics company founded by renowned neuroscientist Dr. Jud Brewer and
    whose suite of apps, including Unwinding Anxiety, are clinically proven to
    positively affect long-term behavior change.
  • Financial protection: Sharecare provides employees direct access to
    SmartDollar, an online program designed to help them get on a budget, save for
    emergencies, pay off debt, and start investing so they can retire with
    confidence.

Integration with Sharecare’s Existing Digital Health Platform

Sharecare
has integrated these capabilities into its comprehensive digital platform
currently available to 30 million covered lives. By offering an even more
robust solution, Sharecare is ideally positioned not only to support the health
and well-being of its client partners and their employees in the face of the
pandemic but also to enable them to return to work safely when the time is
right. 

“Although the ultimate goal of enabling employees to safely return to the workplace is clear, the path for getting there is less certain for many organizations – and that’s further complicated by the daily information overload that is often complex and contradictory,” said Jeff Arnold, founder, chairman and CEO of Sharecare. “A successful return-to-work strategy requires more than just a particular testing protocol; we have to create a new culture of well-being that can adapt and evolve over time while empowering each individual to build resilience and foster longevity. We are committed to helping everyone stay safe against the threat of the pandemic, while equipping our government, employer and health plan partners to work toward recovery as a key component of their comprehensive well-being strategies.”

What You Should Know:

– Microsoft released the public preview of Azure IoT
Connector for FHIR (Fast Healthcare Interoperability Resources), the latest
update to the Microsoft Cloud for Healthcare.

– The Azure IoT Connector for FHIR makes it easy for
health developers to set up a pipeline to manage protected health information
(PHI) from IoT devices and enable care teams to view patient data in context
with clinical records in FHIR.

---

This week, Microsoft released the preview of Azure
IoT Connector for FHIR—a fully managed feature of the Azure API for FHIR.
The connector empowers health teams with the technology for a scalable
end-to-end pipeline to ingest, transform, and manage Protected Health
Information (PHI) data from devices using the security of FHIR APIs.

Telehealth
and remote monitoring. It’s long been talked about in the delivery of
healthcare, and while some areas of health have created targeted use cases in
the last few years, the availability of scalable telehealth platforms that can
span multiple devices and schemas has been a barrier. Yet in a matter of
months, COVID-19 has accelerated the discussion. There is an urgent need for
care teams to find secure and scalable ways to deliver remote monitoring
platforms and to extend their services to patients in the home environment.

Unlike other services that can use generic video services
and data transfer in virtual settings, telehealth visits and remote monitoring
in healthcare require data pipelines that can securely manage Protected Health
Information (PHI). To be truly effective, they must also be designed for
interoperability with existing health software like electronic medical record
platforms. When it comes to remote monitoring scenarios, privacy, security, and
trusted data exchanges are must-haves. Microsoft is actively investing in
FHIR-based health technology like the Azure IoT Connector for FHIR to ensure
health customers have an ecosystem they trust.

Azure IoT Connector for FHIR Key Features

With the Azure IoT Connector for FHIR available as a feature
on Microsoft’s cloud-based FHIR service, it’s now quick and easy for health
developers to set up an ingestion pipeline, designed for security to manage PHI
from IoT devices. The Azure IoT Connector for FHIR focuses on biometric data at
the ingestion layer, which means it can connect at the device-to-cloud or cloud-to-cloud
workstreams. Health data can be sent to Event Hub, Azure IoT Hub, or Azure IoT
Central, and is converted to FHIR resources, which enables care teams to view
patient data captured from IoT devices in context with clinical records in
FHIR.

Key features of the Azure IoT Connector for FHIR include:

– Conversion of biometric data (such as blood glucose, heart
rate, or pulse ox) from connected devices into FHIR resources.

– Scalability and real-time data processing.

– Seamless integration with Azure IoT solutions and Azure
Stream Analytics.

– Role-based Access Control (RBAC) allows for managing
access to device data at scale in Azure API for FHIR.

– Audit log tracking for data flow.

– Helps with compliance in the cloud: ISO 27001:2013 certified supports HIPAA and GDPR, and built on the HITRUST certified Azure platform.

Microsoft customers are already ushering in the next generation of healthcare

Some of the healthcare organizations who are embracing the technology include:

– Humana will accelerate remote monitoring programs for
patients living with chronic conditions at its senior-focused primary care
subsidiary, Conviva Care Centers.

– Sensoria is enabling secure data exchange from its Motus
Smart remote patient monitoring device, allowing clinicians to see real-time
data and proactively reach out to patients to manage care.

– Centene is managing personal biometric data and will
explore near-real-time monitoring and alerting as part of its overall priority
on improving the health of its members.

This outbreak has shown us that we need to be much faster, more nimble and better prepared to confidently share health data across organizations.

What You Should Know:

– Same day
pharmacy delivery startup NowRx raises $20 Million in Series B funding to expand
into new U.S. territories and accelerate its technology roadmap, transforming
the way consumers get their prescriptions. 

–
NowRx’s competitive
advantage is its proprietary pharmacy management system, which leverages AI and
robotics to fill and deliver prescriptions in record time, including
interfacing with insurance, checking for drug interactions, bottling/labeling
in 30 seconds, offering video chats & text with pharmacists, as
well as safe, reliable and convenient home delivery from NowRx’s HIPAA-trained drivers.

– In the
last year, NowRx has grown its new customer base by 84% and increased
revenues by 78%. Since its first delivery in 2016, it has delivered over
200,000 prescriptions to more than 28,000 customers.

---

NowRx, a Mountain View,
CA-based same-day pharmacy delivery company experiencing rapid growth during
the coronavirus pandemic, has raised $20 million
in Series B funding round through SeedInvest.com, a leading Regulation A+ crowdfunding platform. This round is the largest
in SeedInvest history and brings the company’s total funding to $30 million.

Retail pharmacy is a $400 billion industry that relies on expensive real estate to drive foot traffic and depends on outdated, legacy software systems to manage prescriptions. Founded in 2015, NowRx exists to provide the most convenient pharmacy experience available, with free, same-day delivery of prescription medications. Expedited one-hour delivery is also offered for a $5.00 charge. All pharmacy services are provided from a low cost, highly automated “virtual pharmacy” location, utilizing end-to-end robotic dispensing (“One-Click Fill”) and artificially intelligent chatbots, coupled with NowRx drivers and plug-in electric vehicles, to provide a more efficient and effective pharmacy experience for busy customers.

“The real reason you are stuck waiting in line for your prescription is that the large chain pharmacies actually want you in their stores so you’ll make other purchases while you’re there,” said NowRx CEO and co-founder Cary Breese. “This flawed strategy ignores the fact that consumers are eager to avoid the hassle and risk of in-store shopping, especially during a pandemic.” According to Breese, these retailers are unable to offer a good customer experience with prescriptions because their legacy software systems and manual processes create bottlenecks and inefficiencies. “By re-engineering pharmacy management software and deploying modern automation technology in our low-overhead, high-tech micro-fulfillment centers, NowRx provides a far better customer experience at the same or better margins than the largest players in the industry,” he added.

How It Works

Customers and physicians are able to use the services through the NowRx app, by text, by telephone, and through virtual assistants such as Google Home. Physicians are able to send prescriptions to NowRx through electronic prescribing, fax, the NowRx app, or telephone. Current services provided include fulfilling new prescriptions or refills, transferring prescriptions from other pharmacies, consulting pharmacists via phone, and applying of drug manufacturer coupons.

NowRx Pharmacy is easy to use and works in 3 simple steps.

1. You or your doctor sends a prescription to NowRx Pharmacy

2. Once NowRx has received your prescription, they will
reach out to you in order to get some basic information (insurance, payment
method, preferred delivery time, etc.).

3. Once everything has been confirmed NowRx will deliver
your medication in under 5 hours for your regular copay.

Quickfill Pharmacy Automation

NowRx’s competitive advantage comes from its proprietary pharmacy management software technology, QuickFill (v3.5), which was built from the ground up to streamline and simplify prescription fulfillment and delivery while reducing costs and improving customer service. QuickFill was recently certified by the nation’s leading health information network, Surescripts Health Alliance Network, which unifies electronic health records (EHR) vendors, pharmacy benefit managers (PBMs), pharmacies, clinicians, and health plans and connects QuickFill to more than 1.5 million physicians across the U.S.

The Quickfill technology suite includes both a consumer app that provides customers with transparency and control over their prescriptions as they are being processed, as well as Wheelz, the driver app that coordinates delivery by NowRx’s HIPAA-trained drivers, enables delivery signatures and transactions, and tracks deliveries in real-time through GPS.

QuickFill technology also incorporates end-to-end robotic dispensing. When a customer clicks on the button to order a refill, that order is automatically routed to the nearest NowRx micro-fulfillment center, where the robots sort, count, bottle and label each medication in less than 30 seconds. The Quickfill software also streamlines the insurance approval process and even has an automated coupon feature that has saved customers millions of dollars by automatically searching for and applying drug manufacturer coupons. Since deploying its fully automated, end-to-end robotic dispensing technology, NowRx has filled more than 15,000 prescriptions (each in less than 30 seconds)

Traction/Milestones

NowRx recently opened one of its high-tech micro-fulfillment facilities in Burlingame, its fourth in California, and has recently received its pharmacy permit to operate another facility in Arizona. In the last year, NowRx has grown its new customer base by 84% and increased revenues by 78%. Since its first delivery in 2016, NowRx has delivered over 200,000 prescriptions to more than 28,000 customers.

NowRx is on track to achieve profitability even as it
exceeds customer expectations by providing free, same-day delivery. According
to SeedInvest CEO and Co-Founder Ryan Feit, investors on the popular Regulation
A+ crowdfunding platform were quick to grasp the advantages of NowRx even
before the COVID-19 pandemic because so many have first-hand experience with
the hassle of getting prescriptions filled. “Investors understand the
problem NowRx is solving,” he said.  

Fueling Expansion into Additional Territories

The funds will be used to launch more of NowRx’s high-tech micro-fulfillment centers to bring free same-day prescription medication delivery to customers in additional territories. NowRx will also use the funds to accelerate the technology roadmap for its proprietary pharmacy management software and logistics technology to increase efficiencies and improve profitability.

NowRx pharmacy currently has multiple locations throughout the Silicon Valley and Orange County California areas.

March 17, 2020, may well be remembered as the day the telemedicine revolution finally took off. Telemedicine and Telehealth‘s adoption, fast-tracked by Coronavirus/COVID, will create profound changes in how healthcare services are provided — while also spawning new healthcare marketing opportunities.

Earlier last month, in the interest of public safety, the federal government largely removed two huge and long-standing barriers to telemedicine adoption by easing reimbursement and HIPAA restrictions. Many private pay health plans followed suit. These changes open the door to exciting new ways to better serve patients today and to bolster, grow and sustain medical practices, medical offices, hospitals, and healthcare networks in the future.

Changes in healthcare and medical services delivery commenced almost instantly. For example, right around this time, we spoke with one of our multi-location oncology clients about our marketing teams‘ recommended changes to their marketing plans due to COVID-19. These discussions evolved to focus on their need to help cancer patients both safely and remotely, and their uncertainties regarding HIPAA. The new rules now allow the use of simple, practical, patient-friendly solutions like Apple FaceTime and Zoom, to communicate with homebound patients. True to their purpose, these new government proclamations have opened the door to safer, better, and more convenient care for cancer patients.

Our healthcare clients are not alone:

“With the coronavirus pandemic turning doctors’ offices into no-go zones, family physicians are now doing many of their consultations online or by telephone,” The New York Times reports. “In a matter of days, a revolution in telemedicine has arrived at the doorsteps of primary care doctors in the U.S. and in Europe. The virtual doctor visits, at first a matter of safety, are now a centerpiece of family doctors’ plans to treat everyday illnesses. We’re basically witnessing ten years of change in one week.”

Until now, operational challenges, internal politics, resistance from doctors, state law limitations, and  HIPAA and reimbursement-related fears had stymied larger healthcare systems from embracing telemedicine. Due to COVID-19, these same players suddenly found ways to do the previously unimaginable – adopt telemedicine at scale in a matter of weeks.

According to Harvard Business Review, “Prior to this crisis, many major health care systems had begun to develop telemedicine services, and some, including Intermountain Healthcare in Utah, have been quite active in this regard. That said, nationwide use of telemedicine had been limited. John Brownstein, chief healthcare innovation officer of Boston Children’s Hospital, noted that his medical institution was doing more telemedicine visits during any given day in late March that it had during the entire previous year.”

During a recent webinar (COVID-19: Up to the Minute Learnings from Industry Experts on the Front Lines of the Coronavirus Pandemic), Ed Rafalski, Ph.D., Chief Strategy and Marketing Officer of BayCare Health said, “Necessity is the mother of innovation and invention here at Baycare. I have been trying to get the organization to get more providers stood up on our telehealth platform, and a crisis made it happen. So the good news is we’re adding capacity and getting providers trained that up until this point were either unwilling, or afraid, or too busy seeing patients. And so what’s happened is because people are canceling elective business, doctors have free time. So they’re saying, ‘Well heck, I’ll go ahead and get trained on telehealth.’  So we’re building our capacity exponentially, which is good news.”

Consumer and Doctor Acceptance of Telehealth: What Does the Data Shows?

With social and physical distancing, telemedicine has gained a greater consumer and provider appeal virtually overnight. Telemedicine is a new marketing opportunity, and now is the time to take full advantage of this shift. It’s likely to be a permanent change.

For their part, many consumers have been ripe for change for some time.

As far back as 2015, PricewaterhouseCoopers Health Research Institute found that fully 80% of consumers said they’d be open to looking beyond traditional visits for care, and 60% said they were willing to consider virtual doctor visits.

By 2019, American Well’s Telehealth Index: 2019 Consumer Survey, found 66% of consumers were willing to use telehealth, and 8% had tried it. As you might expect, attitudes toward telehealth varied by age. 74% of 18-34-year-olds and 72% of 35-44-year-olds said they were willing to use it, while 52% of seniors (65+) said they were open to telehealth. Of those who had used telemedicine, 54% were Millennials.

Speaking of Millennials, remember they were born into a tech-rich world. Millennials number over 75 million and 40 percent say telemedicine is an extremely or very important option. It’s in their digital DNA to expect and demand immediacy and convenience. What’s more, computers, laptops, mobile devices, and smartphones are ubiquitous, and virtually everyone is equipped for instant audio/video conferencing.

In response to COVID, Sykes TeleHealth Services just completed a survey to understand changing consumer perceptions and behaviors regarding telehealth in our new era. Interestingly, almost 42% of people initially screened were still not even aware of telemedicine, which disqualified them from taking the survey. Of the 2000 respondents (58% of the total) of people who ARE aware of telehealth:

• When asked if their health insurance provider covers telemedicine, 52% said yes, 10% said no, and 35% weren’t sure.
• When asked, “Have you ever considered trying a telehealth appointment?” 20% said they had already completed a telehealth appointment, 40% had considered it, but not yet made an appointment, 37% said they would consider it, and 3% said they wouldn’t consider it.
• Importantly, people who try telehealth become satisfied enough to do it again. Of those who had tried a telehealth appointment, 59% said they’d already had more than one appointment, 37% said they’d consider scheduling another appointment, while 4% said they would not consider another appointment.
• Most importantly, COVID-19 promises to be a game-changer. 73% of respondents said they’d be willing to use telehealth if they showed symptoms of COVID-19, while 60% said COVID-19 had increased their willingness to try telehealth in the future.

Meanwhile, even before COVID-19, physicians predicted a growing acceptance of telehealth. American Well’s 2019 Physician Survey reported that 69% of physicians were willing to have a video visit. The top reasons cited were increased access for patients, flexible work-life balance, to attract and retain patients, to improve outcomes, and to be on the leading edge of medicine.

What’s more, 22% of surveyed physicians said they had already used telehealth to see patients, a 340% increase from 2015 when only 5% had tried it. These doctors reported benefits, including increased access to care, more efficient use of time, reduced costs, high-quality communications with patients, and enhanced relationships with patients.

To make the data come alive for you, let me share two personal stories.

Last year, our family was enjoying Spring Break at our (currently closed) Airbnb vacation rental in Palm Springs. My daughter woke us up, worried about a bug bite with a growing ring around the site of the bite. Rather than taking a chance and spending time at unknown urgent care, we opened my laptop and requested a quick telemedicine conference. Presto, within mere minutes – and for less than I would have paid at the urgent care – our daughter’s minor-but-annoying irritation was solved. She was relieved, and we all sat down to enjoy a family morning with pancakes. Anecdote #2: Days after I alerted him to the new HIPAA and reimbursement changes, my primary care physician sent me an email proudly announcing, “Hey… I’ve now got telemedicine available.” Evidently, he now appreciates the opportunity that is knocking.

The Telemedicine Marketing Opportunity
The coronavirus outbreak has been a tumultuous experience and a worldwide tragedy. At least we can take some solace that our nation’s healthcare system will almost inevitably improve as a result. Telemedicine specifically offers the promise of better care and, at the same time, provides a unique marketing opportunity.

As we’ve seen, the barriers to telemedicine adoption are disappearing rapidly. Regulations and reimbursement are improving. Meanwhile, most doctors and patients who have tried telemedicine continue to use it.

Virtual services provide a fresh (and often new) service line for hospital CEOs, medical practice administrators, doctors, nurse practitioners, behavioral health professionals, and other healthcare providers.

Potential benefits to your organization include:

• Greater patient satisfaction
• Exceptional convenience
• Patient retention
• Operational efficiency, and
• Increased revenues

Many consumers have long been enthusiastic about the convenience of telemedicine. Changes on the provider side—partly due to the COVID-19 Nationwide Public Health Emergency—include:

• Telemedicine reimbursement is more universally available, including many, if not most, private insurance plans
• Some virtual doctor visits pay at the same rate as regular in-person visits
• Our government has relaxed HIPAA have restrictions in favor of the greater good because of the COVID emergency
• Medicare Part B provides for billing for non-face-to-face communications
• The learning curve has become flat; providers and patients are familiar with communications technology (Zoom, Google Meet, FaceTime, etc.)
• Patients and healthcare providers have computer equipment and use two-way communications nearly universally
• Professional organizations, such as the American College of Physicians, encourage virtual visits, whenever appropriate, to limit potential coronavirus exposure

Here are some of the telemedicine marketing strategies to consider:

• Email your patients to inform them that you now offer telemedicine. Reinforce the message with in-office signage and staff/provider conversations with patients
• Feature your telemedicine option on your website
• Promote a new level of convenience with universal consumer appeal
• Promote telemedicine through your SEO/organic and paid social media
• Start a paid search campaign that targets patients in your area who are already looking for a telemedicine provider
• Present telemedicine as an offer, such as a telemedicine screening
• It can also act as a gateway channel for an online second opinion
• A low-cost, low-risk introductory channel for elective care
• Telemedicine is an easy and natural initial gateway for urgent care
• Offer telemedicine services through doctors, nurse practitioners, clinical psychologists, and many others
• Remote patient monitoring, compliance, and follow-up
• A telemedicine connection can be available at partner locations. (For example, generalists could provide telemedicine access to allied specialists when appropriate.)

In some medical marketplaces, your new telehealth marketing program coulds be a competitive advantage. In other areas, telemedicine is rapidly becoming “table stakes.”

Remember, whether you choose to embrace telemedicine or not, you are already competing with local providers AND well-funded telehealth service providers like Teladoc.

What are Some Telemedicine Options?

People still need healthcare, and healthcare still needs patients. Right now, the various telemedicine formats are an attractive and safe way to connect with new and existing patients. Some platforms also easily facilitate group meetings or collaboration among multiple participants, partners, or internal staff.

And, it’s now relatively easy to open a telemedicine window across the service spectrum. Health systems, medical practices, hospitals, urgent care centers, and other healthcare providers all can adopt telemedicine to benefit their community. For the most part, telemedicine platforms are scalable and can serve large multi-location providers, hospitals, and service line departments, as well as individual doctors and practices.

Right now, during the COVID-19 epidemic, smaller providers are necessarily relying on simple, ad hoc technologies like FaceTime, Zoom, or Skype.

Still, there are dozens of mature and stable software options available for both the enterprise level (e.g., EHR/HL7v2/FHIR integrations at Microsoft) and for the individual practice.

Just in case creating a telemedicine program is entirely new for you, or if you’re rolling it out as a more substantial part of your services, here is an unordered sampling of some of the telemedical services you might consider:

DOXY.ME – A simple, free, and secure telemedicine solution with unlimited message, voice, and video connections. It also has paid tiers with additional features. Doxy.me integrates with Electronic Health Records (EHR) or Practice Management software.

ALLSCRIPTS – Now offers telemedicine integration for health systems and practices to its EHR and practice management software offerings.

EVISIT – Claims an industry leadership position a virtual care provider favored by health systems, hospitals, clinics, and physician groups in the US.

AMC HEALTH – Provides various comprehensive services, including patient personalization and remote monitoring and tracking of patient devices. AMC Health includes clinical trial and research options.

SIMPLEVISIT – Manages telemedicine programs with HIPAA-compliant video visits compatible over Skype, FaceTime, or other communications platforms.

MEND – Described as full-featured and easy to use telemedicine suite. Mend includes voice and video calling, plus appointment reminders, online forms, and appointment self-scheduling.

MEDICI – A secure platform to connect doctors with patients using text, audio, and video. HIPAA compliant provides for billing, chat translate, and other features.

UPDOX – A secure, simple, HIPAA-compliant telemedicine tool. “During the COVID-19 crisis, telehealth is a critical channel for physicians to care for patients while minimizing risk to themselves and others and protecting the community.”

SPRUCE HEALTH – Describes itself as a powerful tool for patients, healthcare providers, and other partners in health to connect and communicate.

Remember, telemedicine and telehealth capabilities represent a significant marketing opportunity. The social distancing demands, plus the broad audience appeal and accessibility, will fundamentally change how patients are seen now and for the foreseeable future.

For Additional Reference:

Coronavirus: CMS eases restrictions on telehealth and virtual services

HEALTHCARE SUCCESS Podcast: Telehealth Providers Have More Options Than Ever Before, with David Craig, Medical Director at Spruce Health.

BLOG ARTICLE: How to Build a Healthcare Brand for Millennials (and why you must)

Note, while the terms are often used interchangeably by the public and even some of the sources cited in this post, technically speaking, TELEMEDICINE refers to remotely providing healthcare services, typically using a secure audio/video platform between provider and patient. Telemedicine is a subset of the larger TELEHEALTH, which also includes online medical education, training, administrative meetings, group sessions, and the like.

Related Telemedicine, Telehealth & COVID/Coronavirus disease links available on the pages of Healthcare Success:
The Explosive Rise of Telemedicine Will Challenge Your Marketing Plan | Why Telehealth of Tomorrow Belongs in Your Marketing Plan Today | COVID Healthcare Marketing Questions: Pause, Pivot, or Push for Success? | COVID-19: Healthcare Marketing Adjustments | Ways Social Media & Digital Marketing Help the Public During the COVID-19 Pandemic

The post Telemedicine & Telehealth Emerge as Medical Marketing Opportunities During COVID appeared first on Healthcare Success.