Wage Bumps, Training and Long-Term Care Financing: Recommendations for Improving Caregiver Job Quality

The demand for caregivers continues to grow significantly. But unless job quality improves, filling these roles will be an uphill battle.

That’s according to PHI, a New York-based advocacy organization for direct care workers. On Tuesday, the organization released a new report detailing recommendations to improve job quality for caregivers.

Overall, the direct care workforce includes 4.6 million workers. About 2.4 million of these caregivers are home care workers.

Between 2018 and 2028, there will be an estimated 8.2 million job openings in direct care. This includes 1.3 million new jobs to meet the growing demand for care and 6.9 million openings caused by workers leaving this line of work.

Currently, there are a number of factors that impact job quality for caregivers, including low compensation, inadequate training, limited career advancement opportunities, and gender and racial inequalities. Those challenges, in turn, make it more difficult for home-based care providers to recruit and retain workers on a long-term basis.

“For too long, direct care jobs have remained poor quality, impacting workers, employers, and consumers and their families,” Robert Espinoza, vice president of policy at PHI, said in a press release statement. “A positive transformation of this job sector will make life easier for all of these groups.”

On top of existing challenges, the COVID-19 emergency has further compounded working conditions for caregivers.

“The impact of COVID-19 and an under-resourced system continues today as providers struggle to not only provide quality care but to adequately protect and support their workforce,” the PHI report stated.

In order to address workforce challenges, PHI made eight recommendations.

For starters, PHI is calling for reforms to long-term care financing. This includes increasing Medicaid reimbursement rates and strengthening public financing for long-term care.

PHI also is suggesting an increase in wages for caregivers. This includes paying workers a living wage, improving access to full-time schedules and enhancing workplace benefits.

Additionally, PHI recommends improving training standards, funding direct care workforce interventions, creating robust workforce data collection systems, and integrating caregivers into important advisory roles and leadership positions. It also says providers need to address systemic racial and gender barriers.

“This country is at a critical and promising moment in history when we can finally move forward a range of strong policy measures that improve direct care jobs and enhance care for older adults and people with disabilities — we need to act now,” Kezia Scales, director of policy research at PHI, said in a statement.

The post Wage Bumps, Training and Long-Term Care Financing: Recommendations for Improving Caregiver Job Quality appeared first on Home Health Care News.

More Than 45 Million Medical Images Are Openly Accessible Online

More Than 45 Million Medical Images Are Openly Accessible Online

What You Should Know:

– CybelAngel tools scanned approximately 4.3 billion IP addresses and detected more than 45 million unique medical images left exposed on over 2,140 unprotected servers across 67 countries including the US, UK, and Germany.

– The report highlights the security risks of publicly accessible images containing highly personal information including ransomware and blackmail.


The analyst team at CybelAngel, a global leader in digital risk protection, has discovered that more than 45 million medical imaging files – including X-rays and CT scans – are freely accessible on unprotected servers, in a new research report.

Medical Device Data Leaks

The report “Full Body
Exposure
” is the result of a six-month investigation into Network Attached
Storage (NAS) and Digital Imaging and Communications in Medicine (DICOM), the
de facto standard used by healthcare professionals to send and receive medical
data. The analysts discovered millions of sensitive images, including personal
healthcare information (PHI), were available unencrypted and without password
protection.

CybelAngel tools scanned approximately 4.3 billion IP addresses and detected more than 45 million unique medical images left exposed on over 2,140 unprotected servers across 67 countries including the US, UK, and Germany.

The analysts found that openly available medical images, including up to 200 lines of metadata per record which included PII (personally identifiable information; name, birth date, address, etc.) and PHI (height, weight, diagnosis, etc.), could be accessed without the need for a username or password. In some instances, login portals accepted blank usernames and passwords.

“The fact that we did not use any hacking tools throughout our research highlights the ease with which we were able to discover and access these files,” says David Sygula, Senior Cybersecurity Analyst at CybelAngel and author of the report. “This is a concerning discovery and proves that more stringent security processes must be put in place to protect how sensitive medical data is shared and stored by healthcare professionals. A balance between security and accessibility is imperative to prevent leaks from becoming a major data breach.”

3 Steps to Safeguard The Way Providers Share & Store
Data

CybelAngel advises there are simple steps that healthcare facilities can take to safeguard the way they share and store data including:

– Determine if pandemic response exceeds your security policies: Ad hoc NAS devices, file-sharing apps, and contractors may take data beyond your ability to enforce access controls

– Ensure proper network segmentation of connected medical
imaging equipment: Minimize any exposure critical diagnostic equipment and
supporting systems have to wider business or public networks

– Conduct real-world audit of third-party partners: Assess
which parties may be unmanaged or not in compliance with required policies and
protocols.

– CybelAngel provides a complimentary, comprehensive 30-day
data exposure assessment healthcare and other organizations use to measure
their risk and uncover priority issues.

M&A: Imprivata Acquires Patient Privacy Intelligence Company FairWarning

M&A: Imprivata Acquires Patient Privacy Intelligence Company FairWarning

What You Should Know:

– Imprivata acquires FairWarning Technologies, a provider
of patient privacy intelligence.

– The combined solutions will offer healthcare a single Digital Identity platform that integrates role-based access controls, identity governance, and data privacy compliance.


Imprivata®, the digital identity company for healthcare, today announced the acquisition
of FairWarning
Technologies, LLC
, a Clearwater, FL-based provider of patient privacy intelligence. The
combination of Imprivata and FairWarning
solutions provide customers with a single Digital Identity platform that
integrates role-based access controls, robust identity
governance, and critical data privacy compliance.

Patient Privacy
Intelligence Platform

FairWarning is an analytics and insider threat detection platform. The platform ingests hundreds of data sources, such as EMR, CRM, HR, and others, and applies data logic and machine learning to identify potential breaches of protected information. Primarily serving the healthcare market, FairWarning is the leader of Patient Data Privacy Intelligence and Drug Diversion analytics that serves compliance officers in the protection of Protected Health Information (PHI). FairWarning also provides similar data privacy solutions specifically designed for mission-critical business applications for enterprise and financial services.

“Like Imprivata, FairWarning is focused on delivering a world-class experience that ensures customers benefit from the full value of the investment in their solutions,” said Gus Malezis, CEO of Imprivata. “I’m thrilled about the similarities we share in culture and in our commitment to our customers. We’re excited to make FairWarning a key component of our go-forward analytics and Digital Identity strategy, and to be able to offer our customers a broader set of solutions from a single vendor that is committed to delivering innovative products and a signature customer experience.”


‘We’re Looking for the Best of the Best’: Why Dementia-Focused Home Health Provider Tender Rose Cherry-Picks Top Caregivers

As the number of Americans living with Alzheimer’s and other forms of dementia rises, more in-home care providers are rolling out specialized services lines focused on memory care and disease-specific needs. Some providers are even building their entire businesses around dementia.

One such in-home care company is Tender Rose Dementia Care Specialists, which has been the largest one-on-one dementia care provider in its market since 2009.

“All of our clients have dementia. All of our caregivers are highly trained memory care professionals,” Jim Kimzey, the company’s founder and CEO, told Home Health Care News. “Our mission is to improve the quality of life of people living with dementia and their families. It’s not just about keeping them safe and taking care of their physical needs.”

San Rafael, California-based Tender Rose’s service lines include personal assistance, companion care, “couples care” and live-in care. The company — launched by Kimzey and his siblings after their mother passed away following her own battle with Alzheimer’s disease — currently has eight locations across the state.

Nationally, there are more than 5 million people age 65 and older living with Alzheimer’s disease — a number that is estimated to grow by roughly 14 million by 2025, according to statistics from the Alzheimer’s Association. Alzheimer’s disease is the most common form of dementia, with others including vascular dementia, Lewy body dementia and more.

While dementia is prevalent across the general U.S. population, it’s especially present in the home-based care space. One home care provider, for example, recently told HHCN that almost 80% of its clients have a primary or secondary diagnosis of Alzheimer’s or another form of dementia.

As the CEO of Tender Rose, Kimzey believes that there’s value in a company that specializes in delivering dementia care in the home setting. When it comes to caring for seniors with dementia, Tender Rose takes what it calls a “person-centered, activity-based care approach.”

“The biggest difference, I see, between what we do, and what traditional home care does is … we get to know the person who has dementia,” he said. “We engage them in activities that bring them joy and meaning, at whatever level they can still participate. What traditional home care tends to do is focus on the physical needs of the client. Everything is about activities of daily living (ADLs) or instrumental activities of daily living (IADLs).”

One example of keeping a person with dementia engaged, Kimzey said, might be introducing an activity that’s both task-oriented, but one that also allows the individual to flex his or her “creative muscle.”

That kind of approach is generally far more effective than dictating commands or carrying out a random assortment of activities to simply pass time, according to Rachael Wonderlin, a dementia care consultant and author.

“I’m thinking something small, like bringing a little wooden birdhouse to your client’s home and saying, ‘Hey, we’re going to be putting this out in the garden. I could really use your help painting this,’” Wonderlin told HHCN. “That’s a whole hour-long activity where they’re engaged, doing something fun and purposeful. There’s a clear reason why they’re doing it.”

Although home care providers frequently serve individuals impacted by dementia, their expertise is sometimes limited. In fact, in cases where a senior living with dementia doesn’t suffer from any physical limitations, traditional in-home care can fall short.

“One of the things that happens is the person with dementia may actually be physically healthy and they don’t need that much help with ADLs,” Kimzey said. “If a traditional caregiver walks through the door and thinks, ‘My job is to help you when you need to go to the bathroom, bathe, eat or get dressed,’ the person with dementia is like, ‘I don’t need help with any of that. You can leave.’”

The majority of Tender Rose’s clients have had previous bad experiences with traditional home care agencies or with the private caregivers who they’ve hired. Specifically, issues arise when the caregiver hasn’t received training to deal with dementia, according to Kimzey.

“The caregiver who isn’t trained in dementia care — one who doesn’t really focus on quality of life or person-centered activity-based care — has a much higher probability of triggering agitation that creates behavioral problems,” he said.

While many companies have dementia-education programs for their caregivers, these programs are not always comprehensive.

“Giving one day, or half of a day, to a slideshow about dementia is not enough to actually teach people and encourage a dementia-positive environment — or even the ability to market [that an agency has] trained in dementia care,” Wonderlin said. “A two-hour presentation on dementia is not enough for somebody to be able to go into a situation and provide care.”

To that end, Tender Rose trains its caregivers based on methods popularized by Teepa Snow, the owner of Positive Approach to Care and a thought leader in the dementia care space. Positive Approach to Care is an Efland, North Carolina-based company that provides dementia care training, services and products across the globe.

Snow’s methods emphasize the importance of in-person and hands-on training that utilizes roleplaying and interactive discussions.

For Tender Rose, training is only a small part of differentiating itself from traditional home care providers. Tender Rose is also highly selective when it comes to recruiting its caregivers.

“Our labor strategy is to cherry-pick the best dementia caregivers in the industry,” Kimzey said. “We’re looking for the best of the best. We’re not looking for housewives who want a part-time flexible job to get a little extra spending money. We’re looking for professionals who need to work, who love doing dementia care and are good at it.”

In order to retain caregivers, the company offers a higher-than-average pay rate of $23.62 an hour. In comparison, caregivers earned a median hourly wage of $12.80 in 2019, according to PHI data.

Additionally, Tender Rose’s benefits package for caregivers includes health insurance, 401(k) plans, paid-time off and consistent hours with long-term clients.

For providers looking to truly take on dementia care, Kimzey reminds them that it’s crucial to constantly work to improve these care services.

“No matter how good you are at dementia care — you still have room for improvement,” he said. “We’ve been doing this for 11 years and we think that we do it better than just about anybody. And we aren’t nearly as good as we’re going to get. Don’t ever get complacent about how good you’re doing.”

The post ‘We’re Looking for the Best of the Best’: Why Dementia-Focused Home Health Provider Tender Rose Cherry-Picks Top Caregivers appeared first on Home Health Care News.

COVID-19 Underscores Need for Identity Governance Administration

COVID-19 Underscores Need for Identity Governance Administration
Wes Wright, CTO at Imprivata

If you work in healthcare, chances are that the COVID-19 pandemic forced you to quickly scale up or move staff around to manage the onslaught of patients. The demand for clinicians and support staff grew alongside the spread of the virus, making organizations add clinicians or reassign employees with new or modified roles: Ambulatory nurses went down in the Emergency Department or Isolation Ward, revenue cycle folks started doing transport, and so on. In some cases, former staff or retired workers were called back to help with the surge. 

In the midst of these time-compressed changes, organizations remained rightly focused on their number one priority: patient care delivery. In the background, IT professionals were struggling to manage the slew of new digital identities while ensuring fast-access to new applications, workflows, and devices to accommodate remote work. Giving clinicians this access meant having to quickly provision and deprovision access during the staff ramp-up. Inevitably, access became a problem – whether to the systems or applications needed to do their jobs. In worst-case scenarios, organizations had to balance security and compliance with the delivery of healthcare services to patients. Security protocols were also compromised – a trade-off that should never have to happen. 


Pandemic Spotlights Needs for IGA
In response to the identity management challenges presented by the COVID-19 pandemic, healthcare IT  organizations that had and Identity Governance Administration (IGA) systems came to the rescue.  Those that didn’t, well….. IGA systems provide a fast, reliable way to manage digital identities through provisioning, governance, risk and compliance, and de-provisioning for healthcare workers who need access to workstations and applications. This is even more so the case in a crisis environment. A recent study conducted by Forrester Consulting found that an automated system helps organizations manage, streamline, and secure transactions across hypercomplex ecosystems of healthcare users, locations, devices, and locations. What’s more, according to Forrester, automation also saves time and money and results in a higher quality patient experience. 

Fact is, even in the normal times, healthcare organizations rarely excel at tracking personnel moves, especially the adds and changes due to the time and system constraints often involved. That leads to what I call a “stacked shares” situation. These typically involve a person with decades of experience in your organization who has worked in multiple administrative or clinical areas within the organization and has access to about 80 percent of your network shares because she/he was never deprovisioned from ANY shares. In these instances, the network shares just kept getting “stacked,” one on top of the other. That’s probably exactly what happens during the COVID-19 pandemic as people move around to adapt to the ongoing crisis.

Another unexpected challenge created by the pandemic relates to furloughs. What is your healthcare organization doing with them? Are you disabling and then re-enabling accounts? Re-provisioning when/if they come back? What if they’ve come back but in a new role? Again, the “stacked shares” situation arises. You will likely regret it if your organization doesn’t have an automated IGA system to help you keep track of these movements through an integrated GRC system.


Moving to a Remote Workforce
COVID-19 forced many healthcare organizations to rapidly accommodate a remote workforce. Only a few departments worked remotely before the pandemic, so routers, network, architecting, and bandwidth all had to be upgraded. Most health systems also required additional licensing to successfully ramp up services. Above all, the priority was to prevent any serious disruptions for clinicians. 

Here again, health systems faced the challenge of balancing usability with security concerns. Tools like Zoom and Microsoft Teams proved useful, but they created additional risks including diminished safety of our healthcare workers, cybersecurity intrusions, and hacks – like theft of PHI, ransomware, and more. IT staff had to ensure the security of both the devices and the platforms being used, which is also easily managed by solid IGA systems. 

In these cases, IGA systems analyze login data in real-time via Login Activity reports. They weave digital identity and access management, single-sign-on capabilities, and governance into workflows to strengthen security without compromising care delivery. This includes remote identity proofing to enable electronic prescribing of controlled substances (EPCS), as well as ensure compliance with DEA regulations while avoiding in-person interactions. 

We will no doubt be living in a world of both in-person and remote healthcare for some time given the COVID-19 crisis. One lesson we already learned from the big experiment we just completed is that healthcare organizations benefit from having an IGA system in place to help balance their healthcare delivery, efficiency, and safety, as well as security and compliance. Implementing an IGA strategy no doubt makes it easy for clinicians to securely and seamlessly transition between workstations and applications and have their identity follow them.


About Wes Wright

Wes Wright is the Chief Technology Officer at Imprivata and has more than 20 years of experience with healthcare providers, IT leadership, and security. Prior to joining Imprivata, Wes was the CTO at Sutter Health, where he was responsible for technical services strategies and operational activities for the 26-hospital system. Wes has been the CIO at Seattle Children’s Hospital and has served as the Chief of Staff for a three-star general in the US Air Force.


CommonWell Enables Payer Access to Nationwide Interoperability Network

FHIR-based APIs Health Gorilla Becomes Largest CommonWell Connector

What You Should Know:  

– CommonWell Health Alliance enables payer access with the addition of a new service provider, DataFile Exchange to support the operational services specific to the Payment and Health Care Operations use case.


CommonWell
Health Alliance
today announced it is extending its interoperability
services to enable additional use cases beyond treatment and patient access,
starting with Payment and Health Care Operations data requests.

Data File Exchange Background

To support this effort, CommonWell has added a new service
provider, DataFile Exchange, to support the operational services specific to
the Payment and Health Care Operations use case. Together, DataFile Exchange
and Change Healthcare, the technology service provider for CommonWell, will
facilitate the automated exchange of data requests from a broader set of users,
including payers, record locator vendors and other qualified entities.

Why It Matters

Despite strides made in electronic clinical data exchange, existing payments and operations processes providing access to protected health information (PHI) remain archaic, predominantly manual, expensive, error-prone, and time consuming. The additional functionality provided by the new use case aims to end these outmoded processes, improve the quality of care, and drive efficiency across the health care continuum.

DataFile Exchange was founded by Janine Akers, an industry leader in the exchange of PHI. DataFile Exchange will work closely with CommonWell, its members, and Change Healthcare, which continues to act as the CommonWell technology service provider and data broker for the CommonWell network––in addition to building the functionality needed to support Payment and Health Care Operations data requests.

“Improving data exchange of Payment and Health Care Operations is critical, particularly as we look at ways to help our health care system do more with less time and resources,” said Janine Akers, founder and CEO of DataFile Exchange. “DataFile Exchange has broad industry experience with handling PHI, so it’s only natural for us to shift our focus to automating the exchange of PHI. We’re well-positioned to partner with CommonWell in its effort to help patients, providers and payers benefit from these next-level interoperability services.”

Four CommonWell Service Adopters who provide record
retrieval services––Change
Healthcare
CioxInovalon and Moxe Health––currently are participating in
a pilot to refine the use case, with the goal of making CommonWell services for
Payment and Health Care Operations purposes generally available for these underserved
areas in the coming few months.

Today, the CommonWell network enables the federated exchange
of patient information across more than 17,000 provider sites representing 100
million individuals on its nationwide network alone. Combined with its CommonWell
ConnectorTM and collaboration connections like the Carequality Framework,
connected provider sites can exchange data with more than 50,000 clinics,
hospitals, specialty centers and more. To date, more than 790 million health
documents have been exchanged across the CommonWell network.

Poor Job Quality, Low Wages Continue to Hurt Caregiver Recruitment in Home Care

Over the past decade, low compensation, inadequate training and limited career advancement opportunities have weakened job quality for caregivers. That, in turn, has limited the pool of hiring candidates for home care providers.

But in light of caregivers’ role amid the COVID-19 emergency, it’s more important than ever to take concrete measures that can improve the job for years to come.

“Home care providers should know that improving home care jobs can lead to various benefits, including increased job satisfaction, reduced turnover and better care with less costly health outcomes,” Robert Espinoza, vice president of policy at PHI, told Home Health Care News in an email.

PHI, a New York-based advocacy organization for direct care workers, released a new report highlighting the longstanding challenges caregivers face on Tuesday.

The home care market has been historically plagued with workforce issues, with providers in the space often struggling to recruit and retain caregivers. Between 2018 and 2028, there will be an estimated 8.2 million job openings in direct care.

Part of the reason recruitment can be a challenge in the industry is because caregiver wages cannot compete with other occupations, according to the PHI report.

Across the U.S., the median wage for caregivers is lower than that of other jobs with similar entry-level requirements, such as janitors, retail salespersons and customer service representatives.

In 2019, direct care workers earned a median hourly wage of $12.80, a meager improvement from $12.61 in 2009. As a result, 45% of direct care workers live in or near poverty, according to PHI data.

Another challenge for caregivers has been the training landscape.

“Direct care training requirements vary significantly by state, program and occupational role; personal care aides, for example, lack any federal requirements, and state laws for this segment of the workforce are thin and inconsistent,” the PHI report stated. “Furthermore, many training programs in this sector are topic-based and duration-based, instead of taking a competency-based approach that emphasizes workers’ acquisition of the right knowledge, skills and abilities.”

Additionally, there is a lack of career advancement opportunities for caregivers, according to PHI.

“The lack of career pathways within direct care jobs —and from direct care into other fields— prevents direct care workers from assuming new roles with elevated titles and higher compensation,” the report pointed out. “This scarcity of career paths also affects retention.”

In order to address these issues, there are five pillars PHI highlights for policymakers and industry leaders. These pillars include: quality training; fair compensation; quality supervision and support; respect and recognition; and real opportunity.

“This report makes clear that the workforce challenges we’re witnessing today in home care have been around for a long time and must be remedied by providing workers higher compensation, better training, increased career paths, and widespread recognition that they are essential to our care system and the economy,” Espinoza said.

The post Poor Job Quality, Low Wages Continue to Hurt Caregiver Recruitment in Home Care appeared first on Home Health Care News.

Getting Beyond the Telehealth ‘Stop-Gap’ Mentality

Getting Beyond the Telehealth's ‘Stop-Gap’ Mentality
Roland Therriault, President, InSync Healthcare Solutions

Since COVID-19 emerged as a major health threat, virtual care has taken off. As many as 46% of patients reported in late April that they had used telehealth to replace a canceled healthcare visit in 2020, while 48% of physicians said they had started using telehealth to treat patients.  

While a shift in care models was necessary to address business continuity amid the pandemic, these trends also represent positive movements as a growing body of evidence supports the real-life benefits of telehealth. Remote models of care are connected to safe and effective consultations across many use cases, low exposure to viruses, and much-needed access to care.  

Yet the fact that physician adoption isn’t higher suggests two things:

1) Physicians may be taking a ‘wait and see’ approach in the hopes that patients will want to return to in-person care as economies reopen; or

2) Some physicians haven’t yet figured out their long-term telehealth strategy. In truth, many providers are treating telehealth as a “stop-gap” — or temporary — solution until life returns to normal.

But given the increasingly positive data around telehealth as a safe alternative to in-person care, as well as its track record in successfully treating patients, it’s time for providers to reframe their thinking. In the future, practices will need a healthcare strategy that balances virtual with in-person care.

Rethinking Telehealth 

As recently as ten years ago, telehealth reimbursement was largely limited to patients in rural areas, as payers didn’t yet see the value of compensating doctors for virtual encounters. 

Today, most payers and providers recognize the value of telehealth on some level amid rising demand for services and severe professional shortages. In particular, remote care models have proven their worth during the pandemic as an effective means of preventing the spread of disease. Greater acceptance of telehealth is further demonstrated by the recent decision to relax HIPAA requirements by HHS’ Office of Civil Rights (OCR), allowing more providers and patients to virtually connect through FaceTime, Zoom, or other two-way communications systems during the current pandemic. 

This is an important first step, although many providers remain resistant to change for a variety of valid reasons. Some of these include discomfort with remote care models, reimbursement concerns, and the cost of deploying telehealth. 

Performing medicine in a way that doesn’t align with one’s training feels unnatural, and some providers have said that virtual encounters feel less personal. The fact is that most clinicians weren’t trained to diagnose patients remotely or engage over a screen and are simply hesitant to embrace this approach to care.

Also, providers may have trepidation about not getting paid. While CMS and private payers have expanded coverage, multiple healthcare providers have reported that bills are being delayed or only partially paid by health plans. 

With limited insight into the potential return on that investment, concerns over the cost of implementing telehealth are also reasonable. A physician who is consulting with patients remotely through FaceTime, for example, might wonder if the investment in a more secure, robust telehealth platform will make sense in 12 months, should a COVID-19 vaccine materialize. 

Yet by not adopting a more permanent telehealth solution, providers may be hurting themselves down the road. Patients increasingly believe virtual care is highly effective, and some even prefer it. According to a SYKES consumer survey administered in March, 60% of 1,441 respondents said the COVID pandemic has increased their willingness to try telehealth.  

Also, while HHS has relaxed HIPAA enforcement at the moment, there’s no indication this will continue. Healthcare organizations will need to ensure that the platform or program they’re using is designed to keep protected health information (PHI) safe.  

Investing in the Future

Given the upward trajectory of telehealth, it benefits providers to thoughtfully invest in the right strategies and solutions now to extract the greatest value and return on investment down the road. Here are four steps to take, when shifting to a long-term telehealth strategy:  

– Identify needs. Many primary-care practices may have seen a bump in interest in telehealth due to COVID-19, while specialty practices may see increases stay steady, even when fears of the coronavirus fade. When planning long-term, put patient needs first: In what ways can telehealth improve care delivery, going forward? Look at data, such as virtual-visit utilization patterns, to see where there are opportunities to grow telemedicine (e.g., expanding chronic care management) based on needs.

– Consider workflows. The ideal telehealth program doesn’t interrupt clinical workflows – it enhances them. If you’re using a ‘stop-gap’ video conferencing solution to provide telemedicine, is it easy to integrate practice notes with your EHR? Or, do you have to take extra steps to document patient encounters for clinical and billing departments? 

Seek supportive partners. You can use any number of technology platforms to conduct telemedicine encounters, but not all platforms are created equal. When looking at implementing a telehealth platform, consider not only ease of use, and interoperability, but also what a particular vendor is offering: How well the telehealth platform in question can accommodate the needs of a particular specialty? What are existing clients are saying about things like training, vendor support, and the patient experience?

– Proactively engage. Your patients have most likely heard of telehealth, but they may not realize that telehealth is multifaceted and can be used to diagnose conditions such as skin disorders or allergies and can be just as effective as in-person visits. Educating patients about telehealth’s benefits, and making it easy for them to try telehealth, is essential to success.  

Expanding telehealth’s role in the medical practice benefits everyone, from physicians to patients to payers. Moving past the “stop-gap” mentality now will reap greater benefits in the future, regardless of whether we’re in the midst of a pandemic, or simply trying to provide excellent care on a day-to-day basis.


About Roland Therriault

Roland Therriault
is the President and Executive Vice President of Sales at InSync Healthcare Solutions, a provider
of integrated EHR and practice management software, revenue cycle management
services and medical transcription to thousands of healthcare professionals
throughout the United States. Roland Therriault manages all operations of the
company, driving its go-to-market strategy and overseeing all sales activities.
His experience in healthcare and technology includes more than 20 years of
direct and channel sales, strategic planning and business development. Prior to
joining InSync, Roland served as Vice President of Sales for MD On-Line, a
provider of acute and ambulatory clinical and practice management solutions.


3 Telemedicine Security and Compliance Best Practices

3 Telemedicine Security and Compliance Best Practices
Gerry Miller, Founder & CEO at Cloudticity

The coronavirus pandemic accelerated telemedicine exponentially as patients and doctors switched from in-person visits to remote consultations. Health providers rapidly scaled virtual offerings in March and April and traffic volumes soared to unprecedented levels, with practices “seeing 50 to 175 times the number of patients by telehealth than before the outbreak,” according to McKinsey. By early August, the U.S. Department of Health and Human Services expanded the list of allowable telehealth services in Medicare and there was an executive order supporting permanent telehealth provisions for rural areas.

But the surge in telemedicine adoption comes with a host of cybersecurity risks and regulatory compliance requirements unique to the healthcare sector.

As telemedicine traffic increases, so does the volume of hacking attempts. Recent cybersecurity news indicates healthcare organizations are top targets for cyberattacks and “providers remain the most compromised segment of the healthcare sector, accounting for nearly 75 percent of reported breaches.” The consequences are chilling: “The average cost of a healthcare data breach is $7.13 million globally and $8.6 million in the United States.

Further, whenever patient information is involved, HIPAA compliance is required. While HHS temporarily suspended pursuing HIPAA penalties on providers for “good faith provision of telehealth during the COVID-19 nationwide public health emergency,” such permissiveness will not last.

Luckily, most telemedicine providers can utilize managed services and cloud infrastructure to keep pace. Here are some best practices to meet IT compliance and cybersecurity demands for telemedicine.

Telemedicine Compliance Best Practices

Compliance should be viewed as a real-time process that drives security. Telemedicine tools and technology should therefore reflect significant expertise with all healthcare regulations (HIPAA, HITRUST, HITECH), with compliance functions permeating processes. Recommended compliance best practices include:

1. Automate Remediation

Healthcare applications cannot offer high reliability if every potential compliance problem is remediated manually; there’s just too much that can go wrong and never enough staff to address it when needed. The solution is to automate everything that can be automated, and rely on people to handle exceptions or potential violations that don’t impact reliability. Cloud-based services can integrate AI and operational intelligence to automatically remediate anomalies when possible, present recommendations to operations staff for cases that cannot be resolved automatically, and present clear choices such as:

·         Do Nothing: Take no action, delete ticket after [x number of days]

·         Fix Now: Implement the recommended actions immediately

·         Schedule: Perform the recommended actions during the next maintenance window

This approach speeds resolution and decreases service disruptions, and improves the reliability of telemedicine delivery. The automated response also plays a critical role in security (which will be discussed shortly).

2. Perform Formal Risk Assessments

Understanding the risk level and specific risk issues are critical components for an effective compliance plan. Many providers of healthcare services underestimate their level of risk, in part because it is difficult to quantify. The HHS has published guidance in its Quantitative Risk Management for Healthcare Cybersecurity, which offers insight. There are also cloud solutions that can aid the process. Cloud services providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud offer automated security assessment services that help improve the security and compliance of applications deployed on their cloud hosting platforms. They can generally assess applications for exposure, vulnerabilities, and deviations from best practices. A good inspection service should highlight network configurations that allow for potentially malicious access, and produces a detailed list of findings prioritized by level of severity.

3. Reduce Attack Surface

To provide secure access to sensitive information, hybrid architectures supporting telemedicine applications need a virtual private network (VPN) gateway between on-premises and cloud resources. However, developers, test engineers, remote employees, and others who need access to cloud-based protected health information (PHI) may bypass a VPN gateway by either cracking open the cloud firewall to allow direct unencrypted internet traffic or using peering connections. To prevent such potential exposures, secure desktop-as-a-service (DaaS) solutions provide an elegant way to allow cloud-based access to PHI without exposing connections or records. A DaaS is generally deployed within a VPC providing each user with access to persistent, encrypted cloud storage volumes using an encryption key management service. No user data is stored on the local device, which reduces overall risk surface area without impeding development capability.

Telemedicine Security Best Practices

While the full scope of cybersecurity strategies is beyond the scope of this article, here are three best practices that telemedicine providers can use bolster their security profile:

1. Deploy Proactive Network Security

Modern cyber threats have become steadily more sophisticated in evading traditional security measures and more devastating once they penetrate network perimeters. For that reason, telemedicine providers need a highly proactive, multilayered approach to prevent malware-based outages, theft of intellectual property, and exfiltration of protected health information (PHI).

A combination of network anti-malware, application control, and intrusion prevention systems (IPS) is recommended. Such proactive solutions are generally bundled in managed cloud services that should automatically detect suspicious system changes in real-time, isolate and quarantine affected resources, and prevent the spread of exploits by locking down any server whose configuration differs from the installed settings.

2. Encrypt Data Storage

Data encryption is the last line of cyber-defense for PHI and other critical information. Even if an attacker can penetrate the perimeter and proactive network security and exfiltrate data from the provider, those data are useless to the hacker if encrypted. It’s good practice to encrypt all web and application servers running on cloud instances using a unique master key from a key management service when creating volumes.

Encryption operations generally occur on the servers that host cloud database (DB) instances, ensuring the security of both data-at-rest and data-in-transit between an instance and its block storage. For additional protection, you can also opt to encrypt DB instances at rest, underlying storage for DB instances, its automated backups, and read replicas.

3. Harden Operating Systems

Both Microsoft Windows Server and Linux are ubiquitous operating systems in telemedicine. They are also both attractive targets for cybercriminals because they provide complex capabilities, frequently remediate vulnerabilities, and are so common (increasing attackers’ chances of finding an unpatched system). Hackers use OS-based techniques such as remote code execution and elevation of privilege to take advantage of unpatched operating system vulnerabilities. Hardened images of Windows Server and Linux virtual machines (VMs) should be used, employing default configurations recommended by the Center for Internet Security (CIS). Such hardened images make gaining OS administrative extremely difficult, and coordinate well with proactive security bundles described earlier.

Additional resources for telemedicine compliance and security are available from the American Medical Association (AMA), the US Department of Homeland Security, the U.S. Department of Health and Human Services, and HITRUST.

 While these best practices are targeted primarily at telemedicine companies, they can also be applied to a wide range of healthcare providers and organizations delivering vital services in the face of 2020’s dramatic swings in demand.


About Gerry Miller

Gerry Miller is the founder and chief executive officer at Cloudticity. He is a successful serial entrepreneur and healthcare fanatic. From starting his first company in elementary school to selling his successful technology consulting firm in 1998, Gerry has always marched to his own drummer, producing a series of successes. Gerry’s first major company was The Clarity Group, a Boston-based Internet technology firm he founded in 1992. Gerry presided over seven years of 100% aggregate annual growth and sold the company in 1998 when it had reached $10MM in revenue.

He was recruited by Microsoft to become their Central US Chief Technology Officer, eventually taking over a global business unit and growing its revenue from $20MM to over $100MM in less than three years. Gerry then joined ePrize as Chief Operating Officer, where he grew sales 38% to nearly $70MM while improving operating efficiency, quality, and both client and employee satisfaction. Gerry founded Cloudticity in 2011 with a passion for helping healthcare organizations radically reshape the industry by unlocking the full potential of the cloud.

New Attacks, Regulations, and Stakes Call for New Security Strategies

New Attacks, Regulations, and Stakes Call for New Security Strategies
 Tim Callan, Senior Fellow, Sectigo

The amount of data generated by the healthcare industry is staggering—and constantly increasing.  Healthcare data encompasses the personal information of patients, doctors, nurses, and administrators. It includes diagnostic information, test results, ultrasound images, x-ray images, and of course insurance and financial information. With so much sensitive patient information there for the taking, it comes as little surprise that the healthcare industry—perhaps more than any other sector—has become a primary target for cyberattacks. Now, more than ever, it is critical that healthcare organizations take decisive action to protect their data. 

There has been no shortage of major (and notably costly) data breaches in recent years. The Equifax breach, for example, affected nearly half of all Americans. Last year’s Facebook breach was also headline news, thanks in large part to the number of users affected. Then there was a lesser-known yet costly LifeLabs breach—the largest in Canadian history—affecting more than 15 million people and prompting a lawsuit seeking north of $1 billion in damages for failure to adequately protect data. 

Healthcare data heists yield a premium, making them particularly attractive to hackers. The Center for Internet Security (CIS) notes that the “average cost of a data breach incurred by a non-healthcare related agency, per stolen record, is $158,” compared with $355 for healthcare records.

Though large, the LifeLabs incident isn’t even close to the largest healthcare data breach in history. That dubious honor goes to Anthem, which suffered a breach in 2015 that resulted in nearly 80 million compromised records. Although Anthem was able to reach a settlement with the victims for the relatively paltry sum of $115 million, both the standards for data protection and the expected remediation for failure have changed considerably in the five years since the attack. 

Regulations Raise the Stakes for Security

As the regulatory environment surrounding data breaches of all types grows more strict, hospitals and insurers have found themselves in the crosshairs of an increasingly brazen and sophisticated set of attackers. Part of the reason for this targeting stems from the relative value of healthcare records. There is a reason why “HIPAA” is an acronym known to most Americans, while other data protection laws are not.

Personal Health Information (PHI) tends to be more valuable than standard Personally Identifiable Information (PII) in large part due to its static nature. Patients can change a compromised credit card number or social security number, but not their medical history—and scammers prepared to exploit that history may render victims more vulnerable to certain types of fraud. 

New regulations are further raising the stakes for compliance. Although the California Consumer Privacy Act (CCPA) is not specifically targeted at healthcare organizations, the sector represents potentially one of the most vulnerable industries under the new law. If an organization is found to be in violation of CCPA, they have 30 days to rectify the situation or be subject to a fine of up to $7,500 per record exposed.

To put this in context: if CCPA were adopted nationwide, the LifeLabs breach that affected 15 million individuals would potentially be subject to a fine of $112.5 billion. That $1 billion lawsuits that LifeLabs is facing might sound like a lot, but under CCPA, it might mean getting off easy. This should underscore the necessity of protecting data of any kind today—let alone healthcare records. 

Ecosystems Span Email to Equipment

With the healthcare industry becoming an increasingly popular target and the penalties for breaches growing steeper, it’s important to consider that every endpoint, from desktops to devices, present attack paths for hackers. Measures as simple as stronger email security can make a big difference: in 2018 alone, Business Email Compromise (BEC) attacks resulted in more than $1.2 billion in victim losses. Spear phishing attacks, which are carried out using social engineering techniques to convince the target to relay confidential personal or financial information to what they believe is a legitimate recipient, represent an increasingly common method for attackers to gain access to user credentials or even directly obtain PII or PHI. Securing email with S/MIME (Secure/Multipurpose Internet Mail Extensions), which authenticates the sender of an email, enables employees not only to digitally sign and encrypt email communications but also to detect whether an email received has been authenticated or should not be trusted or opened.

Digital certificates are an essential part of protecting medical devices. Because they can be incorporated during the manufacturing process, these certificates allow device identity and integrity to be established from the moment they are first powered on. They also eliminate the potential for device spoofing, which protects against the possibility of counterfeit devices connecting to the network. These certificates serve as an effective proof point for savvy healthcare organizations. When vetting device suppliers and manufacturers, asking about their approach to device identity is essential. By learning to trust only manufacturers with a responsible approach to authentication, healthcare organizations can help protect one of the areas most susceptible to costly breaches. 

Medical equipment itself has also become more vulnerable. Today’s diagnostic devices are rarely standalone—most are connected to the internet, and anything connected to the internet can potentially be compromised. In fact, this compromise could occur before devices even leave the factory, potentially undermining even the most secure networks and leading medical device manufacturers to consider security starting at the assembly line; the point where device identity measures and digital certificate authentication become critical. Technologies such as secure boot can protect the integrity of a device or piece of software from the first time it is powered on. Similarly, embedded firewall and secure remote update technologies help ensure that software updates are authenticated before installation and that any communication with unauthorized devices stops before harm can be done. 

A kitchen with a sink and a window

Description automatically generated

Moving Forward with New Security Strategies

Today, health insurers, hospitals, and other patient care organizations must manage a truly massive amount of data. It is simply a fact of life. That data comes in many forms, and it can be valuable to cyber attackers for a multitude of reasons. At its core, this data is the healthcare industry’s most valuable asset—one that it must protect at all costs. 

Vulnerabilities can take many forms, from a human error to compromised devices. And while no solution can shield every possible form of attack, data and IT security administrators (and even OEMs) can take concrete steps to protect their organizations, patients, or chipsets against common attack vectors and better comply with today’s strict data protection regulations. Yes, the cloud has introduced new vulnerabilities, but it also has helped enable new security strategies and solutions that ensure every application, cell phone, server, or other connected “thing” has an authenticated digital identity.  The stakes are simply too high, and hackers have become too savvy, to rely on yesterday’s security status quo.

About Tim Callan, Senior Fellow at Sectigo

Senior Fellow Tim Callan contributes to the company’s standards and practices effort, industry relations, product roadmap, and go-to-market strategy. Tim has more than twenty years’ experience as a strategic marketing and product leader for successful B2B software and SaaS companies, with fifteen years’ experience in the SSL and PKI technology spaces.

Telehealth and COVID-19: Overcoming New Challenges for Providers and Payers

Anthem, Samsung, American Well Partner to Provide Plan Members Access to Telehealth Services

Telehealth has quickly transformed the healthcare industry. Rather than scheduling an appointment, waiting up to a few weeks, and going to a doctor’s office or another healthcare facility, we can now access many types of care from the convenience of our smartphones. 

However, telehealth has also brought in its own set of new challenges that must be overcome for it to be successful in the long term. Below, we explore five of the biggest issues telemedicine faces and offer insights on how they can be solved.  

Clearing Legislative Hurdles

The Centers for Medicare and Medicaid Services greatly lowered the bar for provisioning telehealth in the wake of COVID-19. Since then, providers have been allowed to deliver care through a larger range of platforms as long as they are not public-facing

However, this doesn’t address the widely varying state requirements for licensing and credentialing. In general, telehealth providers must be licensed in the state where patients receive care. Only nine states currently offer special telehealth licenses that allow providers to deliver telemedicine outside their state limiting their potential scope. 

Although we can expect deregulation to occur over the next few years, the timeline and the path it will take is very much up in the air. This means providers must develop platforms that are flexible enough to adapt to changing legal environments. 

Overcoming reimbursement issues 

Prior to COVID-19, reimbursement had been a key barrier to the widespread implementation of telehealth. Even now, reimbursement for conditions not related to the coronavirus can still be difficult. 

Each state has different regulations guiding the type of services and providers eligible for Medicaid reimbursement. For example, reimbursement policies often only applied to rural areas or those within certain geographic restrictions. 

Once the public health crisis has ended, many of the current flexibilities will end, putting a particular strain on smaller facilities. Overall, there must be comprehensive and holistic reform that ensures all providers get reimbursed, whether providing care in person or via telehealth. 

Addressing inequality in access to care 

One of the greatest benefits of telehealth is that it can facilitate care well beyond the walls of physical healthcare facilities. No longer limited by geography, mobility, or other factors, patients can receive care as long as they have an internet connection. 

However, many individuals around the country do not have access to high-speed internet and/or smartphones. For example, only 69.3% of rural areas and 64.6% of tribal areas have adequate access to high-speed broadband. This directly affects patients’ ability to participate in telehealth modalities, including consultation and remote monitoring. 

Likewise, many telehealth services are based on smartphone apps. Rural populations are also less likely to own smartphones compared to urban and suburban residents—71% of rural residents compared to 83%.  

While 71% may sound like a good number, we’re talking about tens of millions of people, and disproportionately elderly individuals with greater needs, who can’t use telehealth for these reasons. 

Providers must develop platforms that can support audio-only, offline, and alternative channels to compensate for these connectivity and device-access obstacles. 

Interoperability

Interoperability is fundamental for the long term success of telehealth services. While the large scale adoption of electronic health records (EHR) has been one of the greatest achievements of the past decade, even that has not been with its hurdles—particularly in rural settings. 

Taking this electronic health data and ensuring interoperability among disparate apps will require secure data exchange without special user effort. Second, interoperability needs complete access, modification, and use of all patient electronic health information. Finally, it must restrict information blocking or any “knowingly and unreasonably” interfering with the exchange of EHR data. 

To do all of this requires the development of core standards and practices, cross-training, and significant investment in data security for all telehealth platforms across the industry. 

Patient preferences 

Since the foundation of medicine, healthcare has relied on in-person interactions. COVID-19 taught everyone just how important remote care is, especially during times of infectious disease transmission. 

However, even with its clear advantages, some patients remain unconvinced. How do you still deliver effective and safe care to these individuals? 

As telehealth continues to expand and patients grow more familiar with it, some of this will disappear on its own. But, telehealth providers must take steps to educate patients about the specific benefits of telemedicine, explain to them how to use platforms and services, and ensure their PHI is secure. 

Of all the challenges to telehealth, this is both the most difficult, yet attainable. It’s entirely in the hands of telehealth providers how well and how quickly they’ll be able to overcome this barrier. 

Telehealth: Driving the Future of Healthcare

Now is the watershed moment for telehealth. As the world slowly returns to normal and some of the regulatory and reimbursements policy restrictions come to an end, whether the healthcare industry can maintain the gains that have been made the last few months remains to be seen. There is no guarantee that healthcare won’t return the way it was before the pandemic. 

Now’s the time for telehealth providers and those interested in joining the market to create solutions for the issues described above that will capitalize on all of telehealth’s benefits and ensure the long term viability of this effective and absolutely vital care modality. 

You can dive further into the world of telehealth in our Shine podcast. In our latest episode, four industry experts discuss the world of telehealth, the tests it’s facing, and where it’s headed in the near future. 


About Ed Adamson

Ed Adamson is a Director of Strategy & Insight at Star, a global consultancy that connects insights, strategy, design, engineering, and marketing services into a seamless workflow. Adamson has 19 years of experience of brand-led innovation for some of the world’s greatest CPG brands from companies including P&G, Kimberly-Clark, Coty, GSK, Bayer, Danone, Mondelez and McCormick Foods.

Telehealth and Cybersecurity: What You Should Know

New Telehealth Tablet Provides Clinical Collaboration Within Hospitals

Healthcare providers are seeing between 50 and 175 times (1) more patients via telehealth than before. Telehealth platforms* offer solutions for a wide array of different healthcare issues. An estimated 20 percent of all emergency room visits and 24 percent of routine office visits and outpatient volume could be delivered virtually via telehealth.

Telehealth is a win-win for providers and patients. It both increases the availability of care while also reducing costs. However, telemedicine does have intrinsic privacy and security risks that all providers must minimize to protect sensitive patient data.

The Inherent Vulnerability of Connectivity

Providers have been eager to adapt to this care delivery method, but many platforms do not meet HIPAA requirements and lack adequate data safeguards. The same connectivity that makes telehealth possible also creates threats to patients. Protecting patient health information (PHI) and providing remote services doesn’t fit together easily.

Any data transferred over the internet runs the risk of interception by threat actors, and healthcare has long been a preferred target for cybercriminals. In 2019, healthcare data breaches cost the industry over $4 billion (2). 

This year is no exception with a further increase in ransomware (3) and other attacks that put millions of patients’ records in danger of exposure. These types of events have all happened within typically well-fortified hospital networks.

Connecting with patients via telehealth and transmitting biometric data via remote care devices only furthers these dangers. The biggest risk is that patients lack control of the collection, usage and sharing of their PHI.

For instance, remote monitoring devices built with sensors to detect falls may collect information on other activities patients wish to be kept private—including that their home is unoccupied at certain times and the types of activity they participate in. Even with security measures, any transfer does have a potential for a breach.

How to Prevent Security Risks in Telehealth

More secure telehealth begins by establishing best practices. Because of the sensitive information healthcare organizations possess, providers and the vendors they choose to work with must focus on core elements of data security through related tools and strategies such as:

1. Identity Authentication

Continuous identity authentication ensures authorized individuals have access to data. Identity authentication can be accomplished through a variety of approaches.

Multi-factor authentication, or the requirement of utilizing two pieces of evidence to sign in, is among the most common and has been proven effective in blocking 99.9 percent of all automated cyber-attacks.

Beyond this, users need to develop strong, unique passwords for, not just their telehealth platform accounts, but across their entire online logins and accounts.

2. Improve Telehealth Platform Safety

HIPAA requires that providers integrate encryption and other safeguards into their interactions with patients. However, patients’ devices on the receiving end of care often don’t have these safeguards while some medical devices have been shown to be vulnerable to hackers.

Ensuring the safety of all patient devices in the short term will be impossible. Thus, telehealth platforms must be as secure in themselves as possible. The software needs to be designed in a secure environment and contain numerous ways of establishing secure channels between patients and providers.

3. Investing in Patient Education

Outside of telehealth, cybersecurity ultimately relies on the end-user. As hackers continuously exploit new vulnerabilities, developers are in a constant race to keep up with new threats. Cybersecurity is only as strong as its weakest link. Secure telehealth apps must be complemented by other measures.

For this reason, healthcare providers should educate patients about cybersecurity and the steps they should take to improve the overall safety of their interactions online by:

●  Educating patients about the telehealth security threats;

●  Using a VPN both during telehealth services and for general device usage;

●  Frequently updating all apps and operating systems, not just telehealth platforms;

●  Enabling anti-malware and virus scans to run at all times;

●  Restricting app permissions to what’s necessary for app functionality only; and

●  Recognizing social engineering and other types of cyber-attacks.

How to Minimize Telehealth Security Risks

The one word providers must focus on when implementing telehealth is encryption. It needs to be everywhere. Since data is vulnerable in all stages of its life cycle, including during storage, transmission and access, encryption must be built into every step of this process.

Concerns about the privacy and security of these systems should not adversely affect people’s trust in telehealth. The benefits outweigh the risks. But providers must embrace more rigorous standards and minimize threats to ensure telehealth can deliver on its promises and live up to its potential.

Sources:

  1. https://www.mckinsey.com/industries/healthcare-systems-and-services/our-insights/telehealth-a-quarter-trillion-dollar-post-covid-19-reality
  2. https://healthitsecurity.com/news/data-breaches-will-cost-healthcare-4b-in-2019-threats-outpace-tech#:~:text=November%2005%2C%202019%20%2D%20Healthcare%20data,per%20each%20breach%20patient%20record.
  3. https://www.securitymagazine.com/articles/92575-increase-in-reports-of-ransomware-attacks-on-health-care-entities
  4. https://www.microsoft.com/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/

Biden Announces $775B Plan to Boost the Caregiver Economy, Support In-Home Care Providers

Senior care — an increasingly important topic that’s too often overlooked on the campaign trail — is back in the spotlight.

And maybe this time it will have some staying power.

Presumptive Democratic presidential nominee Joe Biden has floated a sweeping new 10-year plan that seeks to dramatically change the way older adults are cared for in the United States. Specifically, the former vice president’s proposal calls for a $775 billion overhaul of the nation’s caregiving infrastructure, which is largely made up of women and people of color.

Biden’s campaign announced he would discuss the “21st Century Caregiving and Education Workforce” plan Tuesday afternoon during a speech in New Castle, Delaware.

Policymakers and government officials have long undervalued and under-invested in older adults for decades, LeadingAge President and CEO Katie Smith Sloan told Home Health Care News in an email.

The COVID-19 pandemic has now exposed the devastating impact of that failure, she added.

“The vital role of family and paid caregivers has never been clearer, nor has the reality that our current system needs to be rebuilt to meet the needs of a rapidly growing older population,” Smith Sloan said. “Any candidate for president should be focused on this important issue – as we expect older adults and their loved ones will be this November.”

Washington, D.C.-based LeadingAge is a nonprofit trade organization that represents a variety of providers operating in the aging services field.

While few details were made available prior to the speech, the Biden campaign said the proposal would lead to 3 million new caregiving and education jobs during the next decade. Additionally, the plan seeks to create pathways for former caregivers to re-enter the workforce if they choose to do so.

Robert Espinoza, vice president of policy for New York-based advocacy organization PHI, also told HHCN that the plan appears to be a step in the right direction.

PHI advocates on behalf of home-based care workers and the individuals they serve.

“It’s encouraging to see Joe Biden prioritize caregiving issues on the national stage, including the importance of expanding home- and community-based services to more Americans,” Espinoza said. “However, to ensure access to home care and other caregiving supports, we must also transform the quality of direct care jobs, from higher compensation to improved training and career advancement opportunities, and much more.”

Nationwide, aging experts estimate that about 10,000 baby boomers turn 65 each daily. In order to keep up with their demand for home care service and general preference for aging-in-place, the home care industry will likely need to fill at least 4.2 million more caregiver jobs by 2026.

But low wages generally make finding caregivers a difficult task. Roughly one in six U.S. caregivers currently lives in poverty, according to PHI data.

Besides supporting the “caregiver economy” in the senior care space, Biden’s proposal also looks to strengthen America’s child care system. Senior care and child care providers have both been hit hard by the coronavirus, which began spreading across the country in March.

Despite challenges related to sourcing personal protective equipment (PPE) and maintaining an adequate front-line workforce, home-based care organizations have played a key role in caring for older adults and other high-risk populations during the coronavirus emergency.

In his $775 billion plan, Biden seeks to use $450 billion to boost senior care. CNBC reported that some of those funds will be used to increase Medicaid funding to states, in part to eliminate the 800,000-person waiting list for community-based and in-home care.

Biden’s plan would also fund programs to create 150,000 new jobs for community health workers and invest in innovative new models of long-term care outside of traditional nursing homes.

Supporting Medicaid home-based care should be a focus of the upcoming presidential election, according to David Totaro, chairman of the Partnership for Medicaid Home-Based Care (PMHC).

Headquartered in D.C., PMHC is an advocacy association whose members include Medicaid home care providers, managed care companies and other senior care stakeholders.

“PMHC is pleased to see that Medicaid home-based care is a priority issue for the upcoming election,” Totaro told HHCN in an email. “Given the impact of COVID-19 on long-term care facilities, it is time for federal leadership to remove the institutional bias within the Medicaid program and recognize home- and community-based care as a cost-effective and consumer-preferred option for seniors and individuals with intellectual and developmental disabilities who wish to remain safe and healthy in their home.”

Another aspect of the plan: the establishment of a nationwide Public Health Jobs Corps.

The Administration for Community Living — part of the U.S. Department of Health and Human Services — floated such a concept in November of last year.

Apart from adding to the caregiver workforce, Biden has also signaled his intent to improve working conditions by backing the Domestic Workers Bill of Rights Act.

The home care industry has largely opposed such legislation, which would create additional administrative requirements like predictive scheduling.

In terms of funding Biden’s caregiving plan, his campaign noted it “will be paid for by rolling back unproductive and unequal tax breaks for real estate investors with incomes over $400,000 and taking steps to increase tax compliance for high-income earners,” The Wall Street Journal reported.

“These plans are really about easing the squeeze that working families all over this country are feeling every day,” a senior campaign official said Monday while briefing reporters on the Biden proposal. “Our country is experiencing a caregiving crisis.”

Biden isn’t the first presidential candidate to push for long-term care reform.

Last August, presidential hopeful Bernie Sanders (I-Vt.) tweeted that “no senior should have to sell their belongings or spend their life savings just to be able to age in place.”

Similarly, former presidential candidate Cory Booker, a senator from New Jersey, released a long-term care plan that included aging-in-place funding last July.

At the time, voicing support for aging in place and long-term care reform failed to bring either candidate newfound momentum. As the national conversation continues to revolve around the coronavirus, though, senior care could turn into a core campaign focus during the 2020 president election.

The post Biden Announces $775B Plan to Boost the Caregiver Economy, Support In-Home Care Providers appeared first on Home Health Care News.

Microsoft Releases Public Preview of Azure IoT Connector for FHIR to Empower Health Teams

Microsoft Releases Public Preview of Azure IoT Connector for FHIR to Empower Health Teams

What You Should Know:

– Microsoft released the public preview of Azure IoT
Connector for FHIR (Fast Healthcare Interoperability Resources), the latest
update to the Microsoft Cloud for Healthcare.

– The Azure IoT Connector for FHIR makes it easy for
health developers to set up a pipeline to manage protected health information
(PHI) from IoT devices and enable care teams to view patient data in context
with clinical records in FHIR.


This week, Microsoft released the preview of Azure
IoT Connector for FHIR
—a fully managed feature of the Azure API for FHIR.
The connector empowers health teams with the technology for a scalable
end-to-end pipeline to ingest, transform, and manage Protected Health
Information (PHI) data from devices using the security of FHIR APIs.

Telehealth
and remote monitoring. It’s long been talked about in the delivery of
healthcare, and while some areas of health have created targeted use cases in
the last few years, the availability of scalable telehealth platforms that can
span multiple devices and schemas has been a barrier. Yet in a matter of
months, COVID-19 has accelerated the discussion. There is an urgent need for
care teams to find secure and scalable ways to deliver remote monitoring
platforms and to extend their services to patients in the home environment.

Unlike other services that can use generic video services
and data transfer in virtual settings, telehealth visits and remote monitoring
in healthcare require data pipelines that can securely manage Protected Health
Information (PHI). To be truly effective, they must also be designed for
interoperability with existing health software like electronic medical record
platforms. When it comes to remote monitoring scenarios, privacy, security, and
trusted data exchanges are must-haves. Microsoft is actively investing in
FHIR-based health technology like the Azure IoT Connector for FHIR to ensure
health customers have an ecosystem they trust.

Azure IoT Connector for FHIR Key Features

With the Azure IoT Connector for FHIR available as a feature
on Microsoft’s cloud-based FHIR service, it’s now quick and easy for health
developers to set up an ingestion pipeline, designed for security to manage PHI
from IoT devices. The Azure IoT Connector for FHIR focuses on biometric data at
the ingestion layer, which means it can connect at the device-to-cloud or cloud-to-cloud
workstreams. Health data can be sent to Event Hub, Azure IoT Hub, or Azure IoT
Central, and is converted to FHIR resources, which enables care teams to view
patient data captured from IoT devices in context with clinical records in
FHIR.

Key features of the Azure IoT Connector for FHIR include:

– Conversion of biometric data (such as blood glucose, heart
rate, or pulse ox) from connected devices into FHIR resources.

– Scalability and real-time data processing.

– Seamless integration with Azure IoT solutions and Azure
Stream Analytics.

– Role-based Access Control (RBAC) allows for managing
access to device data at scale in Azure API for FHIR.

– Audit log tracking for data flow.

– Helps with compliance in the cloud: ISO 27001:2013 certified supports HIPAA and GDPR, and built on the HITRUST certified Azure platform.

Microsoft customers are already ushering in the next generation of healthcare

Some of the healthcare organizations who are embracing the technology include:

– Humana will accelerate remote monitoring programs for
patients living with chronic conditions at its senior-focused primary care
subsidiary, Conviva Care Centers.

– Sensoria is enabling secure data exchange from its Motus
Smart remote patient monitoring device, allowing clinicians to see real-time
data and proactively reach out to patients to manage care.

– Centene is managing personal biometric data and will
explore near-real-time monitoring and alerting as part of its overall priority
on improving the health of its members.

Home Care Agencies Can Curb Turnover Costs with Better Preparation, Job Quality

Direct care workers are still undervalued, undertrained and have little opportunity for career advancement, according to a new report from PHI.

Ultimately, that’s bad for home-based care agencies — and their bottom lines.

New York-based PHI is a direct care worker and senior care advocacy organization. PHI typically classifies direct care workers as personal care aides, home health aides and nursing assistants, or more generally those who support seniors and individuals with disabilities.

“Quality care is [contingent upon] quality direct care workers,” Angelina Drake, PHI’s COO and the author of the report, told Home Health Care News. “They will deliver higher-quality care and contribute more meaningfully to the client’s health, safety and well-being if they are better paid, trained and supported.”

Among other findings, PHI found that the direct care workers suffer from inadequate training, a lack of outside understanding of the complexity of the work they do and a system that does not allow many opportunities for meaningful career movement.

One solution in regard to improved training: mandated federal training requirements, according to PHI. This already exists in home health care, as home health aides are required across the U.S. to undergo at least 75 hours of training.

In contrast, personal care aides have no federal requirements and are governed by a mixed bag of state laws and regulations.

PHI recommends that each direct care worker be trained to the point where they have a grasp on a set of core competencies. Broadly, that’s defined as having the skills, knowledge and abilities to complete one’s role.

“The report does conclude with a recommendation that there be a set of core competencies that underlie all direct care,” Drake said. “Once agreed upon and required for states to adopt these standards, they can then build additional training for roles that have greater responsibilities or more specialized responsibilities.”

No agreed upon requirements means that direct care workers’ capabilities look different across state lines, potentially hurting themselves as well as the seniors they’re serving, PHI argues. Workers should also be able to show that they are improving their skills during training — and not just hitting an hourly training threshold — before moving forward.

“Whether you are a personal care aide, home health aide or nursing assistant, there are core competencies that are really central to delivering quality care, and we need to at least ensure that those are in place,” Drake said. “We want competency-based training, which means that participants will need to show that they have acquired skills before they can move forward.”

Only about 60% of states have some sort of home care licensure requirements, according to the Home Care Association of America (HCAOA).

More regulation could help both agencies and direct care workers. Universal training for direct care workers will give them more confidence on the job, allow them to increase their capabilities and ideally get promoted, PHI claims.

That sort of room for improvement creates value for the workers and leads to better care, both of which benefit home care agencies.

“Turnover costs are some of the major expenses that long-term care providers face,” Drake said. “These can be improved by better preparation and job quality for the direct care workforce. And consumer satisfaction is another driver of business that can be improved by quality jobs.”

Other aspects of the direct care workers’ environment that have gone underappreciated are the physical, social and emotional demands, according to the report.

These, of course, have been exacerbated by the COVID-19 crisis.

“Employers need to look at what they can do to improve job quality for direct care workers,” Drake said. “Employers are often limited in their ability to change the base wage for workers, but there are other things they can do to improve job quality to make this a better job all around. A really important piece of that is training.”

The post Home Care Agencies Can Curb Turnover Costs with Better Preparation, Job Quality appeared first on Home Health Care News.