Best Practices in Cloud Computing for the Healthcare Industry


In a white paper published by ClearDATA, it lists some of the most important criteria to consider when selecting a hosting provider to move your applications to cloud:

Locations:
Where will data need to be hosted, and how far away should it be? Should data be replicated to another data center facility? Will they be located in different disaster zones? How far away should it be from the primary site?

Virtualization needs:
Ensure that physical servers and a Storage Area Network (SAN) will be provided for any virtual server environment Verify that data is not accessible to any other organization and that security measures are taken to protect this environment from vulnerabilities. Data must be protected in accordance with HIPAA regulations.
Inquire about the availability of a “single pane of glass” management console to connect and manage virtual servers. Be sure that the virtual environment offers high availability features so that no business disruption occurs so that virtual servers will continue to operate in the event of a physical server hardware failure. Be sure of the ability to procure a new virtual server on demand, and ask for load balancing across physical servers to maximize performance

Make a checklist of facility requirements. Among them, be certain:
Find a Tier III data center that is SOC II and III and SAEE 16-certified, as well as HIPAA and PCI compliant. These certifications provide proof that the service provider has documented security processes that are followed strictly and completely auditable. Ask about service-level agreements (SLAs) and up-time records for platform, network, and storage availability. Find SLAs that speak to the main components of availability: security, network, cloud platform, and storage. An SLA needs to be a guarantee, as well as something that can be reported on.

Dive deeply into service capabilities: Healthcare organizations have to work around the clock, and so does the hosting provider. Ask for 24/7/365 service capabilities and ensure that your service provider can meet your response times.

Storage needs: The SAN should be available 100% of the time, excluding scheduled maintenance. In the event of any hardware failure, the hosting provider should have a technician with appropriate parts available onsite within six hours, or the service provider should credit your organization for a portion of the cost of your downtime.

Data backup and restore: Understand the backup process, frequency, and retention periods. Do they work with your controls? How flexible are they? Understand how backups are validated.
Instead of relying solely on test restores, request continual reports of successes and/or failures and gain to a log of success versus failed backup jobs to drive best practices.

Pay attention to monitoring and response: All servers should be monitored by at least six ports, and gauged on key performance metrics.

Select a service provider that can support multiple models: Most cloud service providers should be able to provide several options:

- A private cloud, the most expensive option, is one in which the services and infrastructure are maintained on a private network. These clouds offer a high level of security and control, but they require the company to purchase and maintain all the software and infrastructure, which leads to somewhat higher expenses.

- A public cloud shares space with other organizations. Note that this is the most cost-effective alternative, but public clouds are often not the most appropriate option for healthcare organizations due to security concerns.

- A hybrid cloud includes a variety of public and private options with multiple providers. By spreading things out over a hybrid cloud, each aspect of the business can be kept in the most efficient environment possible. The downside is that IT managers have to keep track of multiple different security platforms and ensure that all aspects of the business can communicate. Hybrid clouds are often good choices when healthcare organizations want to set up a virtual private network (VPN) behind their firewall. Or, perhaps a medical institution wants to use a public cloud to interact with patients but keep their data secured within a private cloud.

- A multi-tenant private cloud is a good option for healthcare institutions because it balances reasonable costs with high security. A multi-tenancy architecture can take advantage of virtualization and remote access. A software as-a-service (SaaS) provider, for example, can run one instance of its application on one instance of a database and provide web access to multiple customers. In such a scenario, each tenant’s data is isolated and remains invisible to and secure from other tenants.


Be sure to choose a provider that will:
• Sign a HIPAA Business Associate Agreement and be HIPAA compliance experts • Support a SOC2, SSAE16 and HIPAA-compliant • Provide set response times, depending on the risk to your organization (emergency, urgent, standard, and so on) • Provide extensive healthcare cloud computing managed services

• Deliver 24x7x365 live healthcare-level support

• Offer industry-leading healthcare-specific products

• Exhibit exceptional data center, cloud hosting, and cloud managed services

• Be flexible and provision additional services as necessary, such as initial cloud services setup and provisioning and additional Internet bandwidth

• Be exclusively focused on the healthcare industry. Healthcare IT is a complex and regulated environment with its own language and high criticality up-time, redundancy, and security requirements.

Seven important factors to consider when shopping for a Patient Portal solution

Patient engagement is critical to achieve Meaningful Use Stage 1 and Stage 2. It's no secret that patient portals increase patient satisfaction, lower hospital operating costs and promote higher usage of better data.

Medhost has published an insightful whitepaper that proposes 7 questions one should ask during the vendor selection process:

1. Is it certified as a modular and/or ambulatory inpatient EHR by ONC?

2. Does it enable access to patient records from any location and device?

3. Does it provide HIPAA-compliant messaging with the entire care community?

4. Does it offer features such as a Caregiver persona?

5. Does it update demographic information seamlessly?

6. Does it support your population health management strategy?

7. Can you enable an EMPI view of patients’ health records across the enterprise?

5 Steps to Success with Stage 2 Meaningful Use

In a white paper published by AthenaHealth Inc. on September 2013, it lists the following five steps to successfully bring a medical practice through the Meaningful Use program and beyond:

Step 1: Assess Your Starting Point 
See how Stage 1 compares to Stage 2, and where you need to focus to attain Meaningful Use objectives.

Step 2: Plot Your Timeline
Understand your incentive payment schedule, your Meaningful Use reporting period, and how to ramp up to Stage 2 while also undergoing the 2014 ICD-10 conversion.

Step 3: Upgrade Your EHR 
Assess your EHR’s ability to handle the Stage 2 requirements, including the required transition to the 2014 certified version, and determine the right criteria for evaluating EHRs if you need to switch.

Step 4: Integrate Meaningful Use Measures into Your Workflow 
Evaluate your current workflow to maximize performance and increase your Stage 1 performance to meet the Stage 2 thresholds.

Step 5: Create A Patient Engagement Strategy
Create a patient engagement strategy that leverages technology and marketing to launch and promote a patient portal and actively engage patients in their care.

10 Steps for Surviving ARRA & ACA Requirements

Dr. Dick Taylor, a managing director and chief medical officer of MedSys Group’s Advisory Services Division, in his June 3rd 2014 article in Imaging Technology News articulated 10 goals for this year as it is the final sprint toward ARRA and ACA’s deadlines. Surviving this environment will require providers to focus on achieving the following goals over the course of 2014:

1. Reduce expenses, both per-patient and fixed overhead. Admittedly, this is easier said than done.

2. Where practical, grow larger through acquisition or affiliation. This spreads fixed overhead over a larger patient volume and allows much more efficient team-based and whole-patient care. Growth must, however, be calculated and managed to capture these savings. Rapidly growing organizations must be watchful to avoid operational and cultural traps.

3. Achieve Meaningful Use and avoid ARRA Medicare penalties. Providers who have missed Meaningful Use to date are now looking at reduced awards and penalties (amounting to small but significant percentages of CMS billing) beginning in 2015.

4. Achieve ICD-10 compliance on time (by Oct. 1, 2014) without destroying the organization. While ICD-10 is critical (not billing with ICD-10 is simply not survivable for most providers), this has become the “Y2K” for healthcare. Caution, particularly around involving physicians and mid-level providers in the minutiae of coding, is strongly advised.

5. Pursue transparency for quality outcomes and cost. Payors, employers and patients are all watching these very carefully, and organizations that are not forthcoming will become less favored over time.

6. Pursue transformation in long-term healthcare, including population health, chronic disease management and wellness. Fee-for-service is likely to become far less sustainable as a primary business model over time.

7. Reduce clinical variation, both by pursuing good evidence (where available) and by achieving agreement on leading practices among providers. Much of the variability in clinical care is not associated with improved outcomes, and some of it is actively harmful, both in cost and patient outcomes.

8. Recognize and honor the risk you own. Health systems have always “owned” the risk for charity and “self-pay” patients. The ones who recognize and accept this are much more likely to provide good care and keep costs under control.

9. Look for whole-patient (“accountable”) care opportunities within your own orbit. While the ACA set out the framework for accountable care organizations, the reality in 2013 is that these are still embryonic. Organizations that begin at home will be ready for risk-sharing moving forward.

10. Treat your IT expenditures as long-term investments, not expenses. Organizations should expect to spend an increasing percentage of capital dollars building technology assets. Acquire standards-based IT assets that will stand the test of time. Expect, plan and capture the hard- and soft-dollar returns from them. Organizations that view IT simply as an expense will forego future profits in the pursuit of short-term efficiency.

Avoid These Six Implementation Pitfalls to Achieve EHR Success

According to the 2014 Exclusive EHR Study conducted by the MPI Group and Medical Economics, 70 percent of clinicians said their EHR investment has not been worth the effort, resources, and costs. This whitepaper details six implementation pitfalls, and how to avoid them including:
  1. Choosing the wrong EHR
  2. Underestimating the importance of an implementation plan
  3. Not enough training prior to go-live
  4. Underestimating the importance of HIPAA Compliance
  5. Falling behind on universal policies
  6. Getting stuck on how you used to do thing

Identity verification is key for successful implementation of Direct messaging for MU2

An insightful article from Dr. Robert Rowley focusing on one of the key success factors to implementing a Direct messaging solution to meet the Transition of Care objective for Meaningful Use Stage 2.

Four critical Dimensions of Effective Mobile Health

The Deloitte Center for Health Solutions, an arm of Deloitte Consulting, has issued a report “The Four Dimensions of Effective mHealth: People, Places, Payment and Purpose” discusses how mHealth strategies are not “one-size-fits-all.”

Ten Great Behaviors of the Best Healthcare IT Vendors

Dale Sanders, Senior VP at Health Catalyst, recommends ten behaviors of great healthcare IT vendors:
  1. Help Me Compete:  Help me build my “Annual Report for Information Technology” as if my IT organization were a separate, standalone business that could be outsourced.
  2. Help Me Hire:  The market for healthcare IT employees has never been more competitive. If you know I’m having a hard time recruiting for a critical position that is important to the success of your product in my organization, help me find a great match.
  3. Help Me Measure:  The Age of Analytics in healthcare is just beginning. Our industry is way behind in the proper use of data to drive costs down and quality up. Help me address my short-term analytic needs, but do so within the scope of a longer-term strategy.
  4. Help Me Save: Simplify your licensing, billing, and contract administration. Make it as easy as possible for me to manage my expenses with you, and especially make it easy to predict and budget for increases in prices due to inflation, increased number of users, transactions, etc. When you give me a new contract to sign, put a face sheet on it that summarizes the key issues and terms – don’t make me read 15 pages of legal jargon. Likewise, if you know of a creative way for me to reduce licensing fees, try to be motivated by our long-term relationship instead of your immediate potential loss of commission. You will win more of my business, easily.
  5. Help Me Listen: Be proactive in extracting the ROI and value from your products. Help me look good and thus make your product look good, too. If you know that I’m under-utilizing your products or have them configured improperly in some way, pester me until I fix it. I’m busy and juggle lots of priorities. Be the squeaky wheel until I listen.
  6. Help Me Expand: Annual conferences and blogs are not enough for me to keep up with everything going on in healthcare right now. Help me build close relationships with a limited number (three to four) of peers or mentors who have a similar organization, product mix, and profile so we can learn from one another. Force us to meet and hold a conference call every once in a while. Facilitate the meetings. Help us reuse strategies, policies, and technology as much as possible.
  7. Help Me Plan and Innovate: Help me build my strategic roadmap by overlaying the needs and culture of my organization with your products and the future outlook of the industry. Look ahead for me and pester me until I build that roadmap with you. I am particularly concerned about the growing sophistication of cyber-attacks. And I’m also concerned that I’m not leveraging mobile computing as well as I could. Push me on these two issues, please.
  8. Help Me Migrate: Help me build the cheapest, safest, quickest path to ACO and ICD-10 adoption for my company and critical partners in the insurance industry.
  9. Help Me Prove:  Help me build the cheapest, safest, quickest path to Meaningful Use qualification for my company, and don’t charge me anything extra, because this is something you should have done for every customer a long time ago. The Meaningful Use legislation forced it but, like HIPAA, we should have been doing this all along.
  10. Help Me Evolve:  ACOs are coming; one way or another. Even if they are nebulous right now, we know that there are certain characteristics that will survive. In particular, you better have a product strategy for both engaging patients in greater accountability for their own care and the changes in cost accounting and revenue cycle required for managing the risk of bundled payments.


    http://www.hitechanswers.net/ten-great-behaviors-best-healthcare-vendors/

Five ICD-10 Best Practices

MedeAnalytics conducted a research during 2011-2012 about the transition to ICD-10. The research included discussions with over 80 hospital organizations throughout the United States, review of numerous ICD-10-related requests for proposal (RFPs), an extensive literature review, and analysis of relevant presentations at healthcare conferences.

Based on their research, they put together a White Paper exploring the top five best practices to prepare for the transition to ICD-10.

10 Questions to ask your Vendors when shopping for a Secure Text Messaging solution

Fred Pennic, the founder of HITConsultant.net, has issued an article about the 10 questions every healthcare organizations should ask their vendors when looking for a secure text messaging solution:
Here are the qualities to look for and the questions to ask when you’re looking for a secure, reliable and efficient secure text messaging app.
1. Physician Centric Design
One of the biggest problems with EMR and other healthcare technology created for physicians and medical staff is that many times the workflow design is wrong. The people creating the technology have very little or no clinical experience. Many companies hire physicians as consultants to contribute knowledge to the development process, but unless the physician is deeply involved in the design of the product, it will most likely underperform.
    • Must Have- A company that has physicians deeply imbedded in the development and design process, not as consultants but as an integral part of the company.
    • Ask: Does the company employ any physicians? Can you have a physician present during the demonstration so that they can discuss the clinical benefits of the system?
2. High Level Security
Data breaches are all too common in the technology industry. Many companies make products where features and style are paramount and security takes a back seat.
    • Must Have- A company where every design and feature starts with a security evaluation and a HIPAA expert evaluation. They ensure all features meet all HIPAA security requirements and have regular security audits by an outside firm. A big bonus is if they have legal HIPAA experts on staff who stay well ahead of the current developments.
    • Ask: What is the name of the security firm that reviews your company?  Can you send me your company’s security whitepaper? Who updates your security policy and how often? Do you have a HIPAA expert on staff?
3. Emergency Messaging Reliability
There are many messaging apps for recreation on the market. Very little thought goes into worrying if someone got an invitation to a party or received the latest celebrity gossip. But if your business is sending medical messages from call centers, ERs and physicians, the messages cannot be dropped.
    • Must Have: Alarm systems in place to detect messaging failure. Multiple redundant systems in place so that power outages and technology failure can be overridden.
    • AskDoes your company have built-in alarm systems to monitor message failure? Can they be shown during the demonstration of your product
4. Notification Control
With a smartphone in most people’s pockets, there are many buzzes and rings that go off. Notifications are when apps make a sound to announce a new message. It could be easy to miss a message if a person is distracted.
    • Must Have: The ability to control notifications and increase the frequency and number. The company should also have the ability to reach the physician or staff by email, text or voice message if the message is not answered within a specified period of time. The organization should be able to customize this based on the healthcare organization’s needs and preferences.
    • Ask: What are the different methods that can be used to notify a physician of an important message? Can the notifications be customized per physician and per healthcare organization?
5. Customization and Physician Alignment Features
Healthcare systems are growing and many physicians are now working in bigger organizations. They have to meet new physicians that they previously did not work with. They are introduced to new facilities and a new working environment. The mobile platform is an excellent way to bring a large organization together, align physicians and give visibility to the organization.
    • Must Have: The ability to brand the offering with the organization’s logo, organize physician lists by specialty or department, and provide the organization’s directories and other important content.
    • Ask: Can your product categorize users by specialty or departments on your mobile app? Does your system allow administrators and super-users that have high-level privileges? Will I have the ability to run reporting from your software?
6. Ability to Protect Physicians from Alert Fatigue
The contact list for healthcare messaging apps has to be controlled. Everyone in an organization cannot have easy access to messaging physicians. When this overload happens, messages are ignored, causing a poor experience and defeating the purpose of a professional messaging app.6. Ability to Protect Physicians from Alert Fatigue
    • Must Have: The system must have the ability to control contact lists at the provider and administrative level. Each department should be able to be closed or open depending on preferences. Physicians should also be able to give out their app ID to nurses or others and add contacts as needed.
    • Ask: Can a physician control their contact list? Can the healthcare organization control the contact list? Can physicians contact any physician they want? Can you give us suggestions on how to set it up?
7. Responsive 24/7 Customer Service
A true professional messaging company has messages coming at all times of the night through multiple time zones. No matter how great a product, some people will need help with the technology.
    • Must Have: A phone number and e-mail address inside the application and on the website so that users can contact customer service and be helped in a timely manner (immediately in most cases, but within 15 minutes 24 hours, 7 days a week). The company must also have a strong service agreement.
    • Ask: Do you have a 24/7 toll free number? Do you have a 24/7 e-mail address? Can this be accessed from both the web and mobile app? Can you send me your service level agreement?
8. Call Center and Answering Service Integration
To have a comprehensive messaging solution, a messaging app has to be able to take care of all scenarios for the physician. Call centers frequently text physicians, which is not secure, and many also page physicians, which makes them carry two devices-an unnecessary inconvenience. Physicians receive messages from other physicians, nurses, staff members, answering services and call centers.
    • Must Have: A call center integration solution that connects the mobile app and communication system to any known call center or answering service software. Some of the most common ways to achieve this are WCTP, TAP and SNPP protocols.
    • Ask: Can your system integrate with any call center software? Will you contact the call center and set it up for us? Will this be an extra charge
9. Proven Large Healthcare System Implementation
When handling communication for large healthcare organizations, experience is key. There are many small things that have to be done right. From a controlled rollout with strong customer support to understanding how healthcare providers work and want to communicate and use the product. It can be a real challenge to put 2,000 users on a mobile app for secure communication.
    • Must Have: A company that has rolled out large organizations on secure communication platforms. They must also understand and be able to provide provisioning so that the system works seamlessly. An example would be integrating with LDAP.
    • Ask: Do you service organizations with more than 500 users? Can you send references? What is your large organization rollout strategy? Can you have someone onsite for the rollout? Do you have training material, including videos?
10. State-of-the-Art Feature Pipeline
Mobile apps are becoming an integral part of healthcare. Secure communication is the core feature, but there is much more to offer. Mobile apps that offer secure communication have an opportunity to provide unique and beneficial mobile features to customers.
    • Must Have: A company that has healthcare-specific features in the pipeline. These features must be innovative and created to improve a physician’s workflow and productivity. Features that improve patient care are the most important add on features. A company that will continue to innovate will be important as your mHealth strategy evolves.
    • Ask: What features are in your pipeline? How often do you release new features? Who selects what features to develop?
We have done extensive research on secure texting and messaging platforms. Well-established, healthcare-exclusive companies such as Doc Halo provide most, if not all of these features. Some non-healthcare exclusive messaging companies such as Tiger Text also have many of the above mentioned.  The key is to interview these companies and others to make an informed decision before purchasing.

5 lessons from ICD-10 transitions at large hospitals


Carl Natale, an Editor of ICD10Watch, has put together 5 lessons learned from large hospitals' recent experience implementing ICD-10:


Embrace technology
New York University Langone Medical Center expects decreased productivity during and after the ICD-10 transition. One of the ways it can soften that hit is to help clinicians and medical coders with tools such as computer assisted coding (CAC) tools.
The Cleveland Clinic Health System is using its CAC system to help clinicians understand the ICD-10 transition and improve clinical documentation. It already has improved productivity, satisfaction and query rates.
Hire enough help
Again, NYU Langone expects decreased productivity processing medical claims and bills. They already have hired more medical coders to keep workflow going.
And there needs to be efforts to keep those medical coders trained and satisfied. Keeping them on the job is much easier than replacing properly-trained medical coders after Oct. 1. ICD-10 coding will be a skill set in much demand next year.
Practice makes better medical claims
Methodist Hospital in Memphis has purchased an ICD-10 training tool that uses actual medical records. It teaches medical coders how to process the kind of medical cases in the DRGs that they encounter as part of work.
This makes dual coding much more efficient by making it directly part of training. That addresses some of the cost and productivity issues that have healthcare providers reluctant to code cases in both code sets.
Another option is the CAC system currently used by Children's Hospital Colorado that assigns ICD-9 and ICD-10 codes. This offers insights on how reimbursements and documentation may be affected after Oct. 1. It also gives medical coders guidance on how to assign ICD-10 codes.

Wristband Best Practices for Closed-Loop Applications

Zebra Technologies has issued an interesting white paper around best practices in the application of Wristbands in Healthcare Information Technology. 
Subscribe to: Posts (Atom)