Category Archives: Secure Communications

Terry Edwards

3 takeaways from HIMSS17

By Terry Edwards  /  28 Feb 2017

More than 41,000 healthcare IT and clinical leaders converged on Orlando last week for the annual HIMSS Conference & Exhibition. This event generates a lot of industry buzz and, for some organizations, sets the stage for the year in terms of strategic focus and planning.

As I looked through the educational sessions offered in this year’s curriculum, I found it striking that nearly half of the 20 education tracks elevated the need for secure, real-time and reliable clinical communication and collaboration.

From “The Business of Healthcare and New Payment Models” track to the “Quality and Patient Safety Outcomes” track, attendees received an abundance of information pertinent to the strategic goals the industry will focus on in the year to come — goals that need a foundational infrastructure of secure clinical communications.

Here are three areas that I see most affected by the need for improved care team collaboration:

  1. Care coordination, value-based care and population health

The level of care coordination needed to successfully adapt to value-based payment models requires interdisciplinary clinicians to easily and securely communicate within — and beyond — the walls of the hospital. Regardless of affiliated organizations or geographical locations, these clinicians need instant access to the broader care team — and the patient — and they must have the ability to quickly send and receive critical PHI. This will enable hospitals and large systems not only to succeed in value-based care, but also to reduce costs and lay the necessary foundation for true clinical integration and population health.

(I talk more about this in my blog post “Healthcare is ripe for tools to enable value-based collaborative care” — read it here.)

  1. Technology, infrastructure and security

To achieve the level of care coordination required to truly address value-based payment models, organizations have to build a secure and compliant technological infrastructure that supports device standards and the communication protocols of the various workgroups that make up dynamic care teams.

Privacy, security and compliance will continue to be important objectives; the foundation of these objectives is an infrastructure that meets requirements without impeding communication and collaboration. This means automatically and seamlessly sharing information through mobile applications that are easy to use and easy to incorporate into existing workflows. Only then will we have tools that will achieve the levels of adoption necessary to make them truly impactful.

It seems like an arduous task, but it’s one we cannot shy away from.

  1. Analytics, process improvement and clinician engagement

As a result of the digitization that has occurred over the past decade, the industry has amassed a significant amount of clinical data. The farther we go down the road toward clinical integration and real value-based care, even more data will be created. To make lasting improvements and affect positive change, we have to harness this data and make it useful.

By gathering and analyzing data related to patient conditions and behaviors, intelligent decisions can be made automatically via technologies that reduce the cognitive load on clinicians by presenting only the information that is relevant to them and requires their actions. This will support value-based care and patient compliance and experience, as well as reduce costs by streamlining workflows and better engaging physicians.

In the same vein, HIMSS17 attendees were heavily focused on the topics of cognitive healthcare and actionable intelligence. Keynote speaker Ginni Rometty, CEO at IBM, spoke about this new era of medicine and challenged healthcare leaders to step up and “build this world.”

“We’re in a moment when we can actually transform pieces of healthcare. It’s within our power,” Rometty said during her HIMSS17 keynote. “This era that will play out in front of us can change the world for the better.”

The industry is changing at a speed that we haven’t seen before. This really is the time for healthcare leaders to make their voices heard and to take part in shaping the future healthcare landscape.

And it’s exciting to know that PerfectServe is in the thick of it with you — building a foundation of secure and immediate clinical communications across the broader care continuum that’s needed to achieve the goals discussed in the majority of the educational tracks at this year’s event.

Looking forward to seeing you all again next year.

HIMSS18
March 5-9, 2018
Las Vegas, Nevada

Terry Edwards

Safeguarding security: 4 tactics for secure clinical communication and collaboration

By Terry Edwards  /  29 Jul 2016

I had the honor of speaking at the 2016 Becker’s Hospital Review Annual CIO/HIT + Revenue Cycle Summit, discussing the elements needed to truly secure clinical communications with some of the best minds in the healthcare world. With a number of recent high profile news stories announcing ransomware attacks in hospitals and health systems, security and the ability to secure clinical information is top of mind for many.

Those who oversee organizational data and IT systems recognize the importance of securing communication channels containing ePHI as they build a unified communications strategy. While security and regulatory mandates are essential elements of a clinical communication strategy, to create a truly successful strategy, the needs of those who provide care: physicians, nurses, therapists and others on the care team – in any setting – at any time – must be addressed flawlessly and securely.

To do so, there a few tactics to keep in mind:

Understand what the HIPAA Security Rule actually states – There’s been a lot of confusion in the industry when it comes to HIPAA compliance and communication. I often notice that many organizations think this is all about secure text messaging, which is incomplete. The Security Rule never speaks to a particular technology or communications modality, application or device. It is technology neutral.

HIPAA compliance is about the system of physical, administrative and technical safeguards that your organization puts in place to to ensure the confidentiality, integrity and availability of all ePHI it creates, receives, maintains or transmits. Because of this, there is no such thing as a HIPAA-compliant app.

Understand care team dynamics – Care team members are mobile and they employ workflows to receive communication based upon situational variables such as origin, purpose, urgency, day, time, call schedules, patient and more. The variables determine who should be contacted and how to do so for every communications event.

For this reason, third parties (hospital switchboards and answering services) and disparate technologies are used in organizations’ clinical communication processes. Understanding this variety of technologies and actors is key to accurately assessing your organization’s compliance risk. And, coming up with strategies to effectively address that risk is key.

Secure text messaging is essential, but it’s not sufficient – While secure messaging is an essential component of your overall strategy, it’s not sufficient because:

  1. it requires the sender to always know who it is they need to reach—by name.
  2. it requires the recipient to always be available to other care team members 24/7.

These requirements are inconsistent with the complexity inherent in communication workflows that enable time-sensitive care delivery processes, because they don’t address the situational variables I described above.

Secure messaging is only one piece of what should be a much larger communications strategy—one that should address clinician workflows and multi-modal communications channels for all care team members.

Your goal should be to enable more effective care team collaboration – Organizations often focus on achieving HIPAA-compliance. This is a flawed objective. The focus should be on achieving more effective care team collaboration. If this is done effectively, achieving HIPAA-compliance will come along for the ride.

Six essential capabilities – An effective secure clinical communications and collaboration strategy will include the following six elements.

  1. It will facilitate communication-driven workflows that enable time-sensitive care delivery processes. An example of a communications-driven workflow is stroke diagnosis and treatment. When a patient with stroke symptoms presents in the ED, one of the first things the ED physician does is initiate a communications workflow to contact the neurologist covering that ED at that moment in time, while simultaneously notifying and mobilizing a stroke team to complete a CT scan to determine if it is safe to administer tPA, the drug that arrests the stroke. Time is critical. Healthcare is chock full of these kinds of workflows, executed every day in every hospital by the hundreds and thousands.
  1. It will provide technology that automatically identifies and provides an immediate connection to the right care team member for any given clinical situation—this is nursing’s greatest need! Your strategy should be to bypass third parties and eliminate all the manual tools and processes used to figure out who’s in what role right now given the situation at hand. Ignoring this need means you won’t achieve adoption, which means your organization will still be at risk.
  1. It should extend beyond any department and the four walls of the hospital. It should enable cross-organizational communication workflows. This is increasingly important under value-based care where care team members must collaborate across interdependent organizations to deliver better care.
  1. It should secure the creation, transmission and access of ePHI across all communication modalities—not just text messaging. Enough said!
  1. It should integrate with your other clinical systems to leverage the data within those systems to facilitate new communication workflows. This is key to enabling “real-time healthcare.”
  1. It should provide analytics to monitor your communication processes and continuously improve those processes over time.

With these capabilities in place, secure clinical communication simply becomes another positive result of implementing a broader care team collaboration strategy, designed to address clinical efficiency and improve patient care delivery.

Terry Hayes

Balancing act: Making data security a priority in daily nursing routines

By Terry Hayes  /  24 Mar 2016

Regardless of the hospital or specialty office, nurses are an essential piece of patient-centered healthcare delivery models. As a former pediatric nurse practitioner, I know firsthand the amount of responsibilities nurses juggle, all while maintaining the personal, bedside manner needed to ensure patients and their families feel comfortable and knowledgeable about treatment and care. Nurses are often the first and last point of contact to provide care for a patient, and a critical part of the clinical communication process, especially in the digital age.

Unfortunately, as healthcare data breaches surge and the need to prepare for HIPAA audits increases, nurses must also factor data security into their daily routines. Since 2010, the HHS Office for Civil Rights reported more than 1,400 breaches of unsecured protected health information affecting 500 or more individuals, and this number is expected to escalate. Given nursing’s dynamic role in communicating with team members across the care continuum (physicians, other nurses, patients, etc.), it’s important that nurses, as well as other healthcare professionals, are provided the right levels of secure connectivity to deliver quality care for patients efficiently.

Nurse must also understand the need for security in many of their day-to-day activities. Here are a few areas nurses must constantly keep in mind:

  • Within the care setting – Can the patient information be viewed (or heard) by anyone besides the patient? Are the connected medical devices in use secured? Could another care provider or visitor access the device if the nurse steps away momentarily? With the growing use of telemedicine, does the patient have the right set-up to participate in portals, video calls, etc.?
  • Outside of a care setting – Are documents sent to the correct printer and/or fax, and are those documents picked up quickly? Can non-authorized personnel easily access EHRs and other technologies? Are any BYOD technologies secure? Does the outside setting have appropriate procedures in place to assure patient confidentiality and, if so, is it monitored?
  • During a care transition – Do the appropriate care team providers have access to relevant information? Are any others that participate in care that should be considered? If so, what level of information should be shared with those providers? Are all communications channels, such as a voicemail or email system, fully secure and HIPAA-compliant?

While education is critically important to ensuring nurses understand how to keep patient information secure, it’s also important for hospitals and other providers to identify processes and technological solutions to improve security, meet HIPAA standards and protect the confidentiality and integrity of patient data. This is particularly true as nurses (along with the rest of the patient care team face) more pressures to meet the demands of value-based care.

Nurses: how do you make data security a priority in your day? What challenges have you run into while balancing efficient and personal patient care with security?

Terry Edwards

Insights from HIMSS16: Four key takeaways

By Terry Edwards  /  14 Mar 2016

Each year, thousands of health IT leaders come together over one week to network, collaborate and shine a spotlight on industry accomplishments, challenges and innovation at HIMSS. I’ve attended the show for the past ten years, and I’ve seen trends evolve over time – some fading quickly, others becoming a constant theme throughout the years – all representing the ever-advancing healthcare landscape.

This year, as I walked the HIMSS show floor and had conversations with other executives, physicians and vendors, I noticed the following:

  • The market is shifting beyond secure messaging – For three years I’ve been talking about the fact that secure messaging is an essential feature of an organizations clinical communications strategy, but it’s not sufficient in and of itself. We talked to more than one organization that experienced a failed secure messaging deployment. Having learned, those organizations and others are realizing that a secure comprehensive communication solution that can improve workflow is what is required. (It’s about time!)
  • Security continues to evolve as a top priority – Healthcare CIOs are viewing security as a major challenge, and one that must be addressed holistically. I spoke with one CIO who shared that one set of lost physician network credentials caused through a phishing scam required the reset of 20,000 user credentials – a major disruption to the entire organization. We also discussed the challenges for keeping information protected; it’s clear that more comprehensive security solutions are needed to avoid the disruptions and other setbacks caused by breaches. Healthcare security today must extend past the surface level and become integrated into workflow, communications, technology, etc.
  • Moving beyond Meaningful Use to optimization – For nearly a decade, Meaningful Use was king. Now that most providers have implemented EMRs, the conversation has shifted from fear of non-compliance to how we can do more with the EMR. More and more providers are looking for ways to optimize their EMR investment to leverage data, extend its usage and refine the technology so that it works more seamlessly within clinician workflow. Workflow plays such a critical role in care and physician coordination, and providers need platforms that are smart and holistic – ones consistent with reality.
  • Shifting viewpoints on the future of the industry – Depending on who you talk to, conversations around the state of the healthcare industry and its future, which were in no shortage over the course of the week, differ in tone. With many factors, such as regulations, driving change in the industry, it becomes easy to take on a negative mindset – physicians in particular become frustrated with balancing patient care, compliance, data and technology. One notable challenge is providers are having to figure out how to take responsibility for a whole episode of care when the patient’s full team of physicians may not all be in one system. However, innovation continues to lead the way, and this, too, was reflected in many positive conversations about the healthcare landscape today.

Healthcare will continue to build on what we have today, optimizing our existing technology to address broader issues, and do so much more comprehensively – raising new trends and challenges just in time for HIMSS 2017. See you there!

Save the date: HIMSS 2017, February 19-23 in Orlando, Florida

Don Dally

The outdated browser: breeding ground for cybercrime

By Don Dally, chief technology officer at PerfectServe  /  10 Mar 2016

Is your health system’s browser up to date? Too many organizations don’t know the answer to that question and are unaware of the consequences for using unsupported browsers. Or, if they do know the answer, they aren’t in a position to act on it.

Now is the time to check if your workstations are using the latest browser version available. Earlier this year, Microsoft announced that it was discontinuing support for Internet Explorer versions 8, 9 and 10. The discontinuation of this support may affect more people than you think. The loss of this support means Microsoft will no longer provide vital security patches for these browser versions, increasing vulnerabilities that go unattended, and leaving healthcare organizations wide open for attacks. This should come as no surprise to healthcare stakeholders, who’ve seen cyberattacks increase in recent years, especially in the healthcare industry. Hackers will find a way to exploit these vulnerabilities. It’s not a matter or IF, but WHEN.

There are two main reasons why outdated browsers linger:

  1. A clinical application doesn’t support modern browsers—Many healthcare providers are running older versions of browsers because they use a legacy application from a vendor that will not work on more contemporary browser versions. In basic terms, the application is holding them back.
  2. The provider organization is not updating the browser—If, for whatever reason, the provider is not updating its browser, it requires vendors to spend an inordinate amount of time and effort making sure their applications will work across the various (often outdated) browser versions used by their customers.

Browser upgrades are a two way street: providers must make sure they are using the most up-to-date browser version for vital security updates while vendors must make sure that their applications and solutions can support contemporary and future browser versions so they are not holding their users back.

How to keep current

Although browser choice can be an overlooked decision, it’s important that both vendors and providers stay on top of the latest versions. Here are some steps to help providers and/or vendors break the cycle of using outdated browsers:

  • Vendors should be held accountable for keeping pace with browser evolution
  • If you have a legacy application that requires an older browser, keep the browser on the workstation current and use virtualization to serve up an older browser for the legacy app
  • Ensure your organization has procedures in place to keep your browsers updated and properly patched

If you’re not sure whether you are using the most up-to-date browser, check here to see the newest version of your browser that’s available. We all have to step up to the plate and stay current. It is no longer an issue of convenience; it is a matter of patient privacy.