06-07-12 | Blog Post
Speakers: Brad Tritle, BA, CIPP and Jon Mertz of HIMSS Social Media Task Force
While 1 billion of people are on social media, 80 percent of U.S. hospitals are not.
Interaction and collaboration are the important elements of social media. It’s about a community and a conversation about important issues, with the exchange of ideas and viewpoints in order to learn about different perspectives.
Apps/social media are being integrated – the running app connects over 7.2 million people around the world to Twitter and Facebook that tracks your run and times.
Apps for people with conditions are also being developed. One example is bant, an iphone app for adolescent diabetes. They found a lot of people are looking for support on Twitter and a diabetic community to discuss issues. They combined the glucose monitor with a gaming app that rewarded them for taking readings for their diabetes, and they could connect with other diabetics.
Physician blogs are a growing trend, improving the provider to consumer to provider communication model. One example is a blog run by Bryan Vartabedian, MD, that blogs about healthcare topics, trends, and how to use social media effectively. Another is Seattle Mama Doc, Dr. Wendy Sue Swanson, who blogs about pediatric health in conjunction with the Seattle Children’s Hospital – her blog is actually part of the hospital website.
Provider-consumer communication is also valuable for disaster communications – one example is the Fort Hood shooting that brought 10 victims to the Scott and White Hospital in Texas.
Device companies are also using apps to connect devices to social media – one example is a scale that can post their weight or BMI, providing accountability and a method of seeking support. It can also be used to track the growth of a newborn for remote relatives that may want to keep up with family.
Online forums and support groups for parents of diabetic children provide a community – life sciences companies are funding these type of ventures. There are also online physician communities that provide provider-provider communication, allowing physicians to collaborate on drugs, devices and other clinical issues.
When it comes to public health – the CDC and other public health entities are online and on many different communities. The CDC has 35 Twitter accounts, 12 Facebook profiles, YouTube channel, Flickr, 21 blog categories, 41 widgets for your website, and they also publish a health communicator’s social media toolkit. The toolkit is more of a pragmatic, strategic plan for social media for a number of employees. Other public health entities include the Arizona Dept. of Health Services and Springfield-Greene Country Health Dept. that use social media as a tool to learn what consumers need from them.
Social media ROI can be measured by the number of followers, or trending topics resulting in actual health procedures. But some say measuring social media ROI is similar to measuring email or phone ROI – social media is just another tool to improve communications.
As always, privacy and security are concerns, and abiding by HIPAA can mean being careful about what type and how much information patients and providers can share online. Patient names or any personally identifiable information should never be shared via social media channels.
Clear social media policies are needed, concerning two parts:
1. Include company values, citation of patient privacy rights and advice on the appropriate use of online disclaimers.
2. Gives employees best practices on how to provide realistic value to their readers through accuracy, accountability and professionalism. – From the Kaiser Permanente social media policy.
How will social media affect healthcare? Meaningful use and social media can become integrated to improve patient care, becoming engaged with consumers can be one way to improve healthcare. Consumer responsibility for their own health can come as a result of consumer engagement/empowerment.
We define social health as health and wellness by the people, for the people. – Thom Brodeur, EmpowHER
Speaker: Rebecca Herold, CIPP, CISSP, CISM, CISA, Information Privacy, Security and Compliance Consultant, Rebecca Herold & Associates, LLC
Rebecca did a HIPAA audit on a government agency that had over 1,000 business associates – it took over a year to mitigate risk. HITECH expands the HIPAA rule to reach business associates directly – the sanctions that used to apply only to covered entities now apply to business associates as well.
Any cloud provider that provides hosting is considered a business associate. The security rule requires business associates to ensure the confident, privacy, integrity of PHI and protect against any unauthorized uses or disclosures. This also requires doing assessments as part of a breach notification plan.
State attorney generals have already taken action to enforce HITECH/HIPAA rules. HITECH has increased the amounts of possible fines. Multiple significant sanctions have been applied, running into the millions of dollars.
Meaningful use is an umbrella term for the rules that hospitals have to meet to qualify for incentive funding from the ARRA.These are also known as reimbursement incentives. Fax transmissions are explicitly covered under this requirement, and count for a large amount of patient information exchanges.
Malicious intent and mistaken use do account for a significant amount of breaches. It’s important to recognize where the risks are, and then put controls in place to mitigate them.
One hospital found they were using the wrong fax number for two years to send patient information out.
Other fax risks include stand alone fax machines and physical access to documents – anyone that walks by can pick up faxes. Fax machines are often seen as goldmines to thieves because they are often unsecured. Faxes sent over public networks can also be intercepted, and misdirection is one way health information can be exposed.
Fax risks include a high number of mistaken numbers and email addresses. One example is the Children’s Hospital of Orange County had faxed patient records to the wrong locations, including other doctors and auto shop – no one notified the hospital of their mistake. The lack of knowledge can contribute to fax mistakes. Many offices do not offer formal training on how to fax information securely. One example is the doctor offices in Tennessee that accidentally sent patient information to an Indiana businessman’s fax machine for over three years without realizing it.
Server hacking, malicious code and sending faxes to others from your fax servers are forms of malicious intent. A large number of breaches have also occurred through improper disposal or not removing data from fax disk storage/removing papers from flatbed or paper tray. Many businesses do not and it’s very common with printers as well. Many businesses found faxes/printers bought from secondhand stores still had patient information on their disk storage.
How to safeguard faxed information? First, assure someone has responsibility/authority to establish policies/rules around how faxes are used, then establish if people are using faxes securely/appropriately. Identify any risks to the information, then identify the appropriate controls to mitigate these risks.
Establishing procedures on how intended recipients communicate is another way to safeguard faxes. Use cover sheets, establish callback numbers, encrypt data, and use passwords and physical access controls.
Safeguarding faxed information includes identifying compliance requirements, regulations, state laws and other specific to certain types of information. Complying with your own organization’s policies and meeting contractual requirements are also ways to safeguard info – have you signed a business associate agreement?
Updating existing policies to address requirements, risks, laws and creating procedures to support these policies can ensure your PHI is safe while in transit. Implementing technologies to safeguard health information, such as logging and tracking the use and access to faxes can also keep PHI secure.
Speaker: Chris Patterson, IT Administrator, Florida Heart and Vascular Associates
Only 11 percent of doctors primarily use electronic charts, meaning 89 percent across the nation are still using paper charts in their practices.
Chris presents a case study of the Florida Heart and Vascular Associates fax technology situation. With 9 providers, 50 employees, 50 workstations, 75 office visits daily, 30 diagnostic tests daily, and 40 labs daily, their intra-office communication adds up to around 500 faxes or 50 faxes per patient per day.
The office was faced with the problem of too many fax machines that weren’t collocated and couldn’t talk to each other – they were only capable of outgoing/incoming messages. They were in different locations, unreliable and required a lot of maintenance.
Being in the referral industry, they have to have good communication with doctors in order to continue being in business. But the faxes resulted in a lot of busy signals, jobs waiting in queue, employees waiting for faxes, and large stacks of incoming faxes; this made communication inefficient.
They decided to go with the OpenText Fax Solution to simplify and save time, paper, provide security, accountability and create a single entry/exit point for all records communication. Doctors can access their faxes remotely from home or on their phone. It can be routed through their secure network.
Results include protection – they didn’t want people faxing to the wrong person/wrong time. They found the average loss of a data breach suit would cost them $75,000 per patient to settle a dispute over sending PHI to the wrong person. They also wanted a 7-year digital archive to achieve HIPAA compliance standards.
They also wanted to significantly increase productivity and keep the rate of referrals steady with a dependable, always open fax line that, in turn, results in faster responses and happier physicians. With their new solution, they are able to schedule jobs at night and avoid busy times. Now there’s no waiting for faxes. Contacts are all listed on the fax and online, as well as through Outlook.The outlook integration gives PDFs, number of who they sent it to, and an archive of their communications.
Their savings included avoiding the cost of a new fax machine, saving 2.5 full time employees, and they reduced paper by 500 sheets per day. They also saved money on toner and maintenance contracts.