I’m liveblogging while attending the HIMSS Virtual Conference, Pursuing Healthcare Transformation Through IT, June 6-7, 2012. With topics ranging from mHealth to HIEs to data security, it’s a great lineup of knowledge sessions open to HIMSS members. View the full agenda.
Opening Keynote: Achieving and Sustaining the Meaningful Use of Health IT: A National Model with Local Lessons
Speaker: Michael Matthews, CEO of MedVirginia
Using ConnectVirginia, a statewide health information exchange (HIE) initiative as an example, he initially discussed the industry approach to HIEs.
We’ve set HIEs at a higher bar for financial ROI than most other healthcare decisions – instead, the goal should be for HIEs to demonstrate clinical value. HIEs need to be treated as part of standard patient care, and a necessary investment. HIEs also provide valuable data sets for population health analysis and statistics to help inform business decisions and healthcare trends.
The three phases of the health information exchange strategic road map include:
Initial Rollout – using a shared infrastructure
Mature, Grow and Scale – transitioning to a public-private model
Sustainability – national deployment, with interoperable exchange among private entities
One issue that needs to be addressed is meaningful trust. With a lot of different providers on a lot of different systems, the ability to create a standardized business model that can support all of these systems is challenging. Trust between two providers, as well as trust that the systems they’re using are secure is another challenge, as well as the patient-provider and HIE-HIE trust issues.
Another issue is the scale of the breaches with the advent of electronic systems. If there’s a breach or policy/procedure error, it may be very limited in the paper records world. But with an HIE, half a million PHI records can be left in a car, on a device – breaches have scaled up significantly in size with the advent of electronic record systems.
Technology has the shelf life of a banana – Scott McNealy
The quickly developing technology for HIEs leads Matthews to surmise that the average HIE system may last for 2.5 years at most. We are moving very quickly through cycles of our understanding of the technology and our understanding of what promotes the trust and policy/procedure framework around HIE. It’s important to recognize the challenges that the different generations of HIE creates – while we may invest in an HIE and hope it brings a ROI over the next few years, by that time, we may be in another generation.
Increased Access = Increased Risk: Mitigation Strategies to Protect Against Medical Identity Theft
Speaker: Bill Fox, JD, MA of LexisNexis Risk Solutions, Senior Director of Healthcare Speaker: Kimberly Little, Director of Market Planning, Identity Management
The state of medical identity theft today:
Medical identity theft is on the rise, as it can be more profitable than regular information.
The average payout for medical identity theft is $20,000 – that’s ten times as much as regular identity theft at $2,000. As a result, the street value is 50 times more for medical than regular identity information.
The greatest number of medical identity theft incidents in the US is found in southern Florida.
There is a rapid rise of organized crime in healthcare for medical identity theft. Large-scaled organized crimes accounts for 90 percent of identity theft incidents.
Another form of identity misuse involves an individual that may loan an uninsured friend or family member their medical ID information to get medical services.
Sources of medical identity theft is most frequently caused by family members, second is data breaches, lost wallet and stolen mail.
In the last 18 months, on average, there is a breach occurring every other day.
Top sources of security breaches include unauthorized access to paper records at 34 percent, while compromised laptop/handheld devices ranks at 24 percent.
The most recurring perpetrators of security breaches are almost always employees or former employees. This is why access controls and change management controls are a few of the most important to have in place to prevent a data breach.
Consumer Identity Management
While we all want more convenient ways to access our records, more risk is created due to the availability of more channels/devices and more people using online resources – all of this creates the need for more regulations.
Identity management as the framework – it enables the individual to access the right resource at the right time, for the right reason and given the right circumstance.
Far too often, healthcare organizations fail to implement the critical identity management steps to address their identity risk concerns.
How to determine what methods should your company use – questions to ask yourself:
What is the minimal amount of data i need to verify? What do we need to know?
How can i establish if my customer is the owner of the identity presented?
How can i address any identity-related compliance requirements?
Discovery – who are you, what and where are you? It may also capture ID/geolocation and device use.
After that, verification must prove that the information provided is valid. Verification is cross-referencing with authoritative source, may be an internal database or trusted third party.
Authentication is the last step as part of establishing identity. Biometrics, device authentication and knowledge-based authentication can help with this step.
One best practice is to ask only for the information required to authorize and allow access – limit your scope of personal information collected or passed through the system.
The problem with the growing smartphone trend is the current reality that smartphone owners experience a higher rate of identity fraud than the general public. 1 in 3 smartphone owners don’t update to a new OS, 1 in 3 save login info on their device, and 2 in 3 do not use a password on their phone at all, allowing anyone access to their phone if lost or stolen.
Roughly 40% of robberies in US major cities involve the theft of a mobile phone. – FCC Chairman in April 2012
Best practice to avoid this is to use a multi-layered, risk-based identity proofing:
Something you have (may be a valid prescription number)
Verification of registration data
Something you know: dynamic knowledge-based authentication
MFA (multi-factor authentication) has become mainstream – this may include adding one-time passwords and biometrics for higher risk transactions. [Online Tech’s use of two-factor authentication is another example of MFA – our second factor involves the use of mobile phones. Find out more in our two-factor authentication FAQ.]
A good authentication method should have a low total cost of ownership (TCO), a good user experience, and it should be usable with any system.
Care Coordination Technology in the ACO and Patient Centered Medical Home
Speaker: Adrienne White, MBA BSMT (ASCP)
Why do we want to coordinate care? The lack of coordination drives significant waste in healthcare. Improving access to care, improving technology and the ability to take data and make it actionable are a few ways care coordination can work to benefit patient care.
Care is coordinated and integrated across all elements of complex healthcare community – coordination is enabled by information tecnology including email, portals, EMRs and more. Care coordination is referred to as a neighborhood involving caregiviers, pharmacy care, nurse, workplace, social workers, payers, specialists, home and family, community and more.
What is the process for coordinating care?
Determine/update care coordination needs
Create/update a proactive plan of care
Most importantly: Who owns the care plan? The patient has to own the care plan or it doesn’t exist.
Communication needs to occur between healthcare professionals, patients/family; within teams of healthcare professionals and across healthcare teams or settings. Connecting with community resources to reach patients when they’re not in the doctor’s office is also important to improving care.
Creating policies so they’re living documents – never static. This is really the essence of improving patient care.
Overwhelmed by cloud chaos?We’re cloud experts, so you don’t have to be.