AMT Blog

This white paper from Institute for Health Technology Transformation defines three different structures for ACOs: integrated, collective, and combination. Integrated ACOs are centrally owned and operated, arising organically as a function of growth and acquisition of providers. Collective ACOs manage care across a network of providers but may not actually own an interest in any of the practices or hospitals in which they coordinate care. Combination ACOs share similarities of both Integrated and Collective ACOs and tend to have a range of different agreements regarding clinician compensation and patient care management.  

The report begins by describing in detail the three different structures for ACOs, and also explores the current accountable care models. The report addresses the characteristics of an ideal ACO model, and also highlights the overall importance of technology and how any organization looking to become an ACO must accurately assess its current IT capabilities, and what IT assets will be required to realize shared savings.

Click here to download:

ACO_Report.pdf (1.47 MB)

(download)

Click here to download:

ACO_Report.pdf (1.47 MB)

Read more…

After nearly a year running as a pilot trial, an open source (OS) electronic patient record (EPR) system is due to be rolled out more widely at London's Moorfields Eye Hospital in November 2011.

Bill Aylward, a consultant ophthalmic surgeon at Moorfields, described the thinking behind the development of the ‘OpenEyes’ opthalmology project and the expected benefits, both to patient care and in terms of cost savings, in a UK daily newspaper interview.

According to Mr Aylward, open source might prove more suitable than commercial systems developed for the National Health Service (NHS), such as the care records programme. Instead of high costs – as ‘OpenEyes’ is free software and without licence fees – he believes that with improved efficiencies and the phasing out of paper notes, adopting the OS system could save several million pounds within three years.

One of the main goals Mr Aylward described is that of improved patient care. He explained that the patient information needed by a doctor can be stored in many different repositories, with some trusts being rumoured to have hundreds of different clinical systems in which data might be stored. He added that one of the key aims of ‘OpenEyes’ is to give the doctor access to all the data needed on one screen. 

The project is led by Moorfields, but is now receiving increasing support from other ophthalmic units including those at St Thomas' Hospital, Manchester Royal Eye Hospital, Maidstone and Royal Victoria Eye and Ear Hospital. The project website gives screenshots of the software in use and details of the "elements" used for the input and display of clinical data. The documentation available is extensive, and states that the project is committed to "using open, preferably internationally but otherwise more locally agreed standards wherever possible."

Read more…

It seems that this question has now been answered. According to Apple, calls made via FaceTime can be HIPAA-compliant with the appropriate security configuration. The news that this ubiquitous, free communications platform meets these rigorous standards has potentially wide implications for how patients, physicians, and others in healthcare communicate.

To be fair, its not quite as simple as just opening FaceTime and calling your patient. Specifically, the WPA2 Enterprise configuration provides an extra level of authentication when establishing a wireless connection. WEP does not provide the appropriate level of security, and WPA and WPA2 personal settings are questionable. FaceTime calls are fully encrypted as well.

According to an email from Apple to ZDNet:

iPad supports WPA2 Enterprise to provide authenticated access to your enterprise wireless network. WPA2 Enterprise uses 128-bit AES encryption, giving users the highest level of assurance that their data will remain protected when they send and receive communications over a Wi-Fi network connection.

In addition to your existing infrastructure each FaceTime session is encrypted end to end with unique session keys. Apple creates a unique ID for each FaceTime user, ensuring FaceTime calls are routed and connected properly.

FaceTime has numerous potential applications in healthcare. Simple applications include a primary care provider communicating with his or her patients or a hospitalist checking in with a patient when they can’t get to the room. It also opens the door to more complex apps utilizing the iPad and iPhone 4 forward-facing cameras as part of telemedicine systems.

This is favorable from a financial standpoint, since only HIPAA-compliant devices are eligible for government grants. As such, the iPad may now find further use in telemedicine programs, particularly those seeking to back up their interventions with data. With the prospect of increased federal funding and the growing popularity of telemedicine, the timing of this announcement could prove to be particularly fortuitous.

One interesting question, particularly in light of the recent FDA meeting, is what kind of regulatory attention this may attract for FaceTime. Intended use, a heavily debated topic at that meeting, could prove to be particularly complex here – a consumer app with healthcare applications that are, to some extent, being promoted by Apple.

FaceTime has the potential to broaden the exchange of information among physicians, provide greater convenience to patients, and improve the quality of patient care. The assurance of a secure connection may prompt more physicians to adopt iPads in practice for communication as well as other uses, though it may be prudent to await confirmation from a regulatory body.

Related Links:

ZDNet
MacRumors

The EMR can be defined as the legal patient record created in hospitals and ambulatory environments that is the data source for the EHR. It is important to note that an EHR is generated and maintained within an institution, such as a hospital, integrated delivery network, clinic, or physician office, to give patients, physicians and other health care providers, employers, and payers or insurers access to a patient's medical records across facilities.

If you're looking to learn more on EHR check out this video produced by AllScriptsTV.

Want to learn more about some of the benefits and challenges associated with EHR?

Hear what the experts in the field of EHR says about it.

Don't like to miss out any of our posts? Do Subscribe to our Feed

As information technology pervades every aspect of healthcare, complying with federal regulations on patient privacy and security is becoming an even bigger issue.

More often than not, it's human error and process mistakes--not the technology itself--that have caused the biggest HIPAA violations. Earlier this year, the Department of Health and Human Services began listing health data breaches affecting 500 or more individuals on www.hhs.gov. As of late August, 306 HIPAA violations were listed on HHS's "Hall of Shame" site, most of them involving stolen or lost computers, USB drives, or documents, not hacking or snooping.

In one of the largest penalties so far since the revised HIPAA rules were signed into law under the HITECH Act in 2009, Massachusetts General Hospital in February was fined $1 million to settle what HHS called "potential HIPAA violations" related to the loss of paper documents listing names, appointments, and other information for 192 patients of Mass General's infectious disease outpatient practice. A Mass General employee commuting to work left the documents on a train.

According to HHS, the government's investigation of the incident indicated that Mass General "failed to implement reasonable, appropriate safeguards to protect the privacy of PHI when removed from Mass General's premises and impermissibly disclosed PHI potentially violating provisions of the HIPAA Privacy Rule."

The revised HIPAA regulations have forced IT organizations to put more emphasis on data in transit, says Mony Weschler, director of ancillary informatics at Montefiore Medical Center in New York. When it comes to electronic communications with patients, "it's not just as simple as cutting a report and emailing it. You can't do that," Weschler says. Rather, healthcare providers need to set up secure passwords and IDs, and then provide patients with links to patient portals to pull reports up, he says.

Securing patient data on mobile devices--which are at the center of many of the data breaches reported on the HHS site--isn't an issue for Montifiore. "We don't store patient data on devices like smartphones and iPads."

Unfortunately, securing doctor-patient communication isn't the only HIPAA issue keeping IT managers up at night. Any data exchanged among clinicians also has to be secure.

Dell, through its Perot services unit, offers products and services to address those needs. Its cloud-based services, for instance, can encrypt medical images "three ways, before, during, and after" transmission, says Dave Marchand, Dell's health and life sciences CTO.

Read the complete story…

What are the other challenges your IT department is facing due to the revised HIPAA regulations? & How do you cope with all of that? Share your thoughts in comments section below.

The HIPAA Eligibility Transaction System (HETS) is intended to allow the release of eligibility data to Medicare Providers, Suppliers, or their authorized billing agents for the purpose of preparing an accurate Medicare claim, determining Beneficiary liability or determining eligibility for specific services. Such information may not be disclosed to anyone other than the Provider, Supplier, or Beneficiary for whom a claim is filed.

There are two ways to inquire for eligibility. CMS offers an Extranet-based X12N 270/271 Eligibility System (HETS 270/271) for high volume Providers who frequently check Medicare eligibility. CMS also is currently pilot testing an internet-based User Interface (UI) System (HETS UI) for Providers who check Medicare eligibility infrequently.

The HETS Help site is designed, in conjunction with the MCARE Help Desk, to provide technical System support to CMS business partners for the initiation, implementation, and operation of the Medicare HETS UI Internet application and the HETS 270/271 application - Extranet Transaction Submission. This information is provided to assist external business partners with connectivity, testing, and data exchange with CMS and to keep users informed of any system issues that may arise.

HETS 270/271

The HETS 270/271 application allows Providers or Clearinghouses to submit HIPAA compliant 270 eligibility request files over a secure connection. All HETS 270/271 submitters must obtain a secure connection to the Medicare Data Communication Network (MDCN). HETS 270/271 submitters must also develop or acquire a mechanism to construct and send 270 eligibility request files and receive and deconstruct 271 eligibility response files in a real-time environment. The HETS 270/271 application supports real-time transactions only; the application does not accept batch transactions.

If you are interested in the HETS 270/271 application, your organization must obtain an AT&T Global Network Service (AGNS) connection to the MDCN network. An AGNS connection can be obtained from one of the authorized AT&T Resellers: IVANS or McKesson. More information on how to connect (including contact information for IVANS and McKesson) is available on the "How to Get Connected – HETS 270/271" page.

NOTE:  If you are an insurer inquiring about how to submit 270 transactions to Medicare for Medicare Secondary Payer (MSP) Mandatory Reporting purposes, please refer to the Mandatory Insurer Reporting website link found under the "Related Links Inside CMS" section below.

HETS UI

The HETS UI Internet application provides users with a direct front-end interface to submit Beneficiary eligibility information requests. The user is able to submit transactions by entering Beneficiary information and receive a real-time response online. Thus, the user does not need to be concerned with X12 formatting, any transaction set formulation, or an AGNS connection to the MDCN network.

Click here to download:

HETS270271CompanionGuide.pdf (672 KB)

(download)

Click here to download:

HETS270271CompanionGuide.pdf (672 KB)

Read more…

Are you thinking about building HIPAA Compliant Apps for your business? Contact AMT here.