Cloud Security, HIPAA Compliance Deter Hospitals from Cloud

I have seen this in action with interactions with my region’s dominant medical network provider. On the date this blog post was made, I had an appointment with the Sleep Medicine service and found out that they could not remotely view my CPAP data due to older equipment not having cloud access built in despite an internal modem and SD Card recording mainly compliance data. Since the machine is doing what it’s supposed to do, there is no rush to upgrade.

Healthcare organizations are conservative in technology by nature, due to government regulations and best financial practices, among other reasons. The three biggest Cloud Service Providers, Amazon Web Services, Microsoft’s Azure, and Google Cloud are all HIPAA compliant, so that is not the reason for the reluctance. There are a significant number of organizations, 40% (Donovan, 2018), that have yet to act on a successful migration to the cloud, whether it is a full or hybrid version; I get that. The trend, despite political opposition, is to pursue a managed care and/or a single-payer system, such as Medicare, Medicaid, and Veterans Health. Their hands will be forced as the revenue per patient constricts while compliance expenses increase.

While Electronic Health Records placement in a cloud has a relatively low starting point, the integration into existing networks can be costly. However, 58 percent of our healthcare survey respondents stated that cloud is inexpensive to buy, but expensive and/or difficult to implement and integrate with other resources – highlighting an often-overlooked aspect of cloud costs that can be difficult to quantify (Anonymous, 2015). Connectivity to the cloud has a cost to it, and in rural areas, may not be available at the speed and reliability necessary for real-time access to information that is necessary to operate efficiently. The previous statement is a rationale for a hybrid cloud, which means local IT support replicated to the cloud increasing the cost, which gets passed on to the healthcare consumer.

The takeaway from this is “hang on, it is a bumpy ride”; well worth the effort to get to personal patient control of information and costs.

Cloud security, HIPAA compliance, and privacy are the three primary concerns for hospital CIOs who have considered using cloud-based applications.

Source: Cloud Security, HIPAA Compliance Deter Hospitals from Cloud


Continue reading

Advertisements

Amazon Rekognition Achieves HIPAA Eligibility | Amazon Web Services

This is quite the breakthrough. Now some advanced services can be developed that will satisfy HIPAA requirements, which will allow better patient outcomes and secure effective data.

 

Amazon Rekognition is a deep learning-based computer vision service that makes it easy to add image and video analysis to your applications…See more here.

HIPAA and Amazon Web Services

38e028a6-3f8a-4cb4-87aa-46f0dd58a0b9

The Amazon Polly service that is offered on AWS converts text to speech among other things can now be incorporated in services that must have HIPAA compliance. This can open up new avenues to actually serve medical customers in a way that may be appealing to the end user, and ultimately cost-effective. This would especially be a service that a startup can develop and reach the Medicare/Medicaid/VA market; one that will cover most everyone though not right away.

via Amazon Polly Achieves HIPAA Eligibility

EHR & our healthcare system, match made somewhere?

EHR & our healthcare system, match made somewhere?

Electronic Health Records are a good thing, except when they are not. Being disabled, medical professionals are a major part of my life. Interactions with them, for the most part, can’t be avoided. I consider myself a geek and reasonably wise to electronic communication means. I even have a working knowledge of HIPAA and all that entails. Coming to grips with the utter lack of EHR implementation at the consumer level is difficult to deal with. One of the providers has a reasonably popular medical specific web portal. It’s not very functional, but it exists. Another group is part of the region’s largest system. My mind struggles with the concept of a total lack of confidence in modern medical communications and associated technology. Having a secure HIPAA compliant communication portal, app, or even Whatsapp, which is 100% encrypted, suitable for transferring files that can be imported into the record keeping that all facilities are mandated by law to control. As the nation nudges toward a single payer system, despite current politics, inefficiencies become sore wounds and costly. The lack of portable EHR with a common format for the secure interchange of data will come back and bite the clients who are in no position to weather the outcomes. Nobody, not even TPTB, wins in that environment.

Recently, I had a doctors appointment with my family physician. What is interesting about this event? He carried a tablet with a keyboard dock with him as he discusses with the patient. All of our conversations are transcribed and available for reference. The rest of the office only has the standard technologies; desktop computers, printers, faxes, that sort of thing. I printed out the most recent list of medications, and the staff either scanned or typed the information in their systems; couldn’t tell which, and it didn’t occur to me to ask.

As I was researching this post, there are few events in life that haven’t happened to someone else, this being no exception. As early as five years ago, this entered my view:

Healthcare facilities need to work with providers to make it easy for them to deliver excellent care. This includes having ready, instant, and continuous access to complete patient records – access resulting from compatible EHR systems and dependable computer networks. Standards must be set and enforced that allow compatibility across systems. A start has been made in this direction, but it needs to progress quickly yet carefully (Tong, 2012)

If any of my interactions are any guide, these lessons were not learned nor executed. And that is a shame really. Anything close to a potential utopian solution must have the free and fair interchange of Electronic Health Records while automating as much of the nonclinical minutiae of the American Health Care system; even if it remains a continuation of the Affordable Care Act.

Continue reading

FDA Announces New Steps to Empower Consumers and Advance Digital Healthcare

I wondered out-loud in a draft version of this blog post the following:

I cannot tell if this is the career politician FDA speaking or what, and frankly, this shouldn’t be an issue with any administration, but it sure is with this one.

Upon further review, this is the type of announcement was expected and favored; and consistent with the history of the FDA Commissioner, a political appointee of POTUS45. I fully understand the temptation to speed the process up of software when it comes to medical capabilities. This process has been thought carefully, but two things stand out for me.

  1. HIPAA is the law of the land when it comes to digital medical records. This is a complicated system; that is where we are. How does this idea of a pre certification tie into these requirements? Blog posts on this subject here, here, here, and here.
  2. All of this is moot if the majority of citizens can’t access it due to not being covered under Medicare and Medicaid; the very constituency that can be best served by digital medical options in software including telehealth initiatives.

As for point #2, the rules for current Medicare reimbursement are found here (PDF) and are in my opinion, lacking. A change of mindset when it comes to payment overshadows any other aspect of our current system. In my ideal health care system, there would be Medicare for all with the private insurance market to fill gaps similar to Medicare Supplement policies of today and to “jump the line” in services for a fee. Digital medical options, such as Telehealth and Software based Medical Case Management would be included in the base Medicare and Medicaid plans.

FDA Announces New Steps to Empower Consumers and Advance Digital Healthcare [Official]

Continue reading

Photo Security and HIPAA

HIPAAThis was a story that I did on the subject of HIPAA, but was never published at the original time. As about a year has passed, the volume of data has increased significantly, which shows no sign of abating. With big data and artificial intelligence being current buzzwords, lest we do not forget the compliance issues that are involved. Both of the main cloud providers, Amazon Web Services (Manager & lowella@amazon.com, 2017, p. 5) and Azure (Stevan D. Vidich, 2014, p. 2), are both HIPAA compliant right out of the box. This is not to exclude other providers, but they are the main players in mindshare and marketshare. Amazon is the clear dominant leader  (Joe Panettieri, 2017, para. 4), but Microsoft can never be counted out.


Joe Panettieri. (2017, February 9). Cloud Market Share 2017: Amazon AWS, Microsoft Azure, IBM, Google. Retrieved April 18, 2017, from https://www.channele2e.com/2017/02/09/cloud-market-share-2017-amazon-microsoft-ibm-google/

Manager, & lowella@amazon.com. (2017, March 25). HIPAA Compliance – Amazon Web Services (AWS). Retrieved April 18, 2017, from //aws.amazon.com/compliance/hipaa-compliance/

Stevan D. Vidich. (2014, April 22). Microsoft Trust Center | HIPAA and the HITECH Act. Retrieved April 18, 2017, from https://www.microsoft.com/en-us/TrustCenter/Compliance/HIPAA

How HIPAA can do many things at the same time

Being of AARP age and also a consumer in the ‘healthcare’ system that we have in America, the barriers to full adoption of a now 20-year-old law remain, and they shouldn’t. I guess there is not enough money in doing the Portability part of the HIPAA. The whole reason for digital is to be more accurate, save money, and prevent unnecessary medications and side effects. It isn’t like this is new code, and all health providers must play along, size is not an excuse for compliance. There has to be a better way, and this article makes their case for it.

http://blog.aarp.org/2016/06/10/how-hipaa-can-maintain-privacy-enable-exchange-of-electronic-health-records-and-improve-patient-care-at-the-same-time