New project

Working on a new project that involves Healthcare, at @AARP age, mortality starts to set in the body, but I will not let it affect the mind. Like to think of myself as a Social Media maven; here is top of mind example. One of my classmates from the Paleozoic era (she is not) is a successful life coach. The Wikipedia definition: Life coaching is the process of helping people identify and achieve personal goals. Although life coaches may have studied counseling psychology or related subjects, a life coach does not act as a therapist, counselor, or health care provider, and psychological intervention lies outside the scope of life coaching (“Coaching — Wikipedia, the free encyclopedia,” n.d.). Could it be that the last sentence is inserted not to conflict with professional healthcare societies, not unlike wearable fitness trackers are not designed to cure or treat any disease, when part of their existence is to assist in just that? A great coach has a proven system but is adaptable to the skill set of their players. Professional and Collegiate Sports lead coaches to place their players in the best possible position to score and win. These are lessons that translate to real life. A doctor who provides guidance to colleagues about life balance and happiness is commended for walking the walk, not just talking the talk. Some medical professionals I know would be most happy if their mandatory compliance needs were met leaving the drama to others. The bane of their existence, the Health Insurance Portability and Accountability Act (HIPAA), has good odds of ruining a lot more than a day if not attended to. Civil penalties are steep from $100/violation for not knowing (you are assumed to know if in the business) to $50,000/violation for willful uncorrected neglect. Criminal penalties including Jail time, are more than possible (“HIPAA Violations and Enforcement,” n.d.). Clearly stated, ignorance is not bliss.

The big data revolution is upon us while not excepting many industries. Pain Management Healthcare is no exception. Health systems produce up to 2 terabytes of data per patient every year. Combined with the explosion of smart devices, computational power in the cloud and the growing pervasiveness of data science and machine learning algorithms, an entirely different realm of operational optimization suddenly becomes possible (Giridharadas, 2016, para. 4).This is news to me; all that data is subject to HIPAA Compliance. Larger healthcare networks deal with these data reams consistently. Dedicated resources and technologists are retained to navigate the stormy seas that are healthy. Smaller practices, not so much. Big data that can use predictive analytics, not unlike aviation or Amazon, can allow more outcomes for less cost, very important in the Obamacare era and what follows. The article mentioned the parallels with the airline industry; what was not mentioned is the relative dissatisfaction with some parts of that industry. LEAN methodology is the process of curbing fraud from a customer Point Of View (“What is Lean?,” n.d.). A bit wonkish and a resident of Academicstan, but as a former inhabitant in this decade, appreciation for the procedures behind what seems to be common sense with flowery words remains elevated.


Coaching — Wikipedia, the free encyclopedia. (n.d.). Retrieved from https://en.wikipedia.org/wiki/Coaching#Life_coaching

Giridharadas, M. (2016, March 31). This is how the future of hospital operations resembles air traffic control. Retrieved from http://medcitynews.com/2016/03/future-of-hospital-operations/

HIPAA Violations and Enforcement. (n.d.). Retrieved April 6, 2016, from http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-act/hipaa-violations-enforcement.page?

What is Lean? (n.d.). Retrieved April 6, 2016, from http://www.lean.org/WhatsLean

Ransomware, ER overcrowding

Ransomware is not going away

The Department of Homeland Security has issued an alert about this topic dated 3/31/2016 reported today about new variants of ransomware such as Locky and Samas are affecting hospital network computers throughout North America. In conjunction with Canadian Cyber Incident Response Centre (CCIRC) US DHS brings the subject into focus in an official capacity. The fear of doing something electronically increased this event and I can gather most of this is preventable for all of the usual suspects. Click on a link reflective action. Guilt based on network. Fear of being caught with hand in cookie jar. That sort of thing.

  • Employ a data backup and recovery plan for all critical information.
  • Use application whitelisting to help prevent malicious software and unapproved programs from running.
  • Keep your operating system and software up-to-date with the latest patches.
  • Maintain up-to-date anti-virus software, and scan all software downloaded from the internet prior to executing.
  • Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services.
  • Avoid enabling macros from email attachments. This means that PDFs so important to our business day may have to come from a third party source.
  • Do not follow unsolicited Web links in emails.

Sounds pretty boilerplate, does not it. Almost a “duh” moment. However, our job as IT pros is to prevent users from themselves.

ER Overcrowding continued difficulties

Having personal experience with a big-city ER on a weekend day got my attention for this story. When you have a system that requires the patients be seen regardless of condition and ability to pay in one of the richest countries in the world, issues arise. There are ways to mitigate this that some hospitals nationwide are doing, such as freestanding ER clinics. House calls for treatment conditions not requiring emergency care along with other “adventurous” options.

Community paramedicine or mobile integrated healthcare-community paramedicine (MIH-CP) is a new concept to me, which can include transport “ambulances” that are closer to the local community, such as Fire Stations and Community Precincts. Pair a Nurse Practitioner with a Paramedic and cover the most common illnesses in a vehicle at a cheaper rate than Medic and preferably on-site with telemedicine from the patient’s personal physician, or someone at “headquarters” that is staffing a “call center” to guide the patient through sticky wickets beyond the on-site staffers reach. Then an ER admission would be reserved for life-threatening or altering injuries or conditions. My situation would have called for urgent care, since an X-Ray was taken, looked at, and decided to place this on me so I can see a follow-up with an Orthopedic Specialist. Medicare and Medicaid in NC and some other states do not lend itself to other options that are not out-of-pocket upfront expenses. Not everyone can have BCBSNC, Aetna, or other private insurance regardless of subsidies and other aspects of Obamacare not brought up here. An ideal system would allow Urgent Care, CVS Minute Clinic, Walgreens’ Take Care Clinic, et cetera, to perform these functions as a health issue without being financially driven. Regardless where healthcare interactions occur, they must be protected and Compliance is not an option.

FRCA, CaaS

Does Federal Credit Reporting Act covers the Healthcare industry?

One of the suits against 21st Century Oncology notes that “FCRA requires any business that shares data for consumer credit reporting purposes to maintain reasonable procedures designed to limit the furnishing of data to the purposes listed in the statute.” Under FCRA, a person who receives medical information “shall not disclose such information to any other person, except as necessary to carry out the purpose for which the information was initially disclosed, or as otherwise permitted by statute,” the lawsuit notes.

That lawsuit claims that, according to the company’s notice of privacy practices, “21st Century Oncology collects and shares personally identifiable information and protected health information for purposes of collecting payment from insurers or third-party payers, subjecting it to the FCRA’s requirements to safeguard PII and PHI and limit unauthorized disclosures.”

CaaS Compliance as a Service

Buzzwords such as insert Letter as a Service is possible in Web 2.0 are commonplace. They only mean something to the web elite intelligentsia if you will. A S and G search on Google for CaaS; actually found some hits. I guess nothing is really original anymore or it would seem.