Blue Button Initiative Gains Momentum

The Blue Button initiative is a collaboration between government and private sector organizations that aims to connect consumers and patients securely and easily to their own health records. It is a model for interoperability, and it is gaining momentum.

The Blue Button symbol itself was first used by the Department for Veterans Affairs and the Department of Defense in 2010 on their patient portals. The Department of Health and Human Services (HHS) took over and ran with the Blue Button initiative in 2012, and since then has worked with other government departments including the White House, VA, DoD and the Centres for Medicare and Medicaid to grow the Blue Button brand and increase public awareness of the initiative.

As part of this expansion more than 500 private sector organizations have been brought on board and pledged support. Notable names on this long list include Microsoft, Aetna, United, Walgreens, CVS, Quest, the Mayo Clinic, AARP and the American Cancer Society.

But what exactly is the Blue Button initiative?

Breaches, Breaches, and More Breaches

Is there a day that goes by where the news headlines do not scream about yet another security breach?

From large health organizations, to retail outlet chains, to Apple, the headlines are relentless. The numbers thrown around are staggering. Last year $85 billion with a 'B' was fraudulently obtained through medical ID theft alone. As we have discussed in earlier articles, industry watchdogs expect 2015 to be the year of the hacker. I dread to think what number I will be quoting then.

Enough. I have hammered on in these pages time and again about security risks and breaches and ways to not get caught out. Frankly, at this point I think everyone out there gets it: The Internet is inherently insecure. The only way to remain secure is to disconnect, to step away from the Internet. Unplug your modems and routers. Tear out your cables and turn off your Wi-Fi. Of course, nobody is going to do that.

And yet we are aiming for National health system interoperability. I praise the goal and admire the work done to date, but in the dark recesses of my mind I wonder if such a goal is going to be actually possible.

Lifestyle Intervention Conference 2014

We are pleased to announce that Sigmund Software is a sponsor of the 2014 Lifestyle Intervention Conference. We will be on site and available to answer any questions and talk with you. Please feel free to drop on by Booth #410, where you can also enter our prize draw for a chance to win one of three Android smart watches.

During the 3-day event professionals will gather from across the nation to gain knowledge and build a network of resources to serve those struggling with addiction. Want to know more? Then read on...

Specify, For Effective Billing and Reimbursement

Until the move to ICD-10 is globally adopted, many physicians prefer to continue using the ICD-9 coding system.

Section I.B.6. of the ICD-9 manual advises that, "Codes that describe symptoms and signs, as opposed to diagnoses, are acceptable for reporting purposes when a related definitive diagnosis has not been established (confirmed) by the provider."

The key word is "definitive". In practice this means that unconfirmed diagnoses are best avoided as they may later incur denials and / or delays to reimbursement. The presence of doubt is sufficient to introduce delay.

Up to July 2014 the Medicare and Medicaid incentive programs have jointly paid out $24.87 billion, with roughly $16 billion going to Medicare and $8 billion for Medicaid.

CMS says that 92% of hospitals have received incentive payments. Of the possible eligible professionals (EP) that could have registered, 90% are shown to have done so. That is quite a remarkable adoption rate.

What is Strategic Risk?

Security is a minefield, and few places hold more danger of fatal misstep than the fields of electronic health records, interoperability, Meaningful Use, and patient engagement.

Ever larger security breaches are announced every day. I personally fear the ones which remain unannounced. The ones as yet undiscovered. Why? Because nobody gets up to close a door if they think it is closed. And that leads neatly away from the subject of security, to the subject of Strategic Risk.

It is a requirement for Meaningful Use and HIPAA that organizations create a written plan for worst-case scenarios. In some high-visibility headlines this has not been done and organizations have been penalized heavily. But that really is closing the stable door after the horse has bolted. Security is a moving target. Breaches will always occur. Taking that as a starting point, everything becomes so much clearer. The thing to remember is this: If it can happen, there is a good chance that it will. If a door is open, someone will eventually walk through it. So, plan for it.

Open Minds Technology Institute Conference 2014

2014 sees the tenth anniversary of the OPEN MINDS Technology and Informatics Institute conference, which this year focuses on the development of strategies to help health providers gain the most from current and upcoming technologies in the health and human service arenas.

The two main areas of focus this year are Service Delivery and Operations Management. The changes in service delivery methods, organizational administration, and management of daily operations which have come about during the past ten years due to the rapid pace of technological innovation have been game-changing. Where does this leave modern healthcare providers? And what of the future? These questions and many more will be answered by more than twenty five speakers and industry experts.

CMS Final Rule Expands Telehealth

Announced on Friday November 1, the Centers for Medicare and Medicaid (CMS) final regulations for the Medicare Physician Fee Schedule contain changes which will take effect on January 1, 2015.

Those changes include an increase in coverage for wellness and behavioral health, one of which will permit physicians to invoice $40 per month for patients suffering more than one chronic condition, that they have not seen physically.

A notable amendment to the final rule sees CMS easing the EHR requirement for eligibility to now permit submissions from both 2011 AND 2014 certified EHR's. Either certification will be allowed when claiming chronic care management payments during the 2015 fiscal year. This is in response to some provider concerns about the overall interoperability of their current EHR system, which may not prove flexible enough to support chronic care management services effectively.

Also, the CMS rules address the Affordable Care Sunshine Act in several key ways, particularly exemptions. Payments associated with accredited continuing medical education are no longer exempt and must be declared. CMS advises that group purchasing organizations and affected manufacturers will now be required to report any compensation given to physician speakers at educational events, in the majority of cases. The stated intent is to clarify the indirect payments which must now be reported to CMS when medical education is underwritten by stakeholders.

{loadposition Social}

True Tales of Technology

In the week following the OPEN MINDS conference, which focused on medical technology and all things EHR, this next item seems highly relevant. It is a story about data security and breach protection. It is a story which shows how easy it can be to be the unwitting source of a data breach.

I have worked in various sectors of the computer industry for many years. So has my lovely and talented wife. This is her story, one she shared with me about an event earlier this week. With her kind permission, I now share it with you. It goes like this...

A local wholesaler regularly purchases consignments of returned electrical equipment from a well-known outlet chain. Now, like any consignment purchase, some things are good and some are not, and you don’t know which is which until you unpack the skid. My good lady wife is on a retainer to go through anything computerish (a technical term curiously absent from most spell checkers) and see what still works, and whether it can be fixed. She restores computers to default, resets routers, tests printers, leaps tall buildings in a single bound, that kind of thing. Did I mention, she is talented?

In this particular consignment was a 1Tb hard drive, returned because it was apparently no longer working. Dead. Using her years of experience and trusty suite of diagnostic tools, the problem was identified and the drive fixed within minutes, ready for resale. Job, as they say, done. Or so you would think. But of course, that's where the story really starts... 

Fun And Prizes on the Exhibition Floor!

One of the many enjoyable moments from the 2014 OPEN MINDS conference was being able to participate in the Raffle in the Exhibit Hall. 16 Prizes were provided by various vendors, including Sigmund Software. There were really wonderful prizes ranging from gift cards to technology gifts which included Sigmund’s contribution of a UWatch, a universal Bluetooth Smart Watch.

Conference attendees were provided with a raffle card, on which were written many of the exhibitors names and booth numbers. Participants were required to visit each booth and obtain a signature on their card, then turn it in to participate in the raffle. It was a great networking opportunity and I enjoyed the sheer fun of the meet and greet!

Announcing the Winners...

Sigmund Software ran another Reward A Colleague contest recently, in which we again encouraged entrants to nominate someone from within their team for outstanding contributions.

The contest proved very popular with the OPEN MINDS 2014 conference attendees that came over to talk with Sigmund about some of the cutting-edge developments that we have introduced during the year. Yes indeed, we have been working hard to stay ahead of the field and maintain our reputation for ongoing development. We are always raising the bar. It's what we do. But enough about Sigmund. This is about you...

Sigmund at the CCPA 45th Annual Meeting

If you find yourself at a loose end in Hartford, CT, on Thursday December 14, please take the opportunity to come over to the Hartford Marriott Downtown (next to the Connecticut Convention Center) to take in the 45th Annual Connecticut Community Providers Association (CCPA) meeting.

The CCPA represents organizations that provide services and supports for individuals with significant challenges including children and adults with substance use disorders, mental illness, developmental and physical disabilities.

Are Practitioner Mobile Health Apps Secure? Not Always.

A growing number of apps are available on all platforms for self-help, personal fitness and medical monitoring. Practitioners are increasingly getting into the app market, with apps for patient management. Some of these may compromise data security, maybe even HIPAA. Here's how.

First, I want to avoid litigation. I am not therefore naming any specific app or vendor. Generically, then, this article is about broad strokes. To take one non-specific scenario to demonstrate the point: Medication reminders.

Some provider-provided apps contain medication calendars that not only remind patients when meds are due, but also allow them to confirm when those meds have been taken. Practitioners can monitor, and even send out alerts if doses are missed. They can also update dosages and frequencies via push notifications. This functionality allows practitioners to eliminate unnecessary appointments, and patients taking up seats in waiting rooms. That sounds fantastic, and is in fact really useful, but it could hold a sting in the tail.

Practitioners have no way to know who is holding the receiving device.

Dutch Engineer Develops Unusual Ambulance Network

This is the story of Alex Momont, a design engineer at the Technical University of Delft in the Netherlands. He recently graduated by presenting his Master Thesis, a research project that we will come to later. You should know that Alex is one of only five people ever to achieve a maximum grade during the fifty years that this University has been open. What he worked on is spectacular. No other word does it justice.

Background: In the European Union, around 800,000 people per year suffer a cardiac arrest. Ambulance response times vary, but average at ten minutes from first call. Irreversible brain death occurs at around 4 to 6 minutes after the heart stops beating. First responders know before they even turn on the ambulance siren that 8% of cardiac arrest victims will need to be pronounced dead on arrival. Enter Alex.

CMS Rule Proposal Would Defer Penalties By 3 Years

On Monday December 1st, the Centers for Medicare and Medicaid (CMS) Services released a 429 page proposal which if adopted will restructure the Medicare Shared Savings Program (MSSP) to give program participants up to an extra three years of grace before incurring performance penalties. This delay, in conjunction with the offering of an alternate model, is hoped to encourage Accountable Care Organizations (ACO's) to come on board and sign up for the Medicare financial incentive program for ACO’s.

An ACO is basically a collective, where all stakeholder participants (doctors, hospitals, other healthcare practitioners) coordinate purchases within their group, with the objective of reduced healthcare costs and associated improvement of patient outcomes. Cost benefits are shared among the members of the ACO, as are penalties. Both are based on whether performance benchmarks for quality of care are met, or missed.

FISMA Reforms Heading to White House

The Federal Information Security Management Act (FISMA) is the law under which Federal agencies and their departments are held accountable for the security of their IT. Under the current system, every three years agencies are required by FISMA to reconfirm the status and security of their IT systems and processes using what is effectively a rubber-stamp check-the-box process to attest that all due diligence was performed, without any monitoring or verification.

On December 10-11, Congress enacted reforms to FISMA which would see this process change from a tri-annual event to one of continuous authorization and ongoing monitoring. Those changes are heading up Capitol Hill to the White House and will be the first major change to cybersecurity legislation since FISMA was originally enacted in 2002, twelve years ago.

Medical Data Security Is In Your Hands. Literally.

Every week this year has seen more security breaches of technology companies. The latest story to hit the news shows you don't always need a computer to breach security.

A respected Alabama institution was on the receiving end of bad news this week when the U.S. Department of Justice sentenced their ex-employee to a two year prison sentence and ordered him to pay $19,000 restitution after pleading guilty to aggravated theft of medical records. Physical, paper records.

Federal prosecutors testified that Kamarian D. Millender (and several others) used this personally identifiable health information to falsify around 100 tax returns, affecting over 70 individuals. The false tax returns would have defrauded the IRS by an estimated $536,000. Although the IRS successfully stopped many of the claims, some got through, to a value of $18,915. Bad though this is, it is only the tip of the iceberg.

About the Human Factor

Regular readers will know that we have written many times of the Human Factor in regards to security, and the importance of double- or triple-checking for potential loopholes. The “What if?” question. The recent news story of an Alabama health organization employee using paper records and PHI to defraud the IRS sadly highlights the need for such thinking. One bad apple, as the saying goes, spoils the whole barrel.

It is important to realise that good security not only protects patients, but also the organization and the individuals within it. We are all in that barrel together. When a security issue is identified, until a clear culprit is identified everyone is under suspicion. Everyone. If a culprit is not found, that cloud continues to loom. Workers start watching each other. Friendships and working relationships are lost. Tension builds and factions form. The whole thing can escalate to the point where an organization falls apart from the inside. Cue angry villagers with pitchforks.

Happy Holidays from Sigmund

This diverse world in which we live has many cultures, and many religions. Many do not celebrate Christmas. With this in mind, we at Sigmund Software would like to wish each and every one of you a non-denominational Happy Holiday!

This is also traditionally one of the hardest times of the year for those struggling with mental health issues and addiction problems. Sigmund Software grew from a team of experienced healthcare practitioners that specialized in Behavioral Healthcare, and so we know from experience that anxiety and depression are rife, and that what is the Season of Goodwill for some is far from that for many others.

The Biggest Health Story of 2014 Was...

The ALS Ice Bucket Challenge.

This unprecedented, unsanctioned and unscheduled charity fund raiser somehow went viral overnight. Nobody knows exactly where or how it began. There are many versions of that story around. Whatever started the avalanche, it was the feel-good story of the summer.

The rules were simple: Within 24 hours of being challenged, participants must record and post to the Internet a video of themselves having (at a minimum) an ice bucket full of ice and water over their heads. They then say why they are doing it, then nominate three others of their choice to take the challenge.

And so it grew...