The pMD Blog

Welcome to the
pMD Blog...

where we cover interesting and relevant news, insights, events, and more related to the health care industry and pMD. Most importantly, this blog is a fun, engaging way to learn about developments in an ever-changing field that is heavily influenced by technology.

POSTS BY TAG | HIPAA



In part one of this series, we talked about the health care technology landscape that has contributed to a state where rarely does one system hold a patient’s entire, or current, health record. Rather, in many cases, pieces of information are scattered across a variety of different systems operated by the various providers involved in a patient’s care. Fortunately, health care providers are required by law to give patients access to their health data. We previously walked through the process one might follow to obtain copies of their health records, now it’s time to determine how and where to store that information.



Storing Health Records in Secure App, the Best Way to Manage the Data


Why go through the trouble of compiling all of your health care records? The short answer is so that you can have them easily accessible when you need them most. In today’s world, the vast majority of people own a smartphone, which they take with them wherever they go. Because of that, we’d argue that organizing and storing your health records in a secure app, on your phone, is by far the best way to manage your health care data.  As of Q4 of 2020, there were 51,476 iOS apps listed under the “medical” category in the Apple App Store, and 49,890 Android apps in the Google Play Store.



What to Look for When Choosing an App to Store Your Medical Records


So what should you look for when choosing an app with which to entrust your sensitive information?  First and foremost - it should be HIPAA-compliant. But what does that mean from a technical perspective?  Look for references to encryption, emergency access, secure backup, and biometric, or “two-factor” authentication. It’s important that if you leave your smartphone sitting out, someone can’t just pick it up and look at your lab results, or a recent communication with your doctor without first scanning their face, or finger, or entering a password.


Similarly, if you were to lose the phone, you’d want to make sure anyone trying to pull data off of it would be prevented from accessing the health care app’s database due to the use of strong encryption. On the other hand, when you got a replacement phone, you wouldn’t want to rebuild your centralized health record database from scratch. Look for an app that makes reference to securely backing up your data and try to understand upfront what the process of recovering your information involves.


Finally, and arguably the most important item to consider is data transmission and control. A driving factor behind curating your own health records is the ability to grant access to relevant parts of it to providers involved in your health care. Consider choosing an app that has convenient tools for sending and receiving health information between you and your doctor easily and securely. The app should let you choose the means by which you transmit your data and should provide an avenue that’s encrypted end-to-end.


And finally, do some homework on who built the app. Pick a company that is oriented around improving patient health outcomes by providing better continuity in health care data, not one that’s out to make a quick buck by monetizing your health records. At pMD, we care deeply about empowering both patients and providers to have a higher quality, delightful health care experience.




 

To find out more about pMD's suite of products, which includes our charge capture and MIPS registry, billing services, telehealthsecure messagingclinical communication, and care navigation software and services, please contact pMD.

Related Articles:

Grab Your Healthcare By the Data Part 1:Collecting Your Records
* What Makes pMD Video Chat HIPAA-Compliant?


Most of us see a variety of health care providers for everything from routine primary care, to specialty treatment for chronic conditions, to lab tests and x-rays, to procedures for injuries. In the United States, it’s likely that each individual practice and facility will have their own system(s) for storing the health records associated with the portion of your care that they rendered. However, those databases often don’t communicate or share information with the other providers’ systems. U.S. law requires that each health care provider store your electronic health records securely, but it does not mandate that it all be centralized in any one place.

As a result, as we move through the healthcare system we often leave a trail of comprehensive, but very siloed information behind us.

Why Store Your Healthcare Records in a Centralized Repository?


recent study estimated that a single hospital, on average, has 16 different electronic medical record vendors actively in use across all of its affiliated practices. This makes putting together a complete picture of one’s health history, or even current status, potentially a very daunting challenge. Your lab results, imaging tests, vaccination records, current medications, notes from that recent cardiologist visit, and even data from your fitness tracker device might all live in separate places.

Not only is this inconvenient and inefficient, but it can also be potentially dangerous.  Imagine being treated at an emergency room and not remembering, or not being capable of communicating your blood type or known drug allergies. What if your gastroenterologist unknowingly prescribes a medication that has an adverse interaction with your blood pressure drug? Because these disparate providers don’t necessarily share or have access to all of your health records, the burden is on the patient to build and maintain a centralized repository of their data and self-report this information to all of their various providers.

Collecting Your Healthcare Data is Your Right by Law


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) gives individuals the right to request copies of their medical records from each of their providers. Health care entities are required to provide this information within a reasonable timeframe and for no or low cost. Unfortunately, most state laws don’t stipulate that patients actually own their data, and the process for requesting and obtaining it can be cumbersome - sometimes requiring a written request. But, the federal law is at least clear about the patient’s right to access the data.  

Furthermore, HIPAA mandates that individuals can request their health information be delivered to them in digital format, which is helpful when approaching building a centralized, patient-controlled repository of one’s healthcare records.

After Collecting Your Records, How & Where Do You Store Them?


Once you’ve got the data in hand, the question becomes how, and where to store it in a way that’s both secure, yet easily accessible for you and any family member or health care provider with whom you choose to share it.

In part two of this series, we’ll look at why it makes sense to carry your health information with you on your smartphone and discuss what to look for in an app to help make it easy and safe.

To find out more about pMD's suite of products, which includes our charge capture and MIPS registry, billing services, telehealthsecure messagingclinical communication, and care navigation software and services, please contact pMD.

Related Articles:

Grab Your Healthcare By the Data Part 2: Choosing the Right App
* What Makes pMD Video Chat HIPAA-Compliant?
* The Goal of Interoperability in Health Care: Uniting People & Systems
Piggybank and stethoscope

Since we posted our Guide to Telehealth Reimbursement, CMS has made a few major changes in regards to billing for telehealth. 

On March 30th, CMS issued a new rule affecting telehealth billing. More than 80 additional services, including inpatient visits, can now be performed remotely via telehealth and will be reimbursed.

Codes to Use When Billing For Telehealth During COVID-19


To bill for telehealth that's being specially permitted during this emergency, you should now use modifier code -95 and the facility and place of service code that you would have used if the visit had taken place face-to-face. This is retroactively effective as of March 1, 2020.

More details about the changes can be found on the CMS website.

Get Started With pMD Telehealth Today

pMD® Secure Messaging™ telemedicine capabilities allow practices to connect, triage, and follow up with patients through secure, HIPAA-compliant text, video, and voice calling. Easily invite patients to download the app at no cost to facilitate timely communication when it matters most.

pMD Telehealth Platform Customizable to Fit Your Needs

No matter the specialty, pMD is highly customizable to fit your practices’ needs and workflows. View additional information, resources, and FAQs about setting up and providing telehealth services with pMD and how to get started now.   

For help setting up patient communication or to contact pMD customer support, please give us a call at 800-587-4989, x1 or email support@pmd.com.

Stay safe, everyone!

To find out more about pMD's suite of products, which includes our charge capture and MIPS registrysecure messagingclinical communication, and care navigation software and services, please contact pMD.

As a sales manager at pMD, I spend a lot of time with medical practices and hospitals that are evaluating our charge capture and secure messaging software - learning about the ins and outs of their businesses and how we can support them. Over the past couple of years and through the introduction of our secure text messaging platform, we’ve increasingly been curious to hear what groups are doing for communication with their colleagues, as well as with outside physicians. After all, communication is critical to providing quality patient care.

I’ve heard many startling answers. These range from, “We send regular texts with PHI all the time, we’re not worried about HIPAA” to, “What exactly do I have to text for it to be a HIPAA violation? I really have no idea, but it sounds bad“, and “We use iMessage and try to leave out PHI, which I think is secure enough.”

How can health care providers be on such drastically different pages with government regulations, especially when violation fines can cost up to $50,000 per text message? What we’ve discovered is that there is a staunch disconnect between the government bodies who write the compliance laws, the organizations that are supposed to be disseminating this information, and the providers who are supposed to be following them. The industry is still learning every day what is and isn’t OK according to these new rules and standards, and that process will take time.

There needs to be clearer direction from government agencies about how best to comply with these new rules, so providers can get back to focusing on why they got into medicine in the first place: helping patients. Implementing a good secure messaging solution is an integral step to making sure that these new regulations don’t get in the way of patient care.

2014 was beset by cyberattacks and health care privacy breaches (let’s not forget Sony’s recent escapade), so it’s no surprise that cybersecurity regulations will be heightened in 2015. Earlier this month Jocelyn Samuels, Director of the Office for Civil Rights (OCR) at the Department of Health and Human Services, addressed the severity of the current health care IT security issues:

“We are certainly seeing a rise in the number of individuals affected by hacking [and information technology] incidents, as reported by entities under our breach notification requirements, especially those due to malware compromising the security of information technology resources,” wrote Samuels. Samuels asserted the agency’s proactive HIPAA enforcement priorities for 2015 and increased focus on ePHI security.

Working with medical practices and physicians on a daily basis with charge capture, it surprises me how nonchalant many providers are when it comes to HIPAA-compliance with patient data. Their goal is to care for their patients, and seemingly tedious regulations are often ignored. But a new phase of HIPAA audits is about to take place among medical organizations and will make the regulations that much harder to ignore.

Initial HIPAA-compliance audits occurred in 2011 and 2012 to determine if health care organizations were in compliance with security regulations around health care data. The roll out of phase 2 of the HIPAA audits was delayed in 2014, but the audits are expected to start in early 2015. HIPAA regulations apply to covered health care organizations as well as their business associates; those that hold or access sensitive patient data on a regular basis are eligible. Organizations found in violation of HIPAA regulations during the audits could face financial penalties.

If you haven’t done so already, and we sure hope you have, now is the time to implement a robust HIPAA-compliance policy. This includes adopting HIPAA-compliant software such as secure messaging and other data encryption techniques. It’s important to also test your systems for vulnerabilities that can leave sensitive patient information susceptible to breaches and malware. If you were to undergo a HIPAA audit today, would you pass?

Additional information for HIPAA audits, such as timing, scope, and guidelines, will be posted on the OCR website in the coming months.

Physicians have been texting each other about patient care since the invention of the BlackBerry, if not before. Texting is the perfect medium for direct provider-to-provider communication, which is critical in the hospital environment where the sickest patients need round-the-clock care by a diverse team of specialists. Since the HIPAA Omnibus changes came into effect in late 2013, medical practices have scrambled to secure their texting so that they could continue to communicate it real time while complying with the law.

Replacing SMS text messages is not without its challenges. Traditional texting is very reliable. All you need to receive an SMS text message is the barest, most minimal cellular signal - "1x," let's say, or "EDGE."

Pagers, still a staple of the medical industry, are even more reliable. They use a different wavelength that can penetrate buildings and landscapes with ease. In an industry where getting a message means the difference between a patient getting care or not getting care, it's no wonder that the pager is beloved by so many physicians. The message always arrives.

Compared to these increasingly old-school methods, secure text messaging apps offer many benefits, such as a global address book for the practice and protection of any HIPAA-sensitive patient information. But to gain all-important physician adoption, the app needs to overcome the challenges of the hospital environment where it’s hard to find a strong and reliable data signal.

For example, a pediatric hospitalist walks into the Pediatric ICU to see some patients. This room is deep within a hospital sub-basement, and she doesn’t have any data service there - just the barest sliver of phone reception. A basic secure texting app uses its own push notifications to notify users that there’s new information, but she won’t receive that app notification until hours later when she’s done seeing patients. By that time it may be too late for her to act on it, and she may have made some medical decisions without having the most up-to-date information.

A more advanced secure text messaging app also offers fallback options if a device can't be reached in a timely fashion. Knowing that the hospitalist may not have data service if they haven’t read the message after a period of time, the advanced app can try other ways to notify her that she has a message waiting, such as sending a regular SMS text message - or even a voice call - reminder without any sensitive data. These often get through even when app push notifications don't. At this point, the hospitalist can return to a place where she has data coverage, or can find a computer on which to read the message.

The best secure text messaging apps embrace the unpredictability and constraints of the chaotic hospital environment. This is why pMD took into account the frustrating cell reception in health care facilities when we designed our HIPAA secure text messaging and mobile charge capture software. This is such a key usability factor that we engineered an entire system of notifications and reminders to make sure that providers would know they have a message waiting in pMD, even if they are outside of data service. An app is more than an app when it has a system backing it that makes sure the message gets delivered - it becomes a reliable tool to save lives. This provides the peace of mind that makes doctors happy.
doctor-fastthumbs-thinking-whats-in-a-name

How is it that we name things? Whether it be a new product or even a child, what goes into the process of naming it? When we started thinking about our new messaging application at pMD, we went through a rigorous naming expedition, constantly brainstorming, coming up with the most crazy as well as some of the most simple ideas. Our names ranged from Soteria, the Roman goddess of safety, all the way to Bleep. In total, we came up with over 120+ names, some of them thoughtful and ambitious, others droopy and just a little too spontaneous.

I picked out some of my favorites for your reading pleasure:

- Bleep
- Can't Text This
- Odin
- Howdy
- SuperTube
- Safety Pigeon
- Soteria
- Lock & Key
- Bona Note
- Bleat
- Cryptext
- Flow
- Happy Text
- Avocado

At the end of the day, we knew we wanted to keep the name simple, precise, and to the point. Unfortunately, none of the above names seemed to fit those criteria, but that didn't mean we'd stop trying.

At pMD, our users consist of mostly doctors. Interestingly, that doesn't mean that the people shopping around for pMD are always doctors, they could be practice administrators, staff, and sometimes even family. We wanted to make sure that our name meant something to anyone who came across it and that also lent itself to our brand and already popular pMD charge capture application. So, we kept it simple and precise, naming our secure messaging application, pMD Messaging. In doing so, we kept the pMD brand, the name recognition and understandability, and our sanity for another day until the likes of Safety Pigeon take over.
There are so many great mobile applications available for physicians now, ranging from mobile charge capture to mobile EHR, that smartphones have become very tightly integrated into medical practices. Data hackers may not be interested in which new diet you and your friend are currently attempting to conquer, but smartphone communication can get complicated when the subject matter is work-related and includes sensitive patient health information. It shouldn’t be a surprise that traditional SMS text messaging is not a secure way to exchange confidential information, and HIPAA enforcers do not take kindly to it.

This is one of the complex issues facing physicians, who are trying to find better ways to share patient information within their practice as quickly as possible, while also keeping protected health information, or PHI, secure. As physicians do their rounds at the hospital, they are in constant communication with others around them. This is not only true for physicians within a group who may be spread out among multiple hospitals, but also for specialists that they may work with who deal with the most critical patients where instant communication is essential.

Text messaging can greatly improve workflow inefficiencies and creates a much more effective form of communication than say, pagers or other sluggish systems. But when physicians use nonsecure text messages to send electronic PHI, it not only puts patient data at risk but can lead to exorbitant fines and legal penalties. These fines can be upward of $50,000 for a single violation of the new HIPAA regulations concerning e-PHI as part of the omnibus final rule. Despite this financial penalty, many healthcare providers continue to use texting in their medical practices because it is both quick and convenient. When the wellbeing of the patient is top priority and time is of the essence, legal compliance can often fall by the wayside. But there is a solution so that physicians can put their patients first while avoiding costly penalties and also improving communication within their practice.

Secure Messaging + Mobile Charge Capture


Secure messaging applications are excellent communication platforms that allow healthcare providers and staff alike to exchange e-PHI securely and quickly, and it’s icing on the cake if your charge capture app also has this component. In light of recent government security scandals, secure messaging applications are growing in popularity. The number of secure messaging applications on the market is rapidly increasing, varying in form and function. Some of the notable features among these apps can include group messaging, delivery/read notifications, user authentication, and a supplemental messaging web portal.

If you’re already using a mobile charge capture application, then why add yet another application to your already extensive app inventory? Your charge capture application should have a secure messaging functionality built in. This allows your information to be contained in one centralized hub where you can easily navigate within the app to message quickly and securely.