The pMD Blog

Welcome to the
pMD Blog...

where we cover interesting and relevant news, insights, events, and more related to the health care industry and pMD. Most importantly, this blog is a fun, engaging way to learn about developments in an ever-changing field that is heavily influenced by technology.

POSTS BY TAG | Secure Messaging






pMD’s products put the patient at the center of everything we do. When we pair innovative products with the creative, consultative approach we take for every customer inquiry and then in turn see the value to our patients, it is truly a remarkable feeling. One example below may best illustrate the impact that a pMD solution can have when care teams have a common platform to collaborate around patient care.  

A group of surgical residents caring for patients across various clinical teams needed a way to capture shared rounding notes on patients. In addition, they wanted to be able to communicate between teams using a secure messaging solution to share patient details, update care plans, and send pre- and post-operative photos.

Few technology solutions are available today to support patient care for residents. Many organizations currently use paper rounding notes that can be lost in the rush of the day, shared spreadsheets where only one resident can access the data at a time, or non-secure file-sharing programs. None of these options truly meet the residents’ needs. Since clunky workflows that are currently in place still get the job done, these old methods have continued into 2018.  

Resident groups tell us that better communication can improve patient outcomes. Residents using pMD Clinical Communication™ can send messages about patients and update each other on care plans. They have the ability to securely send images to a chief or attending physician for a second opinion. Additionally, patient data can be recorded at bedside right from their mobile phone and can include updating medications, allergies, code status, and care plans. These are all kept up-to-date, in real-time, and stored on a shared patient list visible to the whole group.

HIPAA-compliant, health care messaging that’s easy to use paired with pMD’s customizable platform for mobile data capture is exactly what these residents and administrators were looking for to bring their workflow into the twenty-first century.  

We know that each practice or group faces a unique set of challenges. That’s why we approach every opportunity as unique, invest time upfront to understand workflows that support patient care, and build solutions that account for those challenges. This is also why we here at pMD work closely with existing customers to implement new products and product features as those challenges evolve.

At pMD, we are customizing solutions to help teams deliver better patient care. To explore these solutions for your group or for more information on how pMD can support your unique practice or patient population, don’t hesitate to contact us.




 If you'd like to find out more about pMD's suite of products, which includes our MIPS registry, charge capture, secure messaging, clinical communication, care navigation, and clinically integrated network software and services, please contact pMD.



Last week eight of my colleagues and I were in Anchorage, Alaska working with physicians, nurse practitioners, social workers, care coordinators, patients, and more. Although we were meeting about an array of different items, including building and enhancing care communities, charge capture, secure messaging, and clinical data exchanges, they all share the same common goal of working in collaboration to fill the gaps in patient care.

Patients that are “frequent flyers” of hospitals often suffer from chronic conditions, bounce between many specialists, and are at higher risk of costly readmissions. Due to the fragmented nature of their care it can be difficult for caregivers to receive the right information about the patient at the right time. Big EHRs are drowning in data and are not always reliable to get the providers the bottomline, clinically relevant information they need in a timely fashion.

Doctors and staff throughout Anchorage are coming together in a grassroots effort to make change happen and improve the care that their patients are receiving, regardless of which provider in the community is delivering it. Connecting everyone together around the patient decreases medical costs, decreases duplicate tests, cuts down on medical mistakes, and it saves the patients and doctors valuable time, ultimately leading to better overall care.

This model of coordinated care in Alaska however, is not unique to Alaskans. What the caregivers in that part of the country have been able to do is create a connected care community where they are coordinating the care around the patients, especially as the patients move between providers and facilities. We’ve heard from customers in other areas of the country about this same mission of connecting the different caregivers together around the patient instead of the patient around each of the caregivers. An important part of the solution is having a secure channel to share information quickly and seamlessly, and at the foundation is the concept of one patient no matter how many doctors they see. pMD continues to be an integral communication platform for care teams, allowing them to send quick, secure, valuable information, and brings together a community so they can start talking with one another.

As a sales manager at pMD, I spend a lot of time with medical practices and hospitals that are evaluating our charge capture and secure messaging software - learning about the ins and outs of their businesses and how we can support them. Over the past couple of years and through the introduction of our secure text messaging platform, we’ve increasingly been curious to hear what groups are doing for communication with their colleagues, as well as with outside physicians. After all, communication is critical to providing quality patient care.

I’ve heard many startling answers. These range from, “We send regular texts with PHI all the time, we’re not worried about HIPAA” to, “What exactly do I have to text for it to be a HIPAA violation? I really have no idea, but it sounds bad“, and “We use iMessage and try to leave out PHI, which I think is secure enough.”

How can health care providers be on such drastically different pages with government regulations, especially when violation fines can cost up to $50,000 per text message? What we’ve discovered is that there is a staunch disconnect between the government bodies who write the compliance laws, the organizations that are supposed to be disseminating this information, and the providers who are supposed to be following them. The industry is still learning every day what is and isn’t OK according to these new rules and standards, and that process will take time.

There needs to be clearer direction from government agencies about how best to comply with these new rules, so providers can get back to focusing on why they got into medicine in the first place: helping patients. Implementing a good secure messaging solution is an integral step to making sure that these new regulations don’t get in the way of patient care.
The best text message is the one that you don’t have to send.

Don’t get me wrong - I’m happy that we offer a feature-rich, user-friendly secure text messaging product. But I’m even happier that in many cases, we can use automation to remove the need for a person to manually send a text message at all. At the end of the day, security is great; compliance is great; knowing when a message was read is great; automated reminders are great; file and image sharing are great; group messaging is great; adding external contacts from the community is great; cross-platform (mobile + web) is great… but what’s REALLY great is saving someone time.

This idea is actually the origin story of our secure text messaging software. Years ago, I remember sitting with a charge capture customer who was explaining the process for following up with the doctors about charges that the doctors had submitted through the software. The customer would first add a note to the charge in pMD so they had a record of the follow up. Then they would send the doctor a text message asking their question. The text message itself seemed pretty harmless to them, so they weren’t in the market for secure text messaging software; but when we added the ability for pMD to send that message for them automatically, they became avid users.

Once we started down this road, we saw people manually sending each other routine, repetitive, and nonsecure text messages everywhere. Office receptionists were texting doctors about every new hospital consult. Answering services were texting doctors about nurse calls that occurred after hours. Specialists were texting each other to refer a patient, re-typing demographics that already existed elsewhere. Hospital doctors were texting PCPs (if they even had the person’s phone number) to let them know what had happened to one of their patients who got hospitalized. All of this messaging wasn’t just putting patient information at risk - it was actually costing someone time. Each individual message was fast and easy to send, but for these repetitive tasks, they added up quickly.

In a world where every major software company has its own messaging features, automation is the key to selecting the software that your people will embrace and that will keep giving back to you instead of simply checking a box on a HIPAA-compliance audit.

At pMD, we are constantly working to update and improve the secure text messaging functionality in our mobile and web applications. Our team continues to collect feedback from our users about how pMD Messaging works for them in their medical practices, which helps us prioritize new features and think about what makes a great messaging product. pMD’s HIPAA-compliant text messaging is unique in that we enable users to securely communicate about patient information, but in certain aspects, we take cues from other text messaging programs (of which there are a countless number!) that many people use for everyday communication.

With such a large offering of different messaging platforms available for smartphones, tablets, and the web, what components make a secure messaging product stand out from all the others and become indispensable to its users?

Cross-Platform Functionality Many of my colleagues and friends use iPhones, but I’m an Android user. Often times, medical practices have a “no cell phone” policy for their office-based employees, but those employees still need to communicate information to their physicians in the hospital in real-time. Having a messaging product that works seamlessly across different mobile operating systems as well as the web is essential for uninterrupted communication, especially for time-sensitive information.

Read Receipts Whether I’m waiting for a confirmation from home that the cat was fed his dinner, or a nurse is waiting for acknowledgment that a doctor received her notes about a new consult in the emergency room, knowing whether or not your message was read is an essential feature for any messaging application.

Emoticons? We’ve gotten a surprising amount of requests for Emoji support in our secure messaging software. I guess I understand the appeal of quickly replying with a thumbs-up icon instead of stopping to type out the words “got it,” but I’m not sure if I’d be able to decipher how a string of emoticons translated to patient care instructions.

Custom Ringtones My personal preference is to have my phone on mute whenever possible, but that’s not always an option for busy doctors! Being able to assign custom alert sounds to certain contacts or applications can be essential for a physician on weekend call waiting for messages from the hospital (or, for the rest of us, simply trying to ignore the latest wave of push notifications from Candy Crush). That’s why we’re very excited to be adding custom ringtones to the pMD application soon!

These are the current and future messaging features that have been on our mind lately at pMD. We are always keeping our ears open for customer feedback, and we’re looking forward to hearing about other features they’d like to see added to our software down the line!
Hospitals and health systems are making slow progress toward securing their networks and patient data, and this year’s HIMSS Cybersecurity Survey surfaced what many health care organizations are afraid of: cybersecurity threats are continuing to rise, with two thirds of organizations having experienced some sort of security incident but less than a tenth feel they have adequate technology to protect themselves against security threats.

Our software helps physicians communicate about patient care compliantly, so naturally we ask new customers what kinds of communication software they typically use. iMessage is the popular choice given its unparalleled ease of use and ubiquity. And while iMessage has some methods of encryption that make it tougher for attackers between you and Apple’s server to hack your data, it’s not a fool-proof or HIPAA-compliant way to share PHI. Physicians are too busy to use the clumsy, slow, feature-lacking secure messaging software that epitomizes most apps on the market, so most of them revert back to iMessage and claim that the government can fine them or put them in jail all they want. But we can’t afford to lose good doctors to the government, especially given the imminent doctor shortage!

If physicians are going to change their nonsecure texting behavior, they need to have a convenient and fast secure messaging app. Watching a wheel spin for 10 seconds to load a conversation each time would cause anyone to trash an app - and I’ve seen this firsthand on far too many messaging apps.

There are a variety of tools that go into protecting sensitive data against security threats, including antivirus, firewalls, data encryption, audit logs, and vulnerability management. With the increasing government changes, it’s more important than ever to empower health care organizations with the best security software.


Source

2014 was beset by cyberattacks and health care privacy breaches (let’s not forget Sony’s recent escapade), so it’s no surprise that cybersecurity regulations will be heightened in 2015. Earlier this month Jocelyn Samuels, Director of the Office for Civil Rights (OCR) at the Department of Health and Human Services, addressed the severity of the current health care IT security issues:

“We are certainly seeing a rise in the number of individuals affected by hacking [and information technology] incidents, as reported by entities under our breach notification requirements, especially those due to malware compromising the security of information technology resources,” wrote Samuels. Samuels asserted the agency’s proactive HIPAA enforcement priorities for 2015 and increased focus on ePHI security.

Working with medical practices and physicians on a daily basis with charge capture, it surprises me how nonchalant many providers are when it comes to HIPAA-compliance with patient data. Their goal is to care for their patients, and seemingly tedious regulations are often ignored. But a new phase of HIPAA audits is about to take place among medical organizations and will make the regulations that much harder to ignore.

Initial HIPAA-compliance audits occurred in 2011 and 2012 to determine if health care organizations were in compliance with security regulations around health care data. The roll out of phase 2 of the HIPAA audits was delayed in 2014, but the audits are expected to start in early 2015. HIPAA regulations apply to covered health care organizations as well as their business associates; those that hold or access sensitive patient data on a regular basis are eligible. Organizations found in violation of HIPAA regulations during the audits could face financial penalties.

If you haven’t done so already, and we sure hope you have, now is the time to implement a robust HIPAA-compliance policy. This includes adopting HIPAA-compliant software such as secure messaging and other data encryption techniques. It’s important to also test your systems for vulnerabilities that can leave sensitive patient information susceptible to breaches and malware. If you were to undergo a HIPAA audit today, would you pass?

Additional information for HIPAA audits, such as timing, scope, and guidelines, will be posted on the OCR website in the coming months.

We’re extremely excited about our upcoming release of attachment support for pMD, HIPAA compliant, secure text messaging. This feature will allow pMD users to send one another highly sensitive data, such as photos of patient charts, copies of lab results, pdf documents, and much more. As a member of the development team at pMD, the task of determining how to store all these files securely and efficiently presented a unique challenge.

pMD provides mobile software that improves patient care through charge capture, care coordination services, HIE implementation, and secure messaging. Due to the sensitive nature of the information providers exchange, it is essential that their data be stored within the secure confines of our data centers, not with a third-party service. So, we needed to find a top-notch storage system, capable of housing millions of files, that we could install on dedicated servers that we manage ourselves.

After several weeks of detailed research and testing, we established a clear winner. This system met and exceeded all of our requirements. It’s name is Swift, and it’s part of the OpenStack suite of cloud software. OpenStack products are specifically built for companies like pMD who want to deploy powerful, yet easy to use tools in their private clouds.

In our search for the right storage solution, we formulated a list of five major requirements that any contender must meet. Here is how Swift addresses each of these items:

Highly available / replicated. First and foremost, we required a system that would be tolerant of hardware failures. Swift makes several copies of every file it stores so that if a hard drive, or a server, or even an entire data center has a problem, we are guaranteed to have other copies of the data still available. Once the specific failure is repaired, Swift is smart enough to catch the server(s) back up with whatever they missed while offline.

Distributed. We needed the system we picked to make every file available to every machine on our internal network. In other words, we couldn’t just plug an external hard drive into one of our web servers, like you might do at home if you needed extra room for your photos and videos. Swift runs on dedicated servers in our data center. It provides something that we call an Application Programming Interface (API) in the software world, which is a simple interface that our other systems can use to talk to Swift whenever they need to save or retrieve files.

Scalable. It was very important to us to find a solution that could grow with the demands of our customer base. Swift is incredibly flexible. Whenever we want to increase our storage capacity, we can just pop some new hard drives into our existing servers or add a brand new server, tell Swift about the new components, and Swift immediately starts utilizing the additional space they provide.

Secure. Our users are health care professionals and they rely on pMD to help them securely manage sensitive, patient data. Because of this, the system we chose to store their message attachments had to support HIPAA compliant, modern, best-in-class encryption. Swift offers several sophisticated levels of security that allow us to encrypt and protect all the files it houses.

Easy to operate. Finally, as developers responsible for maintaining pMD’s infrastructure, we wanted a well-built system that we could install and rely on. We didn’t want a solution that would require a large amount of daily maintenance. As you can see, Swift is a sophisticated system. However, it’s also incredibly self-sufficient. Once it’s installed, it requires very little input from us to keep it running like a well-oiled machine.

We’ve been running Swift on a number of shiny new servers in our data centers for about a month now as we prepare our attachments feature for release. It’s been incredibly fun to work with, and it has blown us away with its power and performance. We can’t wait to give attachments to our users so that they too can experience the power of Swift!

Physicians have been texting each other about patient care since the invention of the BlackBerry, if not before. Texting is the perfect medium for direct provider-to-provider communication, which is critical in the hospital environment where the sickest patients need round-the-clock care by a diverse team of specialists. Since the HIPAA Omnibus changes came into effect in late 2013, medical practices have scrambled to secure their texting so that they could continue to communicate it real time while complying with the law.

Replacing SMS text messages is not without its challenges. Traditional texting is very reliable. All you need to receive an SMS text message is the barest, most minimal cellular signal - "1x," let's say, or "EDGE."

Pagers, still a staple of the medical industry, are even more reliable. They use a different wavelength that can penetrate buildings and landscapes with ease. In an industry where getting a message means the difference between a patient getting care or not getting care, it's no wonder that the pager is beloved by so many physicians. The message always arrives.

Compared to these increasingly old-school methods, secure text messaging apps offer many benefits, such as a global address book for the practice and protection of any HIPAA-sensitive patient information. But to gain all-important physician adoption, the app needs to overcome the challenges of the hospital environment where it’s hard to find a strong and reliable data signal.

For example, a pediatric hospitalist walks into the Pediatric ICU to see some patients. This room is deep within a hospital sub-basement, and she doesn’t have any data service there - just the barest sliver of phone reception. A basic secure texting app uses its own push notifications to notify users that there’s new information, but she won’t receive that app notification until hours later when she’s done seeing patients. By that time it may be too late for her to act on it, and she may have made some medical decisions without having the most up-to-date information.

A more advanced secure text messaging app also offers fallback options if a device can't be reached in a timely fashion. Knowing that the hospitalist may not have data service if they haven’t read the message after a period of time, the advanced app can try other ways to notify her that she has a message waiting, such as sending a regular SMS text message - or even a voice call - reminder without any sensitive data. These often get through even when app push notifications don't. At this point, the hospitalist can return to a place where she has data coverage, or can find a computer on which to read the message.

The best secure text messaging apps embrace the unpredictability and constraints of the chaotic hospital environment. This is why pMD took into account the frustrating cell reception in health care facilities when we designed our HIPAA secure text messaging and mobile charge capture software. This is such a key usability factor that we engineered an entire system of notifications and reminders to make sure that providers would know they have a message waiting in pMD, even if they are outside of data service. An app is more than an app when it has a system backing it that makes sure the message gets delivered - it becomes a reliable tool to save lives. This provides the peace of mind that makes doctors happy.

Smartphone technology has evolved to include so many far-reaching capabilities that these compact devices are incredibly powerful. Just look at how smartphones have perforated and changed the health care industry, becoming a valuable aid for doctors. Unfortunately, the responsibility that is so important when using smartphones, particularly in health care, is not a universal practice.

Take, for example, a doctor in Seattle who is being accused of partaking in some unscrupulous and bizarre activity using his smartphone. This anesthesiologist is said to be responsible for sexting during surgeries and taking explicit selfies at the hospital - at one point sending 45 dirty messages during a single operation. His medical license has been suspended due to “lack of focus.” Apart from these sexual perversions being offensive and disturbing, there are some larger problems with his messages at play here. Why was this doctor not using a secure messaging system? What if he had sent one of his messages to the wrong number? A traumatic experience, indeed.

This goes to show how important it is to use a secure text messaging system. And not because you can then send selfies to your colleagues with abandon. A secure text messaging system allows you to have a reliable and accessible list of contacts in your network and send information safely and quickly. Our latest release coincidentally elaborates on secure text messaging for health care professionals that improves communication within the medical community.

View Press Release