Health IT Pulse

August 19, 2016  12:26 PM

Many health and fitness apps lack privacy policies

Tayla Holman Tayla Holman Profile: Tayla Holman

A recent study by the Future of Privacy Forum found that the top health and fitness apps lag behind other types of apps in terms of privacy policies — only 70% of the top 100 health and fitness apps had a privacy policy, and only 61% include links to the privacy policy on the app listing page.

In comparison, of the top 100 free and paid mobile apps in the iOS App Store and the Android Google Play Store, 76% had a privacy policy and 71% included a link on the app’s listing page.

Health and fitness apps can collect highly sensitive data from users, including any medical issues, medications, diet, physical activity, sleep patterns and more. Without an easily accessible privacy policy, customers who download these apps cannot be sure how their data is being used, whether or not it is being shared, or how the data is being protected – if at all. Data breaches are still a common occurrence in healthcare, and the majority of health and fitness apps aren’t covered by HIPAA.

However, the Department of Health and Human Services released healthcare app development guidelines to help app developers understand if their app deals with protected health information and if the app needs to be HIPAA compliant. One scenario under which a mobile health app would be covered by HIPAA is if the app is developed on behalf of a covered entity.

Users may assume that, because there is a privacy policy, their information is private. But that isn’t always the case. A study published in the Journal of the American Medical Association found that, out of 41 diabetes apps with privacy policies, 20 shared user data with partners or third parties.

Reading the privacy policy is a first step toward understanding what happens to data collected by the app, but it isn’t a guarantee of protection. Users should practice precaution and discretion before sharing any personal information.

August 17, 2016  3:40 PM

E-prescribing of controlled substances on sharp rise

Shaun Sutner Shaun Sutner Profile: Shaun Sutner
e-prescribing, e-prescriptions, Surescripts

Electronic prescribing of controlled substances, or EPCS, such as opioids increased dramatically in 2015, according to Surescripts Inc., the national pharmacy IT network.

ECPS is now allowed in all 50 states, and the number of EPCS transactions rose from 1.67 million 12.8 million last year, a 600% increase, according to a Surescripts release accompanying the company’s 2015 National  Progress Report.

Meanwhile, the number of EPCS-anabled prescrbers rose 359%, from 15,195 at the end of 2014 to 69,800 at the end of 2015, according to Surescripts.

However, EPCS-enabled pharmacies and physicians are not uniformly distributed across the country.

EPCS is well established in Northeast states such as New York — which ranked number 1 with 91% of pharmacies enabled — and Massachusetts, as well as in California and Texas, for example.

Lagging, however, are southeast states such as Georgia and Florida, which ranked 44th in the Surescripts survey with 73% of pharmacies enabled. Also low in the rankings are Montana and North Dakota.

As of December 2015, opiods accounted for 32% of all EPCS prescriptions. Opioid abuse was involved in some 28,647 deaths in 2014 and opioid overdoses quadrupled from 2010 to 2014, according to sources cited by Surescripts.

So while EPCS has become common, most prescribers of controlled substances, including not only opioids but also other potentially addictive controlled drugs such as Xanax and Adderall, are still using paper prescriptions.

EPCS is a safer and more controllable way of prescribing controlled drugs because it sharply cuts down on fraud and improper prescribing, according to Surescripts.

August 10, 2016  2:41 PM

Dentists and meaningful use

Shaun Sutner Shaun Sutner Profile: Shaun Sutner
certified EHR technology, e, EHR, EHR adoption, meaningful use attestation

It may be time for dentists to sink their teeth into meaningful use.

Dentists, while theoretically eligible for the federal EHR incentive program, have for the most part stayed away because there were no penalties for not participating and many low-cost dental EHR programs are available that do not qualify as federally certified health IT.

That could be changing now.

The American Dental Association officially says that for most dentists there is no deadline to take part in meaningful use. However, this year Medicare and Medicaid-eligible dentists who have not adopted EHRs and attested to meaningful use will receive for the first time a 1% Medicare or Medicaid payment reduction, according to a post on the Dentistry IQ website by a healthcare compliance consultant.

That penalty will increase each year that eligible dentists (those whose Medicare or Medicaid patients make up at least a third of their practices) do not attest to meaningful use, up to a maximum of 5%, according to the site.

Dentists are eligible for up to $63,750 per practitioner for adopting EHRs and demonstrating meaningful use, but only a small fraction of dentists have opted in, according to RangerNetworks, a Texas dental EHR vendor.

By comparison, 96% of hospitals and 56% of office-based physicians have demonstrated meaningful use of EHRs, according to ONC.

Meanwhile, costs for dental EHRs range from $15,000 to $70,000, plus time and effort to install the systems and attest to meaningful use.

Still, Christine Queally Foisey, the Dentistry IQ article author and president and CEO of consulting firm MedSafe, lists these benefits for dentists who digitize their practices:

  • Improved quality and patient safety
  • Reduced paperwork and storage issues
  • Increased efficiency and productivity
  • E-prescribing capability
  • More efficient billing and improved reimbursement
  • Increased accuracy


August 10, 2016  9:16 AM

Could the key to health data exchange be APIs? ONC thinks so.

Kristen Lee Kristen Lee Profile: Kristen Lee
API, Interoperability

Application program interfaces (APIs)– routines, protocols, and tools used when building software—are important not only for interoperability but also to the future of healthcare, according to the Office of the National Coordinator for Health Information Technology (ONC).

“APIs have been and will continue to be a key element toward enabling interoperability among consumers and health care providers,” Peter Ashkenaz, a spokesperson for ONC, said in a MeriTalk article. “Publicly available APIs in health care and technology solutions built using them could help usher in a new wave of advanced tools that can more seamlessly connect consumers and health care providers to data.”

And then there’s the new healthcare law, the Medicare Access and CHIP Reauthorization Act (MACRA). It says providers will be rewarded for using technology to improve care outcomes and will be able to customize health IT, and interoperability will be a top priority.

Open-source APIs could also make interoperability more achievable because they allow the exchange of secure health data through the cloud, the article said.

However, there are still barriers to APIs really taking hold in health IT.

“Continued work remains to align the use of different data formats, codes, and semantic terminology in order to enable the seamless use of data,” Ashkenaz said in the article.

He added that a few steps need to be taken before APIs can live up to their full potential in health IT:

  • Developers should establish one standardized set of publicly accessible API specifications that have been tested and deployed by developers and then put to use by healthcare providers
  • Other software developers need to be able to use those APIs unimpeded to create innovative solutions
  • Consumers and providers must be able to obtain new tools and applications that deliver better experience and constantly update to better versions

Despite the challenges, the outlook for APIs ultimately looks good because they will play an important role when it comes to the changes in reimbursement models, such as those embodied in MACRA, Ashkenaz said.

“The use of APIs–and the tools built off them–will likely be a key aspect of any health IT developer and provider strategy to participate in future payment programs, including alternative payment models,” Ashkenaz said. “As demand for health information exchange continues, so too will the demand for more efficient ways to exchange, aggregate, and analyze data.”


August 5, 2016  10:46 AM

MHealth apps too complicated for vulnerable populations

Tayla Holman Tayla Holman Profile: Tayla Holman

There’s no denying that mHealth apps have the potential to help patients better manage their health. But according to a recent study conducted by researchers from the University of California, San Francisco, mHealth apps are too complicated for the populations who would benefit the most from their use. The study surveyed 26 patients at the Priscilla Chan and Mark Zuckerberg San Francisco General Hospital and Trauma Center, a UCSF partner hospital that treats many low-income patients.

MHealth apps can provide patients with educational information about their conditions and allow them to track health data over time. But the current design of 11 commercially available mHealth apps for depression and diabetes observed by UCSF researchers are not user friendly, often requiring significant manual data entry. The apps also lacked large buttons and easy to follow navigation, which frustrated many of the survey participants.

The complexity of mHealth apps can lead to health disparities in vulnerable populations such as those with low health literacy, which refers to an individual’s ability to obtain, process and understand basic health information and services. Of the patients surveyed, 70% were found to have low health literacy. In a February 2016 interview with SearchHealthIT news writer Kristen Lee, Ahmed Albaiti, founder and CEO of digital health consultancy Medullan, Inc., said people with lower health literacy often have chronic conditions and are in an age group that makes it difficult to learn new technology.

While patients with diabetes and other chronic conditions could benefit from using tools such as mHealth apps and wearable devices, they either can’t afford them or do not see the value in using such tools, Lisa Gualtieri, assistant professor of public health and community medicine at Tufts University and founder of RecycleHealth, told SearchHealthIT. There is also a lack of awareness, as wearable device companies would target the people who want, rather than need, their products. However, the potential for increased mHealth app usage is there – a 2015 report by the Pew Research Center found that 64% of American adults own a smartphone. Furthermore, 62% of smartphone owners used their phones to look up information about a health condition.



August 3, 2016  11:16 AM

HHS and ONC call for research on blockchain technology

Kristen Lee Kristen Lee Profile: Kristen Lee

When the government gets involved with a certain technology in healthcare you know there’s a good chance that technology has some promise. Just look at what happened with EHRs and the government’s meaningful use program.

Well, now the government is starting to get involved with blockchain technology. HHS and ONC announced the “Blockchain and Its Emerging Role in Healthcare and Health-related Research” Ideation Challenge.

HHS and ONC describe blockchain technology as “a data structure that can be timed-stamped and signed using a private key to prevent tampering.”

The agencies categorize the main types of blockchain as public, private and consortium.

Other industries are already getting in on the technology. Companies such as Microsoft have already formed partnerships to develop blockchain technology and experts say blockchain may disrupt the financial and legal fields as well.

HHS and ONC maintain blockchain could also have several uses in healthcare, including:

However, blockchain technology and its applicability to healthcare is still evolving and maturing, HHS and ONC said in their announcement.

The agencies said that those who support the use of blockchain in healthcare think it could be used to address concerns regarding the privacy, security and scalability of health records. Critics, on the other hand, say that this would take enormous processing power and specialized equipment, which would outweigh the benefits of the technology in healthcare.

The Ideation Challenge calls for white papers on the topic of blockchain and its potential uses in health IT.

HHS and ONC appear most interested in the cryptography aspect of the technology and the underlying fundamentals of blockchain. They also want to know how this technology could advance industry interoperability needs, help with patient centered outcomes, precision medicine and other needs within healthcare.

The agencies have solicited recommendations for the implementation of blockchain technology.

The winners of this challenge will get the opportunity to present their white paper at an industry-wide “Blockchain and Healthcare Workshop” co-hosted by ONC and The National Institute of Standards and Technology.

July 29, 2016  10:53 AM

Gender pay gap among health IT workers grows wider

Tayla Holman Tayla Holman Profile: Tayla Holman
HIMSS, IT gender roles

Female health IT professionals in the U.S. are paid less than their male counterparts, and the wage gap between the two has only grown larger over the past decade.

In 2006, the average female health IT worker was paid 80.7% of what her male counterpart earned, according to the biennial HIMSS Longitudinal Gender Compensation Disparity Study. In 2015, that number decreased to 78% of what male health IT workers earned.

The disparity in pay by tenure — defined by the study as how long a worker has been in their current position — has also widened since 2006. New female health IT workers who had less than one year tenure earned 83.2% of what new male health IT workers earned. Furthermore, female health IT workers with 15 or more years tenure were paid 77.7% of what their male counterparts earned. Then, in 2015, the wage gap between new male and female health IT workers widened while the gap between longer tenured male and female workers narrowed. New female health IT workers earned 72.1% of what male health IT workers earned, while those with 15 plus years tenure earned 85.9% of what their male counterparts with similar tenure earned.

There was also a discrepancy in pay between male and female workers with the same title, although the gap has narrowed for management level workers:

  • Female health IT managers earned 91.7% of what male health IT managers were paid in 2006, but in 2015, female health IT managers earned 92.4% of what their counterparts earned.
  • Female non-management level workers earned 93.7% of what their male counterparts earned in 2006 versus 91.7% in 2015.
  • Female senior/executive managers earned 89.4% of what their male counterparts earned in 2006 versus 85.5% in 2015.

Among female health IT professionals who work for health IT vendors, the pay gap has narrowed since 2006. That year, female health IT workers earned 87.9% of what their male counterparts earned, compared to 91.0% in 2015. The gap has remained steady at 77.5% for female health IT professionals who work for hospitals, but has widened for other organization types: 77.4% versus 73.1% for female health IT professionals who work for other providers , such as nursing homes, and 80.6% versus 78.7% for those who work in other healthcare organizations, such as health information exchanges.

As far as actual salaries, a 2015 HIMSS Salary Survey found that female health IT workers earned $100,762 annually, while male health IT workers earned $126,262 — a 21% discrepancy that reflects that national gender wage gap between full-time female and male workers.

July 27, 2016  1:59 PM

Most hospitals say they have EHR disaster recovery plans

Shaun Sutner Shaun Sutner Profile: Shaun Sutner
Disaster Recovery, HIPAA, HIPAA audits, OCR

While about a third of U.S. hospitals reported to the Office of the Inspector General of the Department of Health and Human Services that they don’t have HIPAA-compliant EHR disaster recovery plans, most hospitals told OIG they have comprehensive plans to recover patient data after a disaster.

The OIG hospital disaster recovery survey, results of which were released July 22, came after widespread disruptions to hospital patient records after Hurricane Sandy hit the East Coast in 2012 and rapidly escalating cybersecurity threats to health data.

According to a release, OIG sent questionnaires to a sample group of 400 hospitals that receive meaningful use Medicare incentive funds asking about their EHR contingency plans, including:

  • How they comply with HIPAA rules requiring all HIPAA-covered entities to have a contingency plan for disruptions to EHR systems, including maintaining a data backup plan, disaster recovery plan, emergency mode operations plan and having testing and revision procedures
  • How they follow practices for emergency contingency planning recommended by the Office of the National Coordinator for Health IT (ONC) and the National Institute for Science and Technology (NIST)
  • Their experience with EHR disruptions.

OIG staff also made site visits to six hospitals, where they reviewed EHR contingency plans and related documents.

Nearly all the hospitals reported having written EHR contingency plans and about two-thirds said they met the four HIPAA requirements OIG reviewed.

Most of the hospitals also said they followed ONC and NIST recommendations such as maintaining off site backed up EHR data, supplying paper backups when electronic records are unavailable and training staff on contingency plans.

More than half of the respondents said they had experienced an EHR disruption, and a quarter of those said they had delays in patient care as a result.

OIG also found that HHS’s Office for Civil Rights (OCR), which enforces HIPAA, does not specifically focus on EHRs when assessing HIPAA compliance for disaster recovery.

“Persistent and evolving threats to electronic health information reinforce the need for EHR contingency plans,” OIG concluded in the release. “This review and the cyberattacks that have occurred since 2014 underscore our previous recommendations that OCR fully implement a permanent audit program for compliance with HIPAA.”

OCR is now engaged in a second round of audits of selected healthcare organizations and their business associates.

Many observers expect these audits to be followed by a permanent audit program funded by revenues of fines levied on healthcare organizations found to have violated HIPAA.

July 22, 2016  1:57 PM

CMS releases overall hospital quality data

Shaun Sutner Shaun Sutner Profile: Shaun Sutner

The Centers for Medicare and Medicaid Services (CMS) is preparing to unleash some stark numbers on care quality at individual hospitals across the country.

But before CMS publishes those star ratings on specific hospitals (coming soon), it has compiled and published a statistical overview of the various rating categories – called the Overall Hospital Quality Star rating system – and where different classes of hospitals fit in.

The rating methodology takes into account 62 quality measures reported by hospitals, using EHR and other data, related to routine care patients receive when being treated for heart attacks and pneumonia as well as measures focusing on hospital-acquired infections.

Among the key measures, according to a CMS fact sheet, are:

  • How often patients get an infection after surgery
  • Patient wait times in the emergency department
  • Rates of complications after hip replacement surgery
  • Readmission rates after a heart attack
  • How often patients receive multiple CT scans or MRIs

The star rating system ranges from five stars at the top of the quality range to one star at the bottom. The hospital categories include size, teaching status, safety net and critical access.

Perhaps not surprisingly, “CMS’ analysis shows that all types of hospitals have both high performing and low performing hospitals,” according to the fact sheet.

“In other words, hospitals of all types are capable of performing well on star ratings and also have opportunities for improvement,” it continued.

Of the 4,599 hospitals included in the ratings, 102, or 2.2%, received five stars. Some 934, 20.3%, got four stars. The biggest category was three stars, with 1,770, or 38.5% of the hospitals. At the low end, 723, or 15.7%, got two stars, and 133, 2.9%, were classified as one star.

About a fifth of the hospitals included in the survey did not meet and so did not receive star ratings.

Other hospital care quality information, including patient-reported measures, can be found on the CMS web site, Hospital Compare.

July 20, 2016  2:30 PM

Virtual reality in healthcare helping prep for surgeries, training staff

Kristen Lee Kristen Lee Profile: Kristen Lee
Virtual Reality

In the gaming world, virtual reality is a clear hit among users. Just look at the explosive success of Pokémon Go! Ok, so that’s technically augmented reality. But you catch my drift.

As it turns out, virtual reality is not only incredibly cool but also has the potential to be helpful in healthcare specifically when it comes to preparing for surgeries as well as training and educating staff.

This is already being done at the Ronald Reagan UCLA Medical Center, according to a story in the Daily Bruin, UCLA’s news website. And UCLA has also reaped other benefits from virtual reality technology. For example, they’ve already diagnosed almost 1,500 prostate cancer patients using the technology. This improved the diagnosis accuracy by more than 300%, a surgeon at the UCLA Medical Center asserted in the Daily Bruin story.

At UCLA, virtual reality technology also allows surgeons to build a three dimensional model of a patient’s anatomy based on a patient’s CT scan. Once the model is built, the injury or area of concern can be identified. Surgeons can then rehearse the surgical steps before the actual operation takes place.

Virtual reality technologies are useful for everything from treating simple injuries to conducting complex multi-organ surgery, according to the story.

And virtual reality is also useful for training and educating medical staff.

For example, by using virtual reality technologies to familiarize surgical teams with an operation before it is done not only improves teamwork but also minimizes the patient’s and the surgeon’s anxiety, the article said.

And as for educating future doctors and surgeons, Case Western Reserve University in Cleveland, Ohio, is using Microsoft HoloLens to do just that.

Although virtual reality in healthcare is promising for training and education staff as well as improving patient care and outcomes, this technology still has a ways to go.

One challenge is that medical scans of a patient’s anatomy may be too complex to be converted into a virtual reality environment for use before surgery, the article said. Furthermore, it can also be difficult to make sure that a virtual reality scenario reflects the complexities of the entire body—an interconnected network of cause and effect.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: