Skyscape’s trusted content App, on Infectious Disease released and available since 2015, has been removed by Google unilaterally from its Play Store, citing “Sensitive Events”. This is trusted content, editorially prepared with clinically relevant information, referencing many Infectious Diseases such as SARS, MERS and Corona Virus. Google has objected on us trying to promote this content in light of “Sensitive Events”.
They did not do proper diligence, on the history of the app, the source of the content, and the usefulness to healthcare professionals and instead just dealt a heavy hand and removed the app, unconditionally.
Even upon appeal, they remained “insensitive” to needs of a small business, who is just trying to do good. Also, if you try to advertise with keywords such as COVID-19, they block it.
On the other hand, Google allows in its search certain hits to certain publications and news, that has ads/news of President Trump, Facebook and other companies, but in its discretion, blocks other companies to use to those keywords citing “Sensitive Events”.
How is this fair? Just another case of Big Brother squashing the rights of businesses by controlling the App economy.
When recovering from a hospitalization or managing a chronic condition, there’s no place quite like home. As hospitals continue to use innovative payment models, Home Care will be increasingly popular and important in providing quality healthcare.
Home Care is all about supporting patients and their families. This takes careful orchestration from the healthcare team. Teams of therapists, nurses, and nurse assistants work around the clock to support the patient’s care plan under the supervision of a doctor.
Compassionate care requires great coordination. The ability to securely collaborate between hospitals, providers, and skilled nursing facilities using mobile solutions is critical to all healthcare professionals and their patients.
Treating patients at home has many added benefits of helping to reduce readmissions, preventing expensive care visits to the ER, and perhaps most importantly, enabling hospital admissions as patient’s clinical status changes. The healthcare industry knows this, and has created many value-based payment models that will require more and more coordination as we shift care to the home.
These trends necessitate the adoption of methodologies that facilitate easy and quick exchange of information among the care team; be able to catalog information by patient; as well as find information quickly.
Tools such as emails, phone calls, faxes etc. can no longer support the changing needs. Nor are they HIPAA compliant. This has given rise a family of solutions called Clinical Communication & Collaboration (CC&C). These tools are bridging the gap between the increasing demands seen in home health and current practices.
Skyscape’s BUZZ is one such leading solution in the CC&C space.
Buzz is a HIPAA-secure platform that simplifies real-time and on-the-go communication between healthcare providers within and outside of an institution. The app is sleek, easy to use, and supports texting, dictation, private calling, and file sharing. All totally synchronized and HIPAA-secure.
Most of the healthcare professionals are conscious about HIPAA, and of course conscientious about patients’ rights to complete confidentiality. And the healthcare industry has adopted the best practice of annual HIPAA training processes to cover the new workforce members and periodic refreshers for all employees.
So far so good. However, there are times when the common sense and the training would test the boundaries of obligations that need to be shouldered by the health providers. A recently reported court case should serve as an example of how far-reaching these obligations have gone. Medical legal expert, Nancy J. Brent, MS, JD, RN described a rather bizarre situation that ended up penalizing a Hospital ICU nurse.
Most often we associate a PHI breach when a nurse is using messaging App or other text messaging
system that is not encrypted or HPAA secured. Or, when a nurse shares patient information with a person who is not a member of the
healthcare team or when a patient’s electronic medical record is accessed for a
personal reason when a nurse is not providing care.
The nurse involved in this case was employed in the hospital’s ICU, and she remotely accessed patient census lists 11 times when not at work. The lists contained private health information, including patient names, ages, diagnoses, medications and other personal information.
When a supervisor discovered the
nurse accessed the list, she was told her actions were in violation of the
hospital “information security policies”. Although the nurse’s reason of
checking the list was to determine ICU staffing and whether she would be
required to work assigned shifts.
The nurse was disciplined, suspended, and the supervisor filed a complaint with state board. After a board investigation the nurse received the board notice for a hearing and the allegations against her, which involved breaching her duty to protect the patients’ confidentiality and privacy rights in violation of the state’s nurse practice act and administrative rules.
The State Board found the nurse’s conduct to be unethical
Here is the list of findings used by the board:
Accessed the patient lists for her own purpose to determine if she would work the next day or be placed on call.
Did not use information from the lists for any other purpose.
Did not share the information with anyone else.
Did not read any personal information on the lists.
The above list seems like ‘No harm, no foul’, right? Wrong! Even though it seems as if the nurse did not seem to violate any patient’s health information rights, the board found the conduct to be unethical, based on the following points:
Was not authorized to access the lists from a remote location.
Did not need the information to perform her duties as an ICU nurse.
Fortunately for the nurse, the board believed the nurse did not understand her conduct was a violation of the patient confidentiality policy and the hospital determined the behavior was not a HIPAA breach, and hence they imposed the least severe sanction — a citation and a warning.
The nurse filed for a judicial review of the board’s ruling. The district court dismissed the nurse’s petition. The disciplined nurse appeals the decision and asked an appeals court to reverse the district court ruling.
The appellate court was very clear
about the fact the board had the authority to discipline the nurse under the
nurse practice act and its rules for unethical conduct. It also emphasized
proof of actual injury (to a patient) need not be established.
The court opined that her conduct was a violation of hospital policies to protect patient confidentiality. Also, the court said she knew or should have known about those policies.
How to avoid a similar situation and outcome
The nurse in this case made an error in judgment in seeking out the ICU patient lists to determine her work schedule. Unfortunately, that error led to serious and costly ramifications.
In this case, the nurse could have simply asked permission to access the lists, or even more simply, called the ICU charge nurse to determine if she would be needed for her assigned shift.
Other Guidelines for Nurses
Upholding patient confidentiality policy is a fundamental obligation. Period.
Use the following guidelines:
Know your workplace patient confidentiality policy and adhere to it.
Know your HIPAA obligations and always use HIPAA-secured communication tool.
Remember any violation of your state’s nurse practice act and/or rules does not require patient injury.
Know what your nurse practice act, patient confidentiality policy and other rules about protecting patient privacy.
Know and adhere to ethical requirements governing patient confidentiality and privacy under the American Nurses Association’s Code of Ethics for Nurses with Interpretive Statements.
Even though a discipline might be the least severe, it is still a discipline that affects a nurse professionally
Unfortunately majority-of-providers-fail-to-fully-comply-with-HIPAA-right-of-access and face the risk of severe penalties. Although in this case the facility or the employer was not implicated, there could be legal liabilities for the supervisors and employers as well.
Despite the high degree of attention on HIPAA, it is unfortunate that still majority-of-providers-fail-to-fully-comply-with-HIPAA-right-of-access. As learned from this case, ignorance is not an excuse to escape the penalties for violation – and those are becoming more severe.
Patient engagement is an important theme discussed by many
clinicians and hospital leaders. The healthcare industry is a competitive
marketplace where patients have several choices about what doctors to see and
what clinics to visit.
The term “patient engagement” itself is somewhat confusing and often misused, as it is used to describe everything from patient portals to social media to tech gadgets that enable patients to actively participate in their own health & wellness.
Unfortunately many organizations tend to view their patient portals and websites as both the ‘strategy’ and the ‘answer’ as a means to engaging patients in their own health outcomes. This is a problem as these options merely serve as passive roads that lead to where you want to reach. But without any additional ongoing, active triggers & motivations to activate the positive patient behavior, the roads would remain ‘the road not taken’ (pardon the pun at Robert Frost’s expense).
The right mobile communication tool can set a practice or a clinician apart from the rest. Such a tool would allow the patient to combine her knowledge, skills and willingness to manage her own health with the right interventions to nudge positive patient behavior and outcome.
With Buzz, the days of faxing documents, looking through a rolodex, and playing phone tag through voicemails are over. Buzz is one integrated solution that allows the sharing of documents, text, and secure calls in a HIPAA compliant and completely secure manner. As a clinician your interests are caring for patients and families. This tool not only makes that easier, it makes it better.
Keeping patients and families engaged through a mobile platform is a no brainer. Buzz allows you to stay connected with patients throughout their care process, which improves engagement and patient satisfaction. It improves the integration of care by allowing communication amongst the care team—this too largely benefits patients as they receive better and more coordinated care. Simply put, more engaged patients leads to better outcomes.
Let’s dive in with some details.
A hospital admission entails three key processes: admission, hospital stay, and discharge.
Buzz benefits each of these in a different but meaningful way.
Integrating admission communication between physicians, charge nurses, and emergency department to floor hand-offs
Updating patients and families on reasons for admission, location in the hospital, and patient status
Communicating with specialists to obtain consultations through a mobile platform
Coordinating care between nurses, physicians,
residents, physical and respiratory therapists, and all other members of the
Updating patient’s families on clinical progress
and discharge planning
Improving hand-offs between hospitalists and
better coordination amongst teaching teams
Communicating with skilled-nursing facilities,
care coordinators, and primary care physicians
Charting discharge documents and insurance
Updating the family on discharge plans
With Buzz we strive to make life better for both clinicians and patients. Mobility is a reality in many other industries, and it is just about time that healthcare catch up through responsible, engaging, and secure technology.
Recently, I attended a Rewards & Recognition gala in Boston, where many of our physician friends were present.
During social hour and discussion, we talked about the topic that invariably creeps up in such groups. It was about the growing physician work overload. Everyone unanimously thought that the cause for this burden is both the information explosion (blame the Internet for this) as well as the need for comprehensive documentation (blame the lawyers!). Although some of this is caused by the threat of frivolous malpractice lawsuits, a good part of the problem is compounded by the proliferation of digital tools (many of those in the healthcare are pretty bad mind you, but let’s leave that for another day).
I started explaining how you can’t really escape the current reality of the digital world and that there are many effective technology tools that save time, especially for repetitive or disruptive tasks that take the focus away from the main job at hand. I also mentioned to the group that we recently launched a product that will help streamline many of the tasks they perform. One of the physicians quickly retorted, ‘What? Another digital tool? No way.’ I was taken aback by the visceral reaction, but in a way saw where he was coming from.
On the way home, I was still thinking about this apparent paradox. It almost didn’t matter as to what the actual tool was supposed to do and whether it was any good or not. The fact that it was a piece of technology was sufficient for it to be shunned. Is it really the digital technology that are causing the issues or there are some other factors at play? If you dig deeper, the problem seems to lie with the systems that are not designed to quickly adapt to the changing world. A lot of burden comes from the fact that physicians have partly become data entry clerks.
Unlike in the case of other professionals, say lawyers, they don’t get to push this overload in terms of time billed to their clients. They have to get all this work done in their personal time, resulting in the staggering 2:1 ratio of documentation time vs patient encounters. In some instances, the technology including both the hardware and software are slow or outdated (A case in point, my cardiologist wife had a really old, underpowered computer outfitted in her office with the disk space, RAM and the CPU speed well below the limits specified by their EHR system EPIC; causing frequent slowdowns, crashes and unexplained performance issues. This was never diagnosed or flagged by the IT support staff for a very long time, even though it was obvious that there was a problem. Unfortunately clinicians neither have the time or inclination to research such issues and would rather spend time on the patient care!)
We believe that there is a chance for some ‘digital shortcuts’ that physicians and other healthcare professionals can utilize to make their lives easier. There are many repetitive tasks that could be automated with ‘productivity hacks’. Also, with effective collaborative tools information can be easily tagged, queried and accessed; thus, bringing the elusive-when-you-need-it-most bits of information at the clinicians’ fingertips. The digital revolution is no more a fad or gimmick and is here to stay. Rather than fighting the ‘digital’, clinicians should rally to challenge and address the administrative and policy decisions that seem to miss the core reasons behind the excessive fatigue.
As a medical practitioner, you are constantly exposed to abbreviations. So let’s examine the one from the world of technology, E2EE. It stands for ‘End-to-end Encryption‘. End-to-end encryption is quickly becoming the de facto standard in communication between two or more parties. As an example, if you send a message via email or SMS, you as a sender form one of the ‘Ends’. The party intended to receive the message is the receiver or the other ‘End’. When the message travels from one end to the other end, it is encrypted. Let’s examine how this works in practice. Typically, you’d be using some software such as Skyscape’s Secure Medical Messenger, Buzz.
All messages sent through the Messenger are encrypted on the sender’s device and remain encrypted as they travel over the mobile network/Wi-Fi/Internet, through the cloud/web server, and on the way back to your chat partner (say a nurse or another physician). In other words, none of the networks or servers will have a clue what the two of you are chatting about.
How is it accomplished?
In order to E2EE work, it uses a concept of two keys – a public key and a private key. Every user of the software is assigned a public key and a private key. A public key, as the name suggests, is shared with anyone with whom you are going to communicate with. And conversely, the private key is known only by the user and typically resides only on the user’s device.
A message (which could be text, voice, image or any other kind of data) can only be viewed on either the device of the sender (using the public key + the sender’s private key) or the recipient (using the public key + the recipient’s private key).
Let’s break down the process in steps:
STEP 1. Two keys, public and private are generated when a user opens the Secure Medical Messenger app for the first time. The encryption process takes place on your phone.
The private key remains with the user on the phone. The public key is transmitted through the server to the receiver.
The pubic key encrypts the sender’s message on the phone even before it reaches the server.
The server is only used to transmit the encrypted message. Only the receiver’s private key can unlock the message. No third-party including developers can read the message.
What can You Encrypt?
Anything. Really. Chat messages, files or PHI data transfers (health records, images, reports, EKGs and videos sent between hospitals, remote clinics and providers), even live phone conversation.
In the medical context, it is imperative as HIPAA regulations demand that any information that includes patients’ identity should be protected in such a manner. Skyscape’s BUZZ, which is a HIPAA-secure messenger, has been built around this principle. The level of security is akin to what you have come to expect from your banking or other apps that require highly degree of security. Military-grade encryption is virtually impossible to crack as it uses 256-bit keys that generate 2^256 possible combinations. There are no supercomputers yet that can crack such a key within a reasonable amount of time.
Physician burnout is an epidemic prevailing today in the medical profession. A study shows that on anaverage 1 in 3 US doctors at any given time suffer from physician burnout. Recent survey in the US shows that physician burnout rates are higher than 50%. These revelations demonstrate that doctors are facing extreme work pressures which is leading to burnout.
OK… now we have all heard about end-to-end encryption. What does that really mean? And why should you as a clinician be concerned about it.
What are these ‘ends’ in end-to-end?
When they refer to end-to-end, the two ends refer to the sender and the receiver. Let’s say you are want to convey some important piece of information to your colleague. So you are the ‘sender’ and the colleague is the ‘receiver’. The transfer of information could be verbal, by gestures or even some electronic form such as via telephone, or in the modern days by text messaging, email or some other form of communication. The last few channels of information is digital and travels from one device to the either over the Internet or the cellular service.
Keep it to yourself, buddy
Let’s say that the information you are providing to your colleague needs to be confidential. This is where you would employ different tactics depending upon whether you are talking in a private space (you would not be too concerned about someone overhearing your conversation), or in a corner of the conference room where there are other folks (you might use a soft voice and use gestures to make sure no one hears what you are saying), or on the phone (you will ask your colleague if the call is on the speaker phone or there is anyone in the vicinity who could to listen the conversation).
But none of these methods could be foolproof because someone could snooping in your conversation (by lip reading or by tapping the phone line).
This is where the Encryption comes into play.
Encryption – It’s All Greek to me!
So in the above example, the two parties might take precaution to exclude others from the conversation (some of my Chinese friends don’t bother about talking in soft voice even in the presence of a bunch of others, they just switch to Mandarin!) there are problems when you have to be physically separated from each other.
The electronic bits that represent the conversation need to travel and someone with enough technical chops could intercept these bits and piece together the ‘confidential’ information that you were eager to pass on!
So this is where the Mandarin trick comes into play. Well, sort of (don’t worry, we are not planning to send the two ‘ends’ to the language lessons). The idea is that you expect that some people could hear you talk. And you would want to make sure that they don’t understand what you are saying.
Now you will question that in a small setting you could know that no one understands Mandarin, but when surrounded by a larger crowd you can’t be absolutely sure that no one would understand you. You’re right, it’s a sensible observation!
And yet, this is the theme that forms the basis of how we can solve the problem of preventing others from snooping on your conversation. Or rather preventing them from understanding what they are ‘snooping’. Essentially, just like my friends resort to Mandarin, we convert the information into temporary ‘language’. Thus anyone who tries to understand the intercepted information would just get the gibberish and cry, “it’s all Greek to me“! (Sorry to jump a whole continent in my analogies ?).
See the following figure:
This illustration shows four different conversations happening. In order to make sure that every pair in the conversation remains private from each other, the ‘language’ or the ‘gibberish’ has to be unique for each.
This process of generating gibberish from perfectly good information has a fancy, mathematical name – it’s called encryption (Ah.. yes, finally coming to the main point of this topic!) Encryption is the encoding of a message to the indecipherable sequence so that only the intended party can decode it. Technically, this gibberish is called ciphertext. Even if someone gets hold of this ciphertext, they won’t be able to access the original information. The receiving party decodes the original information by the reverse process of decryption (We will get into the details of how this is accomplished in a separate topic). And of course, it pertains mainly to all forms of electronic communication that happens beyond the face-to-face communication, including any information that is stored electronically.
Back to the medical environment
When a clinician speaks to another clinician about a patient or directly with the patient, utmost care has to be taken to protect the information reaching to the wrong person. Transitioning to the modern reality due to the increasing adoption of digital technology, there are more channels of ‘leaky’ communication. Additionally, the liberal intrusion of the social media into our daily lives has also made it into the medical environment, jeopardizing privacy of the healthcare constituents.
Why should you care? Two words, HIPAA compliance. And this is where the end-to-end encryption becomes important.
Co-Author, Fundamentals of Nursing:Active Learning for Collaborative Practice, 2e and Conceptual Care Mapping: Case Studies for Improving Communication, Collaboration, and Care, Elsevier
Summer is the season for creative thinking as a faculty member. When the number of committee and faculty meetings is typically fewer, it’s time to integrate more evidence-based active learning and evaluation strategies into our future courses. With medical knowledge predicted to double every 73 days by 2020 (Densen, 2011), active learning strategies that support the development of strong clinical decision-makers and lifelong learners must become the norm in our classrooms and labs.
Totally Worth It
In the 21st century, implementing evidence-based teaching strategies in the classroom is as critical as utilizing evidence-based practice in the clinical area. Revising our teaching strategies to include more active engagement of students takes time while being essential for enhanced student outcomes and patient safety. However, the time we spend developing active learning opportunities for students pays big dividends for our students and the patients for whom they provide care. Utilizing a variety of active learning strategies throughout a term will keep students engaged and prepared for class, lab, and clinical.
Require Conceptual Care Mapping
Concept mapping in many forms has been shown for several decades by multiple researchers as a teaching/learning method that provides deep learning and supports increased clinical judgment skills. Conceptual care mapping is a specific, evidence-based active learning strategy to replace traditional care plans. Concept maps that replace traditional care plans (conceptual care maps), “provide a visual model for students to view the interactions and relationships between bio–psycho–social aspects of the patient, disease signs and symptoms, medical management, medications, and nursing process” (Cook, Dover & Dickson, et al., 2012, p. 92).
Conceptual care mapping helps students visualize the relationships among their patient’s data, then analyze and synthesize the data necessary to develop an evidence-based, patient-centered care plan. Conceptual care mapping is a valuable learning tool in the classroom, lab, and clinical area. Require a conceptual care map (CCM) as a daily worksheet in the clinical area, then require approximately three CCMs/semester to be submitted for clinical evaluation, instead of a traditional care plan.
Have students develop conceptual care maps in the classroom from original, online, or textbook case studies. If you teach upper division courses, have a student present a case study (based on an anonymous clinical patient) and have the rest of the students discuss plans of care while completing a CCM. Require students to present evidence for their interventions and analyze lab and diagnostic testing data using their handheld reference resources. The visual aspect of the CCM allows students to more readily recognize connections among patient data, contributing to enhanced clinical judgment skills.
Conceptual care maps are also excellent evaluation tools that demonstrate the depth and application ability of students far more than typical quizzes and exams. Assign students an original case study and require each one to complete a CCM for didactic evaluation. Grading rubrics are already available for your revision and use.
Remember to mix up how you use active learning strategies throughout the semester. Students will better understand the complexity and uniqueness of patient care as a result of your time and effort. Encourage creativity in how students think about patient problems. Be energized and have a great year ahead!
Cook, L., Dover, C. & Dickson, M., et al. (2012). From care plan to concept map: A paradigm shift. Teaching and Learning in Nursing, 7, 88-92
Densen P. (2011). Challenges and Opportunities Facing Medical Education. Trans Am Clin Climatol Assoc, 122, 48-58.
We all know that the healthcare industry is plagued with allegations of patient data breaches from online hackers and in-house data imposters. Hackers constantly attempt to steal the Protected Health Information (PHI) of patients and sell it on the black market for fraudulent purposes. Patients’ PHI data is vulnerable because it is shared with various healthcare entities.