About Blake Rodocker

Business Development Manager at Bridge Patient Portal. Passionate about helping healthcare businesses grow.

Find more about me on:

Here are my most recent posts

Author Archives: Blake Rodocker

Business Development Manager at Bridge Patient Portal. Passionate about helping healthcare businesses grow.

Three Best Practices for Patient Engagement Technology Implementation

Adopting even the best patient portal platform and patient engagement mobile app can be a challenge for many medical practices, both in terms of getting staff on board with the new software and encouraging patients to use it. This is often the case, despite the fact that patients are increasingly demanding access to their healthcare online and that organizations can significantly benefit from the patient portal’s time-saving tools and features.

The good news is that successfully launching new patient engagement technology can be easy. It involves a patient engagement strategy that includes the right software, support from providers and staff, and an experienced implementation team. Here are three implementation tips to help you get started:

1. Communicate early on with staff about plans to implement a new technology.

Early communication with providers and staff about the decision to implement a patient portal or patient engagement mobile app will lead to a higher buy-in rate. It is important to provide as much information as possible about the technology and to be proactive in answering questions such as:

  • How will you integrate the technology with existing workflow?
  • What benefits will the technology provide on a day-to-day basis?
  • Will the technology create more work or alleviate tasks for the team?

The more confident your staff feels about the implementation of a new patient engagement technology, the more likely they are to accept it and to recommend it to patients.

2. Assign roles and responsibilities for overseeing specific aspects of the technology.

using a patient portalImplementing patient engagement technology will simplify many administrative tasks, but it is going to require making a few changes in order to handle some of the new responsibilities that stem from the software. For example, you will need to decide whether one person will be responsible for responding to medication refill requests or whether this task will be split among several users. The same goes for appointment requests and patient messages. Assigning these roles early on and providing ample training will help eliminate confusion.

3. Start a campaign to encourage patient adoption of the new technology.

Whether you want patients to use the technology to attest for MACRA or simply to help improve treatment outcomes, the first way to increase patient portal adoption is to raise awareness. A general campaign targeting your entire patient base is only a good idea if you have the staff resources, as you may get a lot of questions initially while patients learn to navigate the new system.

Another option is to start by promoting the portal or mobile app to a specific set of patients only – for example, those with a chronic disease. You can assign a care coordinator to help these patients find their way around the new technology, including the features that will benefit them and their condition most. You can also send emails to patients who opt-in, highlighting important features.  By following these guidelines, you can be assured successful implementation of new patient engagement technology.

Is your practice doing all it can to increase patient engagement? Contact us to find out how a patient portal or patient engagement mobile app can help.

Business Development Manager at Bridge Patient Portal. Passionate about helping healthcare businesses grow.

The unexpected benefit a patient portal has on your MIPS / MACRA score

Photo finish

Strategies for MIPS / MACRA attestation, and how patient portals might have a greater impact on your scoring than you might think.Photo finish

The objective of this article is to provide a detailed explanation of the four categories that make up the Merit-based Incentive Payment System (MIPS) point system that affect an eligible provider’s reimbursement, and how a patient portal helps a provider attest for these four categories. MIPS is one of 2 reimbursement tracks under MACRA. For a primer on MACRA – who qualifies for the program, the reporting/adjustment timeline, the reimbursement/penalty rates, and how MIPS relates to MACRA – please read our earlier post MACRA 101: An explanation by Bridge Patient Portal. So let’s learn about certified MIPS / MACRA patient portals and how they can help.

What are the four categories that makeup MIPS?

MIPS is made up of four performance categories. It represents several previously existing Medicare reporting programs, renovated and rolled into one. Here, we list the MIPS performance categories in order of potential for patient portal impact (highest to lowest):

  1. Advancing Care Information – Focuses on information exchange and interoperability, replacing the Medicare and Medicaid EHR Incentive Program also known as Meaningful Use (Stages 1 and 2)
  2. Quality – Measures a provider’s delivery of Quality Care, replacing the Physician Quality Reporting System (PQRS) which expired in 2016, and incorporating the Value-Based Payment Modifier system.
  3. Improvement Activities – A new category created to measure a provider’s focus on care coordination, beneficiary engagement, and patient safety.
  4. Cost – Relates to resource use, replacing the Value-Based Payment Modifier. The cost category will be calculated in 2017, but will not be used to determine a provider’s payment adjustment until 2018.

Over the next few years, the weight of each MIPS performance category will change in the calculation of the MIPS composite score – as described in the image below.


The 4 categories of MIPS and how a patient portal can directly or indirectly impact scoring:

1. Advancing Care Information

ValuePatient Portal Impact
(Low, Medium, High)
Ease of Implementation
(Easy, Medium, Hard)

ACI is highly dependent on patient portal technology, with about half of its sub-category measures achievable through patient portal features. With the use of
certified patient portal technology, physicians can accumulate MIPS points with relative ease. A full list of the ACI sub-category measures can be found here. Below is a table listing the different measures for the ACI category.
Most everyone is familiar with the recently sunsetted
Meaningful Use Stage 2 program, where incentive payments were paid (or overpaid) to providers with patient portals that provided at least 50% of their patients with access to their medical records online, and at least 1 patient per eligible provider was required to view, transmit and download their health summary. Advancing Care Information (ACI) essentially replaces the Meaningful Use program and raises the bar further.

Base Score   
Advancing Care Information Measures and Scores2017 Advancing Care Information Transition Measures and Scores
Required Measures for 50% Base Score% PointsRequired Measures for 50% Base Score% Points
- Security Risk Analysis
- e-Prescribing
- Provide Patient Access*
- Send a Summary of Care*
- Request/Accept Summary Care*
50%- Security Risk Analysis
- e-Prescribing
- Provide Patient Access*
- Health Information Exchange*

NOTE: These measures are also included as performance score measures and will allow a clinician to earn a score that contributes to the performance score category (see the list below).

Measures for Performance Score   
Advancing Care Information Measures and Scores2017 Advancing Care Information Transition Measures and Scores
Measures% PointsMeasures% Points
Provide Patient Access*Up to 10%Provide Patient Access*Up to 20%
Send a Summary of Care*Up to 10%Health Information Exchange*Up to 20%
Request/Accept Summary Care*Up to 10%View, Download, or Transmit (VDT)Up to 10%
Patient Specific EducationUp to 10%Patient Specific EducationUp to 10%
View, Download or Transmit (VDT)Up to 10%Secure MessagingUp to 10%
Secure MessagingUp to 10%Medication ReconciliationUp to 10%
Patient-Generated Health DataUp to 10%Immunization Registry ReportingUp to 10%
Clinical Information Reconciliation Up to 10%
Immunization Registry Reporting0 or 10%

Advancing Care Information Performance Category Fact Sheet provided by CMS provides an excellent detailed explanation on how the ACI category is scored. In summary, providers must demonstrate at least 1 transaction for each of the categories to receive a 50% “Base Score” for the ACI category (NET 12.5% for the entire MIPS program). To score for an additional 50%, the “Performance Score,” providers must demonstrate additional usage in the “Performance” and “Bonus” categories. Scoring for both the “Base Score” and “Performance Score” allows a provider to achieve 100% scoring.

Important Tips and Information

  • October 2nd, 2017 is the last possible start date for 2017 MIPS reporting, including the ACI category.
  • Data submission to CMS for 2017 reporting begins on January 1, 2018 and ends on March 31, 2018.
  • Both 2014 and 2015 Certified technologies can be used for attesting in the 2017 transitional year of MACRA, so long as the technologies support the ACI measures. There are two measure set “options” Advancing Care Information Objectives and Measures or 2017 Advancing Care Information Transition Objectives and Measures, listed above. In 2017, only the latter requires 2015 certified technology. In 2018, however, 2015 certified technology will be required across the board.
  • Some clinicians may not have sufficient ACI measures applicable to them. In such scenarios, the ACI performance category will be reweighted to 0 percent and the 25 percent weight originally allocated to ACI will be redistributed to the Quality performance category. This may be the case for clinicians who are hospital-based or qualify for a hardship exemption.
  • If the minimum required measures (listed in the table above) for the Base Score are not met, the provider will receive a score of 0 for the entire ACI category.

2. Quality

ValuePatient Portal Impact
(Low, Medium, High)
Ease of Implementation
(Easy, Medium, Hard)
60% 2017
50% 2018
30% 2019

MIPS has created the Quality performance measure category by merging the Physician Quality Reporting System (PQRS) and Value Based Modifier (VBM) programs. While the quality category offers the most value opportunity, it can be the most difficult to report on. The reporting period is the entire year, unlike the 90 day period for the ACI category. In most cases, providers must select 6 quality measures to report on from the many available in this

A well implemented patient portal can have a significant impact on a provider’s Quality performance. Much of the Quality category scoring has to do with improved outcomes that in many cases benefit from an engaged patient population. This can be achieved through patient portal functions like patient reminders (appointment, care plan, Rx refill, etc.), notifications, and patient-provider messaging. A provider will also receive points for delivering Consumer Assessment of Healthcare Providers and Systems (CAHPS) surveys, which can be administered electronically. To directly use a patient portal, or Certified EHR Technology (CEHRT), for reporting, the CEHRT must be certified on the measure being reported. Providers can earn additional bonus points by reporting with a CEHRT. The measures must be eligible, and reporting must be done entirely with the CEHRT. The maximum number of CEHRT bonus points is 10% of the maximum score, which would be 6% in 2017 as the value is 60%.

The many different scenarios available to providers for the Quality category further complicate the already complicated scoring system. But essentially, each measure gets a score of 1-10 points (0 points if not reported) compared to historical benchmarks (if available). With a perfect score of 10 in each of six measures, providers receive 60 points, or a full score.

Important Tips and Information

  • Most providers must report up to six Quality measures so long as one measure is an outcome measure (or a high priority measure if no outcome measure applies to the provider). Groups of 25 or more providers may use the CMS Web Interface, in which case they will need to report on 14 different measures. CMS plans to increase the number of measures to report on in future years.
  • Selecting the right measures is of utmost importance. CMS scores a provider in comparison to other providers (benchmarking), making it is easier to score in the top percentile on some measures compared to others. We recommend seeking guidance from a consulting firm or expert on MIPS in order to identify the best categories for your situation.
  • The Quality performance measure category has been sub-categorized into Efficiency, Intermediate Outcome, Outcome, Patient Engagement/Experience, Process and Structure measures.
  • In 2017, the Quality score weight has been set to 60% unless the provider has applied for an ACI exclusion. In this case, the 25% ACI category value will be applied to the Quality category, increasing the quality category value to 85%.
  • Providers qualifying for one of the specialty measure sets may report fewer than six measures (in some cases), or select six measures from the specialty measure set.
  • MIPS essentially adopts the quality measures and reporting methods from the Physician Quality Reporting System and Volume Based Modifier programs. Although there are some changes to the PQRS reporting methods, for the most part the quality reporting methods remain the same.
  • Practices must use the latest annual measure update. For instance, for the 2017 performance period, practices must use the eCQM specifications contained in the 2016 annual update, released in April 2016.

3. Improvement Activities

ValuePatient Portal Impact
(Low, Medium, High)
Ease of Implementation
(Easy, Medium, Hard)

The Improvement Activities performance category is significantly simpler than the two aforementioned categories, focusing on care coordination, population health, beneficiary engagement, and patient safety. Providers must select only four measures from this
list of more than 90 options and report on these four measures for a minimum of 90 days.

A well implemented patient portal has a variety of features that can be applied to the Improvement Activities performance category measures. Given the focus of the category on care coordination, patient engagement through a patient portal plays a crucial role. For example, there is a specific, medium-weight activity titled “Engagement of patients through the implementation of improvement in patient portal,” “Proactive management of chronic conditions and prevention care,” and “Engagement of patients, family and caregivers in developing a plan of care,” along with a variety of other activities where a patient portal can directly or indirectly be applied to meet requirements.

The Improvement Activities category has a maximum score of 40, which contributes 15% to the MIPS composite score. Each activity is worth 10 points. Some activities are categorized as “high-weight” (about one fifth of the 90+ activities) whereas the rest are “medium-weight.” High-weight activities are technically worth 20 points, as they hold twice the value of medium-weight activities.

Important Tips and Information

  • Physician groups with fewer than 15 participants or in a rural or health professional shortage area can attest by completing up to two (2) activities for a minimum of 90 days, instead of the minimum four.
  • CMS allows for submission of data for the Improvement Activities performance category using the qualified registry, EHR, QCDR, CMS Web Interface as attestation data submission mechanisms.

4. Cost

ValuePatient Portal Impact
(Low, Medium, High)
Ease of Implementation
(Easy, Medium, Hard)
0% 2017
10% 2018
30% 2019

Various primary care services are used to calculate the total per capita cost measure. Chronic care management (CPT code 99490) is an example of a primary care service that can be facilitated through Chronic Care Management (CCM) Software linked to a patient portal or EHR. Patient portals such as Bridge Patient Portal also have the ability to facilitate annual wellness visits (G0438 and G0439) or welcome to Medicare visits (G0402) through the use of appointment reminders and care plans.

The Cost category, which replaces the Value-Based Payment Modifier, requires no reporting. All its measures are derived from Medicare claims data, therefore participation does not require data submission. Furthermore, the Cost category is not included in the 2017 payment modifier.


The trend we are seeing with CMS programs, like MACRA and its previous iterations, is a greater emphasis on patient engagement and quality of care. It’s hard to imagine a future where patients aren’t able to access their information, manage their care plans and communicate with provider online. We strongly believe that putting a strong emphasis on online patient engagement, leveraging solutions like Bridge Patient Portal, not only has a direct impact on MACRA scoring, but paves the way for a smooth transition from fee-for-service to fee-for-value reimbursement models.

MIPS Patient Portal

Bridge Patient Portal is a MIPS patient portal with a 2015 Edition ONC Health IT Certification. Bridge Patient Portal v2.0 has been certified by SLI, an Office of the National Coordinator-Authorized Certification Body (ONC-ACB) in accordance with the certification criteria adopted by the Secretary of Health and Human Services (HHS). The portal helps increase patient engagement while helping provider groups meet requirements for MIPS/MACRA.

Business Development Manager at Bridge Patient Portal. Passionate about helping healthcare businesses grow.

Why Telemedicine Has Failed

telemedicine consult

Telemedicine, the use of technology for remote patient monitoring and medical consultations, is experiencing growing pains in the U.S. It’s a logical response to ballooning healthcare expenditures and an ever-increasing physician availability shortage. Integrated with patient portals, patient engagement mobile apps, remote patient monitoring software and health tracking apps, telemedicine is also part of a growing market for patient engagement solutions.

However, going virtual with healthcare has not been straightforward, and has taken longer than anyone would have expected. For telemedicine to reach its potential, we need to address lags in adoption, privacy concerns, and health policy barriers.

Adoption: Generating Physician Buy-In

There are many private companies that specialize in telemedicine, such as virtual care applications or 24-hour “ask a doctor” services. The other option is a physician who has regular appointments also checking in with patients remotely via a telemedicine portal or a similar application. In this case, many physicians don’t want to change how they do medicine. For a successful transition to a hybrid format, first and foremost, the reimbursement must be there. Reasonable reimbursement for telemedicine is still mostly limited to certain states and is simply not enticing enough to drive telemedicine. A perfect example of this would be the use of chronic care management solutions for CPT code 99490 – which has seen unexpectedly low utilization. The evidence that telemedicine and patient engagement improves outcomes is still lacking as well.

Adoption: Developing Accessible Patient Engagement Solutions

Patients with chronic conditions that require frequent check-ins has a tremendous amount of potential to benefit from telemedicine. Older and typically less tech-savvy seniors are now surprisingly proficient with technology. For example, it may be hard for them to connect or use remote patient monitoring devices between office visits. On-screen interaction may not be easy for those with limited vision. This makes it difficult to engage patients. These obstacles can be overcome with accessible technologies, and health IT professionals should focus on this.

Privacy: HIPAA Compliant Remote Patient Monitoring and Consultation

In telemedicine, personal health information is sent in several ways, including text, audio, video, images, and real-time remote patient data from sensors. This worries healthcare providers, who need to comply with HIPAA privacy rules. While the tools we use daily may not meet standards (video, email, SMS) there are specialized platforms out there that do, the Bridge Patient Portal platform being one of them. These are essential to best practices in telemedicine.

Policy: Taking Advantage of in Interstate Licensing

States have different requirements about where a physician needs to be licensed to provide telemedicine services: In some cases, it’s the state where the practice is located. In others, it’s the state where the patient is located. Over twenty-six states have now introduced or enacted Interstate Medical Licensure Compact legislation, which will make it easier for physicians to practice in several states. As more states join, medical practices may need to be guided on how to get their healthcare teams licensed.

Policy: Addressing Different Reimbursement Rules Across States

Reimbursement is another area of inconsistency: Rules about which telemedicine services need to be covered by Medicare, Medicaid, and private insurance vary from state to state. This is being considered at the federal level. In the meantime, healthcare providers need easy access to centralized, up-to-date information on relevant policies.

By harnessing our society’s tech habits to engage patients and help physicians do their jobs better, telemedicine has lots of potential. At this stage, it faces roadblocks like privacy concerns and policy red tape. It’s important to equip healthcare providers with resources for navigating these issues. On the product end, we need to develop technologies that make telemedicine accessible and effective for both physicians and patients.

Business Development Manager at Bridge Patient Portal. Passionate about helping healthcare businesses grow.

Utilizing HIPAA Compliant Patient Surveys to Optimize Patient Engagement and Increase Effectiveness of Post Visit Communication

Having a post-visit communication plan can significantly improve patient outcomes by reducing the number of  emergency visits, decreasing the hospital re-admission rate, and improving chronic disease management.  Utilizing HIPAA compliant patient surveys is an excellent way for providers to gather post-visit information that enables them to monitor patient well being, verify medication adherence, and review care plan compliance, all of which improves patient satisfaction and help patients maintain good health.

Despite the importance of follow-up communication, few healthcare organizations have a robust post-visit communication plan in place.

A recent survey of 50 health professional and healthcare administrators conducted by Bridge Patient Portal, demonstrated that only 30% of organizations have an adequate post-visit communication plan in place.

study - patient engagement strategy

The survey also examined the areas of post-visit communication that pose the greatest challenges for healthcare organizations.

Post-Visit Patient Communication Challenges

Post-Visit Communication and Patient Engagement Goals

For survey respondents whose organizations do have a patient engagement strategy, when asked which goals they were trying to accomplish, the majority (59 percent) said continuity of care for better health.

patient engagement strategy goals

Barriers to Implementing Post Visit Communication Plans

The Bridge Patient Portal survey indicated that there are multiple  barriers to addressing the post-visit patient communication challenges According to the survey,the two biggest barriers for healthcare organizations are “internal problems with managing existing technology” and “lack of knowledge to produce a satisfactory solution.” Moderate barriers include: lack of internal staff resources, lack of budget, and lack of interest by management or not a priority.


The results show that post-visit patient communication is a significant problem for many healthcare organizations, and the barriers for adoption cannot always be resolved internally. For this reason, it is increasingly important for organizations to work with third parties, including patient engagement strategists, consultants, and vendors that offer patient survey software to develop comprehensive plans to improve post-visit communication and, as a result, patient health outcomes.  With Bridge Patient Portal’s robust,  HIPAA compliant forms and secure notification system to deliver surveys to patients you will have a trusted partner to build your organization’s post visit communication plan.

Business Development Manager at Bridge Patient Portal. Passionate about helping healthcare businesses grow.

New Sources of Revenue and Chronic Care Management Software Drive Care Coordinator Hiring

Propelled by the Affordable Care Act (ACA) and the move towards fee-for-value care delivery models versus fee-for-service, chronic care management (CCM) services have the potential to significantly reduce healthcare spending. Patients who have the education and training they need to manage their chronic illness will incur lower healthcare costs. The overall goal of CCM services is capitalize on this concept and improve self-care behavior by providing education, counseling, and support in between office visits.

New Revenue Sources for CCM services

Starting in 2015, Medicare introduced current procedural terminology (CPT) code 99490 which reimburses providers about $42 for 20 minutes of staff time spent providing CCM services to Medicare patients with 2 or more chronic conditions. In 2017, Medicare added 2 new CPT codes for Complex CCM Services, 99487 and 99489. As explained in the table below, with the addition of these 2 new codes, providers can increase their reimbursement per month per patient to $140.

Transitioning to Value Based Care

“These components of the ACA that are meant to help reduce costs in healthcare are right on the money,” says Scott Anderson, CEO of My Care Coach, a company that provides outsourced care coordinator services to hospitals. “The idea of helping doctors align compensation to manage conditions, versus just paying them to work on acute flare-ups, is much more of a correct approach to care.”

Of course, the problem for many healthcare organizations is that it won’t be easy to meet Medicare’s requirements without stretching already limited staff resources or hiring costly new staff. This is where the care coordinator comes in.

The Care Coordinator’s Role

care coordinator

Whereas the physician knows what needs to be done clinically and instructs the patient to do so, up to 80 percent of the medical information provided to the patient is immediately forgotten. Furthermore, time constraints prevent staff from following up. The care coordinator fills this gap in care by working closely with the patient to improve health outcomes.  

Unlike the physician, whose time is extremely limited, the care coordinator has time to develop a relationship with the patient and provide the necessary clinical information after the patient’s visit.

The care coordinator not only relays the physician’s directives via a care plan, but he or she also works towards meeting the patient’s health goals. Additionally, the care coordinator is available to provide support and guidance in modifying behaviors.

The activities of the care coordinator are documented and organized in a chronic care management platform. Choosing the right chronic care management software will enable your organization to provide optimal chronic care management services.

With chronic disease management and population health management becoming the focus of government initiatives to reduce healthcare spending, it is likely we will see all healthcare organizations looking to hire care coordinators in the near future. Those who do so sooner will be ahead of the game.

Learn more about Bridge Patient Portal’s Chronic Care Management Solution.

Business Development Manager at Bridge Patient Portal. Passionate about helping healthcare businesses grow.

4 Ways to Use Patient Engagement Technology to Boost Patient Engagement

Patient engagement is a necessary element for the achievement of better quality of care and it is a critical component of the Center for Medicare and Medicaid Services (CMS) initiative to focus on quality of care.  CMS programs like the Medicare Access and CHIP Reauthorization Act, MACRA, are fundamentally changing the reimbursement matrix for healthcare in the United States by shifting the focus from fee for service to reimbursement for quality.  Thus, determining  the right patient engagement solution has become increasingly important for healthcare organizations.

A patient portal can increase a health organization’s ability to keep patients engaged and healthy. Furthermore, it facilitates the obtainment of MACRA goals. In order to succeed, however, physicians and staff must know how to properly leverage the portal to improve communication and boost engagement.

Here are four ways  to promote patient engagement technology, like patient portals,  to maintain an engaged patient population and improve patient outcomes

1. Raise Awareness about the Patient Engagement Technology

Does your organization have a strategy for promoting patient engagement technology? Simply implementing a patient portal  is not enough. Patients need to know that the technology is available to them and how they can benefit from using it.


To provide an initial introduction to the patient portal, you can have staff assist patients with portal registration at check-in or checkout and provide step-by-step instructions for entering demographic and insurance information required for that day’s visit. Making tablets or kiosks available at check-in is a great way for patients to begin this process. You can send patients home with a handout about the portal in order to reinforce the message. Hanging posters promoting the portal in the waiting room and exam rooms is also a very cost effective way  to raise awareness about the patient engagement technology that you are promoting.

If your organization has a website, you will want to promote the portal by placing a link to the page in a prominent place with a strong call to action. Sending an email blast to your entire patient database is another great way to raise awareness.

2. Assign a Care Coordinator

If your healthcare organization uses patient care coordinators to promote health awareness and help patients reach their care goals, you know how integral these individuals are to successful patient engagement technology implementation.  Care Coordinators work with the physician and patient to develop a care plan, they communicate the provider’s plan to the patient, and they continually assess the patient’s needs. They also play a vital role in adoption of patient engagement technology by by promoting patient portal features that open lines of communication and streamline care plan management.

3. Strengthen the Physician’s Role

physicianPhysicians have one of the most important roles in promoting a patient engagement solution, like a patient portal.. A recent survey by the New England Journal of Medicine Insights Council, found that physician buy-in is essential to the adoption of patient engagement technology.  Patients are much more likely to use a new technology if their physician wants them to use it. It is important to note that the physician’s role does not end after suggesting a new patient engagement technology, many patients will require reinforcement of the idea.  For example, once patients are using a patient portal, their physician should mention the portal at each visit and specifically refer to  a feature in which the patient might find value.

4. Highlight Useful Features

Your patient portal can do a lot of things, but chances are that most of your patients do not care about all of the portal’s features. Instead of overwhelming patients with information, tell them about the features that they are most likely to use. This includes things that make it easier for patients to manage their health and to perform otherwise time-consuming tasks online – for example, features that give them the ability to:

  • Send and receive secure messages from their physician
  • Access lab results without having to wait for a callback from the physician’s office
  • Schedule appointments without having to call the office
  • Request medication refills online

As patients get more comfortable using the new patient engagement technology , your organization may choose to start an email newsletter or awareness campaign to market new features. This process can be simplified if you have a patient engagement platform that provides email notifications using templates customized for your hospital or practice.

What it all boils down to is how the patient feels after each portal experience. If the first experience with the patient portal is a pleasant one, the more likely the patient is to continue using it.

Business Development Manager at Bridge Patient Portal. Passionate about helping healthcare businesses grow.

Is Skype® HIPAA Compliant?


Given the growing interest in video conferencing services for communicating with patients online, healthcare organizations often come to Bridge Patient Portal with questions about the use of Skype® for telemedicine, and whether the software meets HIPAA compliance standards. Though HIPAA doesn’t specifically mention the types of technologies that healthcare providers can use for video conferencing, there are three key issues to consider.

1. Encryption

Skype® uses AES 256-bit encryption to secure the different channels of communication that take place on the platform (chat sessions, voice calls and video calls). This level of encryption exceeds federal guidelines for transmitting protected health information (PHI), which set the minimum level of encryption as 128-bit. However, this is not the only factor to consider in determining HIPAA compliance.

2. The Business Associate Agreement

One of the most compelling reasons against the use of Skype® for healthcare provider-patient communication is that Skype® will not enter into a business associate agreement (BAA). A BAA is required under the HIPAA Omnibus Rule for any entity that creates, receives, maintains or transmits PHI on behalf of a healthcare provider, health plan or healthcare clearinghouse.

There are some debates as to whether Skype® qualifies as a HIPAA business associate due to the “mere conduit” rule, which states that a company is exempt from being a business associate if:

– It only transmits PHI in encrypted format


– It never has access to the encryption key

The problem with Skype® is that, while the company states that it does not have access to the PHI that it transmits, it has been known to provide information to law enforcement. This means that it has access to the encryption key and is, therefore, considered a business associate.

Another factor to keep in mind is that the Omnibus Rule requires business associates to provide “satisfactory assurances” that PHI will be protected as required by HIPAA rules. However, Skype®does not state anywhere that its services can be used in a HIPAA-compliant way.

3. Audits and Breaches

The HIPAA Security Rule requires covered entities to use technologies that include audit controls by “implement[ing] hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.” Unfortunately, Skype® does not offer audit control tools for monitoring who has access to PHI, nor does it provide notifications in the event of a breach.

The Verdict: Is Skype® HIPAA Compliant?

While Skype’s® encryption methods are strong, overall it does not meet HIPAA compliance standards. Organizations that use the software to communicate with patients over the internet should be aware of the risks involved and consider using specialized, HIPAA-compliant video conferencing platforms instead. If the patient has a preference for using Skype®, be sure that there is record of the patient’s acceptance to use non-HIPAA compliant technologies.

HIPAA-Compliant Skype® Telemedicine Alternatives Do Exist

There are alternative options for video conferencing. Cisco, for example, offers HIPAA compliant video conferencing solutions for healthcare, as do a number of specialized telemedicine software/hardware vendors. The challenge with all of these systems is the cost and complexity of implementing the technology with patients, and the learning curve for patients in beginning to use software that they are more than likely unfamiliar with.

For consultations that do not require video, Bridge Patient Portal offers a HIPAA-compliant e-consultation platform. Bridge allows for two types of secure communication between patients and physicians: secure messaging and telephone calls, including integrated VoIP calling. Bridge provides a business associate agreement to the covered entities that they work with, and continuously monitors regulatory requirements to ensure compliance. Bridge Patient Portal can also be integrated with a variety of 3rd party video conferencing solutions, facilitating pre-consultation communication, billing and intake.

Does your organization offer e-consultations? Let Bridge know which software you use and how your experience has been thus far.

To learn more about HIPAA and email/sms communication read our article: The Facts about HIPAA and Email/SMS Communication with Patients

To learn more about HIPAA and healthcare applications please read our three part article series:

Business Development Manager at Bridge Patient Portal. Passionate about helping healthcare businesses grow.

How to Send Automated Medical Appointment Reminders Without Jeopardizing Patients’ Data Security

Patients waiting in a waiting room Sending automated medical appointment reminders has been shown to decrease appointment “no shows” and has a potential to enhance the patient-provider relationship.  However, given the concern about data breaches, automated appointment reminders remain an underutilized feature of patient portals.  According to the U.S. Department of Health & Human Services, appointment reminders are allowed under the HIPAA privacy rules. Their position on the topic is: “Appointment reminders are considered part of treatment of an individual and, therefore, can be made without authorization” meaning that providers don’t need to worry about breaching HIPAA while sending an appointment reminder.  

To ensure that you and your patients are protected, Bridge recommends you do the following when launching an automated medical appointment reminder system:

  • Make sure your NPP (Notice of Privacy Practices) is updated and includes information about opting-in for appointment reminders by SMS and/or email.
  • The NPP should be explicitly clear and state something similar to “We are going to be sending automated SMS text message/email reminders about your upcoming appointments. If this is a problem for you please notify us.
  • Have patients verify their contact information, including their phone number, regularly.
  • Consider an additional opt-in outside of the NPP; many people do not read the NPP and texting appointment data may be unacceptable to some people.
  • Give patients the option for a preferred method of contact, or at the least, the ability to opt out of specific outreach methods.

What to Include in (and Exclude from) a HIPAA-Compliant Appointment Reminder

When sending appointment reminders via SMS text messages it is best to avoid being too specific. Keep in mind that practice names can infer types of treatment or conditions. For example, “Oncology Clinic” clearly indicates that the patient has cancer.

Generic reminders include:

  • Appointment date and time
  • Provider first and last name
  • Location of the appointment

By using these tips, you can get the most out of your patient portal and have peace of mind that you are not compromising your patient’s right to privacy or causing any data breaches.

Business Development Manager at Bridge Patient Portal. Passionate about helping healthcare businesses grow.

How Patient Engagement Platforms Optimize Patient Centered Care

By engaging patients and encouraging participation in their healthcare, organizations can ensure a greater number of health goals are met. Of course, patient engagement can be a challenge, but a successful plan starts with a realistic goal. Do you know what percent of patients your organization should initially attempt to engage through a patient engagement platform?

The concept of patient engagement evokes all kinds of emotions. It’s exciting for healthcare professionals to imagine that by engaging patients and encouraging participation in their care, a greater number of patients will meet their health goals, resulting in improved treatment outcomes  The challenge, of course, is how to accomplish this.

For  providers who participated  in the CMS Meaningful Use incentive program, and now MACRA, the mention of patient engagement may make people cringe . For reimbursement purposes, patient engagement  is more than just working with patients to achieve health goals; there’s the added pressure to convince patients to engage in “the right ways,” meaning performing specific actions that allow providers to achieve the objectives of CMS’ incentive programs.

The patient engagement objectives of  MACRA require providers to enable patients to securely view, download and transmit their health information online and to use secure electronic messaging to communicate with patients about relevant health information. In order to qualify for  incentive payments, however, more than five percent of a provider’s patients must take advantage of each of these functions, which is difficult for providers to control and may not even produce positive results.

Is it realistic, then, to think that the average provider can accomplish this?It is, according to a statistics from the Office of National Coordinator for Health Information Technology, ONC.

Despite many healthcare organizations experiencing difficulties getting patients to engage with them via an online patient engagement portal, the report cites real cases of hospitals meeting the 5 percent requirement and even exceeding it. Some hospitals have gotten as many as 20 percent of patients using their portal, proving that patient engagement is possible, though not necessarily easy.

How easy it is for an  organization to meet  the requirements largely depends on two things:

1. The size of the organization.

Larger hospitals and medical groups are more likely to get above 5 percent patient engagement than smaller organizations. This is possibly due to the resources they have at their disposal. Larger hospitals, for example, are more likely to have funds to acquire the necessary technology and properly integrate it to their electronic health record (EHR).

The size of a larger organization’s marketing department, however, may be its biggest advantage. This is due to the fact that a patient portal needs the right support to ensure success, both to encourage patients to sign up as well as to continuously to login and engage.

2. The patient portal software that’s being used.


There are many factors that can make one software solution better than another when it comes to patient engagement. Having an EHR interface, for example, is essential for providing patients with access to their health information and meeting MACRA requirements.  More importantly, the software must have features that patients want to use.  According to a recent survey by the New England Journal of Medicine Catalyst Insight Council, the patient portal features that are most important to patient engagement are secure messaging and online appointment scheduling  

Patient engagement platforms that work include those with the right mix of interactive features. For instance, offering a mobile application is a great way to increase usage, especially if it integrates with other apps that patients already use to track health indicators, such as exercise and weight.

Setting a Goal for Patient Engagement

Although there isn’t a magic number that hospitals and healthcare practices can expect to meet when it comes to patient engagement, what organizations can do is set a starting target.

A good initial  target for smaller organizations is 5 percent, while those with better marketing resources can aim for 10 percent. One of the easiest ways to meet this initial goal is to primarily target patients with a certain condition, such as diabetes. This will allow you to target your marketing efforts better without exhausting your resources. Knowing that these conditions require careful treatment and ongoing care, the benefit for patients is also high.

To get started, make it a goal to contact all active patients with the selected condition, enroll them in the portal, and then expand from there.

If your organization lacks the resources for marketing, you have options. Some patient portal vendors, including Bridge Patient Portal, have started providing more patient engagement-oriented services by offering marketing and patient support knowledge along with the software. This hands-on approach ensures that both vendor goals and client objectives are met.

Business Development Manager at Bridge Patient Portal. Passionate about helping healthcare businesses grow.

Three Things About HIPAA That You Probably Didn’t Know

HIPAA logo

More and more health organizations are implementing publicly-exposed web technologies containing Protected Health Information (PHI) which are subject to the laws of HIPAA. Common examples of such systems include Electronic Health Record (EHR), web portal, Patient Portal and mHealth solutions. When those systems become integrated, PHI must travel from one platform to the other – exposing the systems to considerable risks not just in transmission but the very nature that the systems are publicly-exposed. In these situations, ensuring that HIPAA regulations are met has become crucial.

Here are three things about HIPAA that you probably didn’t know:

1. There is no such thing as HIPAA certified hosting

While HIPAA compliant hosting is just a part of achieving HIPAA compliance, it is one of the more challenging aspects of HIPAA compliance. Software-as-a-Service (SaaS) applications and cloud hosting solutions are becoming the norm in healthcare. Both have lower upfront costs for healthcare organizations and require less maintenance. While many hosting providers and software vendors claim to provide HIPAA-certified solutions, the truth is that there is no such thing as a HIPAA certification – not for hosting companies, providers, or any other type of organization.

The Health Insurance Portability and Accountability Act is a set of rules and best practices. HIPAA makes little reference to technical specifications required for hardware, software or security, and it definitely doesn’t have a certifying government body.

It is possible, however, to be HIPAA compliant or seek certifications that encompass the laws of HIPAA or other laws with a similar scope of HIPAA. Examples of these include HITRUST and EHNAC or SOC 2 certifications. James Deck, CEO of Med Tech Solutions, a provider of HIPAA compliant cloud hosting services, explains that “EHNAC accreditation gives our customers the assurance that we are HIPAA compliant”. While these certifications or HIPAA audit services are a great practice for companies that specialize in hosting, they aren’t required for health organizations. James further explains that “Moving to the cloud doesn’t reduce your risk and the cloud alone isn’t necessarily HIPAA compliant. Hosting companies must provide a suite of services on top of their cloud hosting to achieve HIPAA compliance.” Companies can adhere to HIPAA regulations, put safeguards in place to ensure that policies are being met, and have the proper documentation to ensure compliance (e.g. a signed Business Associate Agreement)

2. Contact Us and Intake forms are permitted on websites

Website forms offer an easy and convenient way for patients to communicate with office staff – whether it is to schedule an appointment, complete an intake form, or to ask a general question. They are also one of the most vulnerable sections of any healthcare website because patient information is collected and inevitably transmitted online.

Despite the risks associated with contact and intake forms, they are allowed on medical websites as long as the necessary steps are taken to safeguard PHI (e.g. name, phone number and medical information), which is protected by HIPAA. What you need to do is make sure that your website properly deploys an SSL certificate. This encrypts information sent from the user’s browser to your web server. In addition to ensuring that the form is encrypted, you will want to make sure that the forms are transmitted, accessed and viewed by office staff in a secure way, like a HIPAA-compliant, encrypted email service. It is also recommended to provide a disclaimer and clear instructions for how the form should be used, essentially releasing the the healthcare organization from liability for the transmission of PHI through the form.

If you’re unsure about the security of your online forms, the best advice is to consult a HIPAA expert. They can check your website for compliance and provide best practices for medical website security. In the meantime, you may choose to add a disclaimer to your website asking patients not to enter health information in any form. Instead, they can call your office with specific medical questions, or you can direct them to your patient portal.

3. Emailing patients is okay, even if the email on their end is unencrypted

The first thing that you need to know about HIPAA and email communication with patients is that HIPAA provides very little specific guidelines about what is acceptable and what isn’t when it comes to electronic messaging. One important thing that we do know is that “the Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply reasonable safeguards when doing so.”

Many providers think that using encrypted email is enough of a precaution; however, that is incorrect. Even though your hospital or practice encrypts its end of the email transport, there is no way to ensure that the communication is secure once it leaves your organization’s server. Still, this doesn’t mean that emailing patients is off the table.

Communicating with patients via email is perfectly acceptable as long as the patient requests to be contacted by email and is advised of the risks, ideally signing (or clicking) an opt-in agreement. Just make sure that you document the patient’s approval for your protection and are using a secure email system on your end.

Recommended reading: 

The Facts about HIPAA and Email/SMS Communication with Patients

Is Skype HIPAA Compliant?

For more information about HIPAA compliance best practices and how a patient portal helps make HIPAA secure messaging easy, contact a Bridge Patient Portal sales representative.


Business Development Manager at Bridge Patient Portal. Passionate about helping healthcare businesses grow.