Tag Archives: health IT

Consolidate Your Software For Patient Engagement To Avoid Security & Compliance Risks

Healthcare organizations strive to provide the best patient engagement experience possible. In order to do this, many organizations result in implementing piecemealed solutions to provide all the features patients demand today.

In-demand features include:

This patient engagement strategy may end up costing healthcare organizations and patients in the long run, as siloed patient engagement programs increase security and HIPAA compliance risks. Implementing a singular, consolidated patient engagement solution that includes in-demand features can mitigate security and compliance risks in multiple ways.

1. Respect Patient Communication Preferences

There are multiple ways a healthcare organization can communicate with their patient population. Any tools used to communicate with patients must respect a patient’s communication preferences.

Methods of communication can include the following:

  • IVR (Interactive Voice Response-based calls also support user-input responses like “Press 1 to confirm, or 2 to cancel your upcoming appointment.”)
  • SMS
  • Email
  • Push notifications
  • Bidirectional patient text messaging (via a patient portal or mobile app)

To support the quality of care for patients, healthcare organizations should have correct patient engagement data such as contact details in addition to updated communication preferences. Providers can then more effectively reach patients and relay important information about their care, including appointment reminders, lab results, medical bills, and educational materials. Patients are more inclined to update their communication preferences and contact details on only one patient engagement platform, rather than performing the same task across multiple patient engagement systems used by the same healthcare organization.

Updated information within the healthcare organization should be shared with all patient engagement programs, including the organization’s source systems, such as Electronic Health Record (EHR), Revenue Cycle Management (RCM), and Practice Management (PM) systems. When using more than one software for patient engagement, healthcare organizations should ensure these systems can effectively communicate with each other so that any data updated within one system is shared with all other systems. If this integration is not in place, patient engagement data must be manually updated within all systems. Failure to honor a patient’s communication preferences may result in a HIPAA violation.

Recommended: How to Send Automated Medical Appointment Reminders Without Jeopardizing Patients’ Data Security

2. Ensure HIPAA Compliance

To be HIPAA compliant, healthcare organizations must conduct regular risk analyses, covering all software for patient engagement that interacts with electronic protected health information (ePHI). Risk analyses identify potential risks to the confidentiality, integrity, and availability of ePHI. Any risks and vulnerabilities identified must be mitigated to a reasonable and acceptable level to avoid penalties. It’s easy to ensure that one consolidated patient engagement solution is HIPAA compliant (versus a mixture of fragmented tools) and that the patient engagement solution provider will sign a business associate agreement. HIPAA also requires encryption at rest and in transit for all stored and transmitted ePHI between your connected patient engagement programs

software for patient engagement

3. Prevent Security Breaches

When a healthcare organization has multiple patient engagement programs connected to their source system (EHR, PM, RCM, LIS, RIS, etc.), they increase the risk of a security breach. This is due to the higher number of access points that have been opened for these systems. There is an increased risk of data becoming corrupt/damaged within the patient database as more software/systems are permitted to view and edit patient data. Managing one piece of software is more straightforward than ensuring multiple solutions are operating safely and securely. Furthermore, it’s easier to conduct a cybersecurity gap analysis within a centralized software solution.

Improve operational efficiencies, prioritize security and HIPAA compliance, and bolster patient satisfaction by consolidating your patient engagement solutions into a feature-rich, client-branded web application or mobile app. Bridge helps healthcare organizations streamline their business processes and enhance patient engagement with an all-in-one solution capable of retiring “one-off” tools.

Pablo, our Chief Information Security Officer, architected and manages Bridge’s HIPAA-compliant hosting infrastructure. He is an Amazon Web Services (AWS) Certified Solutions Architect and is about to receive a Masters degree from the University of Buenos Aires in Computer and Information Systems Security and Information Assurance. He has a passion for all things related to cybersecurity and cloud hosting.

Understanding mobile app HIPAA compliance

mobile HIPAA compliance

mobile HIPAA complianceAccording to a 2015 Statista study, approximately 81 percent of doctors use their smartphones for professional purposes.

And the results of another study revealed that 64 percent percent of doctors surveyed use text messaging to send and receive patient data among colleagues, such as patient diagnoses, test results, and medical advice.

There’s no question that mobile devices are incredibly useful to today’s healthcare organizations, especially when it comes to simplifying tasks and making processes more efficient.

However, the uptick in mobile device usage in the healthcare space is not without its risks. With thousands and thousands of devices like smartphones, tablets, and laptops now requiring access to a healthcare network, HIPAA compliance and security have become some of the biggest issues for today’s health IT professionals.

Unfortunately, if organizations do not meet requirements for mobile app HIPAA compliance, hefty HIPAA fines can follow, and, even worse, patient data can be stolen.

Factoring in Mobile to Keep Patient Health Data Safe

The federal government put HIPAA in place in 1996 to ensure we have rights over our private health information, regardless of whether it is in paper or digital format. However, many people’s understanding of HIPAA compliance is limited to the original HIPAA Privacy Rule, which primarily focuses on how healthcare organizations may use and disclose protected health information (PHI).

HIPAA Compliant Messaging main objective is to protect patient privacy. Its regulations require healthcare organizations and healthcare providers to adopt a specific set of standards to protect patients and keep data secure.

Unfortunately, a surprising number of providers today using mobile devices do not insist on appropriate privacy protections to secure patient data. And even if an organization’s mobile devices are believed to be safe, there is significant potential for devices’ users to breach HIPAA rules. Without proper controls, devices can be compromised, and ePHI stored on them accessed by cybercriminals.

So, what can healthcare teams do to protect employees’ mobile devices and the personal patient information stored on them?

HIPAA offers some basic steps that organizations can take to protect healthcare information when using a mobile device. Below, we include several highlights from HIPAA’s information. It is essential to understand that if your organization is currently utilizing a HIPAA compliant service, incorporating these extra layers of security can be extremely advantageous when dealing with healthcare information on any mobile device:

  • Check all devices’ encryption technologies, antivirus protection and firewall to confirm they are functioning the right way and are up-to-date.
  • Protect all mobile devices with a password or authentication requirement.
  • Enable timeout features on your devices so that they log users out after a period of inactivity.
  • Disable file-sharing options.
  • Understand that text messages are not HIPAA-compliant. To make texting safe, you must make it compliant with privacy laws, including activating data encryption and developing a well-thought-out text message usage policy organization-wide.
  • Always investigate mobile apps before you install them. They should be from trusted sources. Check that your mobile patient portal, practice management tool, or customer relationship management (CRM) software’s mobile app is HIPAA-ready. You can find recommendations for mobile customer and patient tools at TechnologyAdvice.com.
  • Use a two-part login process, like both a password and a security question.

Additionally, if a team member’s employment with your healthcare organization terminates, follow the proper steps for erasing medical information before disposing of any mobile device.

It is also recommended to use caution when it comes to employee Internet usage. For example, if your staff members access insecure websites, they run a significant risk of exposing sensitive data transmitted from their device. With this in mind, make it a priority to train employees properly to avoid visiting insecure websites or Wi-Fi networks. You also can implement antivirus protection and a VPN on every employee’s phone to secure Wi-Fi communication.

Finally, it’s important to realize that the web browser itself on an employee’s phone could also be a source of vulnerabilities, and, in some cases, can lead to browser attacks, especially on Android devices. Ensure that your team members have the most current version of whatever web browser they use to avoid issues.

Protecting Patient Data is Your Organization’s Responsibility

Regardless of the kind of technology a healthcare organization uses to help provide care, they are obligated to protect PHI. If a tablet or mobile phone is used to access, transmit, receive or store information, it must have specific security precautions in place to ensure the data cannot be altered or destroyed. Also, controls must be put in place to allow any mobile device to be audited.  

As long as the appropriate security controls are put in place, the increasing use of mobile devices in the healthcare space has significant potential to improve productivity, boost efficiency, and contribute to enhanced patient outcomes.

The key is to ensure that any mobile devices you use in the process do not put patient privacy at risk or give cyber criminals easy access into your network.

Read more about HIPAA:

HIPAA Compliant Web Hosting For Security and Development

Interesting Facts About HIPAA Compliant Patient Portals That You Probably Didn’t Know

HIPAA and Healthcare Applications, Part 3 of 3: What You Need to Know About Data Transfer

HIPAA and Healthcare Applications, Part 1: What You Need to Know About User Authentication

https://www.bridgepatientportal.com/blog/HIPAA-Compliant-Healthcare-Applications-Part-2-of-3-What-You-Need-to-Know-About-Audits-In-Healthcare/

Lisa C. Dunn is a writer for TechnologyAdvice and a freelance writer, copywriter and ghostwriter who develops high-quality content for businesses and non-profit organizations. For over 20 years, she has worked with numerous PR and digital marketing agencies, and her work has been featured in well-known publications including Forbes, VentureBeat, Mashable, Huffington Post, Wired, B2C, USA Today, among others.

Tech Savvy Seniors are Redefining Healthcare IT

Within the last decade, Information Technology (IT) has fundamentally changed the delivery of healthcare in the U.S., driven by patient demand, the growing number of health IT vendors, and programs created by the Center for Medicare and Medicaid Services (CMS). One of the segments of the U.S. population that stands to benefit the most from these advances is senior citizens – a group facing ever-increasing healthcare costs. (more…)

Blake joined Bridge Patient Portal in 2016 after transferring from our parent company Medical Web Experts. Since then, he’s acted as Bridge’s Business Development Manager. Blake is passionate about driving collaboration with clients, partners, and internal teams to achieve performance goals and successful relationships.

Meaningful Use: A Comprehensive Guide – Part IV: MACRA

MACRA and meaningful useGiven the time sensitive nature of the MACRA program, this article is out dated. Please refer to Bridge’s MACRA 101 article for more current explanation of the MACRA program and how it relates to a patient portal.

As we head into the second half of 2016, it is difficult to talk about Meaningful Use without mentioning the Medicare Access and CHIP Reauthorization Act (MACRA), the new healthcare legislation that is shaping up to begin in January 2017. There has been a lot of buzz that Meaningful Use is ending with the approval of this new legislation, but that is not exactly the case. While the words “meaningful use” may start to fade out of our everyday lexicon, don’t be fooled into thinking that Meaningful Use is going away. Under MACRA, it’s basically just been repackaged and tied up with a bow, as a piece of this larger incentive program. (more…)

Blake joined Bridge Patient Portal in 2016 after transferring from our parent company Medical Web Experts. Since then, he’s acted as Bridge’s Business Development Manager. Blake is passionate about driving collaboration with clients, partners, and internal teams to achieve performance goals and successful relationships.

How to Keep Your Doctor-Patient Relationship Healthy with Technology

Although healthcare IT has transformed over the years, patients have held the same expectation: to be in the care of a personable doctor who will communicate effectively and make health decisions that are in the patient’s best interest. However, doctors have constantly struggled to navigate the boundaries of a patient-doctor relationship and the use of new technology, unfortunately, could potentially complicate the issue. Below we discuss the Do’s and Don’t’s of doctor-patient interactions on online platforms. (more…)

Blake joined Bridge Patient Portal in 2016 after transferring from our parent company Medical Web Experts. Since then, he’s acted as Bridge’s Business Development Manager. Blake is passionate about driving collaboration with clients, partners, and internal teams to achieve performance goals and successful relationships.

Why You Should Consider Outsourcing Your Health IT

Health ITMany industries have already discovered the benefits of outsourcing IT systems to a professional IT service, and while healthcare is no stranger to the concept, it is once again gaining prominence. 

A recent Black Book report, which surveyed over 1,030 hospital IT leaders, 240 CFOs and over 1,000 business leaders, found an overwhelming number of recipients in favor of using outsourced health IT solutions, such as point-of-care technology, healthcare IT infrastructure, and HIPAA compliant security. Nearly 73 percent of hospitals with over 300 beds are now looking outside for their technology solutions, and 81 percent of providers with less than 300 beds have prioritized outsourcing complex IT operations in their development plans.

The main reason for the increased demand in outsourcing is due to the growing importance of IT in the delivery of quality patient care. Healthcare organizations are relying on technology more and more, like the need for a secure patient portal, as an essential component of their operations within the rapidly changing healthcare scene.

Advantages of Health IT Outsourcing

The last time that the healthcare industry saw prominent growth in outsourcing was in the late 1990s in order to control costs through broad based IT solutions. Today, positive return-on-investments and immediate access to fully trained IT staff and required technologies are the key drivers.

According to the Black Book survey, 90 percent of outsourcing hospitals reported an immediate return on investment (3 months or less) for health IT outsourcing in Q3 2015 when the survey took place. Many providers are also simply not in a position to hire and train internal IT staff, whereas outsourcing can help to implement new technologies faster by utilizing and putting together resources quickly.

84 percent of respondents reported that their relationship with outsourcing vendors is exceeding their expectations, and almost 86 percent of CFOs and 91 percent of CIOs would be willing to reshape an entire organization in order to implement outsourced IT services in the most effective and efficient manner.

Hospitals have increasingly felt the pressure of managing revenues, and severely tightened margins have further put pressure on bottom lines. Outsourcing can help lower costs considerably, especially as the push for more sophisticated patient records, secure patient portals, data analytics, and population health management continues to grow.

Doug Brown, managing partner of Black Book Market Research commented, “Most hospital leaders see no choice but to evaluate and leverage next-generation information and financial systems as an outsourced service in order to keep their organizations solvent and advancing technologically.”  

While there have been past failures reported on outsourcing, the causes of these failures mostly resulted from selecting the wrong vendor, unrealistic expectations, or insufficient performance monitoring. Consumers have since used their experiences to adapt and improve their IT outsourcing contracts.

Certainly, it’s clear that the business value to be gained from health IT outsourcing, in terms of economics, technological skills and expertise, established processes, and service quality, can ensure a cost effective solution and allow healthcare organizations to focus on their core business.

Blake joined Bridge Patient Portal in 2016 after transferring from our parent company Medical Web Experts. Since then, he’s acted as Bridge’s Business Development Manager. Blake is passionate about driving collaboration with clients, partners, and internal teams to achieve performance goals and successful relationships.

The Benefits of Outsourcing Healthcare Software Development


Nearshore Americas’ whitepaper “
Healthcare Software: The Argentine Advantage” highlights many benefits that Argentina has for outsourcing healthcare software development over its offshore rivals. Here are the key reasons for partnering with a nearshore developer in Argentina: (more…)

Blake joined Bridge Patient Portal in 2016 after transferring from our parent company Medical Web Experts. Since then, he’s acted as Bridge’s Business Development Manager. Blake is passionate about driving collaboration with clients, partners, and internal teams to achieve performance goals and successful relationships.