Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

USAA Tapping EHR To Gather Data From Life Insurance Applicants

Posted on August 10, 2017 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

I can’t believe I missed this. Apparently, financial giant USAA announced earlier this year that it’s collecting health data from life insurance applicants by interfacing with patient portals. While it may not be the first life insurer to do so, I haven’t been able to find any others, which makes this pretty interesting.

Usually, when someone applies for life insurance, they have to produce medical records which support their application. (We wouldn’t want someone to buy a policy and pop off the next day, would we?) In the past, applicants have had to push their providers to send medical records to the insurer. As anyone who’s tried to get health records for themselves knows, getting this done can be challenging and is likely to slow down policy approvals.

Thanks to USAA’s new technology implementation, however, the process is much simpler. The new offering, which is available to applicants at the Department of Veterans Affairs and Department of Defense, allows consumers to deliver their health data directly to the insurer via their patient portal.

To make this possible, USAA worked with Cerner on EHR retrieval technology. The technology, known as HealtheHistory, supports health data collection,  encrypts data transmission and limits access to EHR data to approved persons. No word yet as to whether Cerner has struck similar deals elsewhere but it wouldn’t surprise me.

USAA’s new EHR-based approach has paid off nicely. The life insurer has seen an average 30-day reduction in the time it takes to acquire health records for applicants, and though it doesn’t say what the average was back in the days of paper records, I assume that this is a big improvement.

And now on to the less attractive aspects of this deal. I don’t know about you, but I see a couple of red flags here.

First, while life insurers may know how to capture health data, I doubt they’re cognizant of HIPAA nuances. Even if they hire a truckload of HIPAA experts, they don’t have much context for maintaining HIPAA compliance. What’s more, they rarely if ever have to look a patient in the face, which serves as something of a natural deterrent to provider data carelessness.

Also, given the industry’s track record, is it really a good idea to give a life insurer that much data? For example, consider the case of a healthy 36-year-old woman with no current medical issues who was denied coverage because she had the BRCA 1 gene. That gene, as some readers may know, is associated with an increased risk of breast and ovarian cancer.

The life insurer apparently found out about the woman’s makeup as part of the application process, which included queries about genetic information. Apparently, the woman had had such testing, and as a result had to disclose it or risk being accused of fraud.

While the insurer in question may have the right, legally, to make such decisions, their doing so falls into a gray area ethically. What’s more, things would get foggier if, say, it decided to share such information with a sister health insurance division. Doing so may not be legal but I can easily see it happening.

Should someone’s genes be used to exclude them life or health insurance? Bar them from being approved for a mortgage from another sister company? Can insurers be trusted to meet HIPAA standards for use of PHI? It’ll be important to address such questions before we throw our weight behind open health data sharing with companies like USAA.

Patient Access to Health Information is a Right

Posted on April 14, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I was browsing some old notes I’d taken to interesting resources and ideas. I came across some videos that ONC had created around the rights of patients when it comes to accessing health information.

Here’s a look at the first video:

The video is 3 minutes long and the information could have been shared in 30 seconds, but some of the points it shares are really good. For example, that it’s your right to be able to access your health information. Also, they make the point that you still have the right to get access to your health information even if you haven’t paid your bill.

It’s always amazing to me how many misconceptions there are out there when it comes to access to health information. We see HIPAA and other rules used as a reason to not provide patients their health information a lot and it’s often wrong.

The great thing is that over the 11 years I’ve been blogging, we’ve seen a real sea change in people’s perspectives on how and when you should have access to your patient record. That said, we still have a ways to go. Technology should make that record available to you whenever and wherever you want in near real time fashion. We see that in some organizations, but not enough.

These videos will never go viral, but they are a good information source for those patients who aren’t sure about their rights when it comes to access to their health information.

Patients’ Rights Videos

Posted on June 9, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

ONC and OCR recently released a number of videos that outline patients’ rights. Here’s one called “Individual’s Rights under HIPAA to Access their Health Information”:

What do you think of these videos? Will they effectively educate patients?

Makes me wonder what ZDoggMD would do with the content.

You might be an #HITNerd If…

Posted on March 23, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

You might be an #HITNerd If…

HIPPA and HIMMS make your skin crawl.

Find all our #HITNerd references on: EMR and EHR & EMR and HIPAA and check out the new #HITNerd t-shirts, hat, and phone cases.

NEW: Check out the #HITNerd store to purchase an #HITNerd t-shirt of cell phone case.

Note: Much like Jeff Foxworthy is a redneck. I’m well aware that I’m an #HITNerd.

Secure Text and Email, Smartphone Physicals, and EMR Documentation – Around Healthcare Scene

Posted on April 14, 2013 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

There are so many types of mHealth apps and devices out there, it was inevitable that someone would try to have them work together. At TEDMED 2013, Shiv Gaglani and a team of physicians-to-be will be presenting the “smartphone physical.” Are these types of visits closer to becoming a reality than we may have realized?

One of the amazing technologies that have been developed is a smartphone that measures vitals — maybe this will be used in smartphone physicals someday! The Fujitsu Smartphone analyzes subtle changes in blood flow and determines vital signs, all by the user taking their photo with the phone’s camera. It goes to show that you don’t necessarily need fancy equipment to have incredible mHealth technology.

While some are concerned about the safety of email and texting for healthcare communication, it’s becoming a way of the future. Companies such as Physia and docBEAT are working specifically to make email and texts more secure. So which one is better? Both have their pros and cons – texting is quick and to the point, while email can take more time. Which would you rather receive?

Most doctors will agree, the current documentation options that EMRs offer are frustrating. There’s just too much clicking. However, the tide is shifting and it is very possible full keyboards will be needed. And the need for point of care EMR documentation will be more necessary than ever before.

With the current budget proposal by President Obama, EMR vendors might be impacted significantly. The ONC is suggesting that health IT vendors pay up to $1 million in fees. With the upcoming expiration of the ONC’s $2 billion appropriation from ARRA, the agency is needing some new funds. It also would help maintain ONC’s Certified Health IT Product List. Of course, vendors will not be happy to hear this news.

Sending PHI Over SMS

Posted on February 26, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I recently was talking with a doctor who told me about a healthcare communications company called YouCall MD. The doctor liked many of the features that YouCall MD provided. He loved that they would answer your Live Calls, transcribe a message to you and send you that message by SMS. Well, he loved all of it except the part that YouCallMD was using insecure SMS messages to send protected health information (PHI).

I wrote about this before in my post called “Texting is Not HIPAA Secure.” I know that many doctors sit on all sides of this. I heard one doctor tell me, “They’re not going to throw us all in jail.” Other doctors won’t use SMS at all because of the HIPAA violations.

While a doctor probably won’t get thrown in jail for sending PHI over SMS, they could get large fines. I think this is an even greater risk when sending PHI over SMS becomes institutionalized through a service like YouCallMD. This isn’t a risk I’d want to take if I were a doctor.

Plus, the thing that baffles me is that there are a lot of secure text message services out there. Using these services would accomplish the same thing for the doctor and YouCall MD and they wouldn’t put a doctor or institution at risk for violating HIPAA. Soon the day will come when doctors can send SMS like messages on their phones in a secure way and they won’t have to worry about it. I just think it’s a big mistake for them to be using their phone’s default SMS.

BYOD, Skype, and Apps for Medical Emergencies: Around Healthcare Scene

Posted on December 9, 2012 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

EMR and HIPAA

BYOD and HIPAA Compliance: Can You Have Both

With the increased use of smart phone and tablets by doctors, BYOD (bring your own device) is on the rise. With it comes the risk of almost inevitable risk of HIPAA violations. There needs to be some serious talk of protocols for BYOD, as the trend is here to stay. Can BYOD and HIPAA Compliance coexist? Weigh-in here.

Skype HIPAA Risks Not Given Enough Attention

Skype use among medical professionals isn’t high, but enough do that proper attention should be paid toward making sure these phone calls are HIPAA-compliant. There are quite a few risks associated with Skype-calling, and this post discusses why providers should be concerned, and poses some ideas on how to lessen these risks.

Key Radiology Takeaways from RSNA

CIO Janakan Rajgendran from GNAX Health guest posted at EMR and HIPAA this week. He discussed some of the highlights from RSNA 2012. The theme of the conference was ‘Patients First,’ which was reflected in a lot of the addresses from the conference. This post focuses on several different highlights, such as dosage tracking, image parts of HIE, and RSNA conversation changes.

Hospital EMR and EHR

Expanding HIEs Taking Role As Backbone For Reform Efforts 

HIEs have grown significantly in the past year and continue to do so. Because of this, it appears that they are becoming the “backbone” for reform efforts. HIEs are also playing a big role in health reform-related efforts such as with ACO and Patient-Centered Medical Homes.

Smart Phone Healthcare

Five Essential Apps for Medical Emergencies

There are lots of apps that have been created to help people be prepared in case of an emergency. Here are five that seem to stand out, from first aid tips to emergency information cards. Check out this list and see if you can benefit from any of them.

Highlights From Dr. David J. Brailer at 2012 NYeC Digital Health Conference

Posted on October 15, 2012 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

While not everyone can make it to the NYeC 2012 Digital Health Conference, John is making sure everyone can enjoy parts of the conference from home. Dr. David J. Brailer, former National Coordinator for Health Information Technology and current Chairman of Health Evolution Partners, is a keynote speaker at this week’s conference, and spoke today on HIT.

Throughout the presentation, John live tweeted some highlights, as well as his own thoughts. Here are some of his tweets — if you want to see more, be sure to follow @EHRandHIT on Twitter.

If you present at the conference, what were some favorite insights from Dr. Brailer?

Texas Law Amps Up HIPAA Penalties

Posted on September 10, 2012 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

Providers in every state must meet HIPAA standards, but alas, that may not be all in some states, which are permitted to institute stiffer requirements than the feds.  Such is the case in Texas, where a new state privacy law has gone into effect which asks a lot more of physicians and some other providers.

Texas has toughened up requirements in several areas, including the following:

* Covered entities:  HIPAA offers a fairly specific definition of covered entities, but the Texas law takes things much further, extending the rule to cover a wide range of people who handle PHI. This may include business associates, healthcare payers, government units, schools, facilities, providers, researchers and physicians, reports John Wisniewski, CEO of the Bexar County Medical Society.

* EMR data requests:  Requests for electronic medical records by Texans must be fulfilled within 15 days of a written query. This new rule, which brings EMR requests  up to the existing level for paper records, is tougher than HIPAA’s 30 day requirement.

* Stricter training:  The new law imposes tougher training requirements regarding privacy issues — including customized training regarding maintenance and protection of electronic PHI — and penalties for violations are ramped up under the new law. Covered entities must set deadlines for the completion of such training, and maintain records of completing such training, which is required every two years.

* Any PHI breach must be reported:  Any entity which experiences a breach in PHI must report it to individuals, including any business handling such information, not just covered entities as defined by the new statute.

I understand that providers must find it frustrating to have addition requirements slapped on them.  However, none of these strike me as insane, though the broadening of covered entities to include such a large group could lead to trouble, perhaps. What do you think?

New App Allows For HIPAA-Compliant Group Texting by Clinicians

Posted on June 11, 2012 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

John wrote previously on EMR and HIPAA about the need for HIPAA Secure Texting and a company he’s advising that does secure text messaging called docBeat.

Well, another new app called Medigram is being tested which will allow clinicians to send HIPAA-compliant text messages within a defined group. The app is currently in closed beta with docs at Stanford Hospital, Lucille Packard Children’s Hospital and the Palo Alto VA Hospital, according to iMedicalApps.com.

According to the company, Medigram meets not only HIPAA requirements but also privacy/security provisions in Subtitle D of HITECH.  It does so, in part, by using SSL connections between mobile apps and its servers, as well as NIST-approved 256-bit AES encryption to secure chat data.

Secure texting certainly seems like a good idea, given how mobile-friendly this generation of clinicians has turned out to be.  And it’s hard to argue Medigram’s core pitch, which is that texting is far more interactive than a pager. Given that a surprisingly large number of doctors still use pagers, improving on the model seems like a good thing.

My theory is that the app, if otherwise usable and bug-free, will be a big hit during its beta. If so, I expect to see HIPAA-compliant instant messaging turn up next. Smaller, presumably agile companies specializing in B2B messaging — such as HipChat, Trumpia and 24im — are logical candidates to develop such a utility. (This article outlines several other enterprise IM firms, just in case you want to dig deeper.)

Of course, there’s also Google and Microsoft, both of which have large IM bases. Perhaps creating a secure version of an existing product (such as Messenger) will be less of a marketing challenge than say, HealthVault.

Regardless, I’ll be quite interested to find out how the beta turns out — I’ll keep you posted. Meanwhile, here’s a video in which Medigram describes its product.