2,061 Days in the Making




It has been 365 days since my last post on xchangehealth and so much has happened. I have been so focused on things at MINES that I haven’t been very active on Twitter or my blog so it’s probably about time for an update and a little taste of things to come at MINES.

As of July 3rd, 2017, MINES is now using a fully-CRM-based Electronic Health Record (EHR) system for patient management. I can’t even begin to explain how big of a deal this is for us, but to suffice it to say that there aren’t many others out there. Why is this so uncommon? Because rather than using the billing method to determine how to organize our records, we use the relationships that people actually have in their lives as our core operating assumption.

If that doesn’t make sense to you, let me put it another way: this was the result of over 5.6 years of planning, designing, and testing (several cycles, in fact) to create a system that would allow for this schema to be viable for a long-term records solution while minimally impacting daily operations and creating the opportunity for further development down the road.

“So what does that “down the road” really look like,” you might ask. I’d be happy to provide some examples!

Create your own (EH)Record!

Beginning in 2018, our clients will be able to submit all of the necessary information to get a referral for sessions and manage their own authorizations and provider interactions.

New provider value scores!

Our patient satisfaction data will be tied directly to patient and provider records, allowing real-time data regarding patient satisfaction for future referrals.

More in-depth reporting for HR!

Beginning in 2018, a new utilization report will be released for HR that provides greater insight into problems at the worksite and what interventions might help improve the operations of the company.

Better workflow for patient management!

Using the functionality that business development has been using for years means being able to apply the workflow of communication and client management to patient coordination.

Deeper insights into how patients actually work with their peers!

As early as 2019 we’ll see the implementation of a social media connection opportunity for those looking to leverage their social networks to improve their therapeutic performance. We’ll also be leveraging the growing relationship data to provide a basis for Social Network Analysis, giving us the opportunity to engage in a population health model at worksites.

A REAL app for an EAP!

Many EAPs have released limited versions of their website and/or online content, which is a start, but the app we will be releasing will allow clients to manage their account, see their appointments, share notes with their provider, and potentially launch an ad hoc telemedicine session.

The end of the traditional therapy model!

MINES will also be launching a new program model for purchase by employers to move away from the traditional “1-some number of sessions” model, allowing employees to call, video, text as they please. This allows for the EAP to work even more proactively with clients and to tailor clinical response to the particular need.

The team at MINES has been exceptionally open and excited about this critical difference in our record structure, and while we opened with a few glitches (as to be expected with any software roll-out) we’ve experienced no disruption in our regular processes.

Today marks the beginning of a new, more data-driven patient management era for the team at MINES and a new opportunity to “save lives and influence the course of human events.”


The Ashley Madison hack and healthcare


I was really hesitant to write anything about this topic at all, but a recent article in Gizmodo convinced me that there is something really critical here to be discussed. Yes, I am talking about the Ashley Madison data hack and its implications for the healthcare industry.

What do we know so far? Well, we know that there were approximately 35 million records dumped onto the “dark web” and that within that data was quite a bit of information. In fact, I’ve recently seen a sampling of that data including addresses and names and it’s frankly startling to see someone you know show up on the list. I don’t recommend it.

What I don’t know is anything other than the limited data that I’ve seen and what is presented by what I hope are reputable sources. What I present here is not presently vetted as it would be quite an undertaking to do so on my own. I’m hoping by publishing through this medium (heh — get it!) that we might be able to get some clarification on this topic and to help me with my own thoughts about how this impacts the healthcare industry.

First, let’s talk about privacy versus security

There is a certain amount of privacy that one should expect when engaging with a site that purports to maintain a secret for you, or to help you evade telling the truth. Privacy is “the state or condition of being free from being observed or disturbed by other people.” In contrast, security is “ the state of being free from danger or threat.” There is a nuance to the interplay between these two, but they are absolutely distinct.

In the healthcare industry, we’re well aware of the difference between these two things — or at least we should be. But all too often we confuse the strictures of HIPAA as being about privacy. That’s not inherently true. HIPAA is the Health Insurance Portability and Accountability Act. It’s about security, not necessarily privacy. In fact, HIPAA even covers how healthcare entities should handle informing their patients on how things are handled with regards to privacy because HIPAA doesn’t specifically provide for them. The “P” throws everyone off.

In fact, your Private Health Information (PHI) likely moves around the system in all kinds of ways that you may not realize. When you are seen for a service, your information probably goes to a payer on a claim form. That claim form may be accompanied by clinical documentation that may go to a Managed Care company. Your data ends up going through all kinds of people that you don’t explicitly give your permission to. All KINDS of people.

But just because your information is being moved from company to company, person to person, doesn’t mean your information isn’t secure. Most of the time, the system works just fine. Other times, you run into a problem like Anthem had where a breach in their IT structures resulted in a massive data leak. In such cases, there are actual federal guidelines as to how that breach is handled that are clearly defined. And those breaches are very expensive to the healthcare company.

The reason for that is that PHI can sometimes be more difficult to protect oneself in a breach than, say, your financial information. Because there is no national ID for the healthcare system, often a Social Security Number is used for transactions between systems. While an insurer might also provide you with an individual ID for their internal systems, for those data to move between entities, you have to use an SSN.

But even SSN can be protected against a breach with credit monitoring when it comes to your financial information. What is a little different about PHI is that it can contain deeply personal information about the individual such as diagnoses, current or past treatment, and even likelihood for future diagnoses when it comes to genetic information. Your genome can’t be changed like your SSN or bank account information. That’s all yours.

Let’s bring it back to Ashley Madison

What did Ashley Madison actually promise, then?

Ashley Madison is the most famous name in infidelity and married dating. As seen on Hannity, Howard Stern, TIME, BusinessWeek, Sports Illustrated, Maxim, USA Today. Ashley Madison is the most recognized and reputable married dating company. Our Married Dating Services for Married individuals Work. Ashley Madison is the most successful website for finding an affair and cheating partners. Have an Affair today on Ashley Madison. Thousands of cheating wivesand cheating husbands signup everyday looking for an affair. We are the most famous website for discreet encounters between married individuals. Married Dating has never been easier. With Our affair guarantee package we guarantee you will find the perfect affair partner. Sign up for Free today.

We can discuss the morality behind the purpose of the site all day long, but the site exists and people signed up for it. So let’s just move on past that topic and dig into how this is relevant to our purpose here.

After looking at the data from Annalee Newitz’s article, there’s clearly something else going on here. There are not a ton of married people who are successful in cheating on their spouses. There are a ton of married men who are flirting with the idea of cheating on their spouses.

The societal impact of the hack

Well, we know that Josh Duggar admitted to cheating on his wife andentering rehab after the hack was announced and that he was on the list. I haven’t seen that he successfully met anyone on the site, but looking at the numbers in the Gizmodo article, I’m going to guess not. And there arereports that there may be suicides that have been linked to the hack. And there has even been reporting on the pervasiveness of the use of the site by federal employees.

So, we’re seeing some significant potential impact of the site across many walks of life and affecting many groups throughout the world, in fact. But again, going back to the numbers, this probably isn’t nearly the situation that we think it is.

Let’s focus on the men that were probably brought to this site, since the Gizmodo article all but dismisses the women that were on the site — especially after highlighting that a number of those women could have been checking for cheating spouses, rather than looking to cheat.

There is the issue of Ashley Madison’s promise to its users. That it would allow for discretion in cheating. That’s a privacy promise in my opinion, and not necessarily a security one. Would one assume that their information was being secured as well? Maybe, but I don’t think that’s inherent to their brand promise. Again, I haven’t dug into the language of their policy yet — this is a working document — but there was going to be no protection when you moved from the online world to the offline world anyhow, so how one could have reasonably expected security is beyond me.

You’ll have to draw your own line as to what is considered cheating and what is not, but most of these individuals that were active on the site were more than likely talking to robots. Those that weren’t may have been casually flirting. And of those left, well, I’ll just say the proportions would show that likely if anyone was successful in cheating, they were probably 4th or 5th in line in their area.

For the first two categories, you were made a promise by Ashley Madison and you were either duped or you got exactly what you needed. If you expected you would actually find an affair, the first category; if you were looking for an outlet that let you flirt, you probably got a robot and received exactly what you needed from the site.

What this means for healthcare

Does or would the Ashley Madison hack have an effect on healthcare more broadly? I don’t know. There’s certainly a couple of considerations here.

Does this inherently decrease the public’s trust of the internet and data security generally? I hope not. You should absolutely be concerned about security, but let’s be honest — Ashley Madison is not the healthcare industry, it’s a site for people wanting to cheat. There’s an inherent, goal-oriented difference between the two, we’ll call them, “industries.”

Does the new data lessen the impact that the hack actually has on the greater societal opinion surrounding the fear of data integrity? Probably, but it really shouldn’t. This still highlights a critical misunderstanding that we have about our data and how it gets used. That’s no less true in the healthcare industry as I’ve pointed out above.

Will it change the way that healthcare handles data? I cannot imagine it would. Your data is being protected pretty well already, but this type of hack is the result of something far different than why someone would go after healthcare — that’s largely financial.

Is the Ashley Madison hack still relevant? You bet your sweet you know what it is! We’re entering a new phase in the healthcare industry’s development where you as a consumer are going to be able to make more decisions about the way in which you interface with that system. That means you have more control over who is getting your data initially, and within the new Health Information Exchange models set up in each state, maybe even after your initial input of data. Some systems are prepared to share data down to very granular levels. That means you will have to make some decisions about how you want your information to be shared.

Does this mean you shouldn’t share your data? I wouldn’t go that far. Your data, if properly secured, doesn’t need to be private from legitimate sources in the healthcare industry. That data can be very important for medical advancement for one. But there is also a possibility that your information can help providers make better decisions to help you in making decisions about your own healthcare.

#HIMSS15 Mix Tape



HIMSS15 Mix TapeBlog by Colin Hung

Every year I look forward to the HIMSS conference – the annual gathering of the HealthIT industry in North America. The year’s event is being held in Chicago from April 13-16 and it should attract a record number of attendees.

I’ve had the good fortune of being able to attend HIMSS for the past 7 years. #HIMSS15 will be my 8th one in a row and this year I will be one of the Social Media Ambassadors at the conference. I am humbled and honored to be part of the team that will be helping to live-tweet the event for those that cannot be there in person.

In preparation for #HIMSS15 I thought I do something fun. So here is the first HIMSS Mix Tape (#HIMSS15Mix) – a collection of songs that represent the tone, emotion and general feeling of this year’s conference. These songs were carefully…

View original post 933 more words

#HITsm Chat Summary from 8/29


In case you missed the #HITsm chat last week and wanted to get a summary of the discussion, check out the storify summary below!

#HITsm T1: Knowing that #health is dependent on daily life, how do we design #HealthIT in consideration of the larger, social world?

#HITsm T2: How do we achieve #patientengagement over time considering that a one-off solution can’t fix #health?

#HITsm T3: What game mechanics in #HealthIT are currently being used appropriately? Which are not?

#HITsm T4: What should be made usable by #enterprise #healthIT to ensure the #Human element does not get lost?

#HITsm T5: What design considerations have you seen that work well in #HealthIT / #mHealth?

[View the story “August 29 #HITsm Chat” on Storify]

To our health,
Ryan Lucas

What you need to know about ‘The Social Age’


What a GREAT post about the importance of being aware of the shift in our business ecosystem.

Julian Stodd's Learning Blog

Everyone understands that things have changed, but not always how much and how far we still have to go. The Social Age is defined by change: changes in how we work, how we learn, how we lead, how we connect and communicate. Our entire ecosystem has evolved and yet many organisations are clinging to the remnants of eroded business models and HR practices. Those that are unable to adapt, unable to recognise and respond to the evolution will fail.

The Social Age: new work The Social Age redefines how organisations need to operate. This tangle captures some of the core changes

The nature of work has changed: no longer defined by four walls and 9-5, we’ve seen technology revolutionise how we connect and how we are productive. Cloud services and VPNs are simply the latest iteration in a long chain of innovation that has led to laptops, tablets and smartphones, alongside remote working and…

View original post 1,305 more words