Blog

Patient Engagement Blog Header - Health Data, Stethoscope, Glasses
What Does Patient Engagement Really Mean? 600 237 Thomas Donhauser

What Does Patient Engagement Really Mean?

We often hear terms such as patient engagement and they become the latest “term du jour”.  But what does that really mean and what is your organization doing to help promote such activity?  Is patient engagement a part of your organization’s strategy to maintain customer loyalty and grow your business?

Patient engagement is much more than just offering a portal or app that your patients can use to schedule appointments or see their latest EOBs.  Patient engagement is more about a philosophy – a way that your organization will interact with your patients or members.  This interaction needs to be bi-directional.  Providing your patients with access to their health information may also be a part of this strategy.  However, patient access to their data is not enough.  What is critical is the need to help patients by engaging them and making sure they understand what their data is “telling” them.

The idea is to provide patients with the necessary information, guiding them and ensuring they are engaged with their own care, and making the right choices. This will lead to better outcomes and ultimately to a lower cost of care.  This level of engagement requires that providers are active participants.  By gaining a holistic view of the patient, then you, the provider, will become an active partner in the patient’s care.  The need to run duplicative tests can be avoided. The ability to remind patients if they miss a prescription refill will help in establishing your organization as a trusted partner in the patient’s care.  Some patients will obviously be more active participants than others, but if you are able to provide them with things like educational resources or support groups – this can also lead to a richer experience for the patient. The result – they will view your organization as their trusted source for their health needs.

Patient engagement requires patient data

In our “information everywhere” world, patients can be easily overwhelmed with data.  In today’s technology invasive environment, with wearables and the many health apps that are designed to help us, how do we make sense of it all?  The need to pull together the many sources of data available to us as providers or as patients is leading to the advent of yet another enabling technology – the personal health record.  The idea of a personal health record is not necessarily new, but we now see various technology companies, foundations, pharmaceutical companies as well as payers contributing to the personal health record, making it easier for the patient to truly be at the center of their care.  These technologies are more user friendly to the patient and the provider.  These applications make it easier to both collect and transmit personal health records, which when fully aggregated, can lead to greater insights for care management. They should also be particularly useful to everyone concerned with chronic disease management.

The bottom-line?

As a member of the health care ecosystem, the question you now need to ask is how will I engage and bring further value to my patient? What technologies can I enable for my patients to make true patient engagement a reality for my patients?

We believe that as this push for greater visibility and data access grows, DataMotion is well positioned to be the conduit for much of this communication flow.

SMC API Postman Demo Blog Header Image
Postman Demo Videos – Secure Message Center API 600 237 Bud Walder

Postman Demo Videos – Secure Message Center API

The DataMotion Secure Message Center API is used to integrate secure messaging, email and document exchange into self-service portals – like online banking portals, insurance member services portals, brokerage and other wealth management portals – etc. I call it the ‘what’s in your wallet’ experience – since most of the financial and insurance companies we do business with provide these self-service portals (and apps). They are great for getting account information and conducting transactions (like paying bills or buying stocks). They are also good for finding an in-network healthcare specialist or checking if an insurance claim is covered.

Sometimes though, these portals fail the customers they serve. When portals are ‘not good enough’ on the self-service options for exchanging sensitive information – an integrated secure message center (SMC) is a great resource to ask questions, share documentation (or request documentation) – in essence get support from the client/member services team via a webmail-like exchange. Not all portals have a secure message center, and some are functionally limited. By building with our APIs and using our cloud-based secure data exchange services – these portals can add a great communication resource quickly and enable complete compliance with data privacy and governance regulations such as GLBA and HIPAA.

Invariably, when we discuss ‘SMC’ projects with customers – they want to see how the APIs work. So, we turn to one of our developers and they walk through API use with a tool called ‘Postman’ (which must be pretty interesting itself based on the number of Google searches it gets…!). Postman enables an SMC API demonstration that always seems to get the developers in the room ‘on-board’ with the project – so we thought it would be helpful to record a couple simple Postman demos to share that experience with you.

Here’s Chris Ly, one of our software developers demonstrating our ‘send message’ API. (Make sure your player is full screen and in HD mode!)

And here’s Chris again showing how message and document folders can be customed / added / deleted.

If you are a portal developer for a financial services or insurance company – we hope this taste of SMC programmability is helpful in understanding what you can build with our Secure Message Center APIs. Of course there is a lot more functionality – and all of the Secure Message Center APIs are well documented with sample code, SDKs – and there’s a free trial too.

Contact us if we can answer any questions or to discuss your project ideas. We’ll put you through to Chris!

DataMotion Platform 2020 Blog Header Image
What’s New for 2020? DataMotion Pivots to PaaS 1000 395 Bob Janacek

What’s New for 2020? DataMotion Pivots to PaaS

As we kick off the new year, we thought it would be good to reflect not only on what we’ve been doing over the last year, but also where we are planning to go over the coming year. We spent a little time with DataMotion CEO Bob Janacek talking about his vision for DataMotion.  We’d like to share that with you below. Our questions are in bold. The interview has been lightly edited.

As 2019 comes to a close, it seems like a good time to reflect on the progress made this year. Thinking about this, can you describe the major initiatives DataMotion worked on this year, and the impact these have had for customers?

Bob Janacek: Sure. Thanks. We’ve spent many years working with customers in regulated markets like banking, insurance, government and healthcare, addressing their concerns around secure collaboration with their clients and partners. Our secure messaging system is used by many of these organizations to enable easy, secure and compliant communications for employees with their constituents.

That’s our software as a service, which is an end user product. It’s a turnkey solution that customers can implement as is. And what we’ve seen in the last year – really the last couple years – is a shift. These collaborative features that previously were used in a standalone sense, now our customers are asking for them to be integrated. And, they want to do so in the mainstream workflow of how they do business. For instance, many of our customers have a member portal. That’s where they drive their clients’ usage – through their portal and mobile apps. Our customers spend considerable resources on digital transformation and customer experience of their portals and apps. Collaboration was a missing piece. A lot of these portals are read only. For example, they may show a client’s explanation of benefits or bank balance, but they don’t allow them to ask a question or submit supporting documents.  So rather than having a separate email encryption portal where their clients must go to ask questions and exchange sensitive information, our customers want that collaboration to happen seamlessly from within their member portals and apps. This provides a better user experience that’s secure, simple and fast. Security that gets in the way of business processes is typically ignored. But if you can make it melt into the process, so that it’s as easy to use as any other feature, then it can accelerate business and add a lot of value to what companies bring their customers.

So, as you look to the future then for 2020 what changes do you see happening and where and how do you see the company evolving?

Bob Janacek: To meet this need of stitching secure collaboration into our customers’ workflows, we’re investing heavily in our platform as a service. Whereas our traditional products were software as a service or SaaS, the API version of that – the version that could be integrated into customers’ systems – is a platform as a service or PaaS. That’s where we expose APIs and protocols that allow internal systems for customer service, for loan processing, for underwriting – a wide range of systems to participate in the secure exchange of information with their clients. The other end of these connections are often client-facing apps and portals. We’re investing in the APIs and protocols that allow backend systems to participate in the secure exchange of information. We’re also investing in the APIs and methods that allow mobile apps and front-end systems to integrate secure correspondence seamlessly for their members.

Okay, so talk about why it’s so important that the company evolved in this way. This is kind of a pivot or change in direction for DataMotion. What is it that’s driving all of this? You talked a little bit about customers requesting this, but, what’s really behind all of that.

Bob Janacek: A new generation of consumer is interacting with our customers, including millennials and younger ones in generation Z.  These users are tech savvy and expect companies that they do business with to be the same.  They expect mobile apps. They expect smartphone first interfaces. They don’t want to call in and wait 20 minutes listening to music on hold if they can get an answer by typing something digitally in a few seconds. They don’t necessarily want to deal with fax anymore. Or sign paper documents and send them by postal mail or overnight courier. They may not even have postage stamps laying around. They don’t think about those ways of doing business, which a lot of organizations are still built on. So, the younger generations are expecting a capable digital experience for interacting with their suppliers, whether it’s their bank, insurance company, healthcare or a government agency. They know the bar that Apple and Amazon.com created. If you can do everything online, then why go physical. Problem is a lot of the service companies use legacy customer service methods built around fax, phone calls, postal mail and FedEx, which is not the modern world. So, there is a groundswell, really a paradigm shift, in moving from legacy systems to pure digital, or at least supplementing traditional channels with digital ones. The digital experience is smarter, less expensive and faster. It’s secure. It’s auditable. It’s compliant. There’s a lot of benefits to going digital, but companies will need vendors like DataMotion that have the rich toolset to be able to integrate secure digital collaboration into their existing internal and client-facing experiences.

So, part of what is driving this is that they’ve got these existing workflows and they can’t just wholesale throw them out and try something else. It’s more of an evolution for these companies as well?

Bob Janacek: Right, we are very focused on helping our customers and their users, employees and systems work in ways that are most natural to them. It should just work, without rip and replace, and it should be transparent and easy.  If it’s a back-end or legacy system that speaks a certain protocol, we want to be able to speak that protocol. Then that system can remain in place and can participate. If it’s a client-facing portal or mobile app, REST APIs may be the preferred way of integrating secure collaboration. So, by providing a range of methods, APIs and protocols, and enabling all of them to interoperate, we allow a wide range of workflows involving systems, employees and consumers to participate in ways that are most natural to them.

Can you describe in more detail about how this is going to affect the products or services that DataMotion offers, especially as we go into 2020?

Bob Janacek: In 2020, you’re going to see a lot more emphasis on our platform as a service and our developer center that backs that platform as a service. Currently the developer center offers a range of APIs that programmers can access in a self-service manner. They don’t have to contact sales to gain access to it, they can go right to developers.datamotion.com and sign up for access, and immediately start testing out the APIs.

What we’re going to see in 2020 is a broader range of APIs that are made available. I can’t talk about all of them right now. But there’s a lot in store on the platform as a service as it relates to collaboration, security and compliance.

So, you’ll be expanding the different ways, systems and workflows that these organizations will be able to communicate by?

Bob Janacek: It’s really about transparency. It’s about integrating security and compliance into the collaboration process in a transparent way. It’s also about efficiency. If things are embedded tightly in the workflow, then that security and compliance is seamless in the workflow. The efficiency is maximized. Compliance is maximized at the same time. A lot of times you see security get in the way of workflows. It can add extra steps for users, or force processes to use outdated communication tools. Security is also the step that users remove from the process because it can prevent companies from meeting revenue goals – it gets in the way of business processes. By having our platform as a service, and a range of very robust APIs and protocols, the security becomes transparent in the process. It’s really a win, win for compliance and customer experience. Organizations’ online processes are secure. And from a business point of view, those business processes drive revenue recognition, and customer satisfaction goes up dramatically.

That leads right into the next question that I had for you, which is about how these organizations are going to benefit from these changes – this new direction that we have been talking about. Being able to be more secure and compliant – and have that all baked into those processes is a clear benefit?

Bob Janacek: Well one of the things about digital transformation and modernization is that it drives costs out of legacy processes. If you look at having to return a document by mail, it has to go through the handling of the mail room, it may get scanned and then an image may get attached to a CRM system. It may need OCR or optical character recognition that often introduces errors into process – especially if it’s handwriting. You know, an eight may look like a zero. That results in bad data that’s put into the system. Now, someone has to correct that. All the steps of handling legacy workflows are costly and error prone. By modernizing not only are you satisfying the expectation of today’s consumer, but you’re also reducing the cost of the organization’s operations, reducing errors and becoming a more efficient.  Increases in brand loyalty, and customer retention and acquisition rates also occur, resulting in more profitable lines of business.

DataMotion has been a part of the email encryption industry for a long time. What role do you see email encryption playing in this evolution for DataMotion? 

Bob Janacek: Most email encryption solutions are SaaS offerings – it is a mature solution with a lot of vendors including DataMotion. But now – customers in the highly regulated industries –healthcare, financial services, insurance, and some functions of government – they need something better. The vendors that will excel in the email encryption market are those that have built on a robust platform that allows for integrated functionality which is in demand from these industries. Having that functionality baked into workflows and business processes, is really the next step in the transformation of these companies, customer experiences and their journey into digital transformation. SaaS is fine for many organizations that need ad hoc email encryption for legal and HR departments. But for those that are constantly handling sensitive information as a core business process – you need to evolve with the times. Email encryption offered as a PaaS and baked into the workflow is really where we see the major growth opportunities with these industries.

Every industry and company can face disruptions at some point, and it sounds like that’s what this is. Can you talk about other disruptions that DataMotion has been seeing and what you’re doing to meet these kinds of challenges?

Bob Janacek: Well, it’s really about secure collaboration in a broader sense. Email encryption is one channel. But systems also exchange files; people exchange files. There’s also the need for structured data or electronic forms exchange to be easier for organizations. They have security needs, but then they also have workflow needs as well. There’s a lot of opportunity to modernize legacy methods that have been in place for decades. So, we see secure collaboration involving email, messages, files and forms as ripe for a paradigm shift that strategically integrates them into an organization’s workflow, allowing appropriate systems and business processes to participate, all in a very easy, secure, compliant manner. It’s really bringing all those to the next level.

All right. So, in 2020, what’s your number one goal for DataMotion? If you had to pick just one thing – what would you want to see DataMotion accomplish?

Bob Janacek: The one thing that I’d like to see DataMotion accomplish in 2020, and which is already well underway, is the emphasis of platform as a service allowing developers to easily access and touch our APIs – and integrate them into their solutions. There are many types of solutions that would benefit from secure customer collaboration, include help desk ticketing and customer contact systems, ERP systems, accounting systems, healthcare systems and CRMs.  Besides GDPR, there are many privacy regulations being introduced or taking affect such as the California Consumer Privacy Act. These regulations are affecting companies and vendors – any organization that sends and touches sensitive data, they need to have a way to keep that data secure. The security should not get in the way of the business process, though. It needs to be baked in. There are a lot of opportunities for developers of these solutions to leverage our platform as a service, our APIs and protocols. Using these they can bake in that seamless experience and not only comply with ever-increasing privacy regulations, but also to provide the modern digital experience that their customers expect.

Going past 2020, where do you see DataMotion, and the industry in general going, looking out the next two to five years?

Bob Janacek: We have to continually serve the needs of our customers. Our customers are emphasizing security and compliance, ease of use and superior experiences for their clients. They’re also looking at machine learning, artificial intelligence, and natural language processing. So those are areas reaching a level of maturity that we can integrate to benefit our customers. Those things are on our radar to continue our work of increasing efficiency, accelerating business processes, reducing complexity and driving cost out of collaboration.

Sounds like exciting times.

Bob Janacek: It absolutely is.

Two last questions. One is a fun question. What type of music do you have that you’re recommending this year?

Bob Janacek: I’ve been listening to the No Shoes Radio channel on satellite radio lately. There’s a lot of island music on that station. It just transports you to a different place. You know, it’s all about experience. You know that we’re also elevating the experience. But yeah, the islands and palm trees and all that kind of put you in that state of mind that says if you could make something so optimal and get so much enjoyment out of it in the islands, why can’t we bring that enjoyment to your customers use of technology?

Cool. So last question. Is there anything else that you’d like to add that we haven’t covered that you’d like our customers and prospects to know about DataMotion and where we’re going in this coming year.

Bob Janacek: As technology matures, history has shown that it consolidates, and it gets easier and easier to use. And I think that’s where we are in the curve of our offering. Whereas previously, for example, there were vendors for encrypted email, there were file transfer vendors for people and for systems, and for electronic forms.

They are now converging into a secure collaboration platform where you can emphasize any of those – email, files or forms – they all exchange. Now any system, app or process can participate in any of them with one common set of security, compliance, governance and tracking tools. You have a consistent view of all your critical information exchanges. Previously, you had multiple vendors, an uneven security footprint, uneven compliance, complexities of security patch management. We offer a very high bar for security, compliance and tracking, while also providing the agility needed to really get digital transformation and collaboration right. In addition, as your processes modernize and new ones are formed, you want a platform that has enough depth that you don’t outgrow it. So that’s technology, you know, maturing, converging and making collaboration a strategic asset in a CIO’s toolbox – allowing them to enable easy, secure communication and collaboration between their wide range of systems, employees, customers and business partners.

HIPAA Meaning Blog Header Image
The Myths and Meaning of HIPAA 600 237 Andy Nieto

The Myths and Meaning of HIPAA

When I was a child, the threat “just wait ‘til your father gets home” was enough to make me change my attitude. I wasn’t punished much as a child, and time with my father was far happier and positive than not, but that phrase still resonated. For many, the meaning of The Health Insurance Portability and Accountability Act (HIPAA), is in many ways, like that threat.
HIPAA often inspires doom, gloom, and fear. Because of that, it can lead to unintended expectations and behaviors regarding patient information, making effective care coordination a challenge. In reality, HIPAA gives us some guidance about the protection of information and is a very real threat — only if you ignore it. However, it’s not all doom and gloom.

Can vs. Can't

First, let’s look at what you can do with patient medical data under HIPAA. You can:

  • Connect
  • Share
  • Cooperate
  • Consult
  • Question
  • Exchange
  • Communicate
  • Treat

That’s a significant list and it’s all about coordination.

Now let’s compare that to what you can’t do with this same information under HIPAA. You can’t:

  • Ignore
  • Distribute
  • Expose
  • Publish

It’s easy to see how this can be confusing. The security and privacy standards defined by HIPAA combined with the expanded responsibilities under the Omnibus Rule, have created layers of bureaucracy and whole industries have sprung up to “explain” the meaning of it.

Stewardship

So, let’s step back for a minute and look at what HIPAA is really supposed to be about, which to me, is stewardship. Stewardship is the responsible overseeing and protection of something considered worth caring for and preserving. On the official Federal site, it says that the HIPAA Privacy Rule “establishes national standards to protect individuals’ medical records and other personal health information.”

Stewardship implies a personal ownership and responsibility. The word “ethic” implies that very high personal and professional standards should be applied to the responsible management and protection of a patient’s information. It is really about taking care of the health information entrusted to you.

Perhaps the biggest shift in mindset for physicians in the last several years has been the emergence of patient health information as a valuable component of their practice and to treat it accordingly. Let me use an analogy and compare money to information. As a person, you don’t carelessly give away your money or leave it lying around. You don’t share your financial account logins with strangers and you certainly wouldn’t want your financial records being released, exposed or published. As part of our upbringing, from our initial allowance to our first job to your career today, we have been learning about money, its value, and the steps we should take to protect it. Being good stewards of money is a role we recognize and understand. Patient health information should be viewed in the same way.

Medical records are filled with personal data, otherwise known as protected health information (PHI). Once we make the connection that information or data has value and must be treated like money, the standards for HIPAA stop being cumbersome and start being understandable.

Can and Can't Revisited

So, with good stewardship in mind, let’s go back to the “can I” or “can’t I” question and ask yourself the following:

  • Can I connect with another person about a patient? Yes, just make sure that your method of connection is safe and that you have a valid reason for doing so.
  • Can I share a patient’s record with another provider? Absolutely, provided you take steps to ensure the information is protected.
  • Can I cooperate and consult on patients? Of course, but do so in a manner that maintains a patient’s privacy and the protection of the data.

There are a lot of myths around HIPAA, and while the “letter of the law” be confusing at times, “the spirit” and meaning is clear. HIPAA really does not need to be confusing. Be a good steward of the information in your practice of medicine, and you’ll be a long way down the path of complying with HIPAA regulations.

Population Health Management Communication Blog Header Image
HIPAA Compliance in the Age of Population Health Management 600 237 Thomas Donhauser

HIPAA Compliance in the Age of Population Health Management

The goal of Population Health Management (PHM) communication is to improve the health outcomes of a group of patients with similar characteristics. One example of a population in this context are patients suffering from the same chronic condition. The care of patients in this group may be managed similarly, often involving the same treatments, tests, procedures and other forms of care.

The treatment of chronic conditions typically involves multiple parties, from a primary care physician to multiple specialists and of course the patient. This, in turn, requires frequent communications between the parties.

EHR systems were intended to facilitate these communications but have some shortcomings. And maintaining HIPAA compliance is a key challenge. This article looks at how organizations can use Direct Secure Messaging to overcome the technical and regulatory challenges of a Population Health Management communication scenario.

The Challenge of Managing Chronic Conditions

Chronic conditions are complex to manage. They typically involve multiple syndromes, symptoms, tests and treatments. They require multiple specialists to manage effectively, as well as a high degree of patient diligence.

Diabetes is a good example. It cannot be cured, only managed for the remainder of the patient’s life. As with most complex chronic conditions, managing diabetes involves regular visits with specialists to ensure that things don’t get worse. Managing a patient’s glucose level is always the short-term concern, but left unmanaged, diabetes can result in catastrophic outcomes such as the loss of a patient’s feet or eyes, or kidney or heart damage.

In addition to the patient’s primary care physician, medical professionals involved in the management of diabetes could include nurse educators, endocrinologists, ophthalmologists, cardiologists, dietitians, podiatrists, exercise physiologists, dentists and others. The coordination of care between so many providers – and with the patient – is essential.

Technical and Regulatory Challenges in PHM

Part of the promise of EHR systems was that they would facilitate the level of information exchange between healthcare providers that is necessary for coordinating the care of patients. To do that, the HL7 data standard emerged to ensure that the hundreds of EHR products in the market could “talk to” each other. Unfortunately, different EHR vendors interpret the HL7 standard differently, resulting in incompatible data formats. This, in turn, causes missing or inaccurate patient records.

In addition, some EHR vendors employ a proprietary data format that effectively blocks information exchange with EHRs from other vendors. And, some vendors charge providers to enable their systems to interoperate with others.

These constraints make it harder to manage patient care across providers, rendering the ultimate goal of PHM – better patient outcomes – harder to reach. The alternative for information exchange – provider-to-provider email, postal mail or faxes, can result in HIPAA violations (and are slow and unreliable).

Another challenge is that EHRs were designed to facilitate provider-to-provider care. But for PHM, the patient plays a pivotal role in achieving good outcomes. So, too, can family members or other caregivers, such as home health agencies, that might not have access to an EHR.

Electronic communication is by far the easiest, most efficient, most reliable, and most accountable means of communications between providers and patients. But standard email isn’t a viable option under HIPAA because the identity of the recipient – the reader of the email – cannot be validated. And, regular email is no more secure than sending a postcard with sensitive patient information written on it for all to see, which again presents HIPAA compliance issues. Moreover, regular email lacks a documentation and audit trail that all parties involved in the patient’s care can access.

The Value of Direct Secure Messaging

The ideal solution is Direct Secure Messaging (“Direct”) from DataMotion. Direct is a secure email-like communications channel that enables providers to communicate with each other – as well as with patients and other caregivers – in a secure, HIPAA-compliant way. All messages are encrypted and require authentication to send and receive.

Importantly, Direct is an enhancement to EHRs, not a replacement. Providers can access Direct from within most popular EHRs.

On the provider side, Direct helps improve patient outcomes in a PHM environment by facilitating the exchange of patient medical records in a standardized manner. This includes formatted and unformatted data, as well as large files such as radiologic studies and diagnostic images. Direct enables better coordination of care. It also reduces errors and delays over conventional means of information exchange; for instance, delays when records are sent by courier, and mistakes due to the illegibility of handwritten notes.

On the patient side, Direct gets patients engaged in the management of their condition, which boosts outcomes. Patients can, for example, provide timely feedback on how well treatments are working, allowing providers to make adjustments accordingly without a delay for the patient to make an appointment with the provider. Patients can report new symptoms, complications or other issues to the provider immediately, thereby potentially avoiding life-threatening situations. And providers can ensure that patients refilled prescriptions when scheduled, or remind patients of upcoming office visits or tests to take.

Managing healthcare is increasingly a team effort. Frequent, accurate communication between the team members – including the patient – is paramount to achieving good outcomes. Direct offers an effective enhancement to EHRs that can help care providers deliver better patient outcomes while complying fully with HIPAA rules for privacy and security.

About DataMotion™ Direct

Based on the national encryption standard for securely exchanging clinical healthcare data via the Internet, DataMotion™ Direct enables secure messaging for healthcare providers, patients, business associates, and clinical systems. Using DataMotion™ Direct, PHI can be sent and received securely, in a manner that conforms to MU2 guidelines. It supports the transmission of a variety of sensitive data, including summary of care documents, large images, and personal messages. Best of all it integrates easily with existing EMR/EHR and other Health IT solutions to fully support in-network and out-of-network communications.

DataMotion is an accredited Health Information Service Provider (HISP), provisioning Direct services that are fully interoperable with other HISPs. Secure data delivery has been the core of DataMotion’s business since 1999, ensuring your ability to meet HIPAA compliance and Meaningful Use requirements.

Happy Holidays from DataMotion! 640 252 Monica Hutton

Happy Holidays from DataMotion!

Happy Holidays and a very Happy New Year from everyone at DataMotion!

Personal Health Record (PHR) Blog
Where is your personal health record? 600 237 Thomas Donhauser

Where is your personal health record?

As the US healthcare industry continues its journey to digital / electronic health records that can be easily exchanged as patients move between care settings, practical questions abound:

  • Who owns your electronic health records?
  • Where are your health records?
  • How can they be consolidated?
  • Where should they be stored?
  • Who should have access?
  • How can they be shared?

Legally (HIPAA regulation) – each individual ‘owns’ their personal health data and records, but very few of us have actual ‘control’ over them – at least from a storage, curation and management standpoint. An individual’s ‘longitudinal record’ – which is a comprehensive collection of well-care records (annual physicals and labs, ob-gyn visits, etc.), and episodic care records (diagnosis and treatment for illness, injury, etc.) – is not typically in one place – electronically or otherwise.

There are attempts at this – state or private health information exchanges (HIEs) were established as part of the HITECH components of the American Recovery and Reinvestment Act of 2009.The idea is to have a regional repository for all electronic medical records (EMRs) regardless of where the care was provided. Then a patient’s EMR can be accessed by any clinical entity on an as needed basis to inform past history when that person ‘presents’ for care. A good idea, but a challenging business model – who pays for it? Who ensures that all your care providers are submitting your data? And without a national patient identifier – how to reconcile inevitable name mix-ups?

There is a new ONC / CMS campaign for health insurers to be the new ‘HIE’ – to maintain EMR’s for their plan members. Since they likely participate in each clinical episode from a payment standpoint (wellcare or otherwise), they are positioned to collect the clinical data along with the claims data in a single repository. This may become law, for better or worse, as part of a current set of rules in review under the 21stCentury Cures Act.

A third push is for the patient/person to collect, maintain and curate their own EMR using a cloud service and application (or webservice – portal). These are known as a PHRs, or personal health record apps and systems. For many reasons (privacy, control and accuracy / completeness) – it makes sense – especially for tech savvy ‘digital natives’. And showing up in a clinical setting with all your health information accessible from your iPhone is the type of immediacy and control digital natives expect.

The personal health record (PHR) model is a grassroots approach, and needs a boost from a major cloud services player – Google and Apple being the most likely candidates. There needs to be some critical mass / pump priming to get these apps adopted and the data flowing from clinical repositories into PHRs at population scale. Then the patient control and resulting consumerization of healthcare can help drive more value from clinical service providers.

In the absence of a Google/Apple initiative, it’s possible for medical associations representing chronic conditions or cancers to build critical mass among their patients. If the American Cancer Society or the American Diabetes Association offered an app that included a PHR function, it’s possible they could build a base of users that would not only control their health records as they moved through their care plans and clinical settings, but they could also provide population health data for research and candidates for clinical trials – perhaps as easily as an ‘opt-in’ offer.

One way or another – the push for more data to be accessible to patients and their care-givers programmatically will continue, and the demand for clinical information exchange technologies and services that are interoperable and cost efficient will expand rapidly as well.

At DataMotion, we are huge fans of patient centered control. Working on a PHR strategy? Talk to us – we’re happy to share our expertise!

Secure Data - Secure Message Blog
5 Signs Your Self-Service Portal Needs a Secure Message Center 600 237 Christian Grunkemeyer

5 Signs Your Self-Service Portal Needs a Secure Message Center

5 Signs your self-service portal needs a Secure Message Center

  1. You are a financial services, insurance or healthcare company
  2. You have a self-service portal or app
  3. Your customers want to use email and share documents and secure messages electronically
  4. Your employees need to manage inquiries from a single desktop
  5. Security and privacy regulations require it

You are a financial services, insurance or healthcare company

Exchanging sensitive, regulated information with your customers is required to resolve many contact center inquiries and cases. Whether it’s answering sensitive questions, exchanging completed forms, supplying supporting documentation or exchanging a medical record – to resolve customer issues, you need to accelerate and track actionable communications supported by documents that may contain PII and or PHI. And that must be done in compliance with privacy and security regulations.

You have a self-service portal or app

You already provide customers a secure, self-service portal  or mobile application which gives them access to a wide range of information and services they can utilize to get more value from their relationship with you. That’s excellent – but when they get stuck and need to contact support – what options do you offer to secure message, email or share documents necessary for a streamlined resolution? If you limit their choice to out-of-band options (call us, fax us or send us a letter), or if you put restrictions on what they can discuss or share (“email us – but no sensitive info please”) – your CX score will suffer. A recent report by IDC indicates that companies growing at high rates are focused on digital transformation and customer experience – so this REALLY MATTERS to your top and bottom lines.

Your customers are asking for it

Customers want to engage your organization using smartphones, tablets, and laptops – online and through your secure self-service contact center or mobile application. They want to use secure messaging, email, file sharing – and they need to trust you when asking financial or health questions, and when they are sharing their private information and documents. They don’t want to use yesteryear’s technologies – fax, stamps, FedEx or in-person delivery. They would prefer not to call your support number and wait in queue on hold. They want you to make it easy to process their requests and meet their needs thru safe, digital transactions.

Your employees need it

Productive employees are happy employees. Happy employees make happier customers. Happier customers do more business. It’s a virtuous cycle. If you limit the ways your employees can communicate and resolve customer issues – less of those things happen. Customers are disappointed with communication and info exchange options, employees are often left waiting on slower delivery processes, are transcribing information, or working in multiple systems to cobble together a resolution (or get a complete customer history view). If you light up an integrated secure message channel with document sharing capabilities in their contact center desktop – it makes their job less cumbersome – so productivity, happiness and growth can thrive. The virtuous cycle of business life. The wheel of good fortune. (There may just be an Elton John / Disney song in there somewhere….)

Security and privacy regulations require it

And…. that’s the sticky wicket. HIPAA, GLBA, PCI-DSS, HITECH, DPA, GDPR – all there for the right reasons – protecting your customers sensitive information is your obligation – but it sure adds a lot of friction to digitizing your business processes.

And that’s where a Secure Message Center delivers its fundamental value. It allows you to get all the benefits of integrated messaging channels such as tracked email with file attachments, webforms, eforms, native webmail interfaces – with contact center integration. It enables – an efficient flow of inquiry and resolution that moves your business forward, all while providing the trusted security and verifiable compliance your organization needs, and your customers expect.

So what is a Secure Message Center and how easily can it drop into your current ecosystem to light up a secure messaging, email and file sharing channel in your contact center? Happily, there’s no ocean to boil. Learn more about it here, or contact us with your situation – we exist to make implementing this light work for you, and the contact center experience better for your customers.

Happy Thanksgiving from DataMotion 600 237 Monica Hutton

Happy Thanksgiving from DataMotion

Hoping everyone has a very happy Thanksgiving this year! What are you thankful for?

Digital Background - DKIM blog
What is DKIM for DataMotion SecureMail? 1000 395 Alex Mushkin

What is DKIM for DataMotion SecureMail?

As of November 13, 2019, DataMotion SecureMail and SecureMail Gateway support DKIM so outgoing email messages sent via SMTP are delivered to intended recipients and not rejected or quarantined by anti-spam and anti-spoofing protection measures deployed on recipients’ mail servers. SPF and DMARC are also supported, and defined below.

DKIM, or ‘DomainKeys Identified Mail’ is an internet standard email authentication method designed to combat email spoofing. It allows receiving SMTP servers to check whether an email which came from a specific domain (@xyz.com) was in fact authorized by the owner of that domain. DKIM involves signing each outgoing email message with a private key linked to the sender’s domain name. The recipient system verifies the digital signature by looking up the associated public key published in DNS. Put simply, the DKIM signer uses the private key and the DKIM verifier uses the corresponding public key.  In order for it to work, the sending SMTP servers must insert DKIM-Signature email header fields on outgoing email messages. The owner of the sending domain must also create a DKIMDNS TXT public record.

As stated in the IETF (Internet Engineering Task Force) RFC 6376:

“DomainKeys Identified Mail (DKIM) permits a person, role, or organization that owns the signing domain to claim some responsibility for a message by associating the domain with the message. This can be an author’s organization, an operational relay, or one of their agents. DKIM separates the question of the identity of the Signer of the message from the purported author of the message. Assertion of responsibility is validated through a cryptographic signature and by querying the Signer’s domain directly to retrieve the appropriate public key. Message transit from author to recipient is through relays that typically make no substantive change to the message content and thus preserve the DKIM signature.”

SPF is an email authentication method which is also supported, to combat email spoofing. It allows receiving SMTP servers to check whether an email which came from a specific domain was in fact from an IP address authorized by the owner of that domain. The owner of the domain must create an SPF DNS TXT record. The sending SMTP servers do not need to do additional work for SPF.

DMARC is an email authentication protocol (set of rules) to combat email spoofing, also supported by SecureMail. It allows receiving SMTP servers to authenticate based upon instructions published by the owner of a specific domain. The owner of the domain must create a DMARC DNS TXT record which specifies which email authentication methods (DKIM, SPF, or both) are supported for that domain. The sending SMTP servers do not need to do additional work for DMARC.

For information on enabling DKIM, SPF and /or DMARC, please visit our knowledge base, or contact support.

[contact-form-7 404 "Not Found"]
[contact-form-7 404 "Not Found"]