Posts Tagged HEALTHIT

On #DataPrivacy Day


On Data Privacy Day, I thought it might be helpful to write a little bit regarding the nature of privacy in the healthcare world. Many people know that there are laws like HIPAA that are in place to protect patients from their personal health information being breached. And while there are stories regularly about breaches, the amount of effort that goes into protecting health information is immense. Maybe by providing some insight into that world you, as a reader or one of our clients, might gain a greater sense of confidence or understand ways in which you can also protect yourself.

It’s more than just privacy

In order to manage the private information of all of our clients across the United States, MINES employs the use of an electronic health record system that stores and protects access to information, even from within our own company. We use layers of access and control as well as tracking our own users within the system. This also means that we have to employ some pretty strict control mechanisms within the system to ensure that security of data is maintained.

But, there are many times when we need to exchange information with other groups on your behalf. An example of this is providing an authorization to the provider that they are pre-approved to receive payment for services. To do so, many providers elect to receive this information via email, in which case the provider is sent a notification email where they are prompted to log into a secure website where that information can be accessed. We have structured our agreements with these providers to protect that information as best we can from the very beginning.

Part of the key to good data privacy policy that MINES employs is to only ask for information that is needed to provision services. For most of our clients, especially on the Employee Assistance side of our services, we ask for the last four digits of your social security number. This is used to help verify identity for later discussions with you. But the reason we don’t ask for your full social security number is because it creates a situation where we are storing information that isn’t critical to our needs to serve you.

Identity and security

As mentioned above, a critical element to protecting your privacy is tied to identity. Without going too deep into how this is handled across the healthcare industry, identifying an individual is usually done at MINES by their date of birth and last four digits of their social security number. From there, all internal work is handled by using a unique identifier, called a Patient ID. This allows us to be able to reference information from the central patient database without using your name, or other personally-identifiable information; decreasing the likelihood of erroneously sharing your data.

A note on confidentiality

Your information is never shared with your employer except in the case of Work Performance Referral in which case you will be asked to complete a letter explicitly allowing us to communicate with your employer regarding your progress. Your information is also confidential from disclosure to other employees at your company or anyone else for that matter without your permission. For example, even your spouse or family member cannot receive information about you from our staff without your permission. The exception to this is when information that we receive poses a threat to others, in which case we may be legally required to act.

Ways you can protect yourself

This isn’t meant to be alarmist, or to suggest that you shouldn’t provide as much information as you can with MINES. We implement a lot of control to make sure that the information that you provide to us is protected. However, below are a few things that you can do to help protect yourself.


If you elect to receive email from us – for example, to communicate about an upcoming session, or request additional information – you should know that email alone is not secure. While most information that would be sent isn’t highly sensitive, it’s certainly something to be aware of. Regarding corporate email, specifically, most information that flows through corporate email servers is logged, stored, and likely accessible to IT professionals on some level at your organization.

Request a copy of the privacy notice

All providers should have this readily accessible to clients. By reading through the privacy notice, you can get a sense for how information about you can be used and what recourse you have in the case of a breach or needing a copy of your record on file with the provider. If you’d like to see our privacy policy, you can find that on our website, here.


As mentioned above, regarding the confidentiality of your information, when you call into MINES to receive access to services, the staff will ask if it is okay to leave voicemail. By providing a voice mailbox that is accessible only to you, we can make sure that your information is not being shared with other parties.

What’s on the horizon for us

In an effort to continue to meet the needs of privacy in an ever-more-connected world, MINES is engaged in a number of initiatives that will further protect and ease information exchange to simplify how we work with you. Soon, you will be able to create an online account with us where your history with MINES can be accessed. You and your provider will be able to use this platform to communicate with each other in a secured environment. You will be able to create your own account with us without calling in, so that if you want to request services but are concerned about someone overhearing the call, you can do so silently. And perhaps most exciting from my perspective, you will be able to create and access your account using a Facebook or Twitter account, allowing you to quickly authenticate your identity without pesky usernames and passwords!

We take security very seriously at MINES. We want you to have peace of mind when sharing information with us. If at any point in time you have questions, concerns, or suggestions regarding how we handle privacy and security, we welcome your insight. You can email or call us during regular business hours at or 800.873.7138.

To your health,

Ryan Lucas
Chief Information Officer
Security Officer
MINES & Associates


, , , , ,

Leave a comment



I know there are a TON of articles and posts that have surfaced in these 6 days since PokemonGO was released in the United States. The sheer volume of discussion around this just-short-of-a-phenomenon app is certainly surprising in many ways, though another very popular app that just recently was eclipsed in downloads, Tinder, also got a ton of press at the beginning – mostly for the questionable intentions of its users. In this case, you might be able to make a case for the questionable intent of the creators, but I’ll stay away from either of those as the crux of this post and use it as a jumping off point for what I see as valuable technology for the future of health intervention.

What is PokemonGO



Loosely based on “Ingress,” PokemonGO is a marriage between Google spin-off Niantic and Nintendo’s Pokemon company. Both companies have, on their own, somewhat of a cult following at this point. While the platform that enabled Pokemon to flourish, Nintendo, has wider reception, both at this point, are not particularly popular on their own. I was actually never a big fan of either. There may have been Pokemon Pogs when I was growing up, but aside from that, I’m not intimately familiar with either. But this combination of geolocation technology and fantasy are not new at all. In fact, if you check out ARGNet, you will find a number of times when games have moved beyond their stated fantasy world and brought them into the real world. Even Cards Against Humanity’s 12 Days of Holiday Bullshit involved very real things IRL (In Real Life) that helped to solve a massive puzzle by contributing members.

But why is it so dang popular!?!

Simply put: it’s fun to play. In Jane McGonigal’s book Reality is Broken and in her TED talk Gaming can make a better world, she covers why gaming can be so much fun and how it can be used for more than just checking out from reality. For those that don’t know what makes a game, there are 4 rules for game-making:

  1. It has to be fun
  2. There are rules
  3. There has to be feedback
  4. It has to be voluntary

And PokemonGO handles these splendidly. If you are able to suspend seriousness and simply play the game, you get the cute characters of Pokemon as if they are in your own world. And then you have to interact with them. There are rules and while you don’t necessarily know them as a newbie, you pick them up rather quickly because there is a lot of feedback as you fail. And voluntary? At over 50Mb to download, significant battery management, dedication of time to the task, and a VERY serious draw on device memory, you’re making a conscious decision to volunteer your time to the goal “gotta catch ’em all.”

How does it work?

Relying on Niantic’s successful incorporation of layering fantasy graphics on Google’s mapping technology, your movement within the real world is translated to the world of PokemonGO. With real world locations acting as stops, real world walking moving you toward Pokemon, and real world feedback as you navigate around obstacles to find these critters, the technology is immersive while being a bit of a “screen suck.” You swipe and click the screen throughout the game to engage different activities (preferably once you’ve stopped moving!) and try to level up through the game.

A word on design

Despite the fact that there are no real instructions on how to use the game, it is incredibly easy to use and intuit as to the next thing you need to do in the game. In the case that you get jammed up, you can always talk to a friend about what they have experienced. And that conversation results in extended conversations about what you’ve seen, done, and enjoyed; even sharing what your highs and lows have been.

Laying the fantasy world on top of the real world allows for the interaction between real and false worlds to transcend the experience of the individual. While it is not necessarily a new technology, it certainly hasn’t been used to this level across a population of people. Look no further than the people walking around parks to see how pervasive this game has become.


Besides the clear security issues that one might expect with an app that logs one’s location, we’ve seen articles that highlight a number of, sometimes false, security concerns that may or not may reveal private details about someone. For example, Instagram’s geotagging feature might reveal that the user is nowhere near home; meanwhile, there have been users that have been vandalized by their Uber driver because they were recently driven to the airport.

While there is only one clear security issue derived by the PokemonGO app, other than the iOS opening that created access to Niantic for the complete control of the users’ Google account (which was quickly remedied within the first five days of operation) PokemonGO does not have the hallmarks of issues, inherent to the app, that many others have had. The one condition to this that I would offer is the use of Lures at Pokestops, which allow for control over the fantasy world for other players as well. This is intended to allow you to attract Pokemon and potentially meet other people, but as you can imagine, that might cause a problem if someone wanted to maliciously use that tech to lure users more than Pokemon. You can’t see other users. You can’t lure those users (unless it’s discovered that incense works beyond the user – which, as of yet, it hasn’t). And until you can hack the database, which, as far as I, know never happened with Niantic, the users are relatively safe.

Health hazard or opportunity

So what are the real opportunities or hazards for this app. Truth is that we’ll likely see more and more stories about the extreme situations like a robbing in O’Fallon, IL that used the technology to target individuals (disproved in this case but could have been a Lure) and a young woman finding a dead body near a stream near her home. But truth is that this has created an engaged population, regardless of age, that is regularly walking through areas that they don’t regularly. And is that bad? We live in a country that is SO LARGE that we don’t inhabit more than 90% of the mass, and yet we have SO many opportunities for exploration for a nation of explorers.

Maybe it is. There are maybe some places that we don’t go and that’s okay. But for the large majority of people playing this game, it seems that it runs through the normal course of daily activity, or just slightly more.

What can it potentially do?


Without going too deep into what the values of using gamification are here (feel free to read more here), it is certainly becoming more commonplace to bring this theory into regular technology for deeper interaction with users. The reason that gamification can be such a powerful tool in the capture of behavior change is that it seemingly separates the activity’s goal from the activity’s work by creating an intervening level of excitement with the user. This is done by initiating what is known in psychology as Flow.


From, link below

Flow is the state where the skill meets the difficulty that the user is presented with in a maximally optimal position to engage.

Augmented Reality

One of the best arguments for, and against, augmented reality that I’ve seen is nicely packaged in the form of this short film:

While there are many opportunities that augmented reality potentially brings to the table with regard to the mundane (paying your tab at a restaurant, preparing food, even exercising like PokemonGO has been credited with) there are also potential dangers to these augmentations. With regard to PokemonGO in its current version there’s certainly no actual human interface except through the handheld device. While it can influence behavior by incenting the user to do one thing or another, it cannot override human decision making. Yet.

But let’s set aside the potential for danger for a moment to consider how immersive PokemonGO has become for its users and how another user interface might have a significantly decreased reliance on the “phone” to play the game might actually allow for it to become more of a background activity, rather than what one is actively doing. In PokemonGO, the user is staring at a screen trying to find where the leaves are moving and that’s partly because of the limited amount of time most devices can actively “play” the game. But if, say with a device like Google Glass, you could be hunting Pokemon all day long? What if, rather than having to seek out Pokemon in a thirty minute “hunt,” you were hunting all day? Tracking steps all day to incubate eggs? Regularly checking into PokeStops and learning about those locations?

There are certainly risks, and those need to be mitigated. But there’s definitely a lot more opportunity too.


When you are strong enough to actually do battle at a gym, you pick one of three teams to join. These have their own internal meanings to the game and once you’ve joined a team, you can rely on those other team members for support in controlling gyms and help with training your Pokemon.

One thing that is currently lacking in this first version of the game is the ability to bring in one’s pre-existing social network. Because you must log into the game with your Gmail account or a account, the audience is potentially limited when it comes to mining the available social network data that might be available with, say, a Facebook login. Then you could invite your friends to join your team in the search for Pokemon. You could actually provide each other with tactical and strategic support in quests as well as provide emotional and physical support in reaching goals. Our social networks are significant in our health decisions, and forcing users into only having the option of the three team options in the game – which are highly contrived and not very useful on their own, so far as I can tell – there are additional opportunities for increasing the effectiveness of the platform for health behavior generation.

Socio-environmental disturbance

One thing that is for sure: there are a lot of people I’ve watched over the past few days playing this game. Will it last? I’m not sure. But watching two people who are running around a park together while staring at their phone certainly acts as a pattern interrupt for me. I’ve watched as someone stared at their phone and walked around corners, and down streets, trying to engage the PokemonGO world largely oblivious to their surroundings except for what is represented on the screen. And when you see someone doing that, it definitely has a similar impact to the way that we all responded when Bluetooth headsets and wireless earphones became popular for holding mobile phone calls in the public.

Yes, it’s a pattern interrupt. And yes, it was extremely annoying when phone calls made it out into the general public, seemingly creating dialogue that only existed in the speaker’s head. But that has become so normalized now, I can’t imagine there won’t be a possibility of a similar normalization of that activity. And once normal, adoption will likely go up, not down.

Why is this important?

BmsB9w6 - ImgurThese are not the Pokemon you seek

While the PokemonGO craze has blown away the expectations of the game-makers, and frankly any Ingress user is probably also doing the, “I was geocaching before it was cool” thing right now, this does start a discussion about how we can better leverage the technology that is already available to us to change our behaviors in small, although ultimately significant, ways.

Just the beginning…

…but an important one. Critical events like this are rare in helping to shape how we want our world to look. Each of us has the capacity to impact the way that we want to engage with our communities and our technology. What do you want your world to look like? Or, more precisely, what do you want which of your worlds to look like?

To our health,

Ryan Lucas
To stay ahead on topics related to this, follow me on Twitter @dz45tr

, , , , , , , , , , , , , , , , , , , , , , ,

Leave a comment