Posts Tagged Technology
On Data Privacy Day, I thought it might be helpful to write a little bit regarding the nature of privacy in the healthcare world. Many people know that there are laws like HIPAA that are in place to protect patients from their personal health information being breached. And while there are stories regularly about breaches, the amount of effort that goes into protecting health information is immense. Maybe by providing some insight into that world you, as a reader or one of our clients, might gain a greater sense of confidence or understand ways in which you can also protect yourself.
It’s more than just privacy
In order to manage the private information of all of our clients across the United States, MINES employs the use of an electronic health record system that stores and protects access to information, even from within our own company. We use layers of access and control as well as tracking our own users within the system. This also means that we have to employ some pretty strict control mechanisms within the system to ensure that security of data is maintained.
But, there are many times when we need to exchange information with other groups on your behalf. An example of this is providing an authorization to the provider that they are pre-approved to receive payment for services. To do so, many providers elect to receive this information via email, in which case the provider is sent a notification email where they are prompted to log into a secure website where that information can be accessed. We have structured our agreements with these providers to protect that information as best we can from the very beginning.
Identity and security
As mentioned above, a critical element to protecting your privacy is tied to identity. Without going too deep into how this is handled across the healthcare industry, identifying an individual is usually done at MINES by their date of birth and last four digits of their social security number. From there, all internal work is handled by using a unique identifier, called a Patient ID. This allows us to be able to reference information from the central patient database without using your name, or other personally-identifiable information; decreasing the likelihood of erroneously sharing your data.
A note on confidentiality
Your information is never shared with your employer except in the case of Work Performance Referral in which case you will be asked to complete a letter explicitly allowing us to communicate with your employer regarding your progress. Your information is also confidential from disclosure to other employees at your company or anyone else for that matter without your permission. For example, even your spouse or family member cannot receive information about you from our staff without your permission. The exception to this is when information that we receive poses a threat to others, in which case we may be legally required to act.
Ways you can protect yourself
This isn’t meant to be alarmist, or to suggest that you shouldn’t provide as much information as you can with MINES. We implement a lot of control to make sure that the information that you provide to us is protected. However, below are a few things that you can do to help protect yourself.
If you elect to receive email from us – for example, to communicate about an upcoming session, or request additional information – you should know that email alone is not secure. While most information that would be sent isn’t highly sensitive, it’s certainly something to be aware of. Regarding corporate email, specifically, most information that flows through corporate email servers is logged, stored, and likely accessible to IT professionals on some level at your organization.
Request a copy of the privacy notice
As mentioned above, regarding the confidentiality of your information, when you call into MINES to receive access to services, the staff will ask if it is okay to leave voicemail. By providing a voice mailbox that is accessible only to you, we can make sure that your information is not being shared with other parties.
What’s on the horizon for us
In an effort to continue to meet the needs of privacy in an ever-more-connected world, MINES is engaged in a number of initiatives that will further protect and ease information exchange to simplify how we work with you. Soon, you will be able to create an online account with us where your history with MINES can be accessed. You and your provider will be able to use this platform to communicate with each other in a secured environment. You will be able to create your own account with us without calling in, so that if you want to request services but are concerned about someone overhearing the call, you can do so silently. And perhaps most exciting from my perspective, you will be able to create and access your account using a Facebook or Twitter account, allowing you to quickly authenticate your identity without pesky usernames and passwords!
We take security very seriously at MINES. We want you to have peace of mind when sharing information with us. If at any point in time you have questions, concerns, or suggestions regarding how we handle privacy and security, we welcome your insight. You can email or call us during regular business hours at email@example.com or 800.873.7138.
To your health,
Chief Information Officer
MINES & Associates
Blended, not segmented
In an increasingly interconnected world, the rift between the person and the role within the workplace is diminishing. Again, highlighting a moment from our presentation at the EAPA 2011 Conference back in October, we provided a brief demonstration of the change that is coming with the introduction of smart technology that is cheap, intuitive, and pervasive. We added many of the ingredients of our everyday lives – personal photos, TPS reports, business cards, a beer (non-alcoholic, of course), and some others – to a blender. After pureeing the ingredients, we had the mish mash of our lives in a soupy representation of its non-segmentation. Slowly, but surely, we continue to blur the lines between our personal and professional lives. The generation entering the workplace today, as well as the mavens that have been productively using social media over the past decade, are contending with very significant issues when it comes to their personal versus professional circles.
Which is perfectly fine for them as, characteristically, they are less concerned about the space between work and personal that has existed in previous generations.
But it does bring up a new combined reality wherein the interconnectedness of all things plays a new role, e.g., less applying for jobs and more networking with previous co-workers and current friends. This is a powerful change in the culture of hiring as we can rely more on data points that are trusted, rather than on the various axes we might consider from an interview.
We’ll have chips, you bring the dip
This is further aided by the number of devices (and the consolidators like cloud computing and apps) on which we can maintain a seamless online life. Our ability to share, connect, and compute through these various devices has led to a revolution for some workplaces. We’ve gone from intentional VPN connections on desktops into the workplace, to push-based access to email on our phones.
Now we have the opportunity for individual employees to Bring Your Own Device (BYOD). Gone are the days where individuals carry two phones, or a personal phone and a work laptop. A new tide is rising where an employee can use their personal device to connect to work. This has obvious implications associated with it. In my last blog, I walked through some of the changes in the landscape regarding social media in the workplace and its potential for the leaking of PCI (a play on Private Health Information, Private Corporate Information). Imagine the concerns regarding that PCI on a device that can literally be left on a street corner! Consider data from Lookout Security (a mobile app that tracks lost phones) alone: 9 million lost phones in 2011. By the way, if you have employees using mobile devices for work purposes, either company owned or personally owned, you should have a solution like Lookout or iOS’s Find my iPhone in place. It’s just another thing to add to the technology section of your HR manual.
We can access statistics and reports from virtually anywhere with a WiFi or data signal, and we can do it on the same devices as our social media and personal activities. This means increased efficiency for some, and others less so as there are more distractions on the same device; however, it also means being less tied down to a workstation. Enabling employees to function in their role fluidly and dynamically means a potential for faster response rates and less commuting or booting (as in booting up a computer) time. So long as you are not also operating in System 1 by multi-tasking.
What does this have to do with health?
I’m so glad you asked. The mobile revolution has another impact on our lives: the ability for our physical wellbeing to be more social and integrated with our daily activities. For an employer, this can mean increased health outcomes to decrease premiums as awareness of one’s health can increase attention to keeping oneself healthier. Integrated with Social Media, this also allows for real time feedback from our social network, encouraging and assisting in the process of growing our health. And since we spend 1/3 of our week working, ignoring this time because it’s “work time” is simply the wrong way to go about creating a healthier workforce. Population health strategies necessitate an integrated approach to health – and even more so when you are self-insured!
If that’s not interesting enough, using both hardware and software, new tracking of the quantified self enables a feedback system that helps provide data to be reviewed by System 2, resulting in increased awareness of our current health status. Knowing your heart-rate through events, in real time, allows for biofeedback-based solutions to situations. Literally translated, our at-the-moment health can enable greater productivity at work – whether that’s at a coffee shop, your home, or at the office. As these pieces of technology become cheaper and more precise, BYOD might one day allow for the inclusion of health devices for work too.
To our health,