Even my 4-year-old granddaughter knows what a silo is: the iconic brick, wood, concrete, or metal structure that keeps one harvest from another on a farm. With all the change in agriculture, we would actually be hard pressed to find a farm with the iconic silo, but still. 

The silos in health care are infamous, rather than iconic. The physical barriers are reinforced with regulatory barriers, time constraints, virtual constraints, and -- most unfortunately -- attitudes.

Look around you and notice all of the physical constraints. Do you remember them being as pervasive even just a few years ago?

• Key cards
• Locked file rooms
• Locked drawers
• ID cards
• Files face-down
• Disconnected hallways
• Tree lined atrium replaced by cubicled offices
• Windows blocked by required notices
• Distances across town, across farmland, or just down the hall
• Diverse institutions. Long Term Care, Home Care and Hospitals

Of course, with technology so integrated with our days, there are also the virtual barriers we experience:

• Log ons and passwords
• Telephone tag
• Not enough integration
• Too much integration and too much data
• Packed email boxes

And, saddest of all, we have attitudes that separate us:

• Not my job.
• Competition. True story, overheard at a medical meeting in an urban center.... Older chairman of department to you surgeon: “Yes, I will grant you privileges, as long as you just do emergencies and never do cosmetic surgery. Welcome.”
• Outside of my scope of practice.
• I’m not allowed to do that.  
• I’m just doing what I am told.
• I’m not comfortable with that.
• I don’t do that often enough.
• That is too time consuming. 
• Medicine is a business. It needs to be run like Disney.

It is not enough to blog about it. It is not enough to complain. Each of us should do something, but where should we start? "We" meaning all of us; lab techs, aides, super-specialists, advanced practice nurses, doctors of what ever board certified -ology should get started!

We are not going to change HIPAA and the legions of other state and federal regulations, at least not right away. There are not enough of us to protest (maybe there are and we merely need the 17 year old Hong Kong activist to lead us). We will not get doors unlocked, IDs removed, logons discarded. So, the only thing left, and indeed the core of the problem, is our attitude. We need to regard the patient as our responsibility, not our institution's responsibility. We need more us and we, and less them and you in our language and in our thought. We need technology that promotes these good attitudes, not technology that blocks them. We need technology that empowers action based on these attitudes, not technology that dispirits them.

Hybrid Store-and-Forward Telemedicine Can Help Defeat Silos. Here's how:

Image courtesy of docsearls on Flickr, used under Creative Commons rights.

A colleague of mine works in the Appalachian mountains. She's a committed practitioner who works with rolling green hills out the window, cultivates close relationships with every patient, and has a great breadth of skill.

What she does not have nearby is a Diabetes specialist. The closest Diabetologist is in Washington, DC, more than 3 hours away. And whenever a consult is needed, the specialist inevitably wants a long look at the patient files before offering advice. So when my friend in Applachia needs to get a consult and so needs to "share" the patient file with that specialist, she usually does it by driving the 200 miles to his office.

Recently, however, this provider asked me if there is any better way: "Can I upload and share patient files using telemedicine?" The answer is yes. There are certainly ways to use today's technology to safely and efficiently share patient files with colleagues, without running afoul of HIPAA -- or having to drive 3 hours. However, there are some key things to keep in mind so that patient data stays safe and the provider doesn't run into hassles.

How to send patient files without HIPAA headaches:

• If it doesn't promise it is HIPAA-compliant, don't use it. We hear providers talking about using Google Docs, Dropbox, text messaging, email, and even Facebook to send patient information. The problem with every single service in that list? They're not HIPAA-compliant. Stay away from these platforms when it comes to patient data, and only use a medium that promises to keep you, and the patient, safe. 
• Consider hybrid store-and-forward telemedicine. Because it is a hybrid store-and-forward model, when you upload a PDF of a patient file to ClickCare (or send questions, pictures, or video), the consulting provider doesn't have to be available on your timeframe. The data will sit there until they're ready to review -- safely -- and you can review their response on your own time as well. 
• If you're texting, do it securely. Although regular text messages are not secure and can't be used for patient information, there are secure text messaging services available. So if you don't need to send a full patient file, don't need to include pictures, and don't need to review treatment or teach, secure text messaging can be a good way to go.
• Be skeptical of the "easy way." The two most common ways that providers share patient information are either by driving patient files to other offices or talking about histories and conditions in the elevator. Driving, of course, is a huge time-waster and isn't scalable or sustainable. And it turns out that provider-to-provider conversations in the elevator are actually the most common HIPAA breach. So while we always encourage face-to-face conversations with colleagues -- in the elevator, or elsewhere -- we suggest using those conversations to connect as people... and use the technology available to send the actual patient information. 

Looking for more guidance on staying HIPAA-safe?

Image courtesy of stephanieasher on flickr.com, used under Creative Commons rights.

Increasingly, taking photos is a part of our lives. We snap photos when we're out at dinner or on a trip. And we certainly want to take a picture when we see an interesting case or need to remember or share something about a patient.

With the significant fines and punishments for HIPAA violations, however, medical photography on your iphone or smartphone brings up a several HIPAA compliance and security issues:

• If your phone gets lost, all photos on your camera roll are insecure
• Once a photo is on your phone, it is tempting to email or text it, both of which are in conflict with HIPAA.
• Photos on your camera roll may be susceptible to access by apps that are not HIPAA compliant.

So what is a person to do? It seems ridiculous to choose not to use technology in service of patient care. Here is the good news: you can and should use your iPhone or other smartphone for medical photography. In fact, we think that medical photography is a simple, powerful way to improve how we care for patients and make our lives as providers a little easier.

So here is a checklist to make sure that your medical photos are secure and useful:

• Understand HIPAA. You don't need to drive yourself crazy, but a little understanding of the fines and penalties goes a long way 
• Never put patient photos into your regular camera roll. Sometimes smartphone apps (with the exception of iClickCare) pull from your camera roll-- even sharing pictures without your knowledge. And even if that doesn't happen, your camera roll only has one layer of security -- the login password on your smartphone. So when dealing with patient photos, we recommend using a secure app like iClickCare that doesn't ever save photos to your camera roll. You'll know your pictures are safe, and used only for your purposes. 
• Use some overall security strategies so you don't have to worry. When your technology is more secure overall, your photos are more secure, too. 
• Don't email photos. Email is never a secure way to collaborate. 
• Use apps that are explicitly HIPAA-secure. When you do collaborate, only use collaboration platforms that explicitly promise HIPAA security.

Security issues aside, we all want our medical photos to be a little bit better. Get the first chapter of our book on iphone photography for free:

As we transition out of the holidays and into the new year, we start to move faster. Our days are busy, we're preparing for yearlong projects, and patients are packed into the schedule following vacations.

In our practice, we've noticed that as we start to move faster, details suffer. The first detail to go? HIPAA compliance. And despite our prioritization of patient care, HIPAA violations are no minor consideration, as we all have come to know. 

So as the 2014 kicks into gear, we wanted to share our favorite easy tips for staying HIPAA safe and compliant.

3 simple ways to stay HIPAA compliant:

• Only use apps that promise HIPAA compliance. Some apps may feel safe, or even say they are "secure", but unless they explicitly promise they are HIPAA-compliant or HIPAA-secure, we'd be wary.
• Focus on patient communication. Patient communication is one of the places where providers tend to get a little lax with their HIPAA considerations, just because it feels like regular communication. But a few simple practices can keep your patient communication simple, personal -- and HIPAA safe. 
• Check your email settings. Although email can't be used for medical collaboration, we use it for so many things that HIPAA complications can sneak in. So we created a guide to make sure your settings help you, rather than hinder.  

We've found that small ways of keeping on top of regulatory issues end up keeping us on track even better than more intensive strategies. So keep it simple -- and stay HIPAA safe. 

Telemedicine can bring HIPAA issues, but doesn't have to. Get our guide here:

This post was originally published on July 24th. Since this piece of our website was not working for all viewers, we're republishing some selected posts this week. 

Protecting patient privacy is a good thing. If a patient's medical information gets into the wrong hands, it can make it hard to get a job, complicate relationships, and have financial consequences -- so privacy and HIPAA are important and serious.

But the truth is that HIPAA is causing healthcare provider burnout. As we've talked about in other posts, up to half of physicians are burned out, which has real ramifications: physicians experiencing burnout are more prone to errors, less empathetic, and more likely to quit practicing altogether

And HIPAA is one factor contributing to this burnout, by:

• Disconnecting you from patients. HIPAA-induced wariness about sharing information with patients or patients' families can start to create barriers to interacting.  With so many rules about what is allowed to be shared, to whom, and when, some providers shut down.
• Wasting time with extra forms and EMRs. Most providers report that paperwork (even if it's electronic "paperwork") is at an all-time high, and HIPAA is a strong driver.
• Causing anxiety about getting in trouble. These days, even a simple conversation, phone call, or (gasp!) text message can start to feel hugely risky. That stress contributes to the overall stress of providing healthcare and accelerates burnout. 

So what is to be done? Well, there's a lot you can do, actually. First of all, when you acknowledge the ways HIPAA creates challenges in your practice, it makes you less likely to blame the people around you. Second, when you notice ways that HIPAA is making connection difficult, you can address it in your workflow. For instance, many of ClickCare's users tell us that ClickCare saved them a lot of stress -- as well as time -- because they didn't have to "reinvent the wheel" around HIPAA-safe collaboration. And finally, when you accept that HIPAA rules and constraints might be creating a feeling of disconnection with patients, you can get creative about ways to connect with them even within those constraints.

As with most things, the first step is recognizing the dynamic. Like William James said, "Acceptance of what has happened is the first step to overcoming the consequences of any misfortune." HIPAA is no exception. 

For an overview of the HIPAA/HITECH Omnibus Rule 2013, click the button:

Let us know your comments about the blog article, and tell us which topics you would like us to write about in future blog articles.

HIPAA? I know about it, but I text anyway because it is good patient care.

Do you really want to say that?

Our advice: Don’t even think about it! And moreover, forget it and move on -- there is too much to worry about that you can change, and this, you can’t.

We are taught to understand as well as follow. Here is some understanding.

The Federal Register, on January 25, 2013, added another 563 pages (78 Fed Reg. 5566) to the voluminous hundreds of pages that constitute three acts over the past 17 years. These are HIPAA, HITECH and GINA, and an entire industry has been built on these rules. The 563 pages as a totality constitute the Omnibus Rule of 2013.

What does all of this mean to us providers? What does all of this mean to us who help providers? Since this post is conversing with patient care professionals, many of whom are mere HIPAA laymen, these answers are brief and focused.

Four main points for day-to-day care:

1. There is increased penalty and enforcement. 

2. Business associates are responsible for all their subcontractors. Did a cleaning lady, employed by a cleaning service pick up a CD? Reasonable Cause -- an act or omission in which a CE or BA knew, or by exercising reasonable diligence would have known, that the act or omission violated an administrative simplification provision, but in which the CE or BA did not act with willful neglect. 

3. Any disclosure of PHI will be presumed to be a breach, and HHS will, not may, investigate.

4. Individuals have enhanced rights to obtain electronic copies of their records. With this, is an enhanced right to restrict disclosure of PHI. Patients who pay solely for care by cash can restrict release to insurance companies and billers.

Some collateral damage to be aware of:

• Schools  -- Immunizations can be shared.

• Research -- Special notes about current research releases, and how they may apply to future analysis of the same data with different research.

• Genetics -- Genetic information is protected and cannot be used against the patient.

• Marketing and Fundraising -- Defines how information is used. Can you ask for money from patients for a cause you know that they are near and dear to?

• Notification -- You may have to send new notifications to your patients about your privacy policy. Did you ever get one of those from your credit card company?

How much time is there to comply?

The final rule was announced on January 25, 2013. It is effective March 26, 2013 (including penalties), and compliance (such as notifications) must be completed by September 23, 2013.

Cost and Conclusion.

The cost of all of this...114 to 225.4 million dollars (government estimate, your experience may vary). In 2011, the CDC estimates 1 billion physician office visits. That works out to 23 cents per visit.

Finally, there is a lot to this and a lot to read. Download the "Omnibus Rule -- High Overview" to learn more and send you speedily on your way.

It is not totally depressing. But, as Jim Croce says,

"You don't tug on superman's cape

You dont' spit into the wind

You don't pull the mask of the ol' lone ranger

And you don't mess around with ..."

Find the compilation of References here:

1.http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html

2. Debbie Tokos, RHIT, CHPS, United Health Service, Johnson City, NY 13790

3. http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/AreYouaCoveredEntity.html

Let us help assure funding continuation by making it easier for your project to access care for patients, empower providers to collaborate and educate future providers. A common thread found in the many, many of the awardees, is care coordination and that is the mission of ClickCare as recently described in the NYTimes and in a shout out by Steve Wozniak at the American Telemedicine Association.

CMS says that the following is involved for the continuation of funding:

            Replicable innovation:
The Affordable Care Act (a.k.a. Obamacare) may or may not change things, but iClickCare replicates coordinated care.

            Rapid implementation, 6 months or sooner:
ClickCare stands ready, with its agility, compliance and quick implementation. Six months can pass alarmingly quickly, especially when a program is being launched. December 6 is predated by summer, Thanksgiving, and the holiday season. That is not much time to work. We invite you to piggyback on 16 years of experience and software development.

            Workforce development and deployment:
Their frequent references to using midlevel providers to provide care. This is certainly a topic of our times, but is it innovative?  What about collaborating with those who are really at the bedside, home and workplace?  And doing it in a simple and user friendly manner!

            Efficient and sustainable use of funds:
Implementing iClickCare involves a software subscription on the internet, iPad or phone for a very low price that is further discounted for volume customers

            Reporting and monitoring:
iClickCare can provide both consultation and service to allow each member of your team to not only transfer data, communicate, coordinate, but also collaborate. Everything is archive and pdf reports show usage.

We at ClickCare stand ready to help you meet your goals of improving healthcare in our country!