Last week Elon Musk announced a new plan for getting people to Mars — and a clearer idea of how SpaceX would make money at it.

As the New York Times reports, “The key is a new rocket — smaller than the one he described at a conference in Mexico last year but still bigger than anything ever launched — and a new spaceship.”

But it was a specific aspect of his vision that reminded me of the potential, promise, and reality of telehealth…

Mr. Musk’s Mars vision is interesting and almost unbelievable. (And, indeed, may not be practical, but time will tell.) “For Mars colonists, the rocket would lift a spaceship with 40 cabins, and with two to three people per cabin, it would carry about 100 people per flight. After launching, the B.F.R. booster would return to the launching pad; the spaceship would continue to orbit, where it would refill its tanks of methane and oxygen propellant before embarking on the monthslong journey to Mars.”

What is even more fascinating to me, however, is Mr. Musk’s vision for using the reusable rocket here on earth.

Because the rockets are reusable and because they travel up to 18,000 miles per hour, the rockets could take off to the atmosphere, and then come down in, say, Shanghai. Any two points on earth would be less than an hour apart. And, in fact, he says that the cost of a ticket would be cheaper than an economy ticket on a plane today. (He didn’t mention the leg room, but I’ll assume it’s better!)

When you watch the BFR “Earth to Earth” video, imagining the idea that you could get to Shanghai in 39 minutes, or from New York to Paris in 30, you start to wonder how our world would change if we could connect to each other so easily, so quickly. You think about how our understanding and empathy of other cultures might grow. You think about how new ways of practicing business, medicine, and art might emerge. How we might work and live differently, better. And you wonder -- if I could go to any country in the world before lunchtime, what would I do with that ability to connect? If I had the power to connect across the world, how would I use it?

The truth, of course, is that you have that power now.

Mr. Musk’s vision is big, and it’s encouraging to know that entrepreneurs with big visions are working towards new futures. But the truth is that in the palm of our hands, we have tiny computers that let us collaborate with medical colleagues in any corner of the world, even in a HIPAA-safe way, for a cost that is tiny. The reality is that telehealth now allows us to connect with patients and people across the spectrum of care in ways we couldn’t, even 20 years ago.

What will you do with that power?

Photo by NASA on Unsplash

"Healthcare is one of three industries facing the highest risk of a cyber-attack in 2017," reports Fierce Healthcare. In fact, every month the healthcare system already faces at least one cyber attack.

It's common for cyber security to feel like an almost insurmountable problem -- especially when even the government is struggling to keep us safe from hackers. Is there anything that a hospital administrator can do to keep its patients, records, and providers safe? We think there is -- and we believe the best place to start is with three fairly simple security tactics.

Nationwide, there are some big threats to cyber security in healthcare that may need a nationwide solution. In fact, it is one HHS's top challenges for 2017. Some of the biggest threats to healthcare cyber security include: ransom-ware, hacking, The Internet of Things, and internet use that just doesn't comply with security standards.

That said, there is significant "low hanging fruit" when it comes to shoring up a hospital's cyber security. In fact, some of the most common and costly issues are simple to prevent. They might not be flashy, or involve a 5-year plan, but they are likely the ways to keep your patients and providers safe from the most common threats they're likely to face. 

Three simple cyber security issues that should be first on every hospital's list to fix:

• BYOD for texting. The fact is, every healthcare provider has a smartphone in his/her pocket. So the question isn't whether a provider is effectively using a "Bring Your Own Device" (BYOD) policy -- it's whether she is doing it in a way that is HIPAA compliant. Texting isn't HIPAA compliant, using your phone's camera roll isn't HIPAA compliant, and storing data on the device is a huge breach. But there are ways to have a BYOD policy that is HIPAA secure.
• "Smart devices" that aren't that smart. 
  For instance, "smart devices" like blood pressure monitors, baby monitors, smart scales, etc. can be entry points for a cyber attack since their security is often much less sophisticated that security on a smartphone or computer. So that costly hardware acquisition plan can have some significant downsides if every single device isn't AS secure as the computers inside the hospital building. Our recommendation remains -- invest in updateable software, and use the (already secure) devices and hardware you have.
• Poor HIPAA compliance.
  The cost of a single HIPAA data breach is now $4M per incident. We still have so many colleagues that say "it's just easier to text or email" with colleagues about patients -- an approach that is obviously not HIPAA compliant and puts the individual provider at personal financial and professional risk. Supporting providers in being HIPAA-smart is probably the single biggest way to stay safe. 

Do we need a nationwide plan to stay safe from cyber attacks, especially when it comes to our healthcare system? Yes. But in the years that will take to form, it's crucial to protect your hospital from the most likely culprits, now.

We published a free whitepaper on using a BYOD while also keeping devices -- and your hospital -- secure. Download it here:

Photo from wocintechchat on Flickr, used under Creative Commons rights.

Irrespective of ROI, irrespective of jail time, irrespective of public shaming, irrespective of patient rights and privacy, we often hear from our colleagues: “I am emailing and texting patient stuff. I asked the patient! After all, I am a medical professional and acting on their behalf."

When I hear this, I feel real fear for my colleagues -- and dismay. The HIPAA rules are clear and the law is being enforced. The fines are big, and a year in jail is not appealing.

That is why we were confused about reports surrounding the recent tragedy in Orlando. Orlando Mayor Buddy Dyer told television reporters that he had asked the White House to waive HIPAA.

We certainly applaud the motivation in terms of caring for people -- but the reality is that even a tragedy of that magnitude, and likely even a White House clearance, would not keep providers safe. We all know that the law has real teeth, not the least being that anyone in a chain of events is liable (the administrator for the doctor, the doctor for the administrator). So how could a waiver be granted? The law becomes both complex and obtuse about the release of patient information to family members and the media. We are very aware of cases where grown children with an admission for psychiatric disease are isolated and essentially jailed while the parents with whom they live are not allowed to learn and intervene. In a chaotic situation, the difficulties compound.

As the dust settled, we found out that indeed, there was no waiver. None have been granted since the Katrina disaster -- and that includes the 9/11 attacks. None was actually needed, as the U.S. Department of Health and Human Services Office of Civil Rights (OCR) outlines that professional discretion is allowed for 72 hours when there is an emergency situation.

Ultimately, it's appropriate that patients' privacy is protected, even in times of uncertainty and emergency -- as so much of medicine exists in.

HIPAA waivers can't -- and likely shouldn't ever -- be granted. Especially when there are legal ways to communicate and collaborate that are easy and fast. It can be simple to stay HIPAA compliant.

The waiver asked for was not necessary. However, it is clear that texting a consult, emailing a picture, and talking about a case in the elevator are all violations.

We understand the problem, we created a solution, and we are doing our best to make it available to everyone because that is truly “care on behalf of the patient”.

Learn more about your HIPAA rights and risks here: 

The early days of telemedicine and telehealth brought extensive discussion about images. When we started working with nurse practioners in school-based health setting, most people hadn't used a digital camera, much less thought about diagnosing something through a digital image.

To be fair, the quality of those early images was so dramatically far from the images we have now that some discussion was certainly justified. But most discussion was simply based on fear and knee-jerk reactions.

Even today, though, there are concerns about the quality of photos. As this study puts it, "Smartphone cameras are rapidly being introduced in medical practice, among other devices for image-based teleconsultation. Little is known, however, about the actual quality of the images taken."

The results of that study were clear, though.Three different platforms (Apple, Blackberry, Android) were compared to a Canon professional its a 35 mm lens. Assessment was by lay people and common pictures, thus reducing clinical bias. The iPhone exceeded the function of the professional camera. And when comparing digital cameras to in-person appearance, two conclusions were drawn:

• The camera did just as well as viewing with the naked eye; or,
• The camera was superior.

It's not hard to think about why this might be when you remember trying to see something in a squirming child or fidgety elder, for example. It is easier to have the subject “hold still” with a 1/100th of a second exposure and quiet unhurried study than struggling to pinpoint a small rash on a moving target.

Many studies documented the equivalency or superiority of digital images in the five years before and after the turn of the century. The obvious specialties were radiology (now exclusively digital), wound care, dermatology, plastic surgery and pathology.

Chase Jarvis said: “The best camera is the one with you." And we always say: The best camera is the one in your pocket. With the advent and advances of smartphones since 2010, we have made several design decisions. One of the major ones was the use of the iPhone and later, the iPad, as an input device -- for exactly this reason -- it is always with you and you already know how to use it.

Our one caveat is that you should never use the camera roll in your smartphone for medical photos. With iClickCare, the camera roll is within the application, password protected, and separate from the routine pictures of vacation and kids. And that, or something similar, is the only HIPAA secure way to take medical photos on a smartphone.

If you're using photos for medical collaboration or care coordination, you can get our ebook on medical iPhone photography here:

We're all trained to look for "best practices." If there is a best or better way to do something, we want to know what it is. Many times, though, the excellence of medical care depends on the patient and the context.

The field of Long Term Care is no different. Sometimes an assisted living facility works just right. Sometimes aging in place is the ultimate. Sometimes it's senior co-housing. What works best in Long Term Care is for each patient to have access to the kind of care that works best for him or her. People want and need different things.

That said, one trend is for senior care to be as personalized as possible, as intimate as possible, as small-scale as possible, and as aligned with the individual's life as possible. That's why we see so much caregiving happening in different, patchworked contexts.

That's also why we see this trend that the New York Times recently covered, of small residences that still have the medical and caregiving resources that many older people need. It's a balance of medical help that can only come from an institutional setting, with the human need for more individualized settings. For instance, Our Family Home is a small, home-style setting for groups of patients with Alzheimer's or dementia. And The Green House Project is a network of homes that are created to support patients' needs while also feeling like an individual house.

There are some important challenges with these models, though. Because the settings are more dispersed, for specialized care to be happen, patients will often have to travel to a doctor's office or a hospital. Or, the specialist will need to travel to multiple facilities to complete the rounds.

So what's the answer, when decentralized models are great but there are geographical challenges with access to care? Well, it's a pretty simple answer, actually. We believe that telemedicine platforms can allow less centralized, more intimate, more personalized housing solutions to be viable. By allowing healthcare collaboration across the continuum of care to occur -- on the schedule and in the location of the people involved -- these models become a lot more practical, even in complex medical situations.

These are 3 key ways telemedicine supports seniors in getting the Long Term Care that works best for them, even in decentralized models:

1. Telemedicine makes it so more people can be involved in care, while not interrupting "compassionate continuity." 
   It is best for people to have continuity in the people who care for them. However, the complexity of many patient's conditions require nurses, aides, specialists, other specialists, and therapists to collaborate on a single case. A platform like iClickCare allows these people to contribute while also allowing the trusted aide to be the primary person in the patient's life.
   
   
2. Using photo and video for healthcare collaboration is key in Long Term Care.
   A good telemedicine platform makes using photos and videos more practical -- and HIPAA safe.
   
   
3. Healthcare collaboration --  at a distance -- makes homecare more financially sustainable.
   If specialists have to make increasing numbers of house calls, because there is insufficient technology to allow collaboration at a distance, homecare becomes less viable. If these trends continue, we'll need to find ways for the people providing the home care to be supported by other medical providers, in efficient and effective ways.
   
   

If you're part of changing how Long Term Care happens, we want to help. You can download our free ebook on transforming Long Term Care here:

Photo used under Creative Commons rights from fairfaxcounty on Flickr.

The truth is that HIPAA is a big deal if you're in the medical field, period. When we talk about healthcare collaboration and telemedicine, though, people can be even more concerened about cyber security dynamics.

There are concerns at the institutional level, of course. But  for individual healthcare providers, it can feel like we're burdened by the responsibility to protect PHI from HIPAA breaches, without the tools or information to do so effectively.

So we were interested to hear the insights offered recently by Michael Kaiser, executive director of the National Cyber Security Alliance. 

Here are some of his best tips for staying cyber-safe as an individual healthcare provider:

• Make sure everyone who handles data is aware of their responsibility to safeguard it. (More on personal responsibilities and tips to stay safe here.) 
• Make the risks of data violations clear to every provider, across the continuum of care. 
• Understand how to keep your digital assets safe -- especially with common tools like email.
• Understand what to do if there is a security issue (like losing your iPhone.)
• Use tools that work effectively with the pace and complexity of medical workflow

We encourage providers to innovate and care for patients, despite the bureaucratic deluges that sometimes feel as thought they'll drown us. But it doesn't have to be hard to stay HIPAA-safe, even when using a telemedicine tool -- and it is important. 

Above all, I value medical providers who practice good medicine for their patients, and that often means ignoring everything -- politics, insurance, regulatory niggles -- outside the room.

But sometimes I hear fellow medical providers flaut HIPAA dangers in ways that, ultimately, put their ability to care for patients at risk. Doctors text patient questions to each other. They use their phone's built-in camera roll for patient photos. They email medical records or other info back and forth to each other.

It recently came to our attention that the first HIPAA noncompliance enforcement actions are likely to hit business associates in coming months. Business associates became directly liable for HIPAA in 2013, and actions take 2-3 years to settle -- so we should see those first fines soon. Since these rules can be confusing -- and because HIPAA fines can be catastrophic -- we wanted to bring a roundup of our best tips and and perspectives on staying HIPAA compliant. 

Tools for staying HIPAA compliant, even while doing healthcare collaboration and telemedicine: 

• Know your risks and the consequences of violating HIPAA
• Read up on the definition of business associates and how to assess your risk.
• Explore tips for avoiding HIPAA and audit failures
• Never use email for patient health information (PHI) 
• Never use your phone's camera roll for patient photos
• Be cautious about BYOD policies but don't reject the use of smartphones for healthcare collaboration.
• Don't overcomplicate things -- do at least these 3 simple things to keep yourself HIPAA-safe.
• Know what to do if you lose your smartphone.

We know from watching our colleagues and customers that you can do healthcare collaboration and telemedicine in ways that are compliant with HIPAA. It just means doing what's right for the patient -- and knowing your boundaries as you do so.

Learn to avoid the "bring your own device" (BYOD) pitfall to staying HIPAA compliant. Get our free white paper:

To do healthcare collaboration, you certainly don't need any fancy tools. All you need to do is talk with the medical providers around you. You ask, you answer, and you find the ways to incorporate each person's valuable perspectives.

Many medical providers find that iClickCare simply makes that process a little easier. You don't have to be available at the same time, you don't play phone tag, you don't need fancy hardware.

However, because medical collaboration is so simple, sometimes people make the mistake of thinking that any type of technology is fine to use to do it. Whether it's text messages, emails, or Facebook, we've pretty much heard all the "Why don't we just use…." ideas out there.

So when we heard a recent new story about how 50,000 VA employees were reprimanded recently for their use of the social networking site Yammer, we weren't shocked, but we were disappointed.

Sites like Yammer, tools like email or texts, are all great -- but they aren't great in the healthcare field or for healthcare collaboration. Of course, we certainly don't begrduge any individual employee their use of Yammer. Surely, most (if not all) were using it in ways that make sense -- and any attempt at connect in today's medical world may well be a good thing.

There are a few specific reasons that you shouldn't be using emails, texts, or social networks for healthcare collaboration, all of which came up in the context of the Yammer debacle at the VA: 

1. They're not secure.
   Emails, texts, and social networks don't have the rigorous level of HIPAA security that iClickCare has, for instance. When you're doing healthcare collaboration, you have to assume that everything you send is under a security microscope. And unless you're confident that Personal Health Information is being protected at the highest levels, you shouldn't use these platforms to send anything about any patient or case, ever.
   
   
2. Personal and medical issues are mixed.
   With Yammer, messages about kids' birthday party were mixed with messages about patients' issues. That means that  providers ran the risk of missing key messages about a patient's care, or making the innocent mistake of sharing something with the wrong person. Perhaps even more importantly, you're using the same phone and camera roll to record comments, photos, or videos about a case, which means that insecure PHI is being left on multiple devices, multiplying the risk. (Always confirm that a healthcare collaboration platform takes precautions to separate personal and medical data, like using its own camera roll.)
   
   
3. They can waste a lot of resources.
   It's really fun to scroll through text messages and facebook, because you never know what you're going to come across. That same dynamic can make these tools especially inefficient for the medical context. In the Yammer case, administrators were concerned that providers were wasitng hospital time chatting about personal issues. We're less worried about that, since people don't usually have the time to waste, but we are worried when it becomes inefficient to sort through unordered, mixed messages. Look for tools that ping you about consults but let you respond on your own time. 

As we come off the Memorial Day holiday, there is some unhappy news for the US Department of Veterans Affairs: for the 16th consecutive year, it failed its Federal Information Security Management Act Audit. The report on the failures cited "Weaknesses in access and configuration management controls resulted from VA not fully implementing security standards on all servers, databases, and network devices,"

We've spoken to a lot of brave medical providers and administrators who are scared about running into HIPAA violations, failing cybersecurity audits, or even experiencing breaches. Of course, using telemedicine or telehealth platforms increase people's fear of these threats. But these kinds of healthcare collaboration programs do not have to increase risk. In fact, we've found that smart use of telemedicine can actually improve your security... as long as you're taking smart steps to not run afoul of regulations.

A roundup of our 11 most popular posts on HIPAA security and key things medical providers need to do to stay HIPAA secure:

Getting Started and Staying Secure

• A Review of the HIPAA Omnibus Rule. 
• 3 Simple Ways to Stay HIPAA Compliant. 
• Common HIPAA Violations and Penalities. 
• Getting Started with HIPAA for Dentists. 

Tips for Cybersecurity in Medical Settings

• Are You Making HIPAA Mistakes in Sending Medical Photos? Key HIPAA mistakes not to make when sending medical photos on the internet. 
• How To Send Patient Files Without HIPAA Headahces. 
• What To Do If You Lose Your iPhone. You’ve followed HIPAA, now you’ve lost your phone. Now what? 
• 3 Ways to Keep Patient Communication Safe from HIPAA. 
• How To Change Your Email Settings for HIPAA Protection. 

Understanding Bring Your Own Device (BYOD) Policies

• BYOD -- Is Any Smartphone HIPAA Secure for Medical Providers? The short answer is yes, but only if you use the devices in certain ways. 
• Nurses Risk HIPAA Violations with BYOD Texting. 67% of hospitals are seeing nurses use their smartphones in care. 

To avoid one of the most common HIPAA breaches, get our guide on staying safe with Bring Your Own Device Policies: