• The form #10 does not exist or it is not published.


The Lure of the Cloud – dusting off an old concept…

By Sam F. Khashman

Moving business to the cloud seems hip, fiscally astute, progressive, and innovative. Putting private business information (especially Protected Health Information or PHI) out on the Internet? No way. The problem is that “the public Cloud” is the Internet, repackaged and glitzed up, but still with the massive concerns for security, reliability (speed and access) and control. The cloud concept is actually one of the ideas that have survived the dinosaur era of computing as we understand it today. Depending on who gets the ultimate credit for “the Cloud,” the phrase is between 50 to 60 years old.

We all interact in the cloud, especially if we use Facebook or other social media. You want your medical or financial information on Facebook? Remember some of the revelations we’ve had about who is accessing what’s in your personal accounts (in spite of your privacy preferences)?

So let’s talk business for a minute. Radiology is a high-volume medical specialty, with the typical practice management system for a mid-sized hospital-based practice moving and storing millions of highly confidential transactions. The penalty for failing to maintain the security of these transactions can involve multi-million dollar fines and the publication of your organization on the Office of Civil Rights “list of shame” for security breaches involving more than 500 names. Since concerns for privacy and security have been a long-time bugaboo of the Web, (the Internet, the public Cloud) most organizations dealing with highly confidential financial information have so far declined to participate. There is a message in the fact that banks and credit card companies may add to their own internal clouds (private cloud) but they aren’t turning to the large-scale “we’ll take care of that for you” option of a public cloud-based alternative. The lure of the cloud

What do you need to know about the cloud in terms of your business?

  • Know your terminology. There is a vast difference between a public Cloud and a private one, with the latter controlled by your own IT department, internal or external. The security implications vary greatly and you need to do your homework.
  • The Cloud can work well for certain business applications, such as project collaboration, customer service, marketing communications and dashboards containing limited information. Transaction speed is not usually an issue in these situations, they are usually not business-critical if delayed or temporarily unavailable and security risks related to transmission or access to confidential information are measured.
  • Security is an issue, with vulnerability to Internet-based cyber-attacks representing more than an imaginary plot for a fast-paced book or movie. And there are no sound industry predictions regarding whether Internet (Cloud) security will ever be successfully addressed. In fact, as Internet use expands so do the number and sophistication of intrusions.
  • Control is relinquished. The Health Insurance Portability and Accountability Act (HIPAA) holds you responsible for the privacy and security of patient information—and contracting with someone else to accumulate, transmit and store that data does not absolve you of responsibility. The beauty of an Internet-based service is that is can occur literally anywhere in the world—and be subcontracted seamlessly. The curse of securing data with an Internet-based service is that it can be located anywhere in the world and subcontracted seamlessly—including in countries that do not comply with United States’ laws or standards for data security. And you may never know until something goes really wrong. (There is even more to consider in terms of control, but we’ll talk about that in another article).
  • Reliability. There are several sub-issues involved here, including bandwidth and the periodic types of interruptions occurring with Internet-based services. However, the HIPAA regulations again become a potential issue. One of the mandated security plan requirements involves conducting a risk assessment of potential threats and then developing a plan to adapt to them. Included in this assessment would be vulnerability to natural disaster and if you don’t know where the “mother ship” servers are located, how can you assess threats and assume all protections are in place? And what if the servers are moved to a new location? Will you know? Can you be assured the site is in compliance with HIPAA? And in your HIPAA assessment of business continuity, how will your organization recover from a potential disruptive event that occurs thousands of miles away?
  • Reputation. In any event, when patients become aware of their medical information being put on the Internet to save money you’ll likely have to spend the savings on PR so that your competition isn’t the only one benefiting.

We’ll talk in greater detail about some of the specific issues in upcoming blogs and articles. But the first step is to consider how important the following are to your business:

  1. Privacy and security controls (for a large volume of highly regulated personal financial/health information)
  2. Control is relinquished
  3. Transmission speed, whether posting a payment or scanning images
  4. Reliability. From local power outages to Federal HIPAA issues

Since each of these issues is of utmost concern to any radiology practice, it is unlikely the public Cloud yet offers a viable alternative, whether billing/collections transactions are involved or transmission of images. There is still too much risk and it only takes a brief Web-search to validate what industry leaders are saying. So far they are consistent. The public Cloud isn’t there yet and based on the nature of the Internet environment, it may never be.

So is there a place for the cloud? Absolutely. Non-business critical applications, data-sharing that doesn’t involve PHI, marketing and various types of communications—all can benefit from the Cloud concept.


Healthcare Excellence Despite Lower Reimbursements

Bridging the Gap and Meeting Demands

Healthcare reform ups the ante in terms of expectations, attempting to measure (and pay) in a world of quality, where patients are “cured” the first time around and the effectiveness of their physicians determined by whether they accomplish that goal. Value-based compensation models, while still functionally vague, are the intended mandate and represent a quantum change from current fee-for-service models.

Bridging the GapThe “new” model of healthcare comes on the heels of recent reimbursement cuts, the implementation of “5010” (the new format for standard electronic Health Insurance Portability and Accountability Act transactions), the threat of penalty for failure to submit quality data codes compliant with Physician Quality Reporting System (PQRS) measures to the Centers for Medicare and Medicaid (CMS), confusion regarding changing Meaningful Use requirements, an often hostile environment of Recovery Audit Contractor (RAC) audits and even more confusion over how to function with future payment systems. In our new world, the quality of healthcare will improve based on objective measurement and the “value” of the patient experience, all at lower cost for those paying the bill.

Better healthcare for less cost? The demand for more service, higher standards of accountability (while at the same time simplifying administration), and increased levels of compliance reporting usually go hand in hand with higher costs. Practices are rapidly facing the need to upgrade technology and personnel skills, with perhaps a greater reliance on support from consultants and professional organizations to help them navigate the waters.

This type of contradictory, disruptive messaging tips the balance of certainty and stability, puts us on high alert, and allows for fear, uncertainty, and doubt to set in. Some of the credible surveys conducted in 2011/2012 show physician morale at an all-time low, with many providers considering the safety of employment over practice ownership and others even considering a change in career.While this should come as no surprise given an increasingly hostile business environment, it would be unfortunate and further add to the predicted physician shortage in the future. In fact, solutions to this crisis are actually within reach.

Radiology is usually viewed as a “behind the scenes” specialty, where contribution to the patient’s circle of care is consultative and supports those physicians with direct patient contact. While radiologists could in theory support the concept of “value” in medicine, they in fact have little control over how their interpretations are used to drive improved outcomes. At the same time, as quality becomes the watchword, insurance companies in some parts of the country are attempting to steer patients to lower cost providers without consideration of quality. How does radiology move then from the perception of being a “passive” specialty in regard to patients, potentially treated as a low-cost commodity and therefore, able to maintain some level of control over its destiny?

Alan C.Kay stated, “The best way to predict the future is to create it.” What can this look like for radiology?