PHI, ARRA, (PP)ACA a.k.a Obama care, HHS mandate of PHI – what is this got to do with Mobile Conversations??

This week I'd like to draw attention on Healthcare (Information) Industry - But  at the very core of this discussion is "Information" - creation, storage, access and dissemination. This information may be  about the patient, healthcare partners, Hospitals, practioner and in the litigious society we live in legal system as well. I spend last week researching, discussing and understanding some of the challenges and imperatives of Mobile healthcare, and while this post is not meant to be exhaustive it is  meant to provide some insights into the types of discussion we  can expect with  any of our clients in Healthcare space be it - Insurance companies (Aetma,Cigna), Healthcare companies (UHG etc) or even Electronic Healthcare record (HER) providers.
 

Let me start by sharing some headlines:

1. The market for mHealth App service will reach $26 Billion by 2017
2. Federal Rule Expands Privacy Protection and Penalties for Patients Health Information
3. US Health and Human Services (HHS) has established a set of directives. Initiatives is called - "Mobile Devices"
4. The US "Affordable Healthcare Act" - has issued a ruling on sharing of PHI (Protected Healthcare Information), which used to be heavily regulated, between HHS and other state agencies.
5. As "Affordable Health care" laws go into implementation - The general public will represent a larger pool of  Insurable subjects, and that will not only require a Mobile based Insurance sales portal but also access to "personal ( and protected) healthcare Information"  -- I am certain the health care industry will race and scramble to compete and provide a competitive edge.
6. HL7 , which is a global authority on standards of health information technology (members in 55 countries), has a detailed directive of adoption of mHealth (MH) and  Meaningful Use (MU). - I urge you spend some time on  http://www.HL7.org

And more… but you get the idea..

(Source: http://www.mobilehealthcaretoday.com/)

 

EHR  - Mobile Consideration:

Regulation   1.253-page Obama care rule - Last Friday 2.PHI 3.HHS 4.ARRA 5.(PP)ACA a.k.a Obama care 6.European Union: Directive 2011/24/EU 7.2009 HITECH Act

Standards   1.HL7 2.OpenEHR 3.Virtual Medical Record 4.Continuity of care record 5.DICOM 6.ISO - TC215 7.SMART 8.ANSI X12 (EDI) 9.Laboratory Information system (LIS) 10.Health Information Exchange -HIE

Technology   1.Health Informatics 2.Meaningful Use (MU) 3.Mobile Healthcare (MH) 4.Mobile Device Diversity 5.ICT/eCharts/ 6.Security and Transaction (time  stamps) 7.Big Data/Mobile/Analytics. 8. New MDM use cases beyond B2E 9. Security, Data leakage, Data self-destruct.

Fundamentally, all the players, namely:

1. Insurance companies (Aetna, Cigna),
2. Healthcare companies (UHG etc)
3. Electronic Healthcare record (EHR) providers
4. Healthcare providers - Hospitals
5. Government entities such as a HHS
6. And others…

All of them would have to focus on

1. Provide access to Unified information about a Patient/consumer to all the "interested" and "Authorized" entities. The idea is to reduce heath care expenses by better and timely sharing of information.
2. A patient/Consumer - should have access to all of his or her records to share with healthcare providers at home and abroad.
3. Integration of Laboratory Information systems and Hospital information system with EHR.
4. Other Regulation on PHI and HIE which was heavily protected will now be visible to other entities like HHS.

As you can see all of this is really related to - Data, Information and it's subsequent security and access control. So I think this is a challenge, which is primarily a data, and informatics challenge. So question  is why does it impact Mobility? Or Why is this a Mobile Conversation? --- I think that is a fair question.

Here is why?

 At the time of all this changes in  US Laws, and update to healthcare regulation, our primary interface weather it is Doctor/Nurse (Health care provider) or  Patient/Individual Health Care Consumer) are moving to Mobile devices  as their primary means to interface with  healthcare information. So it is imperatives that the "Health Care Intermediaries"  such as  Insurance companies, EHR providers, etc provide data access with appropriate levels of governance  and access control which is in compliance with the current laws.

How should we tailor our Mobile conversation?

 This is interesting, as I have been in several interesting discussions and learned that many of health care providers want to start with basics i.e. Mobile Web, before they sort out the regulation, Industry accepted practices, maturity in mobile technology and so on. Mobile Web in this case is also least disruptive as the access control standards are already in place and the considerations around "Mobile Imperatives" are minimal.

     I have also learned that the traditional use of Mobile Devices Management (MDM) which was confined to B2E ( Business to Employees)  use cases may  extend it's capabilities to B2C use cases ( Think selective device wipe, and disable access).  These are certainly new opportunity and costs to  the healthcare Industry in general. The role of Access control is and will be extended with Mobile Context ( Think ISAM Risk based access features). Social media will play an interesting role, simply because the regulations (PHI) and social media contradict each other in principles.

And more..

From this learning I have taken an approach of what we all discussed a few weeks back on "Mobile maturity Model" - which is simply a structural model to explain the Mobile Journey. The Mobile maturity intends to provide a structure to describe the various maturity levels of an organization aspiring to adopt the Mobile-computing platform. Like any maturity model the Mobile maturity model is a framework purported to define the organizational understanding of  Mobile computing  platform, and provide a roadmap to a Mobile platform.

1. mHealth Care Maturity Level 1 - Basic  (PHI) - Mobile Web- IBM WL ( Mobile Middleware) + DP (Added security, transformation and integration) +ISAM (Risk based access).
2. mHealth Care Maturity Level 2 - Intermediate(PHI + Partner/Provider Access control)  IBM WL + DP+ ISAM + enhanced MDM ( Provider/partner data control).
3. mHealth Care Maturity Level 3 - Advanced( PHI + Integrated Health care service + Security - app/data and device)  IBM WL(Containerized apps)+ DP ( focus on Integration)+ISAM+MDM(multiple App stores) + IBM API Management ( think Swim lane and API Access)
4. mHealth Care Maturity Level  4 - Fully Integrated mHealth. mHealth Care Maturity Level 3 + more….( I'd love to see the community's input here)…:)

Net-Net- This is just an example, but we have to draw an adoption model for our clients to adopt and consume technology that they can use in near term.

 

As always I welcome your comments, critique and thoughts. Above all I ask you all to post your experience.

:)

Nitin