Posts tagged hipaa
Enforcing HIPAA on and other Cloud Services

I had the pleasure of meeting several healthcare colleagues in the last couple weeks at various conferences. One thing quickly became apparent to me during our discussions: cloud-based applications (, most noticeably) are being adopted throughout healthcare organizations. Everyone is excited about:

  • The benefits these SaaS-based applications will offer the business without taxing IT 
  • The fact that SaaS applications are reducing the time to deployment of new applications throughout the enterprise

Still, everyone seemed to keep asking the following question: How do you enforce security and HIPAA policies on SaaS applications while safeguarding your customer data? This is an important question given that 69 percent of hospitals don’t have the proper controls and policies to detect and respond to breaches.

It inspired me to host a webinar where we can:

  • Hear from an Axway field expert about how customers deal with their challenges
  • Share customer strategies for enforcing security policies on cloud-based applications such as, Google Apps, SuccessFactors, and Amazon WebServices
  • Address single sign-on (SSO) across multiple SaaS applications and versions

Join us on April 16th, 2:00 p.m. EST, and get ready to learn how to handle compliance and security issues when dealing with cloud-based applications. Also, be sure to come with your organization’s toughest questions and challenges: our expert will give you advice live! Register now!

Mobility, IoT, and Real-time Technologies at HIMSS — More than just Hip or HIPAA Technologies

By Rob Meyer, VP of Solutions, Vertical Marketing and Management, Axway

Most of our friends and family debate the Iraq War, Obamacare, and the economy, but the elephant in the room that eclipses them all? Chronic care. According to a recent Milken Institute study, the seven chronic diseases — cancer, diabetes, hypertension, stroke, heart disease, pulmonary conditions, and mental illness — cost the U.S. $200 billion annually, and an additional staggering $1.1 trillion in lost annual productivity. In other studies, the annual cost of diabetes alone is approaching $200 billion.

At HIMSS this month, one thing you’ll have trouble debating is the impact technology can have on cutting chronic care cost in half and helping payers and providers implement all the changes required by healthcare legislation. If you’re a payer or provider, you’ll want to make sure you know what it takes to succeed and how to avoid the pitfalls. What are some of the solutions making a big difference, and what should you take away from HIMSS?

The Internet of Things (IoT) 

The average annual medical expenditures of a person with diabetes in the U.S. is nearly $14,000. It’s also been shown that half of those costs can be cut through continual remote care by diabetes experts and nutritionists, even though the cost of pharmaceuticals can go up a few thousand dollars. What makes this possible is mobile health and the Internet of Things. In early 2000, I helped connect glucometers to PCs, and PCs to the web through HTTP posts for continual care. I pricked myself five times a day just to test it out and see what others went through. Today, researchers are looking at contact lenses that monitor glucose levels in tears, connect to a local device, and send information to providers via APIs. This massive network of new medical devices — from contact lenses and other glucometers, to heart, blood pressure, and even prescription monitors inside the body — is called the Internet of Things, or IoT. It’s already a reality for smart vehicles that tell you when to book a new service appointment, or smart meters that automatically reduce power to your house.

Mobile Health (mHealth) 

Remote continual care has already made a lot of progress just by patients using mobile devices to access medical records and test results, book and manage appointments, and interact with their physicians and nurses without having to call or visit. If you don’t have a mobile strategy in place and some deployments, you’re already behind. The good news is there are plenty of deployments to learn from in healthcare alone.

Real-time integration and clinical care 

There is a lot of real-time infrastructure and integration that needs to be deployed now. It will take years to not only make IoT and mHealth a reality, but to fulfill healthcare mandates. By now, partly for regulatory reasons, Access Coverage and Enrollment (ACE) real-time eligibility, electronic funds transfer, remittance, and reconciliation should be deployed across payers and providers. They’re not. But there are companies who have completed these projects. It’s important to hear their stories and learn from them. Some vendors have worked with payers, providers, and banks to make this a reality. There are some great stories out there, including Kaiser Permanente, who does all of this in their mobile app for their nine million members.

API management 

You may have noticed that several of these initiatives depend on real-time integration, and API management in particular, which involves the development, deployment, management, publication, and promotion of APIs to new groups of developers for (1) external access, and (2) cloud and mobile applications. These APIs are built on a new set of standards, including REST, JSON, and OAuth. Existing middleware does not support these standards well, and wasn’t designed to integrate across or outside the firewall (as cloud services). API management technology does this very well. Over the last few years, many payers and providers have deployed API management technology, because REST APIs support most portals; internal, bring-your-own-device (BYOD) initiatives; and mHealth projects.

The majority of these companies have also used API management to solve two critical issues: security and compliance. Not only do some vendors provide policy enforcement points where authentication, authorization, encryption, redaction, and usage policies can be defined by API and user/role, but identity can be bridged and managed between existing identity management systems and the new world of OAuth. And these API gateways provide complete audit trails and usage analytics, SLA monitoring, and services for protecting against external attacks that might lead to data breaches or loss of service. Some gateways even protect existing systems from getting overloaded by enforcing usage policies, “throttling” access and caching.

So if you’re going to HIMSS, make an effort to learn more about the trends in mobility, real-time technologies, and IoT. They’re more than just hip technologies or HIPAA necessities. They just might cut costs to a level that make healthcare more affordable. They even might eliminate some brutal consequences of some all-too-common health issues.

And if you’re not going to HIMSS, maybe you can — at the very least — help us change the conversation from the Iraq War, Obamacare, and the economy to chronic care and the burgeoning technologies that have the potential to save us a lot of money and pain.