“Security mandates within state and federal regulations, such as HIPAA, have made it difficult for healthcare organizations to know where to turn to ensure compliance with their collection and analysis of patient data,” says Bonnie Semega-Ortiz, senior vice-president of product management and marketing for AdvanceMed Corporation in Reston, Virginia.
In August 1996, President Clinton signed into law the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is designed to protect confidential healthcare information through improved security standards and federal privacy legislation. It defines requirements for storing patient information before, during and after electronic transmission. It also identifies compliance guidelines for critical business tasks such as risk analysis, awareness training, audit trail, disaster recovery plans and information access control and encryption.
Security and compliance with regulations like HIPAA were one of the biggest concerns when Regence BlueShield of Washington State decided to move its in-house data collection and analysis function to an outsourced service. “The first thing you have to do is work out the security issues,” says Kris Urv-Wong, Regence’s managed care analyst.
Security, she says, is key because “putting information out via the Internet makes people nervous. There is so much uncertainty about the security of information. You have to work with your chosen supplier to make sure its technology gateways for your organization won’t let the wrong people in.”
This security complexity has long been an issue for healthcare providers and insurers, who have confidential patient data to worry about. But AdvanceMed, an application service provider (ASP), understands those security concerns and is prepared to address them. “We’ve really honed in on what is necessary to protect data. And we keep abreast of security technologies to better serve our clients,” says Semega-Ortiz.
Doing More With Less
Information management is about more than just sharing information electronically without fear of that information falling into the wrong hands, however. For example, Urv-Wong says that by using an outsourced data analysis application, they’ve found a more focused way to find information quickly. “Once you get the information, you may have to do a specialized query, but it keeps you from searching around a huge data set, and maybe never finding what you’re looking for.”
Instead of agonizing searches of monstrous data marts, AdvanceMed divides Regence’s data into nine smaller ‘cubes;’ and the users can chose from 64 different reports according to the information needed. Additionally, users can access all this information from their desktops. “That is just invaluable,” says Urv-Wong.
“We collect data from patient records and financial records,” says Semega-Ortiz. “Then we provide ‘data dictionaries’ where we just catalog pieces of data.” This access to only the information that is necessary amounts to having cleansed, relevant data at your fingertips, and that, says Urv-Wong, makes it easier to find the necessary information. It also allows the healthcare provider to analyze patterns that may not have been evident before.
Making the Complex Manageable
Although security and data usability were major concerns for LUMOS, LLC, a consortium of three Connecticut-based physician hospital organizations (PHOs), whether the data collection/analysis supplier understood the problems that are unique to the healthcare industry was of equal concern. “We had been doing prehistoric profiling,” says Dr. Russell Munson, medical director for the Integrated Resources for the Middlesex Area (IRMA) PHO – one of the three participating PHOs in LUMOS.
“One thing that really impressed us and gave us a lot of confidence in outsourcing was that when we brought very complex problems to AdvanceMed, they gave us very realistic answers to those problems,” he says. The answers may not have always been what the organization wanted to hear, but because of AdvanceMed healthcare expertise, they were the correct answers. And that is nearly as invaluable as having the right security to meet state and federal regulations.”
“This is a solid technology,” says Semega-Ortiz. “It’s not bleeding edge, but it is one that works and has been proven. This is a sound, peer-reviewed solution, and we have experts on staff who can help make the right predictions.” Because of the combination of effective technology and a vertical understanding of the needs of healthcare organizations, as well as affordability for small and mid-sized provider groups, the ASP model provides a unique solution.
Until recently, ASP outsourcing solutions were fairly new and still considered risky. Healthcare provider organizations now recognize the risk is no longer there, the dollars they spend on an ASP solution are minimal and they get maximum value.
Lessons from the Outsourcing Journal:
- Recent state and federal regulations have made data collection and analysis more difficult. Outsourcing this process places the burden for security and other regulatory compliance on the supplier.
- An outsourcer who understands the complexities of the healthcare industry can leverage its expertise with its technology resources to provide a better business solution.
- Today, the healthcare industry is faced with decisions about solutions that use bleeding-edge technology. Outsourcing is always the best model for reducing the risks associated with using technology that is still evolving.