Advancing mobile computing: how one New Jersey group has moved forward: at the 15-physician vanguard medical group in Northeast New Jersey, PCMH participation helped spur a broader mobile strategy.
At Vanguard, Thomas McCarrick, M.D. is chief medical officer and CMIO. In the case of Vanguard, the path towards mobility began with the group's participation in a groundbreaking patient-centered medical home (PCMH) program with Horizon Blue Cross Blue Shield of New Jersey, which ultimately required Vanguard to become certified as a PCMH; and that necessitated better connectivity. That led to McCarrick's developing an increasingly comprehensive strategy and policy around deployment of mobile devices and their securitization, particularly around what's being called the "BYOD"--bring your own device--phenomenon.
It's all rather subtle and complex, McCarrick notes, because a balance must be struck between the ideal and the practical, with regard to how physicians really practice, and to the kinds of policies to which they can realistically adhere. McCarrick spoke with HCI Editor-in-Chief Mark Hagland about mobility. Excerpts from the interview appear below.
THE GENESIS OF BYOD
Healthcare Informatics: Can you share with us how your "BYOD" policy has been developed?
Thomas McCarrick, M.D.: It's an evolving thing. It started with the EHR [electronic health record]. We started with an EHR eight years ago, from the Austin, Texas-based e-MDs. At the beginning of this process, we just wanted remote access; we weren't extracting data out or anything; but in 2010, we got involved with a PCMH program with Horizon Blue Cross Blue Shield of New Jersey. They invited us to participate in a diabetes program that would require us to become NCQA-certified [certified by the Washington, D.C.-based National Committee for Quality Assurance] as a PCMH, so we had to start identifying those patients and reporting on those metrics. In 2011, we were invited into a larger rollout for a PCMH across all disease states, with Horizon. Once we started reporting for these programs, we started having new problems making connections.
About two years ago, we started a home visit program, in which a geriatrician and geriatric nurse practitioner visit homebound patients to take care of them. That creates other issues, because you want them to work within the EHR remotely, but they have documents at home, medical directives and such--the patients. Any person who had to do data entry, we decided needed to own that device, and that it needed to be fully encrypted. The people who visit remotely will have a scanner with them and will scan the advance directive or other documents into the EHR remotely, so there will be data at rest on those devices.
They have a Lenovo device, and it's fully encrypted. That's only a small part of their practice, though. I have a couple who work remotely to call patients and stuff like that and those devices have to be fully encrypted.
The physicians, physician assistants, and nurse practitioners who see patients--everyone wants to have a cool new device--tablet or smartphone--and everyone wants access to the office. That's the challenge we're facing; we're working with our IT vendor to make sure those connections are secure; if they're using remote access, were not requiring the device to be encrypted if no patient data sits on the device.
HCI: Have you developed formal policies? And does everyone understand those policies?
McCarrick: We're doing that now. My thinking on it has been changing depending on the issue involved. At one point, I wanted to have every device encrypted; then I realized that that was too much. We are trying to put together some kind of policy; right now, it's just in my head. Most importantly, you don't want to have somebody not understand what your policy is, and then do things that inadvertently subvert it.
HCI: In that context, you and your colleagues need to be more mobile, and have embraced mobile devices, right?
McCarrick: Yes, we have to. Everybody in our practice wants to be mobile. They're using devices in their personal lives already.
BALANCING PRIVACY CONCERNS AND INFORMATION ACCESS
HCI: What lessons you and your colleagues learned so far?
McCarrick: You have to teach people the HIPAA principles [related to the patient health information security requirements of the federal Health Insurance Portability and Accountability Act of 1996]; because you'll always find somebody who will undermine those in some unexpected way if they don't understand. Having policies and rules is not enough. They need an understanding of the principles.
HCI: What advice do you have for your colleagues nationwide, CMIOs, CIOs, and other healthcare IT leaders, as they start to work through all of these processes and issues?
McCarrick: While security and patient privacy are very, very important, the priority is access to information, because that's what allows us to take care of patients. People measure the breaches, but don't keep track of the time when our having better access to patient information has helped to save the lives of patients; so that's the balance, and it's not an obvious balance.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||PHYSICIAN GROUP: UPDATE|
|Date:||Sep 1, 2013|
|Previous Article:||Crowded plates: for CIOs, policy mandates are piling up: just how many policy issues are healthcare it leaders facing?|
|Next Article:||Life after the Beacon: San Diego Beacon transitions into a regional HIE organization.|