treatment progression,” he says.
Murphy agrees the increase in chronic condi-
tion diagnoses is taxing physicians’ time and increasing patient workload. “Remote moni- toring not only allows clinicians to stay involved with their patients’ therapy programs after they have left the hospital, but this kind of technology can also flag potential adverse events in real time, helping doctors to check in with their more at-risk-patients and enabling HME providers to better manage their patient populations.”
FLIRTING WITH PANDORA
Remote monitoring is a boon to medicine, but like many new technologies, it’s a Pandora’s box of potential issues. Often, the device agree- ments are much like Apple or Facebook user agreements, with information about what the device is monitoring and sharing buried deep
in fine print that most people never read. Your CPAP patients may know their machines are transmitting information to their doctors, but not realize it’s also transmitting to the manufacturer or their insurer. And those services are moving across public networks, exposing them to poten- tial risks.
A 2017 report by Trend Micro found that
more than 100,000 healthcare devices and systems were exposed directly to the public Internet, including EHR systems, medical devices and network equipment. According to the Government Accountability Office (GAO), more than 113 million care records were stolen in 2015. A separate study conducted that year estimated that cyber attacks would cost the U.S. healthcare system $305 million over five years. That’s a big incentive to protect the data.
In late February, Sen. Mark Warner (D-Va.) sent a letter to healthcare industry trade groups, asking for ways to improve cybersecurity in the industry. Warner asked stakeholders whether or not they have inventories of all the connected systems in their facilities; what steps they take to protect them; how system patches are tracked; how many of the organizations are running
on outdated systems; and asked the organi- zations to share best practices and make recommendations.
“The increased use of technology in health- care certainly has the potential to improve
the quality of patient care, expand access to care (including by extending the range of services through telehealth), and reduce wasteful spending. However, the increased
use of technology has also left the healthcare industry more vulnerable to attack,” Warner said in an announcement. “As we welcome the benefits of healthcare technology we must also ensure we are effectively protecting patient information and the essential operations of our healthcare entities.”
Recent Department of Health and Human Services (HHS) actions are focusing on privacy and data security as well as efficiency and interoperability. HHS in February published
a proposed rule for medical interoper-
ability with the goal of “seamless and secure access, exchange, and use of electronic health information.”
The proposed CMS rules would require health- care providers and plans to implement open data-sharing technologies to support transitions of care as patients move between plan types; and give patients free access to their electronic health information (EHI). As with many govern- ment actions, the aim is to make costs more transparent on the theory that it feeds competi- tion and reduces costs.
“The whole healthcare industry is going to
the coordination-of-care model,” says attorney Jeffery S. Baird, Esq., chairman of the Health Care Group at Brown & Fortunato. “The whole fee-for- service model has come under attack as being very inefficient. Payers are saying ‘we are happy to pay, but you’ve got to show it’s improving the patient’s health and they are not frequent flyers.’”
For DMEs, the biggest legal issues he
sees with the connected care tech boom are likely to be payer audits, patient privacy, and potential violations of anti-kickback statutes if a pharmacy shares interoperability software with a referral source to facilitate care (it’s allowable if certain conditions are met).
Remote monitoring can help facilitate audit responses because it provides a record of the patient’s device usage that can be matched up to other data to show patient compliance and how the treatment correlates to results. “I see that as an important issue, that the client infor- mation has to be good enough to allow the DME to pass an audit,” Baird says.
Next: “From a HIPPA standpoint, that data needs to go only between providers, those who need to know, and the patient. If the data gets out from the care environment, you have a HIPPA breach,” he says. Privacy rules are the same as for analog records under HIPPA, so the protocols have already been worked out for the mediction prescribing system and most of the pharmaceu-
tical software providers have built them into their business systems.
“Philips HealthSuite (and the cloud-based systems that run on it such as Philips Care Orchestrator and Encore Anywhere) is built on the foundation of international standards and frameworks for integrating privacy and security in the architecture, implementation, and opera- tion of the platform,” Murphy notes. “Philips HealthSuite’s digital platform supports data encrypted end-to-end (in flight and at rest) to avoid tampering and unauthorized access. “
Likewise for Brightree. “You always have to make sure you are in the boundary constraints of privacy, security and consent,” Knowlton says. “A lot of people view interoperability as just tech- nology, but it does involve concepts like privacy and consent and security ... There are ample solutions out there for how to navigate that.”
One other possible pitfall for DMEs to avoid:
A pharmacy may want to donate software to
a nursing home that is a referral source to the pharmacy. “As a result of that donation, is that something of value from a pharmacy to a referral source triggering a violation of the anti-kickback statute?” Baird asks. “The Office of the Inspector General may have to set conditions for that ... There is a tendency to want to coordinate soft- ware with a referral source.”
Technology isn’t failsafe, but that’s no reason for DMEs to avoid taking a role in connected care. “There will be our share of lawsuits when the technology goes awry. Periodically there will be bad outcomes. The key is to always check and recheck the remote monitoring technology to make sure it’s working, and have liability insur- ance,” Baird says. “What will happen is, if there is a lawsuit, it’s going to be based on negligence and or product liability. Both of those have been covered by insurers for 100 years.”
That, of course, comes with the same caveat as any insurance policy: “Any time an insurer can deny coverage they will,” Baird reminds. “It’s a game insurance companies play where they will deny coverage. You have to fight it.” n
Holly Wagner is a freelance writer covering a variety of industries, including healthcare.
22 HMEBusiness | April 2019 | hme-business.com
Management Solutions | Technology | Products
“Remote monitoring not only allows clinicians to stay involved with their patients’ therapy programs after they have left the hospital, but this kind of technology can also flag potential adverse events in real time, helping doctors to check in with their more at-risk-patients and enabling HME providers to better manage their patient populations.”
— Tim Murphy, Philips Sleep and Respiratory Care