New WhatsApp end-to-end encryption. Free HIPAA compliant messaging?

admin No Comments
  Compliance Healthcare O & P

If you’ve been using WhatsApp with the latest update, you might have noticed a message yesterday while sending to some of your contacts. All users who’ve updated to the latest version released yesterday will now have all of their messages encrypted end-to-end. For the less tech-savvy out there, what this means is that all messages, images, videos etc. are encrypted, or scrambled, once they leave your device and are only decrypted on the receivers device. That means no copy of the message is ever accessible by WhatsApp servers or employees. Even if they would receive a court order to recover those messages there would be no way for them to do so.

What this might mean for healthcare providers is that since all messages you send are completely encrypted in transit and protected from access by anyone other than the intended recipient, there would be no way for the transmission to be leaked. WhatsApp would not even be considered a business associate because they have no access to the data at any time. The only issue I can see is control over the receivers device. Meaning that if the receivers device is unlocked, anyone who gains access to their physical device can read those messages. This issue would be solved for all internal company devices using device passcode locks and MDM, or Mobile Device Management, which should be in place regardless for employees who have access to company/healthcare resources through their mobile devices.

What some of you might not know is that WhatsApp actually started encrypting messages sent through its android app already in November of 2014. This was only for text and only from android user to android user. Another new feature that rolled out with this update is the ability to confirm the encryption by the lock icon and encryption notice on the other users profile. You can even tap the encryption notification and a passkey will pop up so you can manually verify the security code for the chat with the person you’re sending to.

Are These Really Challenges?

admin No Comments
  O & P

We are all aware of the reimbursement challenges being talked about, whether in trade publications, list-serves or on social media. These issues are very important and must be brought to the forefront, but are they really as negative as they are being portrayed?

The only way for any industry to survive is to evolve and mold itself through a culture of positive change. Sometimes change is voluntary while at other times it is forced by third party stakeholders or dictated by circumstance. The Orthotic and Prosthetic reimbursement landscape we are in right now is an evolving system that is forcing us to change. If we channel this for positive change, the O&P industry will grow stronger as a result. Instead of balking at regulation and CMS policies, let’s ask ourselves, “Why are they doing this?” I don’t think we should stop advocating for a discontinuation of potentially harmful regulation and I applaud the tireless efforts of our advocates at AOPAAAOP and the rest of the O&P Alliance for all they do to make a difference, but we should definitively not lose sight of why CMS is moving in this direction. Blaming it on “fraudsters” and people who bill inappropriately, as the media likes to proclaim, is not the solution and will not help us move forward.

While the DMEMACs love publishing O&P audit results showing a 100% denial rate, there is something drastically wrong with this picture. Where are we going wrong?

All organizations have one thing in common, they thrive on data. Whether it’s a government agency, insurance company, or any company for that matter, the only way you can see results is to prove it with data. Let’s take a small beachside ice cream shop in San Diego for example. (It’s 10°F with snow on the ground here in the Midwest, but I guess I can imagine, right?) You have Bob, the owner/manager, who devises the menu options and comes up with the recipes and flavor options he wants to offer. He makes his ice cream, puts it out in the front display and opens his store for business. Every time a customer orders, Bob is there and sees what they prefer. After awhile, Bob knows which flavors go faster and which stay around, which ones are popular and which ones he should pull. He’ll know exactly what his customers usually order and which recipes are working, because every day he sits there and watches his customers come in and order.

Is he collecting data? Yes, mentally in his head. Does he have a structured way of analyzing that data? Not a chance.

Now imagine Bob has 75 ice cream shops spread across 6 states. There’s no way for him to watch every customer and store anymore. Now there’s no way for him to know on his own which flavors work, no way to know what needs to be remade, no way to know which recipes are a dud. The only way for him to stay successful is to create a system where he can collect and evaluate his business data efficiently and accurately. He’ll need to put some type of system in place to collect data points at each of his locations in order to be able to accurately act upon them. How many customers come in daily, which flavors are preferred at each location, etc. Now imagine Bob wants an investor to pay him for his recipes. Can he prove which ones have value, which ones are successful? Also, even if he can prove what works at his little beaschside shop, does that mean that what works in San Diego will also work in Miami?

The O&P practice has historically been a technical operation run by owner/practitioners who operated their own small businesses and were able to see what worked and what didn’t work for their patients. Practitioners were collecting mental data points to evaluate if their treatments were working and how patients reacted to different modifications. Outcomes measures for each case were being collected and evaluated in each practitioners head, but were not being documented in a structured format nor were they being validated scientifically on a global scale. We have now evolved into a professional field aligning ourselves more closely with the medical profession, but our data sets are way behind what’s being produced by other allied healthcare professions. The result is that we have no good way to prove the value of our treatments at a level that the medical directors at the insurance companies would be comfortable with. Also, due to the small size of our profession and patient base compared to the rest of the medical world, our scientific studies have much smaller samples and are therefore much harder to validate.

In order to effect greater change, we’ll need to be more aware of these limitations and realize that only we can change them. Data collection processes need to be made standard across the profession and we should be designing an easy way to globally collect this data and make it readily available for practitioners to use. This is not just about outcomes measures, this is about all relevant data that can be used to prove the value of our profession to CMS and other stakeholders in our industry. We should design simple tools to collect de-identified data sets from all Orthotists and Prosthetists across the country, and we need to be making these tools available for all of us to use.

The barriers to data collection need to be identified and we should be finding ways to minimize them at all costs. Our future depends on it.