Biggs and Leffert report no relevant financial disclosures.
Adopting a sophisticated information technology system with remote patient monitoring and verified security can make a medical practice attractive to patients and payers.
Jonathan D. Leffert
In this issue, Jonathan D. Leffert, MD, talks with William C. Biggs, MD, FACE, ECNU, managing partner and chief medical information officer at Amarillo Medical Specialists LLP, about challenges and opportunities related to information technology for medical practices.
Leffert: How have you have incorporated IT into your practice?
Biggs: Information technology is essentially the currency used to run our medical practices. Obviously, everything is now electronic instead of being on a paper chart, but it is more than just what’s in our own practice. We have communication links to the outside world. We can see information integrating to our electronic health records now from hospitals, pharmacies, home health, the emergency department. We have collaboration from data sources that makes the EHR much more powerful for us. It gives us insights we didn’t have before, and it greatly enlarges the breadth of information we have available to us.
One concern is what would happen if we came into work one morning and it wasn’t there. We have to secure that data, which is very attractive to hackers. It includes patient names, addresses, phone numbers, social security numbers and photographs — all very attractive to criminals. Health care organizations are targeted by hackers to steal your information and could put you out of business. We have to be very careful about how we handle the data and how it’s accessed.
Leffert: What safeguards have you built into your system? What can you do to limit outside threats at this time?
Biggs: The strategy is going to depend on in some ways on how you store data. If you host your own data within your practice, consider having a consultant work with you, perhaps an IT vendor that helped set up the system and can do a security analysis and ensure that you have good backups. Backups are essential in case there’s a mechanical problem or a tornado or a hurricane, for example, so you can reconstruct the data, or if a hacker manages to install malware that encrypts your data for ransom.
You need to have good protection though firewalls. If you have remote access, require two-factor authentication. You must have antivirus or malware scanning on the system. A lot of security breaches are caused by phishing when somebody gets an email and clicks on a bad link that installs malware onto your network.
Your staff must be well trained. Regularly test your employees with penetration testing. Our credit card company requires that they do penetration testing on us at least quarterly — we actually have ours monthly. It’s free as part of our credit card agreement, and our credit card rates go down when we do this.
Leffert: How has your board certification in clinical informatics made your practice more valuable?
Biggs: We have a lot of data on our patients that is useful for establishing our population health characteristics. I can now prove how well I do to insurance companies as far as my patients’ HbA1cs or my patient compliance and outcomes. Our group gets claims data from Medicare and from insurance companies, so we can also prove how well we’re doing on costs and show our value to insurance companies. That’s very useful as far as negotiating with those companies on our rate structure.
We have opportunities for the connected patients for remote patient monitoring. Patients can now connect their continuous glucose monitors, their meters and their pumps. That allows us to have a better view of what is happening with a patient.
IT really has changed our view of who is a patient. It used to be a patient was someone who showed up in my office this morning. Now my patient is my patient 24/7. I’m getting data from them perhaps through a dashboard that will trigger a notice that they’re having an issue and maybe I need to reach out to them or get them to the emergency room. Techniques like that, where we’re doing remote monitoring, saves the health care system money. It saves the insurance companies money, and perhaps you can negotiate with them to share some of those savings with you.
Leffert: If someone were interested in doing what you’ve done — and I know you’ve done it a highly sophisticated level — what would you suggest they do to start the process?
Biggs: Someone in a smaller, solo practice would need to identify a security vendor to help with that security attribute and assign them the responsibility for backups and security testing. For some of the population health and remote patient monitoring, they should identify resources in the community that would help, such as joining an accountable care organization or allying with other groups that already have some tools in place that they can share. Those organizations would probably love to have more endocrinologists join them.
William C. Biggs, MD, FACE, ECNU, is managing partner and chief medical information officer at Amarillo Medical Specialists LLP. He is a clinical endocrinologist and is board certified in clinical informatics. He can be reached at firstname.lastname@example.org; Twitter: @ReddyBiggs.
Jonathan D. Leffert, MD, is managing partner at North Texas Endocrine Center and past president of the AACE. He is an Endocrine Today Editorial Board Member and the Putting It Into Practice column editor. He can be reached at email@example.com; Twitter: @JonathanLeffert.