💡 HTN | Community Brain Trust | 6/27
🧵TOP THREADS OF THE WEEK:
In case you missed them, here are highlights of a few interesting conversations from different channels:
Threads included below:
- ICD10 codes chrome extension product idea validation
- Understanding hospital discharge & throughput issues
- Risks and best practices of signing a BAA
- Unpacking data segregation for B2B partnerships
- Putting software in escrow
1. ICD10 codes chrome extension product idea validation
Q: Hey all - very random, but I want to validate this idea - do you think there would be any value in a chrome extension that takes whatever note / text you're looking at and creates accurate ICD10 codes? There would be 0 EHR integration for this, you just download the extension.
So say you're in a web-based EHR like Elation, and you can just click a button that generates all the necessary ICD10 codes for you based on your visit note or the patient's history.
My company uses AI to make one-pagers on patient history and this was a feature we're developing for the one pager, but we wanted to see if the ICD10 codes alone would be worthwhile as a standalone product. Thanks!
– Adam Steinle | via #random
Thread Summary: The crew has an interesting back and forth, weighing the potential value and risks of developing such a Chrome extension, including issues with code rejections, regulatory burden, and limitations of tech-based solutions.
Rifath Rashid: Just speaking from personal experience (every EHR can be different) but the EHR I’ve worked with has more structured notes where the ICD codes are already generated. So it’s less about raw text and then generating the ICD codes. A typical flow might be the doctor is trying to add a pre-selected item to the notes like “Post traumatic headache” which already comes paired with an ICD code as apposed to the doctor typing in “post traumatic headache” as raw text and then looking up the ICD code separately.
2. Understanding hospital discharge & throughput issues
Q: HI! Working with a client in the discharge space with hospitals. The systems we’re talking to in California are having major throughput issues (beds full, can’t discharge fast enough - combination of factors inc. people catching up on their health post covid, SNF beds full, etc). Fair to presume this is happening across the country? Or is the problem particularly acute in CA? Thanks!
– Siobhan Gibney Gomis | via #buildersask
Thread Summary: HTNers discuss and agree that the discharge process faces challenges in finding suitable placement for patients, and while there may be regional variations, the issue is prevalent across the country.
Rohan D'Souza: Hospitals are going to start to see the major implications of people losing Medicaid coverage in the post covid relief world. Having built a company focused on hospital throughout which we sold to @Bethany Vick’s current employer, I can tell you with certainty that the majority of throughput issues are on the discharge end with case management workflow trying to find a place that will take a patient. So, there's likely some patterns in states and regions here but averages out across the country.
3. Risks and best practices of signing a BAA
Q: Does anyone have good info or articles on the risk of being a business associate/signing a BAA and the steps to putting a HIPAA compliance program in place?
Context is I'm building an MVP for a technology product which requires a BAA to touch PHI that's pretty low sensitivity (first name, last name, patient type, appointment time). I want to make sure we're doing everything we can to mitigate risk and be compliant.
– Anonymous Bot | via #buildersask
Thread Summary: The group unpacks risk and compliance requirements related to handling PHI under HIPAA regulations, and offers a few actions to take to achieving compliance.
Matt Fisher: If you’re touching PHI, you’re a business associate. Signing the BAA isn’t what makes that determination. The status is determined by the definitions in the HIPAA regulations. If you’re a BA and there is not BAA signed, then the covered entity is violating HIPAA right off the bat.
In terms of setting up a HIPAA compliance program, it is a matter of drafting and adopting appropriate policies and procedures. The Security Rule is the biggest one as you need to do a risk analysis and then develop the needed policies from there. The ONC has a good self-service risk analysis tool.
4. Unpacking data segregation for B2B partnerships
Q: We’re trying to set up a B2B partnership and one of their asks is around “data segregation” where the partner wants their / their members’ data to be “segregated” from other partners’ data.
We have one Google Cloud table storing all patient data (basic profile info, treatment history etc). Similarly, we have one CRM instance for managing all patient support requests. Similarly, we have one EMR with all patient medical records.
When a partner asks for “segregation of data”, are they asking us to have different patient tables / CRM instances / EMR instances for their patients?
This seems very annoying and not scalable across several partners. There’s no way we can have unique tables / software instances for each partner and still be able to actually deliver good quality service. Imagine having to coordinate data writes for patients distributed into 10 separate tables for no good reason.
– Sameer Madan | via #buildersask
Thread Summary: The crew discusses strategies for data segregation and security in the context of working with enterprise clients and EMR (Electronic Medical Records) systems. Recommendations include logical partitioning of data at the database level, implementing security certifications like HITRUST, utilizing privileges and preferences in EMR systems, and considering separate databases or instances as premium features.
Laura Stewart: At the DB level might want to consider logical partitioning of data via some kind of customer identifier. In my prior experiences if you can show the data is locked down and only users who need access have access to it via views etc. it usually allows you to move forward. Other security certifications HITRUST etc. typically help alleviate the fear of data getting in the wrong hands. From a front-end user level most EMR's have privs/prefs that would allow you to lock data down by encounter location, etc. that you could also look at implementing.
5. Putting software in escrow
Q: Has anyone heard about putting software in escrow? So if a software vendor goes out of business the customer can access the code and run it on their own servers. Asking for a friend.
– Dan Witte | via #random
Thread Summary: HTNers discuss the practice of including a software escrow provision in contracts, which is common when working with larger customers or in mission-critical software deals. The escrow typically involves providing the customer with the source code and documentation necessary to maintain and run the software in case the vendor goes out of business.
Chris Saxman: I have definitely heard of that. I had to write a whole term into a contract with a big payer around exactly that. The idea is that if they’re going to trust us to build a core of what will be coming, important business line for them, they don’t want to be left out high and dry if we go out of business. There are escrow agents for such stuff I believe. I would talk to your attorney about it.
Jake Stein: This happens in a relatively small percentage of software deals, and when it involved, it’s most commonly a large customer buying something mission critical from a small vendor. Some large companies will include this ask by default in their procurement contract with all their vendors with the understanding that it will usually get negotiated out.
Our committee of attorneys (including the ones at very large companies) were in agreement that this doesn’t show up in most software contracts.
Here we highlight a question from the Slack that needs some additional community insights - if you have a helpful thought, jump in below!
Q: Any good content diving deep into medical device space and it’s challenges or landscape overview of tech selling into med device companies?
– Boris Goldin | via #buildersask
🤖HTN KNOWLEDGE BOT:
If you have your own question(s) to ask, don’t forget that a good place to start is our HTN Knowledge Bot. It’s our smart search tool that makes it easier to access the wisdom shared within the HTN powered by ChatGPT. You can log in and use it on the website (here) or see how to use it directly in Slack here.
Check out the example ask below!
Here we highlight helpful resources from across the community:
- Climate action in healthcare via Betty Chang
- Where Generative AI Meets Healthcare: Updating The Healthcare AI Landscape via David Mou, MD, MBA
- These Are the Investors You Should Know if You’re Fundraising for Your Healthcare Startup via Jessica Bell van der Wal