Gray and white lines hovering above a hand holding a cell phone
Seeking to Increase Customer Retention? You Need Seamless Communication 600 252 Thomas Donhauser

Seeking to Increase Customer Retention? You Need Seamless Communication

In last month’s blog, I talked about how companies are looking to improve their digital strategy and better engage with their consumers.  Much of this was centered around the idea of incorporating a digital strategy when it comes to how your company communicates and interacts with your “customer.”  At the same time, improving that digital strategy also needs to look at how you work with and communicate with your partners and other various stakeholders.

As an example, DataMotion works with a variety of companies that provide patient hub services.  As a first step, these companies wanted to incorporate a secure channel for email communication with their customers.  The ability to integrate secure communication into their CRM system, whether it was Salesforce or another CRM solution, was critical as it allowed their employees to simplify their process and ensure that all communication was kept in one place, making them more efficient and customers happier.

Why the need for a great customer experience?

This is important for a variety of reasons.  Consumers today are time stressed just like we all are – they do not want to repeat or re-enter information that has already been shared.  Providing consumers with this seamless and personalized level of service is critical to an exceptional customer experience.

At the same time, consumers have also become accustomed to instant or “near instant” gratification, often referred to as the Amazon effect.  Today’s consumers expect a high level of customer service and want the ability to get their questions answered immediately and be able to access other information easily when necessary.  According to a recent study by Salesforce, 82% of consumers would switch providers as a result of a bad experience. Thus, if you are not providing a high level of service, someone else will and ultimately your customer will find another provider that makes their life easier.  Bottom line – a great customer experience = better customer retention.

Even companies that have not traditionally interacted with consumers directly, such as pharmaceutical manufacturers, are beginning to develop and foster direct consumer relationships.  Because of this, these businesses must rethink their customer support strategies and how they wish to engage with their consumers as well.

The below chart is just one example of what today’s consumers are looking for from a pharmaceutical company:

Graph of consumers who say it's important for pharmaceutical companies to do the following

*Source: “State of the Connected Customer”, Salesforce Research, June 2019

Seamless communication is a requirement

Seamless communication is critical to great customer experience. Business partners and stakeholders must work together to make it a reality.  For patient hub services, this might mean that instead of providers faxing over clinical care notes or other clinical data that would come from the EHR, this information might now be integrated into the workflow by using Direct or some other connection to the EHR.

A great customer experience is not the only benefit of this kind of seamless communication. The ability to bring clinical data into the workstream in a more automated manner will not only improve the experience but will lower costs and lessens the potential for manual data entry errors.

Bottom line is, take care of your customers and the experience they have with you and watch your customer retention rise while lowering costs.


Contact Us
Man working touching cell phone screen
Health Insurance, Social Distancing and Customer Communications 600 237 Thomas Donhauser

Health Insurance, Social Distancing and Customer Communications

Health insurers are facing great pressure to modernize the way they do business.  With the advent of COVID-19 and social distancing, the need to do business remotely requires a new set of competencies centered around improving their digital competency.  Fortunately, the changes that can make the most difference are ones that are easy to implement. They’re centered around simple and convenient methods to securely exchange documents and messages between your employees and their customers and partners. Competency in this area of digital communications is the expected baseline of customers and partners going forward.

In remote and stay at home environments, traditional methods such as fax, postal mail and mail rooms are either not available, or are inefficient and impractical, putting a company’s revenue and profitability at risk. Wherever there were personal touch points in the past, companies will need a corresponding digital strategy.  As insurers’ staff shift to working remotely, more aspects of their workflow with customers and partners must be digital. Tools like fax and paper forms are just not as practical in a typical home office – whereas convenient secure methods for digital collaboration and document exchange would be.  Those companies that embrace new digital ways of doing business will succeed.  A recent study from Salesforce says about 20% of consumers use portals to communicate with insurers. We believe all aspects of digital business will go up. Consumers expect organizations to provide them with a modern experience to handle not only routine transactions, but also those that have exceptions.  Offering secure document and message exchange, especially if it is integrated into the customer portal or mobile app, provides the simplicity to delight while simultaneously getting work done.  A solution that integrates into the systems already used by employees, such as Outlook, or contact center and helpdesk ticketing systems, provides a simple, seamless experience that increases productivity.

When handling health-related data, there has always been the need to protect PHI. Secure communication is an integral part of how insurers interact with their members and is an essential element for a great customer experience. The need for solutions that not only meet compliance requirements, but which are also easy to implement and use, is critically important. Data security and regulatory compliance shouldn’t get in the way of a great digital experience for employees, customers, and partners.  By succeeding in these areas, you will have a significant competitive advantage over those organizations that treat today’s environment as business as usual.

Ready to learn more about how your organization can modernize the way they do business and improve their customer communications?

Contact Us
Someone holding a tablet while a woman doctor writes on a clip board
Digital transformation and clinical data exchange 768 326 Thomas Donhauser

Digital transformation and clinical data exchange

Digital transformation is all the rage these days and with clinical data exchange, the healthcare industry is no exception.  Numerous government and industry regulations in the last 10 years have “forced” providers, payers and vendors to step up and start implementing digital technologies to replace old paper based ways of working with health care data. Think HIPAA/HITech, Meaningful Use, and more recently MACRA, MIPS and the 21st Century Cures Act.

As often happens with transformative or cultural change – which this surely is – some components are quickly embraced, while others find many roadblocks in their way. As the health industry marches toward digitization, the roadblock we most often hear about is around interoperability – AKA – health clinical data exchange. How do we most effectively and efficiently exchange health data to obtain the best quality of care for the patient – when they need it?  What are the tools we have today to get us closer to interoperability and remove these roadblocks for exchanging health data like patient communications, medical records attachments, referrals and consultations with diagnostic attachments? These are frequent questions.

Finding the path to interoperability roadblock removal

Sometimes the best way to find your own way is to ask others how they got there.  So, let’s do that.
We have a customer who is an integrated health delivery network that has patients making continual transitions from acute care to long-term care, from acute care to visiting nurses, from acute care to home health services – you get the picture.  With all these transitions of care exchanges they had several digital data exchange needs including:

  • Easing electronic health information exchange across an integrated delivery network in compliance with federal health information privacy and security requirements
  • Maximizing workforce productivity by securing Protected Health Information with automated high accuracy content filtering
  • Mobilizing clinical data exchange with referral partners in accordance with national standards

The large volume of patients transitioning to new facilities required a very quick exchange of clinical documentation so it arrived at the network provider before the transitioning patient did.

Tools are available today

Using the health data exchange techniques of email encryption and Direct Messaging that are available today, this customer was able to meet these requirements and achieve on-time delivery of patient information for these frequent transitions of care.

Get more information

This is just one example using tools available now to get past health data exchange roadblocks. You can get more details and download the entire case study for this customer in our resource library. For more information on health data exchange techniques take a look at the whitepaper “21st Century Data Sharing Techniques for Healthcare Delivery Transformation Success”.

Does your organization need help getting past the clinical data exchange roadblock?
Contact Us
Glasses sitting on stack of papers on a desk with gray icons of people connected with lines hovers above
What Does Patient Engagement Really Mean? 600 237 Thomas Donhauser

What Does Patient Engagement Really Mean?

We often hear terms such as patient engagement and they become the latest “term du jour”.  But what does that really mean and what is your organization doing to help promote such activity?  Is patient engagement a part of your organization’s strategy to maintain customer loyalty and grow your business?

Patient engagement is much more than just offering a portal or app that your patients can use to schedule appointments or see their latest EOBs.  Patient engagement is more about a philosophy – a way that your organization will interact with your patients or members.  This interaction needs to be bi-directional.  Providing your patients with access to their health information may also be a part of this strategy.  However, patient access to their data is not enough.  What is critical is the need to help patients by engaging them and making sure they understand what their data is “telling” them.

The idea is to provide patients with the necessary information, guiding them and ensuring they are engaged with their own care, and making the right choices. This will lead to better outcomes and ultimately to a lower cost of care.  This level of engagement requires that providers are active participants.  By gaining a holistic view of the patient, then you, the provider, will become an active partner in the patient’s care.  The need to run duplicative tests can be avoided. The ability to remind patients if they miss a prescription refill will help in establishing your organization as a trusted partner in the patient’s care.  Some patients will obviously be more active participants than others, but if you are able to provide them with things like educational resources or support groups – this can also lead to a richer experience for the patient. The result – they will view your organization as their trusted source for their health needs.

Patient engagement requires patient data

In our “information everywhere” world, patients can be easily overwhelmed with data.  In today’s technology invasive environment, with wearables and the many health apps that are designed to help us, how do we make sense of it all?  The need to pull together the many sources of data available to us as providers or as patients is leading to the advent of yet another enabling technology – the personal health record.  The idea of a personal health record is not necessarily new, but we now see various technology companies, foundations, pharmaceutical companies as well as payers contributing to the personal health record, making it easier for the patient to truly be at the center of their care.  These technologies are more user friendly to the patient and the provider.  These applications make it easier to both collect and transmit personal health records, which when fully aggregated, can lead to greater insights for care management. They should also be particularly useful to everyone concerned with chronic disease management.

The bottom-line?

As a member of the health care ecosystem, the question you now need to ask is how will I engage and bring further value to my patient? What technologies can I enable for my patients to make true patient engagement a reality for my patients?

We believe that as this push for greater visibility and data access grows, DataMotion is well positioned to be the conduit for much of this communication flow.

How did one organization use DataMotion Direct Secure Messaging to improve care coordination, provider satisfaction, and CMS quality metrics?

Doctor shaking hands with a man in a suit jacket
DataMotion™ Achieves Full DirectTrust™ HISP Re-Accreditation 600 237 Monica Hutton

DataMotion™ Achieves Full DirectTrust™ HISP Re-Accreditation

Accreditation ensures compliance with DirectTrust HISP Policy requirements and interoperability with conforming HISPs

WASHINGTON, DC and Florham Park, NJ, January 20, 2020 – DataMotion today announced it has achieved full re-accreditation through the DirectTrust™ Accreditation Program for Health Information Service Providers (HISPs). DirectTrust is a non-profit healthcare industry alliance created to support secure, identity-verified electronic exchanges of protected health information (PHI) between provider organizations, and between providers and patients, for the purpose of improved coordination of care.

Founded in 1999, DataMotion today has millions of desktop, tablet and mobile users that leverage its mature, cloud-based secure data exchange platform and services, many for health care applications. In the fall of 2012, the company expanded operations as a HISP and introduced DataMotion Direct. The company achieved its first EHNAC HISP accreditation in 2013, and added the CA and RA accreditation in 2014. Today’s announcement signifies the DirectTrust HISP accreditation renewal, and an ongoing commitment to the increasing adoption and expansion of the Direct Secure Messaging network.

DataMotion HISP services software were audited against a series of technical, physical, and operational criteria and found to be fully in compliance with the Direct Standard™ and the requirements of the DirectTrust Security and Trust framework.

“DirectTrust HISP accreditation certifies that an organization has established and upheld a superior level of trust for its stakeholders, which is a significant distinction. Kudos to DataMotion’s commitment to maintaining the highest standards in privacy, security and confidentiality,” said DirectTrust President and CEO, Scott Stuewe.

“Renewal of our accreditation with DirectTrust demonstrates our commitment to secure, interoperable clinical health information exchange across the care continuum using Direct Secure Messaging,” said DataMotion co-founder and CEO Bob Janacek. “Leveraging our population-scale cybersecurity platform as a service (PaaS), DataMotion Direct allows mHealth apps to aggregate and analyze longitudinal data from disparate ambulatory and acute systems, reduce costs and improve clinical outcomes.”

About DirectTrust Accreditation Program for Health Information Service Providers

The DirectTrust Accreditation Program recognizes excellence in health data processing and transactions, and ensures compliance with industry-established standards, HIPAA regulations and the Direct Standard. Launched in March 2010 as a part of the Nationwide Health Information Network, the Direct Project was created to specify a simple, secure, scalable, standards-based way for participants to send authenticated, encrypted health information directly to known, trusted recipients over the Internet.  Today DirectTrust is an American National Standards Institute accredited Standards body and the custodian of the Direct Standard.

DirectTrust participating organizations are evaluated in the areas of privacy, security and confidentiality; technical performance; business practices and organizational resources as they relate to participants in the DirectTrust network and other Direct Secure Messaging participants. Additionally, their process of managing and transferring protected health information is assessed and determined to meet or exceed all DirectTrust criteria and industry standards. Successful completion of the Accreditation Program demonstrates organizations’ adherence to strict standards and participation in the comprehensive, objective evaluation of their business.

About DirectTrust

DirectTrust is a non-profit, vendor-neutral alliance initially created by and for participants in the Direct community, including Health Information Service Providers (HISPs), Certificate Authorities (CAs), Registration Authorities (RAs), doctors, consumers/patients, and vendors. DirectTrust serves as a forum for governance, and accreditation body for persons and entities engaged in exchange utilizing the Direct Standard™, supported by DirectTrust’s robust security and trust framework. The goal of DirectTrust is to develop, promote, and, as necessary, help enforce the rules and best practices necessary to maintain security and trust within the Direct Secure Messaging community. DirectTrust is committed to fostering widespread public confidence in the interoperable exchange of health information. To learn more, visit

Media Contact:
Ed Emerman
Eagle Public Relations

About DataMotion

Since 1999, DataMotion secure data exchange technology has enabled organizations of all sizes to reduce the cost and complexity of delivering electronic information to employees, customers and partners in a secure and compliant way. Ideal for highly regulated industries, the DataMotion portfolio offers easy-to-use, CX friendly, encryption solutions for email, file transfer, forms processing and customer-initiated contact. In the healthcare sector, DataMotion is an accredited HISP (health information service provider), Certificate Authority (CA) and Registration Authority (RA) of Direct Secure Messaging. The DataMotion Direct service enables efficient interoperability and sharing of a person’s data across the continuum of care and their broader lives. DataMotion is privately held and based in Florham Park, N.J. For the latest news and updates, visit, follow DataMotion on LinkedIn or Twitter® @datamotion.

Monica Hutton
Marketing Director



# # #

Doctor holding stethoscope in hand with different medical icons floating above
The Myths and Meaning of HIPAA 600 238 Andy Nieto

The Myths and Meaning of HIPAA

When I was a child, the threat “just wait ‘til your father gets home” was enough to make me change my attitude. I wasn’t punished much as a child, and time with my father was far happier and positive than not, but that phrase still resonated. For many, the meaning of The Health Insurance Portability and Accountability Act (HIPAA), is in many ways, like that threat.
HIPAA often inspires doom, gloom, and fear. Because of that, it can lead to unintended expectations and behaviors regarding patient information, making effective care coordination a challenge. In reality, HIPAA gives us some guidance about the protection of information and is a very real threat — only if you ignore it. However, it’s not all doom and gloom.

Can vs. Can't

First, let’s look at what you can do with patient medical data under HIPAA. You can:

  • Connect
  • Share
  • Cooperate
  • Consult
  • Question
  • Exchange
  • Communicate
  • Treat

That’s a significant list and it’s all about coordination.

Now let’s compare that to what you can’t do with this same information under HIPAA. You can’t:

  • Ignore
  • Distribute
  • Expose
  • Publish

It’s easy to see how this can be confusing. The security and privacy standards defined by HIPAA combined with the expanded responsibilities under the Omnibus Rule, have created layers of bureaucracy and whole industries have sprung up to “explain” the meaning of it.


So, let’s step back for a minute and look at what HIPAA is really supposed to be about, which to me, is stewardship. Stewardship is the responsible overseeing and protection of something considered worth caring for and preserving. On the official Federal site, it says that the HIPAA Privacy Rule “establishes national standards to protect individuals’ medical records and other personal health information.”

Stewardship implies a personal ownership and responsibility. The word “ethic” implies that very high personal and professional standards should be applied to the responsible management and protection of a patient’s information. It is really about taking care of the health information entrusted to you.

Perhaps the biggest shift in mindset for physicians in the last several years has been the emergence of patient health information as a valuable component of their practice and to treat it accordingly. Let me use an analogy and compare money to information. As a person, you don’t carelessly give away your money or leave it lying around. You don’t share your financial account logins with strangers and you certainly wouldn’t want your financial records being released, exposed or published. As part of our upbringing, from our initial allowance to our first job to your career today, we have been learning about money, its value, and the steps we should take to protect it. Being good stewards of money is a role we recognize and understand. Patient health information should be viewed in the same way.

Medical records are filled with personal data, otherwise known as protected health information (PHI). Once we make the connection that information or data has value and must be treated like money, the standards for HIPAA stop being cumbersome and start being understandable.

Can and Can't Revisited

So, with good stewardship in mind, let’s go back to the “can I” or “can’t I” question and ask yourself the following:

  • Can I connect with another person about a patient? Yes, just make sure that your method of connection is safe and that you have a valid reason for doing so.
  • Can I share a patient’s record with another provider? Absolutely, provided you take steps to ensure the information is protected.
  • Can I cooperate and consult on patients? Of course, but do so in a manner that maintains a patient’s privacy and the protection of the data.

There are a lot of myths around HIPAA, and while the “letter of the law” be confusing at times, “the spirit” and meaning is clear. HIPAA really does not need to be confusing. Be a good steward of the information in your practice of medicine, and you’ll be a long way down the path of complying with HIPAA regulations.

Need to exchange patient records but want to ensure you’re HIPAA compliant?

We can help!

Learn More
Doctor wearing white gloves and stethoscope touching an icon of a person
HIPAA Compliance in the Age of Population Health Management 600 237 Thomas Donhauser

HIPAA Compliance in the Age of Population Health Management

The goal of Population Health Management (PHM) communication is to improve the health outcomes of a group of patients with similar characteristics. One example of a population in this context are patients suffering from the same chronic condition. The care of patients in this group may be managed similarly, often involving the same treatments, tests, procedures and other forms of care.

The treatment of chronic conditions typically involves multiple parties, from a primary care physician to multiple specialists and of course the patient. This, in turn, requires frequent communications between the parties.

EHR systems were intended to facilitate these communications but have some shortcomings. And maintaining HIPAA compliance is a key challenge. This article looks at how organizations can use Direct Secure Messaging to overcome the technical and regulatory challenges of a Population Health Management communication scenario.

The Challenge of Managing Chronic Conditions

Chronic conditions are complex to manage. They typically involve multiple syndromes, symptoms, tests and treatments. They require multiple specialists to manage effectively, as well as a high degree of patient diligence.

Diabetes is a good example. It cannot be cured, only managed for the remainder of the patient’s life. As with most complex chronic conditions, managing diabetes involves regular visits with specialists to ensure that things don’t get worse. Managing a patient’s glucose level is always the short-term concern, but left unmanaged, diabetes can result in catastrophic outcomes such as the loss of a patient’s feet or eyes, or kidney or heart damage.

In addition to the patient’s primary care physician, medical professionals involved in the management of diabetes could include nurse educators, endocrinologists, ophthalmologists, cardiologists, dietitians, podiatrists, exercise physiologists, dentists and others. The coordination of care between so many providers – and with the patient – is essential.

Technical and Regulatory Challenges in Population Health Management Communication

Part of the promise of EHR systems was that they would facilitate the level of information exchange between healthcare providers that is necessary for coordinating the care of patients. To do that, the HL7 data standard emerged to ensure that the hundreds of EHR products in the market could “talk to” each other. Unfortunately, different EHR vendors interpret the HL7 standard differently, resulting in incompatible data formats. This, in turn, causes missing or inaccurate patient records.

In addition, some EHR vendors employ a proprietary data format that effectively blocks information exchange with EHRs from other vendors. And, some vendors charge providers to enable their systems to interoperate with others.

These constraints make it harder to manage patient care across providers, rendering the ultimate goal of PHM – better patient outcomes – harder to reach. The alternative for information exchange – provider-to-provider email, postal mail or faxes, can result in HIPAA violations (and are slow and unreliable).

Another challenge is that EHRs were designed to facilitate provider-to-provider care. But for PHM, the patient plays a pivotal role in achieving good outcomes. So, too, can family members or other caregivers, such as home health agencies, that might not have access to an EHR.

Electronic communication is by far the easiest, most efficient, most reliable, and most accountable means of communications between providers and patients. But standard email isn’t a viable option under HIPAA because the identity of the recipient – the reader of the email – cannot be validated. And, regular email is no more secure than sending a postcard with sensitive patient information written on it for all to see, which again presents HIPAA compliance issues. Moreover, regular email lacks a documentation and audit trail that all parties involved in the patient’s care can access.

The Value of Direct Secure Messaging

The ideal solution is Direct Secure Messaging (“Direct”) from DataMotion. Direct is a secure email-like communications channel that enables providers to communicate with each other – as well as with patients and other caregivers – in a secure, HIPAA-compliant way. All messages are encrypted and require authentication to send and receive.

Importantly, Direct is an enhancement to EHRs, not a replacement. Providers can access Direct from within most popular EHRs.

On the provider side, Direct helps improve patient outcomes in a PHM environment by facilitating the exchange of patient medical records in a standardized manner. This includes formatted and unformatted data, as well as large files such as radiologic studies and diagnostic images. Direct enables better coordination of care. It also reduces errors and delays over conventional means of information exchange; for instance, delays when records are sent by courier, and mistakes due to the illegibility of handwritten notes.

On the patient side, Direct gets patients engaged in the management of their condition, which boosts outcomes. Patients can, for example, provide timely feedback on how well treatments are working, allowing providers to make adjustments accordingly without a delay for the patient to make an appointment with the provider. Patients can report new symptoms, complications or other issues to the provider immediately, thereby potentially avoiding life-threatening situations. And providers can ensure that patients refilled prescriptions when scheduled, or remind patients of upcoming office visits or tests to take.

Managing healthcare is increasingly a team effort. Frequent, accurate communication between the team members – including the patient – is paramount to achieving good outcomes. Direct offers an effective enhancement to EHRs that can help care providers deliver better patient outcomes while complying fully with HIPAA rules for privacy and security.

About DataMotion™ Direct

Based on the national encryption standard for securely exchanging clinical healthcare data via the Internet, DataMotion™ Direct enables secure messaging for healthcare providers, patients, business associates, and clinical systems. Using DataMotion™ Direct, PHI can be sent and received securely, in a manner that conforms to MU2 guidelines. It supports the transmission of a variety of sensitive data, including summary of care documents, large images, and personal messages. Best of all it integrates easily with existing EMR/EHR and other Health IT solutions to fully support in-network and out-of-network communications.

DataMotion is an accredited Health Information Service Provider (HISP), provisioning Direct services that are fully interoperable with other HISPs. Secure data delivery has been the core of DataMotion’s business since 1999, ensuring your ability to meet HIPAA compliance and Meaningful Use requirements.

Is DataMotion Direct right for your organization?

Contact us to learn more.

Contact Us
Stethoscope on table next to a person in scrubs working on a laptop
Where is your personal health record? 600 237 Thomas Donhauser

Where is your personal health record?

As the US healthcare industry continues its journey to digital / electronic health records that can be easily exchanged as patients move between care settings, practical questions abound:

  • Who owns your electronic health records?
  • Where are your health records?
  • How can they be consolidated?
  • Where should they be stored?
  • Who should have access?
  • How can they be shared?

Legally (HIPAA regulation) – each individual ‘owns’ their personal health data and records, but very few of us have actual ‘control’ over them – at least from a storage, curation and management standpoint. An individual’s ‘longitudinal record’ – which is a comprehensive collection of well-care records (annual physicals and labs, ob-gyn visits, etc.), and episodic care records (diagnosis and treatment for illness, injury, etc.) – is not typically in one place – electronically or otherwise.

There are attempts at this – state or private health information exchanges (HIEs) were established as part of the HITECH components of the American Recovery and Reinvestment Act of 2009.The idea is to have a regional repository for all electronic medical records (EMRs) regardless of where the care was provided. Then a patient’s EMR can be accessed by any clinical entity on an as needed basis to inform past history when that person ‘presents’ for care. A good idea, but a challenging business model – who pays for it? Who ensures that all your care providers are submitting your data? And without a national patient identifier – how to reconcile inevitable name mix-ups?

There is a new ONC / CMS campaign for health insurers to be the new ‘HIE’ – to maintain EMR’s for their plan members. Since they likely participate in each clinical episode from a payment standpoint (wellcare or otherwise), they are positioned to collect the clinical data along with the claims data in a single repository. This may become law, for better or worse, as part of a current set of rules in review under the 21stCentury Cures Act.

A third push is for the patient/person to collect, maintain and curate their own EMR using a cloud service and application (or webservice – portal). These are known as a PHRs, or personal health record apps and systems. For many reasons (privacy, control and accuracy / completeness) – it makes sense – especially for tech savvy ‘digital natives’. And showing up in a clinical setting with all your health information accessible from your iPhone is the type of immediacy and control digital natives expect.

The personal health record (PHR) model is a grassroots approach, and needs a boost from a major cloud services player – Google and Apple being the most likely candidates. There needs to be some critical mass / pump priming to get these apps adopted and the data flowing from clinical repositories into PHRs at population scale. Then the patient control and resulting consumerization of healthcare can help drive more value from clinical service providers.

In the absence of a Google/Apple initiative, it’s possible for medical associations representing chronic conditions or cancers to build critical mass among their patients. If the American Cancer Society or the American Diabetes Association offered an app that included a PHR function, it’s possible they could build a base of users that would not only control their health records as they moved through their care plans and clinical settings, but they could also provide population health data for research and candidates for clinical trials – perhaps as easily as an ‘opt-in’ offer.

One way or another – the push for more data to be accessible to patients and their care-givers programmatically will continue, and the demand for clinical information exchange technologies and services that are interoperable and cost efficient will expand rapidly as well.

At DataMotion, we are huge fans of patient centered control. Working on a PHR strategy? Talk to us – we’re happy to share our expertise!

Looking for clinical information exchange technologies and services?

Learn more about our solutions.

Learn More
Doctor holding stethoscope in hand
4 Data Driven Healthcare Regulation Risks that the C-Suite Must Navigate Today 600 237 Hugh Gilenson

4 Data Driven Healthcare Regulation Risks that the C-Suite Must Navigate Today

For most healthcare C-Suite execs, HIPAA represents the most important regulatory risk related to data security and privacy. While HIPAA will continue to figure importantly in ongoing risk monitoring, a new generation of healthcare regulation is about to spawn additional threats that deserve a place alongside HIPAA on executives’ risk assessment dashboard.

Far-reaching data sharing mandates driving today’s healthcare transformation trends, including value-based contracting, patient centered care, and digital automation – are squarely in the cross-hairs of new regulatory initiatives.  These mandates have the potential to unleash unprecedented volumes of electronic health information (EHI) which will need to be sourced, transported, delivered, and archived according to strict guidelines – of which HIPAA privacy and security rules are mere table stakes.

According to an October 2019 survey conducted by Accenture, a majority of provider and payer executives are not aware of key mandates, nor are they prepared to comply with them.  In view of the new healthcare regulations, the C-suite that has only HIPAA privacy and security risk on its radar is most likely underestimating its true exposure.

The new generation of rules which was born of the 2011 Medicare and Medicaid EHR Incentive Program and are currently evolving under the 21st Century Cures Act, are considerably more complex than those launched under HIPAA in 1996.   While data security and privacy remain foundational, the expanded scope of these rules carries mandates for mobilizing siloed data and delivering it, in high volumes and at high velocity, across disparate systems to a variety of recipients across the care continuum, including the full spectrum of providers, as well as patients and caregivers.

Of the many rules that are likely to have impact as data is shared more widely, there are 4 that deserve elevated visibility on executives’ threat and vulnerability dashboards today:

1. 21st Century Cures Act – Significant penalties of up to $1 million per violation are authorized, under these rules:

a. The Interoperability and Patient Access Proposed Rule (CMS)
b. “21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program

2. OCR “Right of Access Initiative” – Up to $100,000 per infraction/violation (avg)

3. Updated HIPAA Breach-Violation Enforcement – $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for each violation

4. GDPR / The California Consumer Privacy Act (CCPA) – January 1, 2020 – Converging European and US standards

a. fines of up to 10 million Euros applicable to PHI exchanged with patients residing in the EU

i. $7,500 per violation
ii. Individual right to bring lawsuits for breach of “non-encrypted or non-redacted personal information”

1. $100-$750 per incident or more with damages exceeding $750

Awareness of the above rules is an essential first step toward assessing risk exposure and designing a relevant management strategy.  To succeed in this endeavor, it’s critical to understand that:

  • the new risks are multi-faceted, driven by policies with data sharing objectives beyond the traditional scope of HIPAA
  • while cybersecurity-focused strategies were sufficient to mitigate risk in the past, today’s risk landscape requires added expertise in interoperability and methods of embedding security, privacy, and interoperability in complex clinical workflows that can deliver data at high velocity and to multiple recipients, including physicians, patients, and other caregivers.

Concurrent with the obvious risks surrounding regulations, there are also opportunities.  A follow-up installment of this blog will explore revenue opportunities triggered by healthcare regulations and how an optimal plan for responding to regulatory change should consider solutions that both mitigate risk and maximize opportunities.

For more information on how DataMotion can help you mitigate data driven healthcare regulation risks, visit: DataMotion Direct Secure Messaging and DataMotion APIs for Direct Secure Messaging.

For a consultation or additional information, please contact us.

Green background with white cross icons on top of it
Healthcare Provider Directory Boosts Direct Secure Messaging Value 1024 403 Hugh Gilenson

Healthcare Provider Directory Boosts Direct Secure Messaging Value

The Direct Secure Messaging network overseen by is growing rapidly. At mid-year 2019, there are over 190,000 clinical organizations using Direct, and almost 2 million addresses have been issued. This critical mass has the power to enable interoperable health information exchange between disparate systems nationwide, but recipient addresses must be easily discoverable in order to achieve this. Luckily, many health information service providers (HISPs) provide access to a DirectTrust federated directory known as the Healthcare Provider Directory (HPD). This directory grants you access to a constantly growing Direct subscriber database, allowing you to easily discover recipient addresses.

What to Look For in a Healthcare Provider Directory (HPD):

When choosing an HPD, there are a variety of different features that you should be on the lookout for. Some of the key features that we recommend you search for are:

  • The ability to search for a recipient by multiple criteria, including:
    • Provider name
    • National Provider Identifier (NPI)
    • Medical specialty
    • Function/role
    • Etc.
  • HPD sharing agreements with other Health Information Service Providers (HISPs) and the DirectTrust organization
  • Integration with the nationwide NPI registry. This enables updates and appends data for individual records in the directory

So, How Can the DataMotion HPD Meet Your Needs?

DataMotion Direct Community Web Portal Users

All users of our DataMotion Direct Community Web Portal (CWP) have access to the DataMotion HPD through the search field integrated into the CWP Address Book function. This address book allows you to search by a variety of criteria including by provider name, organization, location, NPI, or specialty, making it easy to find your intended recipient address. Once an address is found, all you have to do is set the address in a message or save it to your address book.

DataMotion Direct Integration Partners

Are you a DataMotion Direct Integration Partner? If you are, then you receive comprehensive access to the DataMotion HPD via the HPD Web Services API for EHR software vendors and other health IT solution providers. This allows HPD integration into an application user interface. The web services API exposes search functionality using the same parameters so it can be integrated into existing software and workflows.

Infographic of Data Motion HPD

What Kinds of Features and Benefits are We Able to Offer Your Organization?

  • Extensive Data Set – With over 20 searchable data fields, you can expect much better search accuracy
  • NPI Registry Integration – Our HPD regularly checks the NPI Registry, meaning it is constantly up-to-date and appending data for individual records in the directory
  • API access – Allows you to integrate HPD search/retrieval into your existing applications and workflows
  • HISP partnerships – Allows us to continuously expand the DataMotion HPD and make DataMotion Direct addresses discoverable to other providers across the country

If you’re ready to learn more, please contact us.

Contact Us