|
UnitedHealth, Segways, and HIPAA’s First Update in a Decade
January 27, 2025
|
|
|
|
|
Together with
|
|
|
|
“Anyone commenting that the AI scribe market will commoditize over time is wrong. People often come to that conclusion because they equate an AI scribe to a notetaking bot. But the ceiling of AI scribes is not to make a note. The ceiling is to automate and replace every possible keystroke that a provider has with the user interface (the EHR) today.”
|
|
HTD Health Interoperability Lead Brendan Keeler
|
|
|
|
It might have taken the biggest data breach in healthcare history to make it happen, but HHS finally announced the first major changes to HIPAA in over a decade.
Big changes need big titles, and the HIPAA Security Rule Notice of Proposed Rulemaking to Strengthen Cybersecurity for Electronic Protected Health Information packs 393 pages of them.
We admittedly only skimmed that for about two minutes before turning to our usual sources for a summary, so here’s an even shorter summary of those summaries.
The proposed HIPAA changes would require provider organizations to:
- Enhance data security measures, including multi-factor authentication, network segmentation, and encrypting electronic protected health information (ePHI)
- Maintain a technology asset inventory and network map illustrating the movement of all ePHI within their information systems
- Maintain a detailed risk analysis of each component in the inventory and network map
- Establish written procedures to restore EHR systems within 72 hours of a cyberattack
- Conduct HIPAA compliance audits at least once per year
Another key change is the elimination of the distinction between “required” security rules that must be followed and “addressable” rules that providers can choose not to obey.
- By eliminating that line, HIPAA would make all of the above changes mandatory for all organizations, whether they’re ready to implement them or not.
Even tech savvy providers are still in the business of care delivery, not cybersecurity, and many of them will have to partner with outside companies to ensure compliance.
- Larger organizations with strong IT teams might already be preparing for these changes, but smaller hospitals with already-slim margins are probably in for a tough transition.
Health data needs to be protected, and our current safety measures obviously aren’t getting it done. On the other hand, there’s also a growing divide between “the best” and “the rest” of U.S. hospitals, so an unfunded mandate with heavy compliance costs runs the risk of making it wider.
The Takeaway
Healthcare has its fair share of acronyms, but HIPAA might just be the most common one in the alphabet soup. It’s important to get these changes right, and that means finding a balance between protecting patients and not overburdening providers. HHS is seeking comments on the rule until March 7.
|
|
|
Reinforce Your Cybersecurity Defensive Line
Cybersecurity threats aren’t letting up, but an effective defense takes more than just firewalls and encryption. Check out Medallion’s recent Elevate session for expert insights into creating resilient systems and rebuilding trust after a breach.
|
|
UChicago Builds Better Experiences With Abridge
UChicago Medicine clinicians know firsthand that improving the clinical conversation experience has a direct impact on provider and patient satisfaction. Discover how Abridge’s AI platform transformed clinical documentation at UChicago Medicine into a breakthrough improvement in experience scores in just six weeks.
|
|
- Percipio Series A: Percipio Health hauled in $20M of Series A funding and announced its AI Population Health Monitoring platform, which relies on just smartphones and the magic of AI to collect health signals. High costs and device logistics have historically limited the reach of RPM programs, but Precipio is looking to change that by combining vision-based AI biomarkers for vitals and medication monitoring with vocal AI biomarkers for brain assessments.
- UnitedHealth Full-Year Results: UnitedHealth managed to bag a record $400.3B in revenue for 2024, despite a massive cyberattack, heavy regulatory scrutiny, and the murder of one of its top executives. In an industry with many massive players, United is still the biggest of them all, even after notching billions in damages from the Change Healthcare outage that sent its annual net income plummeting to a paltry $14.4B (its lowest since 2019).
- ACO Performance: CMS published performance data for Accountable Care Organizations in 2023, noting that “attribution in the MSSP will be challenging” going forward. Overall, 453 ACOs participated in the MSSP (down 6% on-year), and the total number of beneficiaries also dropped by 2%. For the second year since the MSSP began, the majority of ACOs took on downside risk (67% were two-sided risk, 33% were upside only). ACOs in two-sided risk were twice as likely to achieve shared savings.
- Iris Telehealth Acquires innovaTel: Iris Telehealth’s virtual behavioral care services just got a major lift with the acquisition of innovaTel, the telepsychiatry division of Quartet Health. Iris partners with health systems and community organizations to improve their mental health programs, ensure their telepsychiatry solutions are sustainable, and connect them to clinicians – which it now has 650 of thanks to innovaTel.
- 2025 State of Payer Enrollment and Credentialing: Medallion’s marquee annual report put a spotlight on the staffing challenges and process bottlenecks dragging down provider operations. Of the 507 provider execs surveyed, 60% believe slow enrollment processes are hurting their revenue, and 51% have had credentialing team turnover in the last year – in part because of draining manual workflows like collecting provider info and filling out applications. Automation could help with that, but 85% still handle enrollment internally, “fearing loss of control.”
- Oshi Extension: Virtual GI startup Oshi Health bolted on some additional funding to its recent $60M Series C round in an extension led by the American College of Gastroenterology. Oshi is the only virtual GI center of excellence in the U.S., taking a high-touch approach to supporting patients with a gastroenterologist-led care team of dietitians, behavioral health specialists, and care coordinators. Our deep dive on Oshi from October has all the details.
- AI or Segways? For AI to succeed in healthcare, it needs to start by solving physicians’ specific, narrow problems – at least according to Dr. John Menchaca’s new editorial in the Annals of Family Medicine. Menchaca uses Segways to highlight his point: the funny looking two-wheeled vehicles were once hailed as the future of transportation, but because they failed to solve anyone’s actual transportation problem, they also failed to live up to their hype.
- eClinicalWorks Becomes QHIN: Hats off to eClinicalWorks for making it through a tough approval system and becoming the latest designated Qualified Health Information Network under TEFCA. Gaining QHIN status puts the ambulatory EHR vendor in good company alongside eHealth Exchange, Epic Nexus, Health Gorilla, Konza, MedAllies, Kno2, and Commonwell Health Alliance. Two more QHIN-hopefuls, Surescripts and Netsmart, are still working their way through the years-long designation process.
- The Toll of Heart Disease: A report published by the American Heart Association in Circulation documents the continued toll of heart disease, which kills more Americans than any other cause. In 2022 there were 942k cardiovascular disease-related deaths, up 10k from 2021, while the overall death rate per 100k people fell slightly (224 vs. 233). Those aren’t pretty figures, but there’s a whole crop of digital health startups like Cadence and Hello Heart springing up to fix them.
- Online Therapy for the Privileged: One of the main aspirations of digital health solutions is to make high quality care more accessible, especially for disadvantaged groups, but a research roundup in the New York Times suggests that the pandemic’s online therapy boom barely benefited those who needed it most. The recent rise of telehealth prompted a 30% increase in the number of people receiving therapy, but the article ties most of that increase to wealthier families with private coverage.
|
|
Top Systems Scale Primary Care With K Health
Leading health systems are turning to K Health’s AI-driven primary care solution to give their patients access to high-quality care with wait times measured in hours, not months. Find out why K Health is the only clinical AI company partnering with top systems to scale fully integrated primary care experiences.
|
|
The First 30 Days: What to Expect With AI
Implementing AI documentation tools promises significant benefits, but how do you ensure a smooth transition? Playback Health has you covered with this comprehensive 30-day roadmap outlining what to expect, industry best practices, and its own proven implementation approach.
|
|
- Tailored Support, When Patients Need It Most: With BPM Pro 2’s Personalized Health Nudges, care teams can send tailored messages – such as positive reinforcement, medication reminders, or appointment alerts – precisely when patients are most receptive.
- Lift MA Plan Performance by Impacting SDoH: Social factors and non-medical issues strongly influence health outcomes, and addressing these contributing determinants of health can not only improve the lives of patients, but also enhance Medicare Advantage plan success. Learn how Clear Arch Health’s remote monitoring services are helping MA plans deliver cost-effective care while enabling more seniors to age independently.
- Carle Health Goes All-In on Nabla: Nabla Copilot is rolling out at Carle Health after a successful pilot saw a majority of participating clinicians slash their documentation time by over an hour. The full case study has everything you need to know about how Nabla’s customization features, Epic integration, and ease of use are bringing joy back to medicine for Carle’s clinicians.
|
|
|
|
|
