Progressive Therapeutics in Framingham, Massachusetts, provides psychiatric care for patients in the greater Metrowest area of the Bay State. It has nine licensed mental health professionals on staff, all committed to providing thorough delivery of psychiatric care based on the latest research.

THE PROBLEM

The practice was an early adopter of telehealth back in 2010, implementing it as a way to care for people unable to attend in-person sessions. At first, caregivers were using WebEx and Google Hangouts. These apps got the job done, but they were disjointed. Staff would have to juggle multiple windows between the EHR and the video call; it wasn't a smooth operation. Nor was it HIPAA-compliant, a major concern.

"The HIPAA waivers for telehealth implemented during the pandemic were critical for the widespread adoption of telehealth," said Dr. Nimish Shah, cofounder of Progressive Therapeutics. "But security can't be an afterthought in healthcare, even with telehealth."

Healthcare is one of the biggest targets for cybercriminals, alongside the government and the financial services industry. Unsecure telehealth connections can open the door for fraud, phishing and ransomware attacks, with serious reputational and financial consequences.

"Last year, ransomware attacks cost the healthcare industry $20.8 billion in downtime costs, affecting 600 practices nationwide," Shah noted. "The average healthcare organization spends $1.4 million to recover from a cyberattack. Many smaller practices like ours operate on razor-thin margins and can't afford the costs of a cyberattack.

"So we needed a telehealth solution with security measures that went beyond HIPAA compliance, while still being easy to use by patients and providers alike."

PROPOSAL

Progressive Therapeutics found vendor Azalea Health, which offered a proposal for an EHR solution that came fully integrated with telehealth.

"This integration meant that the telehealth would be just as HIPAA-compliant as the EHR," Shah explained. "Plus, through a business associate agreement, Azalea would assume liability for any HIPAA violations or data leaks. We also appreciated that the solution had 256-bit AES node-to-node encryption, compared with multinodal solutions like Skype.

"Providers and patients alike have now seen the benefits of telehealth, and it's hard to imagine it going away."

Dr. Nimish Shah, Progressive Therapeutics

"Multinodal solutions work similarly to a torrent file in that they take bandwidth from open online connections on the internet," he continued. "Skype, for example, works better the more people are using it, as it takes all the open bandwidth from the active users of Skype to enhance the call or video. This increases the security risk because there are multiple nodes to secure and no way to confirm the security of every node."

With node-to-node solutions such as Azalea, there are only two connections and it is a much easier way to confirm and operate in a secure fashion, he added.

"Azalea's EHR also is cloud-based, which is convenient because we are able to log into the EHR through the web remotely," Shah said. "This meant we didn't have to be in the office to talk with patients. Being cloud-based also had the added benefit of enabling us to eliminate the bulk of our on-premises IT management costs.

"The software would be automatically updated via the cloud without needing somebody to come and install the new software on our servers," he continued. "The absence of on-premises hardware also meant we would have a smaller attack surface for hackers to target."

Security aside, the integration with the EHR came with other benefits. Providers would be able to take notes directly in the patient's chart without juggling multiple windows on their screen, and save the recording of the session directly to the patient record after the call.

Meanwhile, patients could access telehealth through a patient portal app on their phone. That patient portal would also be integrated with payment and appointment scheduling features to streamline the appointment and reimbursement process.

MARKETPLACE

There are numerous telehealth systems on the health IT market today. Click here to read a comprehensive report from Healthcare IT News on telemedicine vendors.

Further, there are many vendors with electronic health record systems, including Allscripts, athenahealth, Cerner, DrChrono, eClinicalWorks, Epic, Greenway Health, HCS, Meditech and NextGen Healthcare.

MEETING THE CHALLENGE

Progressive Therapeutics has been using Azalea's EHR-integrated telehealth solution since 2013.

"The solution was very user-friendly from the start, and Azalea was very hands-on in helping us train our staff on how to use it," Shad recalled. "They also helped us customize the layout of the platform to suit our workflows. We use telehealth for both initial and follow-up sessions for diagnosis and psychiatric medication management.

"A lot of our patients love using telehealth because they can call in from the comfort of their own home," he continued. "Many patients are actually more comfortable and open with our psychiatrists at home than they would be coming in for an in-person session. It also saves time and allows us to see patients on much shorter notice, enabling us to attend to patients' urgent mental health needs without unnecessary delay."

Being able to start a telehealth session directly from the patient's chart has been very convenient, allowing caregivers to manage scheduling, billing, coding and documentation from the same screen as the video player.

"Having to juggle multiple windows at once can be disruptive to the flow of conversations with patients as it diverts providers' attention from the patient," Shah said. "The cloud-based platform also makes it easy for providers to dial into calls with patients from anywhere, which was huge when COVID-19 started and we had to minimize our time in the office.

"Support teams have been consistent in helping us with telehealth billing and reimbursement best practices, especially when the regulations changed with COVID-19," he added. "Azalea's EHR is not only integrated with telehealth but also their revenue cycle management software, which makes it easier to bill more and resolve claims faster."

The analytics and reporting give staff full visibility into finances and revenue. This has been critical to the financial stability of the practice over the years.

RESULTS

Telehealth has become the bedrock to Progressive Therapeutics' practice, especially since the pandemic started.

"As soon as the lockdowns were implemented, our staff were prepared to scale up our telehealth operations," Shah said. "The only real onboarding we needed at that point was for the patients, and Azalea was tremendously helpful in supporting patients to adapt to the new way of doing sessions.

"We now average around 4,500 telehealth encounters per month," he reported. "To our knowledge, we have not had a single security lapse or data leak in the eight years we have been using Azalea's EHR-integrated telehealth solution."

Since 2013, the low cost of the platform has paid for itself many times over through the number of additional patients providers can see without adding more office space, Shah explained. In the past, when a patient forgot about their appointment, staff would have to reschedule and waste the scheduled appointment time.

"With telehealth, patients may have forgotten about their appointment, but when we call about the appointment, they can easily hop right into the patient portal application to start the appointment," he said. "People are willing to pay out of pocket for the time they save on preparing for their appointment and commuting."

ADVICE FOR OTHERS

"For a lot of healthcare providers, and frankly for the federal government, security was not the top priority when COVID-19 started," Shah noted. "We needed a way to allow for virtual care, and we needed it fast. So the HIPAA waivers made sense. But that was over a year ago.

"Providers and patients alike have now seen the benefits of telehealth, and it's hard to imagine it going away," he said. "Telehealth is going to be a regular component of care moving into the future; patients are going to expect to have the option available. So we need to adapt and treat it like the long-term care option that it is, and that means making sure patients' privacy and data are secure."

Cybercriminals are getting more sophisticated and savvy the longer providers use telehealth, so there's no time to delay in securing telehealth operations, he advised.

"A telehealth solution that comes integrated with the EHR has a lot of advantages from a security perspective, particularly for smaller practices like our own that don't have the resources to invest in a dedicated IT security team," Shah said. "It will already be HIPAA-compliant, and a BAA agreement can put the liability for any security breaches on the EHR vendor.

"It's even better if the solution is cloud-based, as any vulnerabilities can be quickly patched with an automatic update without needing to send an IT specialist to update the software," he noted. "I would also suggest looking for a solution with the 256-bit AES encryption standard, or at least 128 bits. Both are highly secure."

In any case, healthcare providers need to take the threat of cybercriminals seriously, Shah warned.

"Unfortunately, the majority of practices don't have dedicated security teams," he concluded. "So partnering with technology vendors that put security first in every layer of their software is the best thing many practices can do."

Twitter: @SiwickiHealthIT
Email the writer: bsiwicki@himss.org
Healthcare IT News is a HIMSS Media publication.