G2 Communications Inc.-Medical Practice Marketing

We help physicians recruit, retrain & refer

Kate Schafer’s HIPAA programming guide for mhealth engineers

Most of us are familiar with HIPAA, the law that requires healthcare providers, insurance companies, health plans, etc., aka covered entities (CEs), to protect the privacy of patients’ health information. The law has been around since 1996.  But last year the Department of Health and Human Services (HHS) made sweeping changes to HIPAA.

Under the Final Omnibus Rule, a new set of provisions have been laid out that strengthen the HIPAA Privacy, Security and Enforcement rules for protecting patient health information. Some of the updated HIPAA Privacy Rule applies to business associates (BAs), the companies that provide services to CEs, which typically involves handling patient information.

Previously a BA was only required to sign an agreement assuring that it would safeguard patient health information on behalf of a CE.  But as of September 2013, both CEs and BAs became liable under the Omnibus Rule and are now subject to HIPAA audits which are about to ramp up.  And the definition of BA has expanded to include organizations that merely store or transmit patient data, even if they don’t touch it. CEs and BAs in violation of patient privacy rules could face stiff penalties.

Meet Kate Schafer, founder of Innovative Healthcare IT.  I met Kate at a recent Health 2.0 Silicon Valley Meetup.  A room full of developers looked at the latest batch of mobile health apps designed to help us lead healthier lives.  That’s the good news.  But if they’re getting their hands on patient information and not following HIPAA rules in the process they may be shut down before they say “click on our icon.”

That’s where Kate comes in.  She brings startups the trifecta of security technology, product development, and regulatory compliance with a focus on HIPAA, and advises them on building security and encryption layers into their platforms.  I asked Kate to tell me what she does and why healthcare startups should care.

Tell me about your work and the services you provide to startups?

I have a long and varied background in technology and product development, combined with regulatory compliance and a focus on HIPPA.  It’s that technical foundation that really resonates with potential clients and convinces them to work with me.  There are numerous audit firms that can do what I do – most coming from the financial industry – but they don’t really provide healthcare startup support. I offer a “let’s roll up our sleeves and get it done” service where I work together with each client to craft a compliance strategy that works for their staff and for their budget.  I can help healthcare startups get from prototype to industrial strength and scalable, and I make myself available for ad hoc questions any time a former client needs advice.

Companies come to me at various stages. A lot of my clients are just starting their first pilot.  The product may have been developed offshore and they’re trying to bring it in-house.  Or they may have just signed up a healthcare provider or a hospital for a pilot of the product, and their customer is asking for assurance of HIPAA compliance.

By law, healthcare providers must ensure that anyone who handles protected health information on their behalf (a business associate) complies with HIPAA before sharing any patient data with them, so non-compliance is a deal-breaker for these startups.  That’s when they call me.

 

What is the primary sector of healthcare that your startup clients are creating solutions for?

There’s a range, but most recently the startups I’m seeing have a focus on the communications between providers and patients, particularly pre-op and post-op or at some other transition of care.  For example, apps that focus on maintaining communications during recovery from surgery.  The patient will go home with information they can access from their smartphone or tablet.  These apps enable two-way communication, with metrics on rehab going back to the healthcare provider.  Secure telemedicine enables real time feedback.  Surveys and questionnaires provide feedback on the patient’s experience and can be fed into the product enhancement loop.

I’ve also got clients doing research and analytics on population health data and clients using mobile devices for healthcare decision-making.  Those apps often also need to be FDA compliant.  I also have clients from the VC community who are looking for an assessment of the security and/or compliance risk profile of a startup they’re considering investing in.

I don’t work with a lot of “quantified health” firms.  Often people assume that quantified self apps (where an individual chooses to store their protected health information on their smartphone, for example) need to be HIPAA compliant but that is not the case.  Healthcare providers must comply with HIPAA; individuals may do whatever they want with their personal health information.  For some of these applications the patient is collecting information they might give to their doctor.  But the doctors don’t always know what to do with it, may not trust it, or may not want it because they just don’t have the bandwidth to deal with it.  This has created a new market for companies that can solve this problem with data aggregators and other solutions.

At what stage do healthcare startups typically bring you in for consulting?

When the startup is ready to recruit beta testers and pilot sites that’s where I come in.  At that point if they haven’t already thought about security and HIPAA compliance, they are behind the 8-ball.  At that point I can provide a range of services from a simple assessment of compliance gaps to a full remediation project that gets the startup fully compliant.  I interview all the stakeholders and we talk about the big picture. I look at the technology stack, which refers to everything from the hardware up – all hardware and software components.

I look at all the security layers and identify where they could do better.  On top of the pure security aspect, HIPAA requires documented policies that describe how each HIPAA requirement has been met. Most startups are far from having the volume of documentation required to meet HIPAA compliance.

What are the biggest challenges or obstacles facing your startup clients?

They are resource constrained and tend to focus on product development and getting pilots lined up, rather than security.  They don’t have people on staff who understand compliance, so it gets handed off to somebody who’s already got a full plate.  Getting compliant is a big job, and staying compliant is a lot of ongoing work. Without dedicated resources and support from the top, it’s a real challenge.

How do you see the gap between your clients’ innovative technology and adoption by providers and payers (if they’re targeting insurance companies too)?

There are different challenges.  If you’re developing a product for use in hospitals it can be an uphill battle, particularly if the product needs to integrate with the hospital’s EHR.  Hospital IT teams are necessarily risk averse and often not up to date on cutting edge technologies.  They’re not entrepreneurial, so there can be a culture conflict.  But it’s not rocket science to integrate with an EHR.  I would say the challenges in working with hospitals are more bureaucratic than they are technical.

Working with clinics and smaller practices has its own challenges.  These folks have tight budgets and no cushion. If your product doesn’t save time – or worse, takes time – it will be a tough sell.  If implementation takes time away from providing care, it’s costing the practice money. Your product may improve care but if it makes a simple clinical step complicated and time-consuming it’s going to be a tough decision for them to adopt it.  It’s very hard to justify a product that may provide huge long-term benefits if it cuts into today’s bottom line.

Image:  Kate Schafer – provided by Kate Schafer

How to Bond with Today’s Freelance Journalist: a Q&A with Healthcare and Business Writer James Ritchie

With hybrid expertise on the business and healthcare beats, James Ritchie has earned himself job security at a time when journalism keeps changing. “Business journalism is never going away,” he explains. “People need business information to make decisions.” What’s more, Ritchie says, “I have a broad background in covering healthcare; that’s my competitive advantage.”

Ritchie has more than eight years of experience covering healthcare, including medical practices, health IT, insurance companies and hospitals. After working as a staff reporter for the Cincinnati Business Courier, Ritchie became a full-time freelance writer for a variety of media and corporate clients. He continues to write for American City Business Journals in several capacities.

I asked Ritchie about the role of PR in his day to day work as a journalist.

How has journalism changed for you in the last 3 to 5 years? 

“The pace has changed. Throughout the media world, you see a lot more short pieces on the web to break or update news. Headlines need to scream, ‘Read me!’ Quite a few stories can be told with infographics and bullet points. It’s harder to get and hold people’s attention, and if you’re planning to write a long narrative piece at many publications the bar is very high. It had better be a remarkably interesting story.

“Of course, it depends on your audience too. In the traditional daily newspaper you have sports, business, news, comics, etc. But now a lot of people are reading about what they’re interested in and tuning out nearly everything else. If I own a restaurant, I’ll read a trade publication on restaurants. And if you’re writing on business and particularly in specialized areas – in my case, usually healthcare – you’re more likely to publish the stories of 700 words or more, because the audience is hooked by virtue of the topic.

“But there’s still no room to be boring.”

What makes a great story?

“What I’m going for is something inherently useful to the reader. They’ll take the information and do something with it; it’s not a passing interest.

“There are a lot of ways to tell good stories. News today is often recursive, where one outlet is quoting – and linking to – another. If you can show your readers something interesting or useful in that way then you’ve done them a service. For investigative stories, you often see data journalism, where you’re trying to pick out trends from a big data set. If you can analyze the databases, you can tell stories that you couldn’t have gotten to in the past.

“But there’s still a place for going out and looking people in the eye and getting stories. We have to be careful not to move too far away from that. You need humans to tell the stories.”

How often do you deal with PR professionals? 

“Quite a lot. There are many cases where PR people help me to get in touch with executives, physicians or other sources in their organizations. And I listen to their pitches as long as they’re relevant to something I might write.

“Of course, you can’t respond to everything. A healthcare reporter shows up on all kinds of lists. When I was in a staff reporter job, I would probably get 200 emails a day. But most of them wouldn’t be relevant to me. They may have personalized the email with my name, but it was going to a whole lot of people. One time I got a pitch about a health screening van in a parking lot in Montana. I would delete that.

“Things that are pitched to me specifically, I read.

“I like Help A Reporter Out (HARO); I put queries out. If it’s a hot topic you get a lot of response both from PR contacts and directly from sources.”

What can PR people do to improve their relationship with you?

“Probably the main thing is to focus on the person-to-person relationship. Build a social bond. You might not be best friends, but you can position yourself so your email gets read. Send a sentence or two. Say, ‘I have a story I think you might like.’

“If you can provide an exclusive story that’s in line with what the publication does, that helps. Journalists work hard for exclusives. If a PR person says, ‘I’m going to give this to you first,’ that’s of interest. Barring that, at least bring a new angle.”

Do you value the PR-Journalism relationship?

I value the relationship. If you call an executive at a hospital or large company, in many cases they’ll refer you back to a PR person. The PR person can often get you the access you need. The second thing: They’re there, and people internally are feeding them stories that you might not hear about otherwise.”

James Ritchie image: provided by James Ritchie

 

The PR Honeymoon is Over… Now What?

You’ve just completed a successful PR launch for a new medical device that yields faster post-operative recovery for cardiac surgery patients, the clinical trial results have been published in a medical journal and the FDA has approved it for safety and efficacy.  Health and science journalists from top media outlets thought it was unique enough to cover.  The articles have been very respectable by startup standards.

Investors are delighted and all 20 employees are singing your praises.  You’ve had lots to tweet about and post on the company Facebook page and the retweets and comments are rolling in.

But eventually the PR bloom will fall off the rose and the board will be expecting the next wave of coverage.  Customers are not quite ready to go on record, nor are surgeons who are trying out the product.  What do you do?

While you have focused on generating broad coverage with great success the second wave of brand building requires a new PR strategy to sustain momentum.  It’s the right time to narrow your PR focus to reach your target customers – the surgeons who will push their hospitals for acquire your device; the patients who will benefit; the investors who see a healthy ROI.  Identify the publications, blogs and other digital destinations where surgeons and post op nursing staff get their medical news and information.  Set up specific PR programs to penetrate this second tier media: trade publications, medical journals, blogs, etc.

First, research healthcare and medical publications read by your customers. Check out the magazine editorial calendars which schedule feature stories throughout the year to drive advertising spending.  Identify the topics related to your device.  Set up a spreadsheet and populate with those publications and topics.  Pitch your new device and how it shortens patient recovery times in unique ways.  Invite the editor – or assigned writer to interview your company founder.

Develop a thought leadership program for company clinical executives by proposing and ghostwriting articles for those same publications, which are often looking for content, especially for their websites.  These articles help position executives as experts who articulate the problem your device solves — but doesn’t shamelessly promote it.

Don’t forget to post and Tweet all PR driven content on Facebook and Twitter.  Reshape these articles into blog posts, or add an introductory paragraph with a link to your published article.

Start a speakers’ bureau and arrange for speaking engagements at medical conferences and tradeshows where you’ll be exhibiting your product.

Find opportunities to announce the latest company news [following the initial product introduction]: a new round of funding; new customer; new executive hire; results of a clinical trial; etc.

Set up a mini PR program for new customers with a news release template that lets them announce the benefits of your product to the communities they serve and how they’re securing post-op safety for their cardiac patients.

Develop a story around the company founder for the business media; who she is; what inspired her to create a solution; her unique journey that led to the invention of the device.

Set up Google alerts on cardiology or cardiac surgery. Use headline news stories as angles to introduce your company to the media; pitch the founder as a guest for a radio talk show.

The honeymoon will end at some point so don’t ignore the myriad ways you can use PR to promote your company’s accomplishments.

 

sgordon@g2comm.com
(480) 685-3252 (office)
(650) 248-6975 (mobile)