Prior to beginning work on this discussion forum, review the following: Textbook Chapter 10: Engaging Patients and Consumers in Managing Their Health

CHAPTER 10Engaging Patients and Consumers in Managing Their Health

LEARNING OBJECTIVES

To describe how various digital health tools may be used to promote and enhance patient engagement in managing their health and care.

To discuss how a patient engagement framework can be useful to health care organizations/providers in considering strategies and tools for engaging patients more fully in managing their heath.

To discuss the purpose and use of patient engagement tools, including patient portals, personal health records, remote patient monitoring, health apps/wearables, the Internet and social media, and telehealth.

To identify the challenges associated with incorporating patient-generated health data effectively into the care process.

To explore new entrants in the patient engagement space and direct-to-consumer health care.

It has been over two decades since the Institute of Medicine (IOM) called for reforms to achieve a “patient-centered” health care system. The report envisioned a system that provides care that is “respectful of and responsive to individual patient preferences, needs, and values, and ensuring that patient values guide all clinical decisions” (IOM, 2001). Out of this recognition, in part, the concept of patient engagement emerged. Studies have shown that patients who are actively engaged in their health and care are more likely to have better outcomes at a reduced cost. Engaging patients and their families/caregivers in managing their health and health care has become the cornerstone of a patient-centered health care system and vital to achieving the Triple Aim. It has also become an important strategy for health care organizations and providers in managing population health more effectively under value-based payment.

From their experience of care perspective, patients are expecting the same level of ease and accessibility in health care as they do in other areas of their lives, whether it is making airline reservations, ridesharing using an app, or e-commerce (getting recommendations, shopping easily, and having things delivered to home (Fields & Gandi, 2019)), the rapid and expansive shift to offer care remotely and safely during the COVID pandemic, many patients and consumers had the opportunity to experience the convenience of telehealth. With the genie out of the bottle, offering appropriate services via telehealth and embracing other digital tools to engage patients are likely to be an integral part of health care delivery in the years to come.

Patient engagement is a widely used term, but is often a poorly understood concept in health care. It is often used synonymously with patient activation and patient- and family-centered care. In this chapter we define each of these terms and their relation to patient engagement. Health care organizations and providers offer digital health and digital tools as a means to improve patient engagement and transform health care delivery. We focus attention on specific digital tools designed to foster patient engagement by enabling patients to access their own health information, communicate with providers, seek and obtain health services, and manage their own health.

The chapter also introduces the Patient Engagement Framework developed by the National eHealth Collaborative and Healthcare Information and Management Systems Society (HIMSS). The framework illustrates the various degrees and levels of patient engagement and provides examples of how digital tools may be used to engage patients in managing their health and care. We describe the adoption, use, and application of patient engagement tools, including patient portals, personal health records, remote/home monitoring, health apps and wearables, and social media, along with advances in telehealth, and discuss strategies for incorporating them into the care delivery process. The chapter concludes with a description of how companies such as Apple, Amazon, and Google are seizing the opportunity to implement products and services that promote and support consumer engagement in health.

DIGITAL HEALTH AND THE EMPOWERED CONSUMER

DEFINITION OF DIGITAL HEALTH

The concept of “digital health” has become a buzzword in contemporary literature, often without a uniform definition or understanding of it. According to HIMSS, digital health “connects and empowers people and populations to manage health and wellness augmented by accessible and supportive provider teams working with flexible, integrated, interoperable, and digitally enabled care environments that strategically leverage digital tools, technologies and services to transform care delivery” (Snowdon, 2020). Valued at $96.5 billion in 2020, the digital health market is expected to grow at a compound annual growth rate of 15.1% from 2021 to 2028 (Grand View Research, 2021). Other terms often used to describe digital health include “mHealth” (mobile health), “eHealth” (technology and digital applications to assist patients in their health), “ePatient,” virtual care, and telehealth. Digital health is introduced here in the context of patient engagement, and the vital role health care providers and organizations have in partnership with patients in realizing its potential.

Under the broad umbrella of digital health, there is a vast array of patient and consumer digital tools, everything from patient portals to health apps, to sensor-based tracking systems, health-related social media and online social networks, telehealth systems, and wearable devices. Use of health apps/wearables and patient remote monitoring technologies generates patient health data that may be relevant to managing care and chronic conditions. Incorporating patient-generated health data (PGHD) in clinical care can empower patients more fully in clinical decision making (Lavallee et al., 2020). Thus, health care executives should have a fundamental understanding of the common digital tools and platforms for engaging patients in managing their health and care, and how these tools may be incorporated into the care delivery process and overall health IT strategies and solutions to achieve organizational goals related to patient access, quality, and cost. Before describing the various digital tools, we begin with a general overview of patient engagement.

PATIENT ENGAGEMENT OVERVIEW

TERMS, DEFINITIONS, AND ATTRIBUTES

Patient engagement is a frequently used term to describe the concept and importance of actively involving patients (and their families) in decisions regarding their health, wellness, and care. Studies show that patients and their families who actively engage with their health care providers and care teams have better outcomes, often choose less costly care, and express greater satisfaction with their health care experiences (IOM, 2012). When Don Berwick, MD, MPP, former Centers for Medicare & Medicaid Services (CMS) administrator and president emeritus of the Institute of Healthcare Improvement (IHI) states, “the most direct route to the Triple Aim is through implementation of patient and family-centered care in its fullest form” (Berwick, 2012), he acknowledges the importance of patient engagement.

Terms often used synonymously with patient engagement include patient activation and patient- and family-centered care. Patient activation refers to a patient's knowledge, skills, ability, and willingness to manage his or her own health and care (James, 2013). Activation is one aspect of an individual's capability to manage health and engage in care but does not address the individual's external context, such as the environment in which the patient lives; nor does it focus on behavior (Carman et al., 2013). Patient- and family-centered care is an approach to health care delivery that is grounded in mutually beneficial partnerships among health care providers, patients, and families. According to the Institute for Patient- and Family-Centered Care, “it redefines the relationships in health care by placing an emphasis on collaborating with people of all ages, at all levels of care, and in all health care settings. In patient- and family-centered care, patients and families define their ‘family’ and determine how they will participate in care and decision-making. A key goal is to promote the health and well-being of individuals and families and to allow them to maintain their control” (Institute for Patient- and Family-Centered Care, n.d.). For example, in patient- and family-centered care, the patient's needs and desired health outcomes are the driving force behind all care decisions and quality measurements. Patients and families are viewed as partners with health care providers, and providers may consider the patient's needs not only from a clinical perspective, but also from an emotional, mental, spiritual, social, and financial perspective.

Patient engagement is a broader concept that combines patient activation with interventions designed to increase activation and promote positive patient behavior, such as obtaining preventive care or exercising regularly (James, 2013). It is also congruent with the values of patient- and family-centered care. Higgins and colleagues (2017) identified four attributes of patient engagement: personalization, access, commitment, and therapeutic alliance (Higgins, Larson, & Schnall, 2017).

Personalization: The need to tailor interventions or strategies to care according to the unique needs and circumstances of the individual patient. Appreciating the individual patient's health literacy, cultural background, attitudes toward health interventions, and availability of caregiver support system are all important factors that may inhibit engagement of the patient.

Access: Includes the ability of the patient to confidently access and understand important information about their care and health status. Included are factors such as functional literacy status, geographic location, or socioeconomic status.

Commitment: The cognitive and/or emotional factors that motivate the patient to use the resources available.

Therapeutic alliance: Sustains the patient's connection with the provider within the care delivery system, potentially creating an effective partnership in pursuit of the patient's health goals (Higgins et al., 2017, p. 32).

Understanding and appreciating these four attributes can be incredibly important in formulating and implementing a health care provider's strategy for fostering patient engagement in an impactful way. For example, simply providing individuals with access to a patient portal is of little value if the patient does not have access to technology, is unable or uncomfortable using it, or fears his or her privacy will be negatively impacted. In fact, studies have shown that differences in access, adoption, use, adherence, and effectiveness of digital health tools can contribute to health disparities (Nouri et al., 2020; Veinot, Mitchell, & Ancker, 2018).

The attributes of personalization and access are particularly relevant in the context of ensuring health equity and access to all patients (Higgins et al., 2017). Personalization requires that providers consider the individual needs and expectations of patients. Access requires that providers consider the patient's functional ability, health literacy, and health status. Vulnerable populations, such as the elderly, individuals with low-income levels, or those with limited English proficiency, for example, may require additional support and options (Carman et al., 2013).Not only do providers need to be aware of these barriers but developers of digital tools also need to consider factors such as access and usability among diverse groups of users.

Besides considering the patients’ “readiness” for engagement, providers and care team members also need to be onboard. If the provider worries that giving patients access to their notes in the electronic health record will make them more vulnerable to litigation or add to their workload through increased patient questions/concerns, they may be less likely to support the effort. Providers can also offer insight into the patients’ needs and limitations as well as workflow issues. In a recent study examining care team members perspectives on the use of an inpatient portal, participating providers offered suggestions for best meeting the needs of older patients, training patients on tablet and portal use, and allotting time to answer patient questions and requests (McAlearney, Hefner, et al., 2020). The researchers found that understanding the care team members’ experiences were critical to the successful integration of the portal into their workflow (McAlearney, Hefner, et al., 2020).

Given that digital patient engagement tools often require interaction, collaboration, and communication on both the patient and the provider (or care team)'s part, actively involving both in the design and implementation is important. Hospitals and health systems with more engaged leadership and more integrated IT systems are more likely to have advanced patient engagement functions (Holmgren, Phelan, Jha, & Adler-Milstein, 2021).

PATIENT ENGAGEMENT FRAMEWORK

Before delving into the various patient engagement digital tools, platforms, and technologies, we begin with a conceptual model or framework for patient engagement that illustrates the different levels of patient engagement and different types of digital tools/strategies that may be employed. The Patient Engagement Framework was initially developed by the National eHealth Collaborative, and later expanded upon by the Health Information Management Systems Society (HIMSS) (Walker, Sieck, Menser, Huerta, & McAlearney, 2017). More than 150 health care providers, health services researchers, and sociotechnical experts contributed to its development. The Patient Engagement Framework serves as guide to health care organizations as they develop and implement IT aimed in involving patients in their care process. The framework defines five successive levels of patient engagement: (1) inform me, (2) engage me, (3) empower me, (4) partner with me, and (5) support my e-community. (See Figure 10.1.) It was originally developed to correspond with CMS Meaningful Use criteria. Although the Meaningful Use program has ended and evolved into the Promoting Interoperability Program, the framework remains a useful tool for visualizing different types of digital tools that can be used to advance and support patient engagement.

Walker and colleagues (2017) used the Patient Engagement Framework to evaluate the state of US hospitals and their use of IT and digital tools to engage patients in 2017. They employed an ontology mapping approach where items from the American Hospital Association IT Supplement were mapped to defined levels and categories within the Patient Engagement Framework. Thirty-six functions were mapped to the each of the five levels in the Patient Engagement Framework. (See Table 10.1.) Although examining the methods used is beyond the scope of our discussion, the framework illustrates two important points.

,

CHAPTER 12

Privacy and Security

LEARNING OBJECTIVES

To be able to distinguish among privacy, confidentiality, and security as they relate to health information.

To be able to describe and discuss the impact of the HIPAA Privacy, Security, and Breach Notification rules.

To be able to identify threats to health care information and information systems caused by humans (intentional and unintentional), natural causes, and the environment.

To be able to understand the purpose and key components of the health care organization security program and the need to mitigate security risks.

To be able to discuss the increased need for and identify resources to improve cybersecurity in health care organizations.

Health information privacy and security are key topics for health care administrators. In today's ever-increasing electronic world, where nearly every health care organization employee and visitor have smartphones, and health care equipment and devices are connected to the Internet, new and more virulent security threats are an everyday concern. In spite of the legislated protections discussed in this chapter, between 2009 and 2020 health care entities reported over 3,700 health information breaches of at least five hundred records, resulting in 266 million health or health-related records being exposed or improperly disclosed. The largest breach in 2020 was a ransomware attack on Blackbaud, Inc., a cloud-based service provider; over one hundred health care organizations were impacted by this attack alone (Adler, 2021c).

In this chapter we examine and define the concepts of privacy, confidentiality, and security as they apply to health information. Major legislative efforts to protect health care information are outlined, with a focus on the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification rules. Different types of threats to health information, human, natural and environmental, are discussed, and requirements for a strong health care organization security program are outlined. The chapter also includes a broad discussion of cybersecurity challenges in today's environment.

PRIVACY, CONFIDENTIALITY, AND SECURITY DEFINED

Privacy is an individual's right to be left alone and, in the health care arena, to limit access to their health care information. Individuals control their rights to privacy. Confidentiality is related to privacy but specifically addresses the expectation that information shared with a health care provider during the course of treatment will be used only for its intended purpose and not disclosed otherwise. Confidentiality relies on the trusted relationships among providers and patients; the provider has a professional duty to maintain confidentiality. Security refers to the systems that are in place to protect health information, the systems within which it resides, and the IT assets that support those systems. Health care organizations must protect their health information, health care information systems, and IT assets from a range of potential threats.

LEGAL PROTECTION OF HEALTH INFORMATION

There are ethical and legal reasons health care professionals maintain the confidentiality of patient information and protect patient privacy. Professional ethics and standards address professional conduct and the need to hold patient information in confidence. Accrediting bodies, such as the Joint Commission, state facility licensure rules, and the Centers for Medicare & Medicaid Services (CMS) dictate that health care organizations follow standard practice, along with state and federal laws, to ensure the confidentiality and security of patient information.

Today, legal protection specially addressing the unauthorized disclosure of an individual's health information generally comes from one of three sources (Koch, 2016):

Federal HIPAA Privacy, Security, and Breach Notification rules

State privacy laws. These laws typically apply more stringent protections for information related to specific health conditions (HIV/AIDS, mental or reproductive health, for example).

Federal Trade Commission (FTC) Act consumer protection, which protects against unfair or deceptive practices.

There is a fourth major federal law providing an extra level of protection to substance use disorder patients' privacy, which is also important to understand.

Confidentiality of Substance Abuse Patient Records (42 U.S.C. §290dd-2, 42 C.F.R. Part 2)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)

Enacted in 1996, HIPAA was the first comprehensive federal regulation to offer specific protection to private health information. Prior to the enactment of HIPAA there was no single federal regulation governing the privacy and security of patient-specific information; existing laws were not comprehensive and protected only specific groups of individuals.

HIPAA actually consists of contains five sections, or titles, outlining rules to improve citizens' access and maintenance of health insurance and to ensure health information privacy and security.

Title I protects health insurance coverage for individuals who lose or change jobs. It also prohibits group health plans from denying coverage to individuals with specific diseases and preexisting conditions, and from setting lifetime coverage limits.

Title II directs the U.S. Department of Health and Human Services (HHS) to establish national standards for processing electronic healthcare transactions. It also requires health care organizations to implement secure electronic access to health data and to remain in compliance with privacy regulations set by HHS.

Title III includes tax-related provisions and guidelines for medical care.

Title IV further defines health insurance reform, including provisions for individuals with preexisting conditions and those seeking continued coverage.

Title V includes provisions on company-owned life insurance and the treatment of those who lose their U.S. citizenship for income tax purposes.

However, within the health care industry, adhering to HIPAA Title II is what is meant when referring to HIPAA. Also known as the Administrative Simplification provisions, Title II includes the following compliance requirements:

National Provider Identifier Standard. Each health care entity, including individuals, employers, health plans, and health care providers, must have a unique ten-digit national provider identifier number, or NPI.

Transactions and Code Sets Standard. Health care organizations must follow a standardized mechanism for electronic data interchange (EDI) in order to submit and process insurance claims.

HIPAA Privacy Rule. Officially known as the Standards for Privacy of Individually Identifiable Health Information, this rule establishes national standards to protect patient health information.

HIPAA Security Rule. The Security Standards for the Protection of Electronic Protected Health Information sets standards for patient data security.

HIPAA Enforcement Rule. This rule establishes guidelines for investigations into compliance violations.

The Privacy Rule was required beginning April 2003 and the Security Rule beginning April 2005. Both rules were subsequently amended and the Breach Notification Rule was added as a part of the HITECH Act in 2009.

Covered Entities

HIPAA Rules apply to covered entities (CEs), defined as health plans, organizations that pay or provide for the cost of medical care; health care clearinghouses, entities that process health information (for example, billing services); and health care providers who conduct certain financial and administrative transactions electronically. These transactions are defined broadly so that in reality HIPAA Rules govern nearly all health care providers who receive any type of third-party reimbursement.

If a CE routinely shares information with other business associates, it must establish contracts to protect the shared information. The HITECH Act expanded Business Associates as a category of CE, further clarifying that certain entities, such as health information exchange (HIE) organizations, regional health information organizations, e-prescribing gateways, Internet service providers, and vendors that provide a personal health record as a part of its EHR, are business associates when they require access to PHI on a routine basis (Coppersmith, Gordon, Schermer, & Brokelman, PLC, 2012).

Protected Health Information

The information protected under the HIPAA Privacy Rule is defined as protected health information (PHI), which is information that

Relates to a person's physical or mental health, the provision of health care, or the payment for health care.

Identifies the person who is the subject of the information.

Is created or received by a covered entity.

Is transmitted or maintained in any form (paper, electronic, or oral).

The Security Rule addresses PHI transmitted or maintained in electronic form. Within the Security Rule this information is identified as electronic protected health information (ePHI).

Specifics of the HIPAA Rules are discussed in subsequent sections in this chapter.

STATE PRIVACY LAWS

Although HIPAA is a comprehensive set of federal standards, it permits the enforcement of existing state laws that are more protective of individual privacy, and states are also free to pass more stringent laws. Therefore, health care organizations must still be familiar with their own state laws and regulations related to privacy and confidentiality.

FEDERAL TRADE COMMISSION BREACH NOTIFICATION RULE

More and more, personal medical information is online. Technologies that support personal health records and applications that collect information from patients or allow uploading of health-related data from wearable devices are common, as is the use of health-related social media sites. These technologies were not addressed in HIPAA and, therefore, do not meet the criteria as covered entities (DeSalvo & Samuels, 2016).

As a consequence, the Federal Trade Commission (FTC), the nation's consumer protection agency, issued the Health Breach Notification Rule to require these businesses to notify their customers and others if there is a breach of unsecured, individually identifiable electronic health information. The Rule applies to:

Vendors of personal health records (PHRs)

PHR-related entities

Third-party service providers for vendors of PHRs or PHR-related entities

CONFIDENTIALITY OF SUBSTANCE ABUSE PATIENT RECORDS

During the 1970s, people became increasingly aware of the extra-sensitive nature of drug and alcohol treatment records and that failure to provide specific protections might prevent individuals from seeking treatment. 42 C.F.R. (Code of Federal Regulations) Part 2, Confidentiality of Substance Abuse Patient Records was enacted to provide more stringent protection to information that identifies an individual, directly or indirectly, as having a current or past drug or alcohol problem, or as a participant in a covered alcohol or drug program. Again, covered programs are defined broadly and essentially include any programs that receive third-party reimbursement.

With limited exceptions, 42 CFR Part 2 requires patient consent for disclosures of protected health information, even for the purposes of treatment, payment, or health care operations. And, the consent for disclosures must be in writing. These regulations have been amended several times, but their fundamental purpose has remained unchanged. In 2017 42 CFR Part 2 was amended to better align it with HIPAA privacy and security regulations, and in 2020 it was amended to facilitate better care coordination in response to the opioid epidemic (US Department of Health and Human Services, 2020a).

HIPAA PRIVACY RULE

The major components to the HIPAA Privacy Rule in its original form fall into one of five categories:

Boundaries. Only the minimum necessary PHI may be disclosed, and only for treatment, payment, and operations (TPO) purposes, with limited exceptions.

Security. PHI should not be distributed without patient authorization unless there is a clear basis for doing so, and the individuals who receive the information must safeguard it. (This section should not be confused with the separate HIPAA Security Rule.)

Consumer control. Individuals are entitled to access and control their health records and are to be informed of the purposes for which information is being disclosed and used.

Accountability. Entities that improperly handle PHI are subject to civil recourse and can be charged under criminal law.

Public responsibility. Individual interests must not override national priorities in public health, medical research, preventing health care fraud, and law enforcement.

With HITECH, the Privacy Rule not only expanded privacy requirements for covered entities and their business associates, but also strengthened the rights of individuals to request and obtain their PHI and to prevent a health care organization from disclosing PHI to a health plan, if the patient paid in full out of pocket. HITECH also added provisions for accounting of disclosures made through an EHR for treatment, payment, and operations (Coppersmith et al., 2012).

The HIPAA Privacy Rule attempts to sort out the routine and nonroutine use of health information by distinguishing between patient consent to use PHI and patient authorization to release PHI. Health care providers and others must obtain a patient's consent prior to disclosing health information for routine uses of treatment, payment, and health care operations (TPO). This consent is general in nature, does not always need to be written, and is obtained prior to patient treatment. There are some exceptions to this in emergency situations, and the patient has a right to request restrictions on the disclosure. However, health care providers can deny treatment if they feel that limiting the disclosure would be detrimental.

HIPAA REQUIRED AUTHORIZATION FOR RELEASE OF INFORMATION

Under HIPAA the patient's specific written authorization for all nonroutine uses or disclosures of PHI (i.e., uses and disclosures for reasons other than TPO) is required, with limited exceptions.

Exhibit 12.1 is a sample release of information form used by a hospital, showing the following elements needed for a valid release:

Patient identification (name and date of birth)

Name of the person or entity to whom the information is being released

Description of the specific health information authorized for disclosure

Statement of the reason for or purpose of the disclosure

Date, event, or condit

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.