Presenter: Mark Polly, Director, Portals, Content & Social, Perficient
We discuss five core practices that healthcare organizations must implement correctly in their portals to
achieve an excellent digital experience.
5. Security
By Security we mean:
• The data is secure
• The access point is
secure
• Setup is secure
• The system will track
anything that happens
on the portal
5
6. The Data Is Secure
So the key things to do on your
healthcare portal to meet this
requirement include:
• Architect the portal to add multiple
layers of firewalls, etc.
• Store as little PHI as possible on
the portal
• Make the back end data available
only via a secure api or service call
• Setup trusted servers between the
portal back end systems
• For external calls, setup a secure
gateway through a tool like IBM
WebSphere Datapower
6
The law demands that any Personal Health Information (PHI) must be
encrypted at rest.
7. The Access Point Is Secure
You want to grant access to the right person:
• Create a secure login / profile
• Consider adaptive authentication
similar to what banks use
– Logging computer
– Providing security image
– Asking additional questions
– Etc.
• Secure any login with https.
(yes, it’s “no duh!” advice but still
important to state)
7
Don’t forget that the easiest hacks may come through social engineering
8. Setup Is Secure
Some things to consider
• Verify their identity
– Key information provided to you by
snail mail
– Check on government id
– Online check of last procedure, unique
id’s of that procedure, etc.
• Follow the law but don’t go overboard
– If someone is in a hospital about to
have their hip replaced and is sitting in
the bed waiting for the
procedure………. They probably are
that person and you can issue a
username/password
8
Most Hospital or Insurance security teams worry about verifying a users
identity. Their nightmare is when a non-authorized user sees someone
elses data. (spouses included)
9. The System Will Track All Activities
Auditing may not improve security but it does provide
clues when things go wrong
• You must track any writes
• You must track any views of PHI
• You must track proxy setup and
proxy use
• You should track bill payments
and other non-PHI activities
• You want to track via web
analytics a variety of other site
uses like find a doctor and
appointment scheduling
9
Both Payer and Provider need to track auditable activities like changes
to plans, changes to profile, viewing of PHI, etc.
11. • Typically the first
impression of your brand
• Often the most used
feature
• Implemented by payers
and providers
• Common issues we see
– Complicated Interaction
– Unsatisfying results
– Confusing Language
Why Find a Provider?
11
29. Integration: The Hospital Version
• Electronic Medical Record
Systems
• Invoice System
• Find a Doctor
• Schedule Appointment
• Pre-registration
• Classes and Events
• Customer Service systems
• Web Content between patient
and consumer sites
29
Hospitals are rushing into the sharing of data but that demands new
infrastructure that may not exist.
30. Integration: The Payer Version
• Claims
– Members
– Providers
• Payments
• ACO reporting
• Member management
systems
• Authorizations
• Etc.
30
Payers have more extensive infrastructure but many still need a better
integration layer and a common set of integration services
All too often, integration means digging out of a hole
31. Integration: What To Do
• Healthcare Portals must
have a service layer …… or
two to do their jobs right
• Portals don’t want to store
data, they want to make real
time calls
• Use or implement a common
ESB
• Use or implement a security
gateway
• Web Services and RESTful
services are most common
• Consider direct api calls if
latency is a concern
31
34. Mobile Web Sites - What do you do?
• Payers
– Mobile Web Site is a must
• Providers
– Mobile Web Site is a must
34
If you don’t have a mobile web site, you are already behind.
35. What about a Mobile App
• Do you need a Mobile App available through
the App Stores (Apple, Google, etc)?
• Will a Mobile Web Site suffice?
35
38. Health and Living - Mobile App Ranking1
38
1 100
myCigna
MyHumana
Kaiser
Permanente
Aetna Mobile
46 57 67 84
1
Ranking provided by App Annie 1/4/14 (www.appannie.com)
United
HC
68
39. Medical - Mobile App Ranking1
39
1 100
1
Ranking provided by App Annie (www.appannie.com)
Epic MyChart
4
Anthem BCBS
68
44. Medical - Mobile App Ranking
44
801 900
Florida
Hospital ER
Wait
818
45. Mobile App - What do you do?
• Payer
– You probably need a mobile app
– Take advantage of location services for Rx, Find a
Provider
• Provider
– Major health system – leverage the large number of
potential users to provide a mobile app
– Others consider specialized mobile app targeted to
specific tasks
• Request appointment, refills, etc
• Location based facility mapping
• Specific diseases
45
53. Personalization
• “Personalization technology enables the dynamic
insertion, customization or suggestion of content in
any format that is relevant to the individual user,
based on the user’s implicit behaviour and
preferences, and explicitly given details.” From
Wikipedia
– Dynamic insertion of customized and / or suggested
content
– Relevant to the individual user
– Based on implicit and explicit behavior, preferences and
attributes
53
54. Now this is personalized
54
You have regular prescription refills
every month. Take advantage of our
mail order prescription service and
you may have no copay on some
prescriptions. Learn More
58. • Access Connect Online to complete your session surveys
using any:
– Web or mobile browser
– Connect Online kiosk onsite
• Contact us
– Mark Polly – mark.polly@perficient.com or @markapolly
58
59. About Perficient
59
• Founded 1997
• 2600 + employees
• 2013 Revenue ~$375M
• Public, NASDAQ: PRFT
• Local Business Units in over 20
major US Cities
• Solution Integration Award 2012
• 3x Lotus Distinguished Partner
• **WINNER of Best Digital Experience @ Connect 2014
• Best Portal Solution Award 2010
• Smarter Decision Award
• Industry Focused & Authorized:
• Healthcare, Retail & Financial Services