Dr. Maria Todd is the worlds’ single most knowledgeable advisor in medical tourism and destination healthcare development. Maria is the only medical tourism published author and consultant in medical tourism with significant training and multisector fusion experience in healthcare, employee benefits and insurance, market research, tourism, meeting planning, and the hospitality industries. As a result, her unique approach to medical tourism programming, healthcare quality and safety, and destination development is unparalleled in the industry.
She is frequently hired to travel to international conferences as an award-winning keynote speaker, and often conducts workshops for CVBs, tourism planning boards, destination management companies, tour operators and healthcare suppliers to plan, launch and enhance infrastructure operations for wellness travel destination cluster strategies.
In the USA, as Covered Entities under… — the Health Insurance Portability and Accountability Act of 1996 (HIPAA), — the Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information (Privacy and Security Framework), — the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, and —Subtitle D of the HITECH Act, which addresses the privacy and security concerns associated with the electronic transmission of health information, we are duty bound to remain in compliance with those and other regulations. Medical Tourism facilitators “test positive” as Covered Entities under the description set forth in US law
While it is true that many “tie ups” have been initiated in the past, with U.S. Covered Entities,each U.S, company must determine for itself what they can and cannot undertake in accordance with their published compliance policies.
Covered Entities are specifically duty bound to protect a) Personally Identifiable Information (PII) — information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc. PII also includes individually identifiable health information as defined by the Health Insurance Portability and Accountability Act (HIPAA) of 1996, Privacy Rule (45 CFR Section 164.5016). PII is also often referred to as personally identifiable data or individually identifiable information; and b) Protected Health Information (PHI) — individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. Individually Identifiable Health Information is a subset of health information, including demographic data collected concerning an individual that:
1. Is created or received by a healthcare provider, health plan, employer, or healthcare clearinghouse. 2. Relates to the past, present or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of healthcare to an individual, and meets either of the following: • Identifies the individual. • There is a reasonable basis to believe the information can be used to identify the individual.
The HIPAA Privacy Rule covers PHI in any medium (including paper) while the HIPAA Security Rule covers PHI in electronic form (ePHI) only. As you can see, these activities are all carried on within the normal business transactions of all medical tourism arrangements.
As a Covered Entity, or an agent for a Covered Entity (which we are in both cases) under these compliance regulations, we are limited by law to work only with Business Associates that can assert and demonstrate when audited, that they too are compliant with the rules and regulations of these compliance requirements.
THE MEANS THAT FOR US TO WORK WITH AN ORGANIZATION AND INVOLVE THAT ORGANIZATION IN ANY ACTIVITY WHERE PII OR PHI IS EXCHANGED, THE ORGANIZATION OUTSIDE THE USA IS REQUIRED TO BE IN COMPLIANCE WITH THE SAME REGULATIONS AS IF IT WERE BASED IN THE U.S..
While it used to be sufficient for a medical tourism company based in the USA to simply exchange a document called a HIPAA Business Associate Addendum (as in an “addendum” to a contract to work together) as of March 2013, the laws changed significantly. Now there is a due diligence requirement to audit whether or not the assertions are true and correct. Failure on our part to perform the due diligence places us at grave risk for sanctions and violations under the regulations.
After October 23, 2013, the significant changes now include Civil Monetary Penalties (CMP) for each violation. Prior to that date, friendly negotiations were allowed by our government, in addition to implementation of an acceptable corrective action plan. The CMP is based on the violation categories and increased penalty amounts authorized by Section 13410(d) of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Penalties are in the millions of dollars for each incidence. While we have professional liability insurance for our own actions and any potential infractions, our insurance does not indemnify us for or cover violations caused by a Business Associate with whom we do business.
In the event that payment is not received by certified check or wire funds transfer upon a Covered Entity’s receipt of a Notice of Final Determination about a violation, the amount of the penalty may be deducted from any sum then or later owing by the United States or by a State agency, and a civil action may be brought in the United States District Court to recover the amount of the penalty. As it would be difficult to pursue an agency outside of the USA for this violation, we would expect that the case for a violation emanating from outside the USA by a Business Associate of ours, regardless of disclaimers on file, would ultimately be pursued against us.
As we are unable to audit the practices, standards, operations, and security breach policies to a) determine if the organization from outside the USA is in complete compliance with the more than 200 standards and rules, b) if that organization carries adequate insurance to cover any Civil Monetary Penalty for its own actions and to indemnify and hold us harmless if the breach is attributed to their organization, and c) if they follow their own standards and policies consistently, we must limit our business involvement to only those companies that can demonstrate that they are HIPAA compliant and that we can perform such due diligence and document same.
While an organization abroad very well may be fully compliant, the due diligence checking and verification by us is impossible from such a distance and not feasible from a business standpoint. Therefore, we must often decline an invitation to work together on medical tourism business for these reasons.
I know that sometimes it seems as our responses to your overtures may seem curt and or unfriendly, but between our employees, we probably receive no fewer than 20 requests per day from all parts of the world, from facilitators wanting to Affiliate or Cooperate or Collaborate with us.We just don’t have the time to write each one a detailed and lengthy response to explain why we must maintain these services internally, and not hire them out to others.
I hope this helps to better explain not only our position, but that of the many medical tourism companies in the USA that have the same policy in place.
Please don’t hesitate to ask further questions about this. I know its complicated.
Henry Ford once said of his Model T: “The customer can have any color he wants so long as it’s black.” Of course, it wasn’t long before market pressure and changing cultural norms forced a change in auto design. Adaptability enabled Ford Motor Company to become one of the most successful and longest-lived auto manufacturers in history. Are health tourism conferences, congresses, forums, and summits headed for the same fate?
I believe that the model of a few show and tell presentations, a flurry of 20-minute panel presentations without any substantive topic development presented by panelists either blatantly or surreptitiously hawking services and other agendas from the podium, and speed-dating B2B meetings have run their course.
First, while networking is absolutely important, I cannot vet the quality, safety or destination appeal and readiness of health tourism provider on the basis of a handshake, a brochure, and a 15-minute interaction. I need to walk their halls and observe the customer service, cultural and language mastery, and quality and safety practices in action. And for me personally as a former hospital administrator and surgical nurse, I want a list of all their advanced medical technologies, a directory of their celebrity doctors and their CVs, a copy of their privacy and security policies, to observe of at least six cases in their operating theater, and have a look around at the health tourism local value chain suppliers and airport connections and fare tariffs to determine destination living brand and feasibility.
Second, I am unable to politely listen to poorly designed micro speeches and illegible, low-contrast graphics and poor screen-presentation color choices on PowerPoint, Keynote and Prezi slides that lack the substantive content I need to decide if the supplier can fill a need for one of our clients. Conference organizers and panel moderators that refuse to accept responsibility to vet slides, handouts, and other presentation materials in advance for content appropriateness and readability should simply decline when asked to participate.
Third, while I believe that there should be a “pitch track” to allow sellers to sell, but I believe that this should be organized on a showcase format that runs on a parallel track to educational programs. These should be coordinated so that they start and end at coordinated times, without overlap. Adult attendees should be free to select sessions from a menu of educational programs, workshops, and destination showcases without being forced to sit through presentations that don’t serve a purpose for them.
Fourth, meal times are not appropriate for real networking, because it is not polite to talk with one’s mouth full. Also, one may not want everyone at the table to hear details of a discussion, nor may everyone at the table be interested in where the “ringleader” has taken the discussion.
Health tourism conferences, congresses, forums, and summits are profit-driven, even when they are sponsored “in association with” non-profit trade associations. It’s time that industry conference organizers recognize the “market forces” and pay heed to “customers” and adapt. Their ability to compete in a global economy relies on it. More and more conferences are available from which to choose.
Hiring professional workshop leaders, trainers, and speakers that inspire the market to the next quantum jump in medical tourism market development is far different from inviting a panelist from far away to come talk about a topic for twenty minutes. Many authors of books don’t speak well – unless they are speaking about the benefit of buying their books…or buying placement in their books. It actually depends on what the book is about. Consultants who are asked to conduct workshops should be held accountable to deliver course objectives, not pitch consulting services from the podium through “hire me for the rest of the story” teaser sessions.
It no longer suffices to pay lip-service to the need for sharper skills, better education and training, and substantive topics on health tourism. If conference organizers can’t afford to pay international business class airfare and professional speaker fees to world-class professional speakers, workshop leaders, and trainers, they should ask sponsors to support a session with the underwriting of those costs.
To move the health tourism industry forward, it is not enough to think of the education necessary to prepare the entrepreneurs, knowledge workers, government agencies, and marketers for the challenges of tomorrow’s health tourism as a series of meaningless and unrecognized certifications and discreet units existing side-by-side without logical connections. As an industry, we must build “learning communities.” To quote Ford: “Coming together is a beginning; keeping together is progress; working together is success.”
As a paradigm is stretched to its limits, anomalies — failures of the current paradigm to take into account observed phenomena — accumulate. From where I sit, this paradigm shift has begun. The puzzle solutions are evolving within the context of the new paradigm. Those of us who have sustained their medical tourism business for more than five years are already solving their own business puzzles within the new paradigm. More conferences, congresses, forums, and summits to line the pockets of the organizers without accountability for real value to participants and exhibitors won’t be a part of that solution.
It’s time to re-examine the value proposition of all these health tourism conferences, congresses, forums, and summits and the sacrificed time they rob from the profit-making business activities that deliver actual revenue. I know my board has laid down the law for me for 2014. If we can’t realize 10x in measurable revenue compared with the lost productivity and attendance costs for me to be away, I can no longer justify attendance. I’ve heard from many other executives, colleagues, sponsors, and exhibitors that their boards and decision committees are giving similar diktats. If you have received similar orders, add your comments below so organizers will hear the voices of their consumers.
The battle of the sexes goes to the mattress. It’s men vzzzzzzzz women.
Men sleep. Women sleep. And there the similarities doze off. The way we sleep is a whole wake-up call of differences, pillow counts to pajamas, bedtimes to bed making, who’s wearing nothing at all and who’s wearing something on their feet.
December is supposed to be the time of year filled with family gatherings and holiday good cheer. For medical residents, quite the opposite is true.
There are no school breaks during residency. Being a medical resident is a real job, and a stressful one at that. Residents work long shifts, even with caps that max out at 16 hours for the newbies and up to 28 hours for those beyond the first year.
For many of our trainees — especially those fresh out of medical— this will be the first holiday season without time off.
I remember lamenting my first December having to work straight through. A wise mentor helped me reframe my self-pity.
"It’s a privilege to work on Christmas," he told me. "Our patients count on us. You may not want to be in the hospital, but think of what they’re going through." He smiled, as if he were welcoming me to a special club, one that I wasn’t wholeheartedly ready to join. "Your mere presence helps reduce each patient’s sense of loss."
I was rotating in intensive care, where the outlook for patients can be quite grim on any day, regardless of the season.
A 30-something patient I’ll call Will was brought in after paramedics found him unconscious on the street.
He was in a coma. We didn’t know the cause, but set to work trying to give him every opportunity to arise from the slumber of his critical illness.
I was on the rotation with two other interns. We took turns spending nights in the hospital — each of us taking every third night on call. The first night, my buddy Paul spent the night at Will’s bedside trying to figure out a way to replenish his body with fluid, given the massive output that was draining into his urine bag.
Will had suffered a brain injury. One effect was diabetes insipidus, a condition that meant his kidneys couldn’t hold onto his body’s water. The result can be rapid dehydration and death.