Encounters and Orders World Mismatch, Our Experience

Encounters and Orders World Mismatch, Our Experience

Our product BodyMapSnap had a humble start, with a vascular surgeon wanting to coordinate his pre-and-post care and developing compliant mobile photo collaboration tool such as Slack to fix the HIPAA issues inherent in social media photo and video apps.

Efficient and accurate care coordination requires a lot of visual elements, including tracking the wound healing process, or checking case planning worksheets to make appropriate pre-operative decisions as a team

As those images accumulate, other clinical users have started to ask why not share some of these images and videos in their PACS/VNAs or EHRs. We’ve found that similar workflows were largely shared by Pediatrics, Orthopedics, Sports Medicine, Dermatology, Wound Care, Podiatry and even Dentistry.

In traditional clinical imaging scenarios, an image acquisition device is considered as a modality (like CTs and Ultrasound). So, to use those devices, an order is made, and radiologists read the images and create reports.

In our development, a few things became very clear:

1.      All those images are centered around an encounter and episode of care.

2.      Not every image is relevant in being associated with medical records, but “exporting” selectimages to PACS/VNA and EHR provides great benefits.

3.      For PACS/VNA imaging orders are typically needed.

This has been the typical clinical integration “impedance mismatch” and has been the subject of many concerns in our own customer discussions.

In this article, we would like to share how we are approaching our solution today to address this impedance mismatch.

Every Study by Default Starts with an Anonymous Encounter

When a clinician launches (or resumes) the BodyMapSnap app, the user is asked whether it is a New Encounter or a continuation of the on-going encounter. In both cases, it does not require a patient name, MRN or order to proceed. The user can proceed to take photos and chat with other users to discuss cases immediately.

Traditional Modality Worklist Starting Point is also Possible

A user is also given a choice to go to open the “Patient List” and select the appropriate patient from the Modality Worklist.

Unified Patient List Mode

If a unified patient/order search* strategy is used in combination with BodyMapSnap, it is also possible to present the unified patient list from the amalgamation of MWL, Prior Studies, and admission events from the EHR feeds.

If appending of a new series to an existing imaging order is permitted, we can “push” selected images into an existing imaging accession.

Automated Order/Accession Generation

Auto order generation and routing strategy* is an option if a patient has already been established and accession generation scheme can be implemented with the customer.

In addition, it is possible to push images to EHRs as an unsolicited order/report and store the image in their “media tab” without an order.

After-The-Fact Push

Any anonymous encounter will “park” on our the BodyMapSnap’s secure server. A user will be able to associate anonymous encounters when a patient or order is established.

Image uploaded from iOS.jpg

OCR to the Rescue

We have an OCR engine** plus a bit of AI and so the encounter has a photo of wrist band, bar-code, QR code, association of anonymous studies and “after the fact” push will be automated. This does not have to be the very first image.

In Conclusion

We have found that a surprising number of clinical users rely on photos to orchestrate efficient and accurate care coordination. We’ve explored many ways to match the encounter based and order based visual imaging workflow and clinical users can have effective choices in realizing both worlds to interoperate. We are hoping better recognition of the encounter based scenarios in medical informatics industries will provide even better support in the coming months.

*WinguMD has tested with DICOM System’s Unifier to realize these functionalities.

** We have integrated with medical grade OCR from EDCO

6 Reasons Why BodyMapSnap is Made for Home Care Providers

If you are a home nursing care provider professional, WinguMD BodyMapSnap’s patient centric visual collaboration features can make significant improvements in the efficiency and accuracy of your care-giving activities while providing medical grade security in all your communications. And you are just one download away to start trying our technology, free.

1. Gain Efficiency and Accuracy: You already use your iPhone to coordinate your daily life to run more efficiently with your family and friends. BodyMapSnap's patient centric approach, unlike other secure medical messaging apps, gives you the care contexts to speed up your work on your iPhones; instantly.

2 .. Mobile & Secure: Record images in patient homes anywhere and anytime, without the worry of HIPAA regulation concerns. Everything is secured from the moment you press the shutter button or type in a message.

3. Record Everything: Do not limit the picture taking to patient conditions. For example, instead of jotting down all the medications the patient is taking you can just take the photos of the bottles and bags. Capture insurance card images and consent forms too. BodyMapSnap can recognize those into text so you can always search for them later.

4. Geo Location: BodyMapSnap can keep track of where you took the images. Then use  your iPhone's map and driving directions for revisits and to locate staff closest to the patient.

5. Instantly Chat with Your Team: You can message and instantly alert everyone in your care coordination team to review cases and ask for assistance from your medical staff.

6. Includes Free and Simple Visit Management System: Don't have an Electronic Medical Record (EMR) or Scheduling System? We have a free and simple schedule management system built into BodyMapSnap. You can also search by patient name, medical record numbers and reasons for visits. We can of course integrate with most of your system today or as you grow your own practice.

BodyMapSnap has the free-forever trial tier where you can take as many days as needed to try it. We never delete your photos, and your “view-only” collaborators can use it free any time. Download it from the Apple iTunes Store (from your iPhone) and start gaining the efficiency and security today.


Is Text Messaging Really Not Secure?


Why do we hear that Text Messaging (SMS) is not acceptable in health care? What aspects of it aren’t good for medicine? Is there some technical flaw? Do we really understand all the issues?

I decided to look into the matter, and would like to summarize this mainly for doctors and clinical people. I’ll avoid using terms like protocol payloads and PDUs of GSM networks.

SMS is the industry term for Simple Messaging Service, a technology designed about 30 years ago and designed to operate internationally by phone providers. The familiar 140-character limit that still exists on Twitter even to this day traces back to this standard. Today, most of us refer to SMS and Text Messaging as the same thing. 

Known SMS Security Issues

According to the Wikipedia article on SMS;

  1. Your Message is Exposed Over the Air: We must remember that anything that goes over the airwaves can be captured and then analyzed. While encryption is applied when your messages are exchanged, until 3G was introduced, it was quite easy to decipher mobile messages. In 3G and above the whole authentication and encryption have been revamped. One caveat is that you may not know if you are in 3G/4G mode; your phone can switch into 2G, for example, when you exhausted your data quota, or in a remote area where 3G is still not available.
  2. Messages are Stored First: Because you could be offline for a while, the carrier must store the message on its computers until it can contact your phone again. If someone is able to break in, or steal your phone this can expose your messages. 
  3. Messages Can Hop Through Various Networks: This is not a direct point-to-point communication. Messages will go through various points in the network that you do not control. Someone could record the traffic and abuse it.
  4. Destination Identity Cannot Be Confirmed: There is no real confirmation that the recipient is indeed the person to whom you want to send the message. In other words, you can send a message to a wrong number, and it would be too late.
  5. Identity of Message Source Can Be Faked: Just as Caller IDs can also be faked, so can the source of the SMS message. Someone can use a caller ID of a doctor or a family member of a patient you know to get some important info.

Is SMS Really That Bad for Security?

Using text messaging exposes you to many security issues, but don’t lose sleep over this. Most messages are exchanged without an incident. 

But it is time to move to a more secure solution where the access is controlled by you or your hospital's administrator; that you have an assurance of exactly who you are communicating with; and data are always encrypted from the moment you push the "send" button.

For HIPAA, you need to have additional security related controls such as being able to audit your medical information distribution and sharing activities. This would normally require a more healthcare dedicated system such as your EHR, PACS or our medically dedicated mobile photo solutions.

What We Recommend

First and most importantly, the majority of security breaches are due to the mismanagement of security practices. For example, do you change your office internal WiFi password when an employee quits? My other blog post, Seven Essential Low Tech Practices for Security Compliance, touches on this issue. Correct those “people” issues first.

There are many great secure messaging and sharing services out there and many of them are free or have great free trial programs. So why keep taking the risk? I would search for “Secure Messaging” or “Secure Photo Sharing” on your search engine and try them out.

Why We Developed ZoomShare

You might already have seen our ZoomShare feature. If you pinch on an image, a button on the bottom of the screen appears saying “Share.”

At first, you might think it is a bit strange why you would want to do this.

But, Why?

The context is the most important aspect of collaboration. So, not losing your viewing context is our number 1 priority. The next important WinguMD philosophy is to significantly accelerate your communications. Together we have designed a truly effective and efficient way for you to communicate in medical settings.

Now, let's imagine that you find a part of the picture that you have a concern with and want to discuss about that specific part.

One way, you probably have seen, is to let you draw an arrow, line or a circle. In radiology workstations, this is called a Region of Interest (ROI).  On desktop computers, you can use a mouse to draw shapes and it’s relatively easy to do.

Try drawing on a tiny mobile screen with your finger. It will take a lot of time to get it right. We believe that simple stretching and panning is a great deal faster. So, this is our method: you can stretch, pinch, zoom, and center the area of interest in the picture naturally and carry on with the rest of the conversation. 

How to Use BodyMapSnap ZoomShare

While viewing the full image, place two fingers on the image and using the stretching or pinching action zoom in to the image with the size you desire, then with one finger, you can pan the image to center the area of interest. You probably have used these gestures already from other apps.

BodyMapSnap ZoomShare is very simple and quick way to share your viewing contexts.

BodyMapSnap ZoomShare is very simple and quick way to share your viewing contexts.

Once it looks right, press the share button and the image is shared with the rest of the team in the discussion. The original image is not altered. The zoomed version will appear in the chat message, and if you tap on it, you will see the full screen version of it.

It really is just as simple as that.

From our natural language search to text reader to this, WinguMD's goal is to make your medical collaboration easier, faster, accurate and of course secure.

Significantly Increase the Security of BodyMapSnap Log-In with Google 2-Step Authentication


You've probably heard about 2-Step or 2-Factor authentication and wondering what it is and why we would want to use it.

You may not realize it, but you've been using 2-Step authentication all along. Your ATM card is a part of the 2-Step authentication system. The two parts are your card and a PIN.

With Google 2-Step authentication, Google provides you with an authenticator app that installs on your mobile device*. You use it in addition to your email address and a password.

When you log-in with Google 2-Step authentication, you need this authenticator app. It shows a new 6-digit code every minute that only you and Google can match. As the code expires in that minute, stealing the code will not do much.

With BodyMapSnap Google authentication integration, here is what happens.

1.      Google gives us the confirmation that it is you who has signed on based on your password and authenticator code.

2.      Google makes sure that the request came from a Google registered BodyMapSnap server (and not from a hacker's make-shift server).

Another big benefit is that your Google password is never seen by BodyMapSnap, therefore, it's not possible for BodyMapSnap to leak your password.

Why is it “quite a bit” more secure?

Imagine that you contracted some malware, your password was leaked world-wide, and remote hackers attempted to access your account. With the 2-Step authentication, they still need your authenticator, which they are extremely unlikely to have.

To help you sleep even better though, Google now notifies you when there are any new sign-in activities.

2-Step verification is still not a panacea. Imagine someone you know has “borrowed” your phone, hence the authenticator, and if the person knows your phone unlock code and password, that won’t prevent access.

So, please keep up with your security by changing your password often, not use a password that’s easily guessed like your pets’ or children’s names, and making sure you put a lock code or use the fingerprint feature on your phones.

Now you know that 2-Step authentication gives you significantly better security for medical information handling,  and why we have integrated it.  Google also gives this technique free for everyone.

This is another way, WinguMD provides better security for all your medical collaboration needs.

Additional Notes

*I use another authenticator called Authy. If you start to use many other services that has 2-Step authentication, it is a lot more convenient.

WinguMD Joining GE Ventures & Startup Health Entrepreneurship Program


Oliver Aalami, MD
Chief Medical Officer, Cofounder

WinguMD has a very clear mission: to build the best mobile medical photography solution. Photos are an extremely powerful way to document and communicate, and we are building the platform to enable just that, for healthcare. That is why we are thrilled to partner with StartUp Health and GE Ventures to gain more traction and scale with GE’s global network. 

StartUp Health offers a visionary team and has been phenomenal to work with thus far.  They see the potential of digital and mobile to transform all aspects of healthcare. We are excited to participate in their program to get the industry and market intelligence necessary to be successful in today’s ecosystem. We are also excited to join their national community to help improve the delivery of healthcare and touch as many lives as possible! 

2016 will be an exciting year for us filled with more EHR and imaging network integrations (such as DICOM Systems) as well as feature roll-outs to enhance user experience and image analysis. There are also many medical specialty-specific features being developed—stay tuned! 

Photos truly tell a story. We are passionate about making “dumb” JPEGS “smart” for healthcare with structured metadata and integration into the legal medical record. Too much data is being left on the table today with the explosion of the non-medical grade mobile digital media being generated for healthcare. We get it and want to  leverage the efficiency associated with this behavior and are working hard to incorporate it into the existing clinical workflows. As part of the GE Ventures & Startup Health Entrepreneurship Program we are even more confident that we can achieve our goals.

7 Most Essential "Low Tech" Security Practices


You have most likely seen and read about HIPAA breaches or other technical security issues. Often we do not realize that many of these issues are actually due to the incorrect use of technology, as well as not having established the most basic people procedures.

For example, let’s say that someone working in your clinic leaves. Do you know for sure that that person no longer has access to your clinical systems? You could have gotten the building key back, but remember the person can still come by your office, access Wifi and still do damage. Essentially you only took back one key: there are actually many other doors to your office.

So it’s essential that before you think about technical security, make sure your own people are complying with good security practices every day.

Here are some basic things you can do: 

  1. Use your phone’s auto PIN lock or fingerprint access and know how to remotely disable your phone.
  2. Assign a username and password for each of your employees. This is also important for the off-boarding process. For example, if you are sharing a password for the clinic’s main email access, change that password.
  3. Check and understand where and which mobile devices are being shared. Again, be vigilant about changing passwords.
  4. Make sure everyone is aware that accidental photo taking of PHI (labels, charts, name tags, address, bills, envelopes, etc.) can cause a HIPAA breach.
  5. Avoid emailing PHI containing information in the text of email. If you must send the information, use a secure email service or zip the file and then assign a password.
  6. Have a simple and regularly updated employee off-boarding checklist. Remove access to web-based subscriptions, office VPN, and often missed but most important, the WiFi password.
  7. Train every employee on all of the above. Keep a signed record of training.

When you’re all set with the above processes, take the time and find, evaluate, and establish a medical enterprise grade secure messaging and image sharing solution. 

Cover Photo: "- Padlock -" by User:Nino Barbieri - Own work. Licensed under CC BY-SA 2.5 via Wikimedia Commons

The Tie Between A Doctor’s Illegible Signature And BodyMapSnap

By Dr. Oliver Aalami, M.D.
Vascular & Endovascular Surgeon

As practicing physicians, we often find ourselves racing around the hospital or clinic putting out one fire after another—the schedule you begin with is never the one you end up completing.  In the world of healthcare professionals, efficiency is priority. If our workflow is disrupted or prolonged by a menial task, the ramifications will be severe. The more clicks an electronic medical record system or order entry system requires, the more we’ll bicker. During the days of paper charts and orders, doctors had to sign their name 50 to 100 times a day, hence the illegible signature. Communication and collaboration have always been integral to the management of patients. We used to be tied to our land line phones and pagers. However, the proliferation of mobile phones has transformed the way healthcare providers communicate and collaborate.

Smartphones are equipped with texting platforms that now include rich media such as photos, movies and GIFs. These forms of communication have largely replaced phone calls in our private lives and, not surprisingly, are also the preferred way to communicate and collaborate in our work lives. Why is this? It turns out asynchronous communication and collaboration is great for healthcare providers because it is EFFICIENT! We can multi-task while quickly receiving and sending messages. These messages pack an even greater punch when you start adding photos and movies.


It turns out that the data that can be condensed in a photo are tremendous—a picture is truly “worth a thousand words.” And what has started to fascinate me even more over time is how quick the image/data acquisition AND interpretation is with photos. How long would it take me to write or read a detailed description of a physical finding to document or communicate? You just can’t compare the two.  Moreover, photos leave very little room for interpretation, far less than written notes. For all these reasons, the practice of taking mobile photos/videos for medical documentation and communication has blown up over recent years. Over 90% of physicians in our internal study admitted to taking medical photos with their smartphones.


As beneficial as it may be to document and communicate with our smartphones, there are many problems with using our personal mobile devices. The photos are mixed with our personal photos, there’s no body part tagging or laterality information and the photos are impossible to find. When the photos are shared, they’re sitting on our mobile carriers’ servers. To top it off, administration is always breathing down our backs telling us not to do what is making our lives so much easier! This frustration gave me the conviction to build a mobile medical photography solution that’s not only HIPAA compliant but much, much better than the simple camera on my iPhone. I began my journey to develop a  “medical grade” mobile photography platform and BodyMapSnap was born.

At the end of the day doctors have illegible signatures because they value brevity and efficiency. BodyMapSnap continues this tradition and was created to capture the efficiency in mobile collaboration and documentation. Not only do you get all the medical grade contextual information with each photo/video, all images are packaged and ready for integration into the medical record.