Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

How Do We Balance Improved Outcomes with Protecting Personal Information?

Posted on July 29, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

There’s an interesting article by the Pacific Standard (never heard of them before now) about the “hidden market” of medical data that exists. The final paragraph provides a great summary of the challenges we face when it comes to health data:

There is no perfect way to balance the competing priorities of using big data for improved health outcomes and protecting our personal information. Opinions on which interests should come first will differ—and should. But the debate cannot be open, honest, or effective if major companies like Walgreens or Safeway are secretive about what they do. People are often generous when it comes to volunteering personal data for the purpose of advancing medicine. They are less so when it comes to enriching sellers of information. Either way, the proper course of action is disclosure. Simply put, if our medical data is being bought and sold, we deserve to know it—and have a say. Perhaps making our data available to others is as helpful to medicine as IMS claims. But shouldn’t that be up to us?

That’s the best summary of balancing improved outcomes and personal information that I’ve ever read. We all want better outcomes and I think that most of us believe that the right healthcare data will get us to better outcomes. We also all want our data to be protected from people who will use it inappropriately. The balance between the two competing priorities will never be perfect.

The reality is that there’s going to be more and more healthcare data available about all of us. Much of that data is going to be shared with a large number of organizations. Most people are just fine with that sharing assuming they believe the sharing will help them receive better care. However, there does need to be some mechanism of transparency and disclosure about when and how data is used. That doesn’t happen today, but it should happen.

The challenge is that pandora’s already out of the box. The data is already flowing a lot of places and putting in accountability now will be a real challenge. Not that I’m against challenging things, but we’re kidding ourselves if we think that accountability and transparency around where and when are data is shared is going to be easy to accomplish. First, companies are going to be dragged kicking and screaming to make it happen. Some because they know they’re doing some things that are at least in the grey area and some are totally shady. Others aren’t doing anything inappropriate, but they realize the costs to implement transparency and accountability for the health data they share is going to be very high. A high cost project that doesn’t add any more revenue is a hard business proposition.

While I’m not hopeful that we’ll see a widespread transparency about what health data’s being shared where, I do think that some forward thinking healthcare companies could push this agenda forward. It will likely happen with some of the companies who have avoided the grey and shady areas of health data sharing that want to create a competitive advantage over their competitors and build trust with their users. Then, some others will follow along.

What do you think that could be done to make health data sharing that’s happening today more transparent?

Ashley Madison Data Breach – A Lesson for Health IT

Posted on July 28, 2015 I Written By

Colin Hung is the co-founder of the #hcldr (healthcare leadership) tweetchat one of the most popular and active healthcare social media communities on Twitter. Colin is a true believer in #HealthIT, social media and empowered patients. Colin speaks, tweets and blogs regularly about healthcare, technology, marketing and leadership. He currently leads the marketing efforts for @PatientPrompt, a Stericycle product. Colin’s Twitter handle is: @Colin_Hung

The recent hack of the Ashley Madison, Cougar Life and Established Men infidelity/hookup websites has been front page news. Overnight the lives of 50 million site members (pun intended) were potentially stolen by a hacker group calling itself “The Impact Team”. The Washington Post and CNBC have great articles on the details of the hack.

As the story unfolded I became more and more fascinated, not because of the scandalous nature of the data, but because I believe this hack is a lesson for all of us that work in #HealthIT.

The value of the data that is held in EHRs and other health apps is somewhat debatable. There have been claims that a single health record is worth 10-200 times more than credit card data on the black market. The higher value is due to the potential access to prescription medications and/or the potential to use health data to commit Medicare fraud. A recent NPR post indicates that the value of a single patient’s record is approximately $470 but there is not a lot of strong evidence to support this valuation (see John Lynn’s post on this topic here).

While $470 may seem like a lot, I believe that for many patients, the reputational value of their health data is far higher. Suppose, for example you were a patient at a behavioral health clinic. You have kept your treatment secret. No one in your family or your employer know about it. Now suppose that your clinic’s EHR was breached and a hacker asked you for $470 to keep your data from being posted to the Internet. I think many would seriously consider forking over the cash.

To me this hypothetical healthcare situation is analogous to what happened with Ashley Madison. The membership data itself likely has little intrinsic value (even credit card data is only worth a few dollars). HOWEVER, the reputational value of this data is extremely high. The disruption and damage to the lives of Ashley Madison customers is enormous (though some say well deserved).

The fall-out for the company behind Ashley Madison (Avid Life Media – a Canadian company) will also be severe. They have completely lost the trust of their customers and I do not believe that any amount of market spin or heart-felt apology will be enough to save them from financial ruin.

I believe what Avid Life Media is going through is what most small-medium sized clinics and #HealthIT vendors would face if all their patient data was exposed. Patients would utterly lose faith and take their business elsewhere (though admittedly that might be a little harder if other clinic choices were not covered by your insurance). Even if the organization could afford the HHS Office for Civil Rights fines for the data breach, the impact of lost patients and lost trust would be more devastating.

With the number of health data breaches increasing, how long before healthcare has its own version of Ashley Madison? We need to do more to protect patient data, it can no longer be an after-thought. Data security and privacy need to be part of the design process of software and of healthcare organizations.

Life’s short. Secure your data!

Funny Codes Exist in ICD-9 Too…And It Hasn’t Been An Issue

Posted on July 27, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I was recently thinking about ICD-10 and how in many ways it’s been a punchline of jokes since there are some pretty crazy ICD-10 codes. I’ve enjoyed the crazy and funny ICD-10 codes as much as the next person (we all need a good laugh on occasion), but I think it’s generally been bad for the move of ICD-10. Now that I think ICD-10 will not be delayed again, ICD-10 is no joke.

With that in mind, I wanted to put the funny ICD-10 code discussion to rest. So, I asked on Twitter if there were any “funny” ICD-9 codes (of course if you have any of these things, it wouldn’t be too funny). In response to my tweet, Jennifer Della’Zanna created this great post that puts the “funny” ICD-10 codes in perspective. She also provided me this list of ICD-9 codes that could possibly be considered funny codes as well:

E928.4 External constriction caused by hair
E918 Caught accidentally in or between objects
E005.1 Injury from activities involving yoga
E913.3 Accidental mechanical suffocation by falling earth or other substance
E018.2 Injury from activities involving string instrument playing
E827.4 Animal drawn vehicle accident injuring occupant of streetcar
E845.0 Accident involving spacecraft injuring occupant of spacecraft
E905.4 Centipede and venomous millipede (tropical) bite causing poisoning and toxic reactions
E917.7 Striking against or struck by furniture with subsequent fall
E927.1 Overexertion from prolonged static position
E927.2 Excessive physical exertion
E928.0 Prolonged stay in weightless environment

You could see a nice sticker with a picture for E905.4 as a centipede bite, that’s funnier than the full description. That’s what’s happened with many of the ICD-10 codes that are made into jokes. However, that misses my point. My point is that we’ve had some funny ICD-9 codes for a long time and it’s never been an issue. The ICD-10 codes that have been made into jokes won’t be an issue either. It’s time to move on to the ICD-10 codes that do matter and make sure we’re ready for ICD-10 come October 1st.

Healthcare Standard Proliferation Comic

Posted on July 24, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

It’s Friday and I’m in Utah where today is a state holiday (think a second July 4th party). What does all that mean? It’s time for another Fun Friday post. I thought this comic that Dan Munro shared would be perfect:

I think the only modification we need is to have it say “See: Healthcare.” If you want to make this educational, the comic does point out some other places we could look to see where standard proliferation has been a problem. Or you could just enjoy the humor and head for the weekend. Either way, Happy Friday!

Dropout Docs – The Answer for #HealthIT Startups?

Posted on July 23, 2015 I Written By

Colin Hung is the co-founder of the #hcldr (healthcare leadership) tweetchat one of the most popular and active healthcare social media communities on Twitter. Colin is a true believer in #HealthIT, social media and empowered patients. Colin speaks, tweets and blogs regularly about healthcare, technology, marketing and leadership. He currently leads the marketing efforts for @PatientPrompt, a Stericycle product. Colin’s Twitter handle is: @Colin_Hung

We’d like to welcome a new guest blogger to our ranks. If you’re on social media, you probably know Colin Hung (@Colin_Hung), Co-Host of #hcldr. Colin is also head of Marketing for @PatientPrompt, a product offered by Stericycle Communication Solutions. We look forward to many posts from Colin in the future.

Recently both Nick van Terheyden (@drnic1) and Mandi Bishop (@MandiBPro) shared a link to an interesting article via Facebook. “Dropout Docs: Bay Area Doctors Quit Medicine to Work for Digital Health Startups”.
Dropout Doctors - Bay Area Doctors Leave Medicine for Healthcare Startups
The article highlights a new phenomenon happening In the Bay area – would-be doctors are dropping out of prestigious medical schools to pursue careers in digital health. Even those that complete their schooling are opting to join digital health start-ups/incubators (like Rock Health located in San Francisco, very close to USCF Medical Center) rather than apply for residency.

Being a doctor or a surgeon was once the pinnacle of achievement in American society, but with changes to reimbursements and general healthcare frustration, many are not seeing the practice of medicine as the rosy utopia it used to be (or was it ever?). Now even physicians are succumbing to the siren call of #HealthIT where there is a chance to “do good” and make a difference on a large scale.

I believe this trend could be a good thing for #HealthIT. Having more peers who are enthusiastic and passionate about improving healthcare can lead to more positive innovations. Consider the following quote from a doctor who joined a health care company instead of practicing medicine (from the KQED article):

“I realized that the system isn’t designed for doctors to make the real change you would like to for the patient.”

Having more people who want to put the patient at the center of healthcare makes my #HealthIT heart race. You can’t teach people to have this inner fire. It is something that is intrinsic to the individual…and we need more peers in #HealthIT with this flame.

There is just one line from the article that don’t agree with:

“…dropout doctors are well-positioned for a career in digital health as they have an insider’s view of the industry – and ideas about how to fix it.”

I think it is a bit of a stretch to say that people who went through med-school have a true “insider’s view”. Having not worked in a practice or in a healthcare setting, they would not be familiar with the political, financial or workflow aspects of care on the front lines. I hope these doc-dropouts are humble enough to remain open-minded as they listen to real-life customers provide feedback on the technologies and solutions they are involved with. In fact, dropout docs would be well served by remembering one particular part of their medical training – truly listening to the patient – which in this case may be the entirety of healthcare.

More EHR Consolidation – Modernizing Medicine Acquires gMed

Posted on July 22, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve been writing and tracking the EHR consolidation world for a long time. It’s always fascinating to me to see how various EHR companies merge, shut down, or build their own little (and sometimes big) empire. Today I was greeted by the announcement that Modernizing Medicine had acquired gMed. I found the announcement pretty ironic since I keynoted both companies EHR user conference last year. So, I know both companies really well.

On face, they are both companies in southern Florida and so that’s going to make the transition a lot easier. Not to mention the competition for talent in the area as they grow will be a lot easier with the combined company. I talked to Dan Cane, CEO and co-founder of Modernizing Medicine, and Joe Rubinsztain, MD, CEO and founder of gMed, today about the acquisition. They told me that the combined companies will have roughly 10,000 specialty providers and 420 employees. Plus, Dan Cane commented that they expect to add over 50 to that head count over the next little while. Dan also noted that if you use meaningful use attestation data (which is a decent, but faulty proxy for EHR market share) then it puts the combined companies in the top 15 of EHR vendors. That’s pretty interesting considering they only serve a handful of medical specialties.

I’ve recently written about the power of a specialty EHR company and both of these companies had been executing the specialty specific EHR approach with great success. Who doesn’t like a piece of software that’s customized uniquely for their needs?

I asked Dan and Joe about the future plans for the two software platforms. They’re cognizant that gMed has been so successful in the marketplace because of the tight integration between its PM, EHR, and endoscopy report writer. So, I got the feeling that Modernizing Medicine will be very careful to not “disrupt the apple cart.” Although, I think Modernizing Medicine is keenly interested in taking gMed’s 18 years of experience in gastroenterology and incorporating that knowledge and expertise into the Modernizing Medicine technology. So, I think we’ll see this play out slowly and once Modernizing Medicine has caught their product up to gMed, we’ll see them sunset the gMed software. That could be a year or two at least.

There’s one caveat to all of that though. First, gMed has a PM and Modernizing Medicine doesn’t have one. I asked if Modernizing Medicine would start using the gMed PM. They won’t (at least for now) and I think that’s because Modernizing Medicine wants a truly integrated PM if they’re going to roll out their own PM. Plus, gMed’s PM has so many gastro specific features that I’m not sure it would be a good fit for a dermatologist (one of Modernizing Medicine’s best specialties). My guess is that Modernizing Medicine will utilize gMed’s PM experience to finally roll out their own PM, but we’ll see. They certainly have plenty to tackle when it comes to gastro EHR and deciding what they want to do with the endoscopy report writer which is very popular and important part of what set gMed apart from other EHR vendors.

I respect both gMed and Modernizing Medicine. So, I’m really interested to see what’s going to happen with the combined companies.

Eyes Wide Shut – Making the Most of Meaningful Use, for Healthcare Providers, Insurers, and Patients

Posted on July 21, 2015 I Written By

Mandi Bishop is a hardcore health data geek with a Master's in English and a passion for big data analytics, which she brings to her role as Dell Health’s Analytics Solutions Lead. She fell in love with her PCjr at 9 when she learned to program in BASIC. Individual accountability zealot, patient engagement advocate, innovation lover and ceaseless dreamer. Relentless in pursuit of answers to the question: "How do we GET there from here?" More byte-sized commentary on Twitter: @MandiBPro.

When I ask a room of 100 health plan leaders, “how many of you know what HL7 is,” and only a third raise their hands, I realize there had been a “Meaningful Use” for my recent travels through the healthcare provider system and its maze of regulatory and payer mandates. I navigated change management hell in order to inform my future endeavors. I came out on the other side of an attestation nightmare with the knowledge to educate others who are embarking on extensions of that journey. This “Eyes Wide Shut” series has come full-circle.

For those who have followed this series, a quick update on the fate of the IDN highlighted throughout earlier posts: they have not yet successfully attested to all Meaningful Use Stage 2 measures across all the inpatient facilities and ambulatory practices. However, the continuing changes to attestation criteria (specifically, the engagement measures that caused so much consternation) may allow them to squeak in under the wire in fiscal year 2016 before penalties kick in. Although I’m no longer directly involved in the IDN’s pursuit of multi-EMR integration excellence, I am a “beneficiary” of those encounter data normalization efforts, as I am back to working with payer clients who are leveraging this clinically-integrated network. And I’m still having to adjust for inconsistencies in identity management rules, coding practices, and clinical workflow differences across each of the offices (and departments within offices), as I integrate their information with the insurer’s data ecosystem.

I began this series on my (woefully neglected) personal blog, almost 2 years ago: Eyes Wide Shut: Seeing the Dark Side of Health IT Mandates and Meaningful Use. Coming from the health insurance world, I had no idea of the magnitude of healthcare provider process impacts resulting from regulatory and payer demands (nee, mandates). I was insensitive to the plight of the independent general practitioner, and the size of the budget required to implement a certified EMR, let alone populate it with any patient history or integrate it with existing scheduling or billing processes. I didn’t realize that my request for chart data to support HEDIS measures would involve more work than simply clicking an indicator in an EMR configuration screen to suddenly send me my heart’s desire of data elements. I would never have believed that certified software would not be tested for conformance to code-level specifications (only visual output tests).

To all my clinician and provider office-worker friends: I am sorry for all the ways in which this ignorance may have contributed to the new reality forced on practitioners of medicine to also be data-entry clerks/contract lawyers/IT experts. Personally, I want my doctor to be my doctor. So, I’m dedicating the next leg of my career journey aligning all healthcare system actors to what should always have been our higher purpose: contributing positively to the health and well-being of the individuals and populations we serve.

When I initially began writing this post, I thought I’d be using it to end the series.

Instead, I’m just embarking on a new chapter: the post-provider world of healthcare actor convergence.

Interview with Dell’s New Chief Medical Officer, Dr. Nick van Terheyden

Posted on July 20, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Long time readers will know that we’ve regularly done videos with Dr. Nick (@DrNic1). He’s one of my favorite people to sit down with and talk healthcare IT. I first met Dr. Nick when he was CMO of MModal, but our relationship really flourished when he was CMO at Nuance and we shared a cab together to the airport at one of the healthcare IT conferences. Ever since then I’ve counted him a good friend and someone I enjoyed talking about anything healthcare IT related. The beauty with Dr. Nick is that you can go pretty deep with him on any science and technology topic.

With this in mind, I was excited to hear that Dr. Nick was just announced as Dell Healthcare & Life Sciences new Chief Medical Officer (CMO). Dell has a really large healthcare practice thanks to their acquisition of Perot Systems and a number of other acquisitions. Dell will be lucky to have Dr. Nick on their team.

As part of the announcement, I did a short interview with Dr. Nick (see below) to talk about what excited him about the opportunity to work at Dell and the place social media played in his hire. We’ll let Dr. Nick get a few months under his belt at Dell and then I’m sure I’ll have him on for another live G+ video hangout as well.
Dr Nick - CMO at Dell Healthcare
What excited you about Dell that inspired you to switch jobs and become CMO of Dell?
This was such an exciting opportunity with a dynamic company that has a big focus on healthcare that starts at the top with Michael Dell and traverses all the way through the organization that has assembled an outstanding collection of technology, resources but above all talented people that are dedicated to solving the issues we face in healthcare. When I looked at the breadth of what Dell could offer its customers, paired with amazing talent, it felt like a perfect match and one that offered me personally an incredible opportunity to have a positive impact on healthcare delivery systems around the world.

You’re only a few days on the job, but as you’ve gone through the process are their misconceptions about Dell that you now realize that aren’t true?
Yes. Of course the first thought everyone has is that Dell is a PC and hardware company and while this remains a major part of the organization, they have also received the ranking of number one provider of healthcare services in the world by Gartner! That position was achieved by assembling a first class talented team that have a wide range of skills and deep industry knowledge that is broader than healthcare and taps into the success and knowledgeable from many other vertical markets and industries. As one of the healthcare interoperability experts shared with me “I’ve been making systems talk to each other that aren’t supposed to for 20+ years”. His passion is achieving that goal to free data from the confines of individual systems and is typical of the skills and passion of the people working here. Interoperability is a major focus area for healthcare systems and rightly subject to significant scrutiny and pressure form regulatory bodies – working side by side people who come from other industries and bring new ideas and an urgency to solving problems is exhilarating for me. Tie that to a Unified Clinical Cloud archive that has over 9 Billion images today stored for customers designed to allow frictionless sharing of images and you can see this is an organization that can offer solutions to some of the most fundamental and pressing issues we face today

As Michael Dell puts it: Technology has always been about enabling human potential

And this is especially true in medicine where we have struggled to maintain the physician patient interaction that is the central tenet of good care. Clinicians want to focus on the patient and not the technology and that’s what the patients want too – they like the technology but not when it intrudes on their personal relationship with the doctor. This is one of the key drivers at Dell throughout their business and I’m excited to be bringing this to healthcare

You and Dell have both been doing a lot more work with healthcare internationally. What excites you about healthcare IT internationally?
Healthcare is personal for all of us and this is true worldwide. The problems and success we have here in the US are similar to those in other countries but colored by local customs, historical differences in building out healthcare in the country and varying levels of resources. We stand to learn so much from each other, learning from mistakes and benefiting from each other’s successes. I have had the privilege and fortune of working in many countries and am always amazed at the ingenuity and resourcefulness applied with pragmatic solutions that offer useful insights that can be applied elsewhere. Dell has huge presence in so many countries and markets that is combined with a brand name recognition that offers remarkable scope to share our knowledge and experiences around the world and for me personally the opportunity to learn from them and gather market insights from the widest stet of stake holders to guide our future direction.

It seems like Dell has hired some real social media rockstars starting with @MandiBPro and now you.  How do you think your social presence impacted your hire for good or bad?
Dell has been a stand out for me in Social Media – so much so I called them out in my presentation at HIMSS15: MasterChef in Healthcare – Integrating Social Media as a company demonstrating the value of social media engagement and showing others how to effectively capitalize on this untapped resource.

My social media activity has opened so many doors for me and was an important factor in landing the job at Dell and a positive aspect that attracted me to working at the company. Social media has allowed me to stay connected to people, learn a ton from others and build a community online that I wouldn’t otherwise be able to reach.

I could not be more excited to be joining an incredible pioneer, mentor and innovator in healthcare social media @MandiBPro. I’m excited to be here at Dell to see how they do it and learn from the experts and at the same time share my own thoughts and ideas around the value and contribution I think this medium can have to doctors, health systems and patients.

Are you excited to be working with someone as passionate as Mandi Bishop (@MandiBPro)?
Who wouldn’t be – Mandi is such an inspiration and so much fun to be around online and IRL. Now I get to hang out with her more often and with more learning opportunities. Her drive, insights and positive energy is infectious. In fact it was one of her many posts talking about how excited she was working at Dell that were instrumental in steering me towards the company and this role.

How would you describe your job duties as CMO at Dell?  Will we still see you around at all the major conferences?
You bet – I will be present at many of the major conferences sharing the Dell vision and strategy and helping get the message out that Dell is the partner to be working with helping you navigate the challenging waters in healthcare. I will be responsible for providing strategic insight to help Dell advance its support of healthcare organizations, medical professionals and patients through information-enabled healthcare and working with our clients gathering insights and direction and helping them navigate clinical issues and applying innovative solutions in an increasingly complex healthcare industry.

What would you describes as Dell’s top healthcare initiatives?
Dell has a wide range of services that span EHR Application Services, Strategy Consulting, Integration/Interoperability, Imaging, Revenue Cycle, Cloud Based secure storage and Business Intelligence and Analytics

But it extends to new and emerging areas that include Patient Engagement, social media and mobility and includes the FDA-approved personalized medicine clinical trial for pediatric cancer and work on a genomics cloud storage and analysis system.

The wow for me was that Dell already has a vast amount of products, solutions and data along with insights that they are already integrating across multiple platforms. I can’t wait to share more on some of the projects the Dell team are working on soon.

Assuming I’m invited back to another Dell Healthcare Think Tank, describe what it will be like having Mandi, you, and me on the same panel. #DoMoreHIT
It’s like plutonium – separately plutonium is interesting, produces some interesting and exciting results and has some fascinating properties….but when you put enough of it together you get something huge and impressive. Sharing the stage and building on each other’s strengths, insights, energy and enthusiasm will be an electrifying session.

Patient Data Breach at UCLA Hospital System Possibly Impacting 4.5 Million Patients

Posted on July 17, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The LA Times is reporting that UCLA Health System has had a data breach possibly affecting 4.5 million patients. It’s the usual story of a HIPAA breach of this size. They saw some abnormal activity on one of their systems that contained a large amount of patient records. They don’t have any evidence that such data was taken, but hackers are usually really good about not leaving a trail when they take records.

Here’s some comments from UCLA Health as quoted in the LA Times article linked above:

“We take this attack on our systems extremely seriously,” said Dr. James Atkinson, interim associate vice chancellor and president of the UCLA Hospital System.

In an interview, Atkinson said the hospital saw unusual activity in one of its computer servers in October. An investigation confirmed in May that the hackers had gained access to patient information.

“They are a highly sophisticated group likely to be offshore,” he said. “We really don’t know. It’s an ongoing investigation.”

I have yet to see a hospital say they don’t take a breach seriously. I’ve also never seen a hospital say that they were hacked by unsophisticated hackers that exploited their poor security (although, you can be sure that happens in every industry). Of course it had to be a sophisticated attack for them to breach their amazing security, right?

What’s not clear to me is why it took them so long to confirm they’d been hacked. The LA Times article says that they saw the unusual activity in October and it took until May to confirm that “the hackers had gained access to patient information.” Now we’re just getting the public notification in July? All of that seems long, but maybe the attack was just that sophisticated.

What’s scary for me is that these types of breaches have become so common place that I’m not surprised and it’s not shocking. In fact, they’ve almost become standard. Next up will be UCLA Health System setting up some type of credit protection service for their patients assuming there was some financial data there as well. I don’t think we should treat these breaches as normal. They should be a wake up call to everyone in the industry, but I’m sorry to say that it feels more like the norm than the exception.

HIM Departments Need More Support

Posted on July 16, 2015 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As both a contributor to this blog, and an assertive, activist patient managing chronic conditions, I get to see both sides of professional health information management.  And I have to say that while health data management pros obviously do great things against great odds, support for their work doesn’t seem to have trickled down to the front lines.  I’m speaking most specifically about Medical Records (oops, I mean Health Information Management) departments in hospitals.

As I noted in a related blog post, I recently had a small run-in with the HIM department of a local hospital which seems emblematic of this problem. The snag occurred when I reached out to DC-based Sibley Memorial Hospital and tried to get a new log-in code for their implementation of Epic PHR MyChart. The clerk answering the phone for that department told me, quite inaccurately, that if I didn’t use the activation code provided on my discharge summary papers within two days, my chance to log in to the Johns Hopkins MyChart site was forever lost. (Sibley is part of the Johns Hopkins system.)

Being the pushy type that I am, I complained to management, who put me in touch with the MyChart tech support office. The very smart and help tech support staffer who reached out to me expressed surprise at what I’d been told as a) the code wasn’t yet expired and b) given that I supplied the right security information she’d have been able to supply me with a new one.  The thing is, I never would have gotten to her if I hadn’t known not to take the HIM clerk’s word at face value.

Note: After writing the linked article, I was able to speak to the HIM department leader at Sibley, and she told me that she planned to address the issue of supporting MyChart questions with her entire staff. She seemed to agree completely that they had a vital role in the success of the PHR and patient empowerment generally, and I commend her for that.

Now, I realize that HIM departments are facing what may be the biggest changes in their history, and that Madame Clerk may have been an anomaly or even a temp. But assuming she was a regular hire, how much training would it have taken for the department managers to require her to simply give out the MyChart tech support number? Ten minutes?  Five? A priority e-mail demanding that PHR/digital medical record calls be routed this way would probably have done the trick.

My take on all of this is that HIM departments seem to have a lot of growing up to do. Responsible largely for pushing paper — very important paper but paper nonetheless — they’re now in the thick of the health data revolution without having a central role in it. They aren’t attached to the IT department, really, nor are they directly supporting physicians — they’re sort of a legacy department that hasn’t got as clearly defined a role as it did.

I’m not suggesting that HIM departments be wiped off the map, but it seems to me that some aggressive measures are in order to loop them in to today’s world.

Obviously, training on patient health data access is an issue. If HIM staffers know more about patient portals generally — and ideally, have hands-on experience with them, they’ll be in a better position to support such initiatives without needing to parrot facts blindly. In other words, they’ll do better if they have context.

HIM departments should also be well informed as to EMR and other health data system developments. Sure, the senior people in the department may already be looped in, but they should share that knowledge at brown bag lunches and staff update sessions freely and often. As I see it, this provides the team with much-needed sense of participation in the broader HIT enterprise.

Also, HIM staff members should encourage patients who call to log in and leverage patient portals. Patients who call the hospital with only a vague sense that they can access their health data online will get routed to that department by the switchboard. HIM needs to be well prepared to support them.

These concerns should only become more important as Meaningful Use Stage 3 comes on deck. MU Stage 3 should provide the acid test as to whether whether hospital HIM departments are really ready to embrace change.