Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

#HIMSS16 Mix Tape

Posted on February 5, 2016 I Written By

Colin Hung is the co-founder of the #hcldr (healthcare leadership) tweetchat one of the most popular and active healthcare social media communities on Twitter. Colin is a true believer in #HealthIT, social media and empowered patients. Colin speaks, tweets and blogs regularly about healthcare, technology, marketing and leadership. He currently leads the marketing efforts for @PatientPrompt, a Stericycle product. Colin’s Twitter handle is: @Colin_Hung

On February 29th the #HealthIT community will descend on Las Vegas for the annual HIMSS conference and exhibition.

One of the best parts about attending HIMSS is getting the chance to meet people in real life who I interact with through social media. There is nothing quite like meeting someone face to face for the first time yet feeling like you already know them. I think hugging and fist bumps are the official greetings at HIMSS. It’s an absolute blast to be able to share stories and laughs with likes of Mandi Bishop, John Lynn , Rasu Shrestha and Wen Dombrowski.

With an expected attendance of 45,000 this year, I’m hoping to meet even more people than ever before at the various HIMSS gatherings.

Last year, ahead of HIMSS15, I decided to do a fun blog post. I asked some friends to send me a song they thought reflected what was happening in #HealthIT at the time. I compiled everyone’s selections along with the reasons behind their choice. I called it the HIMSS15 Mix Tape. The response was amazing. I had so many people DM me and stop me at the conference to give me their song choice. Even John Lynn blogged about it.

This year, I asked an even larger number of friends to contribute a song. So without further rambling, here is the #HIMSS16 Mix Tape. Enjoy!

HIMSS16 Mix Tape

Night on Bald Mountain – Disney’s Fantasia. Chosen by Regina Holliday @ReginaHolliday. “Disney. Because although morning will come, we now walk among the terrors.”

Confident – Demi Levato. Chosen by Mandi Bishop @MandiBPro. “For a couple reasons: 1) it’s beyond time #HealthITChicks / #WomenInHIT got equal recognition and pay for their contributions to the field, and I’m seeing an increasing strength of voice supporting those efforts, 2) patients have had enough of their attempts to engage being discounted by clinicians and other caregivers, and we are all demanding respect and inclusion at the table of our healthcare decisions.”

Stronger – Kelly Clarkson. Chosen by John Lynn @techguy. “This should be the anthem of those of us in healthcare IT.  First, do no harm, but don’t be afraid to take some risks and make mistakes.  Not taking some risks is killing more people than doing something and sometimes making mistakes.  Healthcare will be stronger for the mistakes we make.”

Runnin’ Down A Dream –  Tom Petty & the Heartbreakers. Chosen by Melody Smith Jones @melsmithjones. “I got into this industry because my grandmother died of cancer in rural USA in 2003. I’ve been running down the dream of care everywhere ever since. I believe 2016 will bring us the most growth in Connected Health that we have seen to date.”

Talk to Me – Stevie Nicks. Chosen by David Harlow @healthblawg. “The chorus includes the line: “You can talk to me/You can set your secrets free, baby” which can be read as a coded message to legacy systems … One of the verses goes: “Our voices stray from the common ground where they/Could meet/The walls run high/ … / Oh, let the walls burn down, set your secrets free” — a prescient call to interoperability, to communication, to enabling broader collaboration across provider, payor and health care information technology silos. We’re almost there, Stevie.”

Heroes – David Bowie. Chosen by Nick van Terheyden @drnic1. “Because I love that track and was sad to see David Bowie leave this universe. But also: We need to be heroes for Healthcare and I hope Healthcare Technology can beat the madness of our system and Ch-ch-ch-ch-change the world:

A million dead-end streets / And every time I thought I’d got it made / It seemed the taste was not so sweet…… / We can be Heroes, just for one day / We can beat them, for ever and ever … ICYMI – I blended the lyrics from David Bowie’s Changes with Heroes”

Another Brick in the Wall – Pink Floyd. Chosen by Rasu Shrestha @RasuShrestha. “In memory of Meaningful Use ‘All in all it was just a brick in the wall…’ “

Numb – Linkin Park. Chosen by me @Colin_Hung. I think many physicians, nurses, administrators and patients are numb from all the competing priorities this past year and from the years of chasing Meaningful User dollars. I think this verse sums it up:

I’m tired of being what you want me to be / Feeling so faithless, lost under the surface / Don’t know what you’re expecting of me / Put under the pressure of walking in your shoes / (Caught in the undertow, just caught in the undertow) / Every step that I take is another mistake to you

Fire – Jimi Hendrix. Chosen by Chad Johnson @OchoTex. “The reason is simple: HL7 FHIR continues to dominate the headlines and discussions around health data interoperability, and rightfully so. FHIR will bring exciting changes to interoperability.”

Taking Care of Business – Bachman-Turner Overdrive. Chosen by Charles Webster @wareFLO. “Taking care of business in healthcare means getting sh*%$t done. Effectively and efficiently accomplishing goals is only possible with great…wait for it…WORKFLOW”

I Want It All – Queen. Chosen by Joe Lavelle @Resultant. “Because we want it all – Interoperability, “our damn data”, #mhealth, Patient Engagement, Population Health, Telemedicine. etc.”

Robot Rock – Daft Punk. Chosen by AJ Montpetit @ajmontpetit. “We’re heading to the integration of AI into healthcare to create a streamlined experience, and assist in comprehension of all the multiple factors that each patient has individually.”

Upgrade U – Beyoncé. Chosen by Cari McLean @carimclean. “I’ll go with a song that not only always makes me dance but one that reflects a growing happening in healthcare. I chose this song because the EHR replacement market is growing as the rip and replace trend continues and health information exchange is prioritized.”

Give Me Novacaine – Green Day. Chosen by Linda Stotsky @EMRAnswers. “LOL- because providers are in PAIN!!! They need something to soften the blows”

Changes – David Bowie. Chosen by Brad Justus @BradJustus. “A classic from a classic and something that is a constant in #HealthIT”

Fight Song – Rachel Platten. Chosen by Jennifer Dennard @JennDennard. “I think it encapsulates the #healthITchicks ethos – not to mention patient advocates’ – quite well :)”

 What Do You Mean – Justin Bieber. Chosen by Sarah Bennight @sarahbennight. “For SO many reasons. What do you mean MU is going away? What do you mean you need me to fill out ANOTHER demographic profile, what do you mean you don’t have my allergies? What do you mean by interoperable? I could go on all day, but we all have real jobs to do….like to figure out this healthcare IT thing :) Plus in the Justin B song…you hear a clock…do you ever feel like Health IT is running out of time? I don’t agree with JB on ANYTHING, but I agree we are running out of time.”

Shape of Things – David Bowie. Chosen by Pat Rich @pat_health. “In my mind this song evokes the futuristic world of health IT in a steampunk/sci-fi sort of way”

Hello – Adele. Chosen by Bill Bunting @WTBunting. “Because there is an emerging side of healthcare that’s trying to break free and be heard (i.e. adoption), and no one is answering the call to do so”

Under Pressure – Queen & David Bowie. Chosen by Joy Rios @askjoyrios. “There is so much pressure to get through these health IT initiatives unscathed and there’s so much at risk if they get it wrong.  I see providers across the country dealing with so much change, when they mostly just want to focus on their practice. Unfortunately, the changes are not letting up. I feel like the healthcare system is right in the middle of its metamorphosis… not a caterpillar anymore, but by no means a butterfly!”

Please Please Me – The Beatles. Chosen by Jim Tate @jimtate. “Providers want better EHRs”

New New Minglewood Blues – The Grateful Dead. Chosen by Brian Ahier @ahier. “Because I was inspired by this @healthblawg post ‘The New New Meaningful Use’ “

EHR State of Mind – ZDoggMDChosen by Andy DeLaO @CancerGeek. “Does it really need an explanation? J”

Dha Tete – Pandit Shyamal Bose. Chosen by Wen Dombrowski @HealthcareWen. “Some reasons I like this song:

  • Focus, Mindfulness
  • Flow states
  • Collaboration, Staying in Sync with each other (it is actually 2 people duet)
  • Speed, Moving fast
  • Precision, deciveness
  • Artistry, Beauty”

You Can Get It If You Really Want – Jimmy Cliff. Chosen by Steve Sisko @ShimCode. “I believe true, widespread interoperability is not that far away. The technology, standards (FHIR, OpenNotes), and group consensus (outfits like CommonWell, The Sequoia Project) are finally coming together.

You can get it if you really want / But you must try, try and try, try and try / You’ll succeed at last

Do you have a song you think reflects #HealthIT or healthcare at the moment? Add it to the comments below!

[Update: Here is a link to a Spotify playlist of the entire #HIMSS16 Mix Tape https://open.spotify.com/user/12163763158/playlist/7mO6DlpVa4MoJ7roW0bqiG or if you like videos, here is a YouTube playlist https://www.youtube.com/playlist?list=PLOxadHqniaPTYUUY5cMSmW14VZQpngUOU]

Making Precision Medicine a Reality with Dr. Delaney, SAP & Curtis Dudley, VP at Mercy

Posted on February 4, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Making Precision Medicine a Reality-blog

Ever since President Obama announced the precision medicine initiative, it’s become a hot topic in every healthcare organization. While it’s great to talk theoretically about what’s happening with precision medicine, I’m always more interested with what’s actually happening to make medicine more precise. That’s why I’m excited to sit down with a great panel of experts that are actually working in the trenches where precision medicine is being implemented.

On Monday, February 8, 2016 at 2 PM ET (11 AM PT) I’ll be hosting a live video interview with Curtis Dudley from Mercy and Dr. David Delaney from SAP where we’re going to dive into the work Curtis Dudley and his team are doing at Mercy around perioperative services analytics that improved quality outcomes and reduced delivery costs.

The great part is that you can join my live conversation with this panel of experts and even add your own comments to the discussion or ask them questions. All you need to do to watch live is visit this blog post on Monday, February 8, 2016 at 2 PM ET (11 AM PT) and watch the video embed at the bottom of the post or you can subscribe to the blab directly. We’ll be doing a more formal interview for the first 30 minutes and then open up the Blab to others who want to add to the conversation or ask us questions. The conversation will be recorded as well and available on this post after the interview.

Here are a few more details about our panelists:

If you can’t join our live video discussion or want to learn more, check out Mercy’s session at HIMSS16 called “HANA as the Key to Advanced Analytics for Population Health and Operational Performance” on March 1, 2016 at 11:00 a.m. at SAP Booth #5828.

If you’d like to see the archives of Healthcare Scene’s past interviews, you can find and subscribe to all of Healthcare Scene’s interviews on YouTube.

Genomic Medicine

Posted on February 3, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Last month I was lucky to lead a panel discussion on the topic of genomics in medicine at CES. I was joined on the panel by Andy De, Global Managing Director and General Manager for Healthcare and Life Sciences at Tableau, and Aaron Black, Director, Informatics, Inova Translational Medicine Institute. There certainly wasn’t enough time in our session to get to everything that was really happening in genomics, but Andy and Aaron do a great job giving you an idea of what’s really happening with genomics and the baseline of genomic data that’s being set for the future. You can see what I mean in the video below:

Be sure to see all of the conferences where you can find Healthcare Scene.

To Improve Health Data Security, Get Your Staff On Board

Posted on February 2, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As most readers know, last year was a pretty lousy one for healthcare data security. For one thing, there was the spectacular attack on health insurer Anthem Inc., which exposed personal information on nearly 80 million people. But that was just the headline event. During 2015, the HHS Office for Civil Rights logged more than 100 breaches affecting 500 or more individuals, including four of the five largest breaches in its database.

But will this year be better? Sadly, as things currently stand, I think the best guess is “no.” When you combine the increased awareness among hackers of health data’s value with the modest amounts many healthcare organizations spend on security, it seems like the problem will actually get worse.

Of course, HIT leaders aren’t just sitting on their hands. According to a HIMSS estimate, hospitals and medical practices will spend about $1 billion on cybersecurity this year. And recent HIMSS survey of healthcare executives found that information security had become a top business priority for 90% of respondents.

But it will take more than a round of new technical investments to truly shore up healthcare security. I’d argue that until the culture around healthcare security changes — and executives outside of the IT department take these threats seriously — it’ll be tough for the industry to make any real security progress.

In my opinion, the changes should include following:

  • Boost security education:  While your staff may have had the best HIPAA training possible, that doesn’t mean they’re prepared for growing threat cyber-strikes pose. They need to know that these days, the data they’re protecting might as well be money itself, and they the bankers who must keep an eye on the vault. Health leaders must make them understand the threat on a visceral level.
  • Make it easy to report security threats: While readers of this publication may be highly IT-savvy, most workers aren’t. If you haven’t done so already, create a hotline to report security concerns (anonymously if callers wish), staffed by someone who will listen patiently to non-techies struggling to explain their misgivings. If you wait for people who are threatened by Windows to call the scary IT department, you’ll miss many legit security questions, especially if the staffer isn’t confident that anything is wrong.
  • Reward non-IT staffers for showing security awareness: Not only should organizations encourage staffers to report possible security issues — even if it’s a matter of something “just not feeling right” — they should acknowledge it when staffers make a good catch, perhaps with a gift card or maybe just a certificate. It’s pretty straightforward: reward behavior and you’ll get more of it.
  • Use security reports to refine staff training: Certainly, the HIT department may benefit from alerts passed on by the rest of the staff. But the feedback this process produces can be put to broader use.  Once a quarter or so, if not more often, analyze the security issues staffers are bringing to light. Then, have brown bag lunches or other types of training meetings in which you educate staffers on issues that have turned up regularly in their reports. This benefits everyone involved.

Of course, I’m not suggesting that security awareness among non-techies is sufficient to prevent data breaches. But I do believe that healthcare organizations could prevent many a breach by taking advantage of their staff’s instincts and observational skills.

Wearable Health Trackers Could Pose Security Risks

Posted on February 1, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Last October, security researchers made waves when they unveiled what they described as a 10-second hack of a Fitbeat wearable health tracker. At the Hack.Lu 2015 conference, Fortinet security researcher Axelle Apvrille laid out a method for hacking the wearable through its Bluetooth radio. Apparently, Aprville was able to infect the Fitbit Flex from as much as 15 feet away, manipulate data on the tracker, and use the Flex to distribute his code to a computer.

Fitbit, for its part, denied that its devices can serve as vehicles for infecting users with malware. And Aprville himself admitted publicly that his demonstration was more theoretical than practical. In a tweet following the conference, he noted that he had not demonstrated a way to execute malicious code on the victim’s host.

But the incident does bring attention to a very serious issue. While consumers are picking up health trackers at a breathless pace, relatively little attention has been paid to whether the data on these devices is secure. Perhaps even more importantly, too few experts are seeking ways to prevent these devices can be turned into a jumping-off point for malware. After all, like any other lightly-guarded Internet of Things device, a wearable tracker could ultimately allow an attacker to access enterprise healthcare networks, and possibly even sensitive PHI or financial data.

It’s not as though we aren’t aware that connected healthcare devices are rich hunting grounds. For example, security groups are beginning to focus on securing networked medical devices such as blood gas analyzers and wireless infusion pumps, as it’s becoming clear that they might be accessible to data thieves or other malicious intruders. But perhaps because wearable trackers are effectively “healthcare lite,” used almost exclusively by consumers, the threat they could pose to healthcare organizations over time hasn’t generated a lot of heat.

But health tracker security strategies deserve a closer look. Here’s some sample suggestions on how to secure health and fitness devices from Milan Patel, IoT Security Program Director at IBM:

  • Device design: Health tracker manufacturers should establish a secure hardware and software development process, including source code analysis to pinpoint code vulnerabilities and security testing to find runtime vulnerabilities. Use trusted manufacturers who secure components, and a trusted supply chain. Also, deliver secure firmware/software updates and audit them.
  • Device deployment:  Be sure to use strong encryption to protect privacy and integrity of data on the device, during transmission from device to the cloud and on the cloud. To further control device data, give consumers the ability to set up user and usage privileges for their data, and an option to anonymize the data.Secure all communication channels to protect against data change, corruption or observation.
  • Manage security:  Include trackers in the set of technology being monitored, and set alerts for intrusion. Audit logging is desirable for the devices, as well as the network connections and the cloud. The tracker should ideally be engineered to include a fail-safe operation — dropping the system down to incapability, safely — to protect against attacks.

This may sound like a great deal of effort to expend on these relatively unsophisticated devices. And at present, it just may be overkill. But it’s worth preparing for a world in which health trackers are increasingly capable and connected, and increasingly attractive to the attackers who want your data.

The Biggest Challenge in Healthcare: Excuses

Posted on January 29, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In one of my many conversations, someone told me the following quote that really stuck with me. I can’t remember who told me it and they didn’t want to be named, but I thought the comment was incredibly insightful.

The problem with healthcare is that it’s all complex. If people want to find an excuse not to do something, they can find one.

I think this quote is spot on. Is there anything in healthcare that isn’t complex? At least in healthcare technology, everything is complex. It’s not enough to just create a solution and roll it out tomorrow. You have to consider HIPAA laws, FDA regulations, reimbursement regulations, Federal laws, state laws, medical licensures, medical liability, etc etc etc.

Doctors principle of “first do no harm” is very real in healthcare and a generally good principle, but it can also be invoked easily to say no to anything you don’t want to do. Even if the thing that could be done doesn’t actually do any harm and could actually be beneficial to patients.

My prediction is the next 10 years, organizations are going to be defined by how an organization approaches this challenge. On the one hand we’ll have organizations that choose to use complexity as an excuse to not innovate. On the other hand we’ll have organizations that embrace hard, challenging, complex problems with solutions instead of excuses. It won’t be easy for these organizations, but it will absolutely differentiate them from their competitors.

I’m not suggesting that we should lower the standards of what’s acceptable to implement in healthcare. Instead, I’m suggesting that we make the effort required to explore new innovations and collaboratively work on solutions that handle the complexity of healthcare while providing incredible value to your organization and patients. After all, the very best things in life are challenging and difficult. Let’s embrace the challenging and difficult instead of using it as an excuse for inaction.

NIST Goes After Infusion Pump Security Vulnerabilities

Posted on January 28, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As useful as networked medical devices are, it’s become increasingly apparent that they pose major security risks.  Not only could intruders manipulate networked devices in ways that could harm patients, they could use them as a gateway to sensitive patient health information and financial data.

To make a start at taming this issue, the National Institute of Standards and Technology has kicked off a project focused on boosting the security of wireless infusion pumps (Side Note: I wonder if this is in response to Blackberry’s live hack of an infusion pump). In an effort to be sure researchers understand the hospital environment and how the pumps are deployed, NIST’s National Cybersecurity Center of Excellence (NCCoE) plans to work with vendors in this space. The NCCoE will also collaborate on the effort with the Technological Leadership Institute at the University of Minnesota.

NCCoE researchers will examine the full lifecycle of wireless infusion pumps in hospitals, including purchase, onboarding of the asset, training for use, configuration, use, maintenance, decontamination and decommissioning of the pumps. This makes a great deal of sense. After all, points of network connection are becoming so decentralized that every touchpoint is suspect.

The team will also look at what types of infrastructure interconnect with the pumps, including the pump server, alarm manager, electronic medication administration record system, point of care medication, pharmacy system, CPOE system, drug library, wireless networks and even the hospital’s biomedical engineering department. (It’s sobering to consider the length of this list, but necessary. After all, more or less any of them could conceivably be vulnerable if a pump is compromised.)

Wisely, the researchers also plan to look at the way a wide range of people engage with the pumps, including patients, healthcare professionals, pharmacists, pump vendor engineers, biomedical engineers, IT network risk managers, IT security engineers, IT network engineers, central supply workers and patient visitors — as well as hackers. This data should provide useful workflow information that can be used even beyond cybersecurity fixes.

While the NCCoE and University of Minnesota teams may expand the list of security challenges as they go forward, they’re starting with looking at access codes, wireless access point/wireless network configuration, alarms, asset management and monitoring, authentication and credentialing, maintenance and updates, pump variability, use and emergency use.

Over time, NIST and the U of M will work with vendors to create a lab environment where collaborators can identify, evaluate and test security tools and controls for the pumps. Ultimately, the project’s goal is to create a multi-part practice guide which will help providers evaluate how secure their own wireless infusion pumps are. The guide should be available late this year.

In the mean time, if you want to take a broader look at how secure your facility’s networked medical devices are, you might want to take a look at the FDA’s guidance on the subject, “Cybersecurity for Networked Medical Devices Containing Off-the-Shelf Software.” The guidance doc, which was issued last summer, is aimed at device vendors, but the agency also offers a companion document offering information on the topic for healthcare organizations.

If this topic interests you, you may also want to watch this video interview talking about medical device security with Tony Giandomenico, a security expert at Fortinet.

Healthcare Data Breach Deja Vu…More Like Groundhog Day

Posted on January 27, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.


I was intrigued by Ryan Witt’s comment about it being Deja Vu when it came to more healthcare data breaches. In many ways he’s right. Although, I’d almost compare it more to the movie Groundhog Day than deja vu. If it feels like we’ve been through this before it’s because we have been through it before. The iHealthBeat article he links to outlines a wide variety of healthcare breaches and the pace at which breaches are occurring is accelerating.

I think we know the standard script for when a breach occurs:

  1. Company discovers a breach has occurred (or often someone else discovers it and lets them know)
  2. Company announces that a “very highly sophisticated” breach occurred to their system. (Note: It’s never admitted that they did a poor job protecting their systems. It was always a sophisticated attack)
  3. Details of the breach are outlined along with a notice that all of their other systems are secure (How they know this 2nd part is another question)
  4. They announce that there was no evidence that the data was used inappropriately (As if they really know what happens with the data after it’s breached)
  5. All parties that were impacted by the breach will be notified (Keeping the US postal service in business)
  6. Credit monitoring is offered to all individuals affected by the breach (Makes you want to be a credit monitoring company doesn’t it?)
  7. Everything possible is being done to ensure that a breach like this never happens again (They might need to look up the term “everything” in Webster’s dictionary)

It’s a pretty simple 7 step process, no? Have we seen this before? Absolutely! Will we see it again? Far too much.

Of course, the above just covers the public facing component of a breach. The experience is much more brutal if you’re an organization that experiences a breach of your data. What do they say? An ounce of prevention is worth a pound of cure. That’s never more appropriate than in healthcare security and privacy. Unfortunately, far too many are living in an “ignorance is bliss” state right now. What they don’t tell you is that ignorance is not bliss if you get caught in your ignorance.

Security Concerns Threaten Mobile Health App Deployment

Posted on January 26, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Healthcare organizations won’t get much out of deploying mobile apps if consumers won’t use them. And if consumers are afraid that their personal data will be stolen, they’ve got a reason not to use your apps. So the fact that both consumers and HIT execs are having what I’d deem a crisis of confidence over mHealth app security isn’t a good sign for the current crop of mobile health initiatives.

According to a new study by security vendor Arxan, which polled 815 consumers and 268 IT decision-makers, more than half of consumer respondents who use mobile health apps expect their health apps to be hacked in the next six months.

These concerns could have serious implications for healthcare organizations, as 76% of health app users surveyed said they would change providers if they became aware that the provider’s apps weren’t secure. And perhaps even more significantly, 80% of consumer health app users told Arxan that they’d switch to other providers if they found out that the apps that alternate provider offered were better secured. In other words, consumer perceptions of a provider’s health app security aren’t just abstract fears — they’re actually starting to impact patients’ health decision making.

Perhaps you’re telling yourself that your own apps aren’t terribly exposed. But don’t be so sure. When Arxan tested a batch of 71 popular mobile health apps for security vulnerabilities, 86% were shown to have a minimum of two OWASP Mobile Top 10 Risks. The researchers found that vulnerable apps could be tampered with and reverse-engineered, as well as compromised to provide sensitive health information. Easily-done hacks could also force critical health apps to malfunction, Arxan researchers concluded.

The following data also concerned me. Of the apps tested, 19 had been approved by the FDA and 15 by the UK National Health Service. And at least where the FDA is concerned, my assumption would be that FDA-tested apps were more secure than non-approved ones. But Arxan’s research team found that both FDA and National Health Service-blessed apps were among the most vulnerable of all the apps studied.

In truth, I’m not incredibly surprised that health IT leaders have some work to do in securing mobile health apps. After all, mobile health app security is evolving, as the form and function of mHealth apps evolve. In particular, as I’ve noted elsewhere, mobile health apps are becoming more tightly integrated with enterprise infrastructure, which takes the need for thoughtful security precautions to a new level.

But guidelines for mobile health security are emerging. For example, in the summer of last year, the National Institute of Standards and Technology released a draft of its mobile health cybersecurity guidance, “Securing Electronic Records on Mobile Devices” — complete with detailed architecture. Also, I’d wager that more mHealth standards should emerge this year too.

In the mean time, it’s worth remembering that patients are paying close attention to health apps security, and that they’re unlikely to give your organization a pass if they’re hacked. While security has always been a high-stakes issue, the stakes have gotten even higher.

What’s Happening at MEDITECH w/ Helen Waters, VP @MEDITECH

Posted on January 25, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

UPDATE: Here’s the video recording of my interview with Helen Waters from MEDITECH

MEDITECH - Helen Waters

Many in the large hospital EHR space have argued that it’s a two horse race between Cerner and Epic. However, many forget how many users MEDITEH still has using its healthcare IT products. Not to mention MEDITECH was originally founded in 1969 and has a rich history working in the space. On Friday, January 29, 2016 at 1 PM ET (10 AM PT), I’ll be sitting down with Helen Waters, VP at MEDITECH to talk about the what’s happening with MEDITECH and where MEDITECH fits into the healthcare IT ecosystem.

You can join my live conversation with Helen Waters and even add your own comments to the discussion or ask Helen questions. All you need to do to watch live is visit this blog post on Friday, January 29, 2016 at 1 PM ET (10 AM PT) and watch the video embed at the bottom of the post or you can subscribe to the blab directly. We’ll be doing a more formal interview for the first 30 minutes and then open up the Blab to others who want to add to the conversation or ask us questions. The conversation will be recorded as well and available on this post after the interview.

We’re interested to hear Helen’s comments about the culture and history of MEDITECH along with what MEDITECH’s doing with its products to change perceptions and misconceptions around the MEDITECH product. We’ll also be sure to ask Helen about important topics like interoperability and physician dissatisfaction (“Too Many Clicks!”). We hope you’ll join us to learn more about what’s happening with MEDITECH.

If you’d like to see the archives of Healthcare Scene’s past interviews, you can find and subscribe to all of Healthcare Scene’s interviews on YouTube.