Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

4 Health IT and EHR Blogs

Written by:

As most of you know, I’ve been regularly trying to feature other Health IT and EHR bloggers out there. A lot of them are creating some really great content and I’m always happy when there are more smart people joining in on the healthcare IT conversation. I hope you enjoy discovering some new blogs that might help you in your work.

Meaningful Health IT News – This is Neil Versel’s healthcare IT blog. Neil is the most prolific healthcare IT journalist out there having written for pretty much every healthcare IT publication over the past couple decades. I’ve mentioned before that Neil’s blog was one of the first ones I looked to when I started writing a blog. I modeled some of the things I do after him. I figured he was a real journalist and I wasn’t, so I should learn from him. I should disclose that Neil’s blog is part of the Healthcare Scene network of blogs. I’m lucky to be able to work with someone like Neil. I only wish he had more time to write on his blog.

Data 4 U – This is a new health IT blog by Lynn Zahner, a former obstetrician/gynecologist, who’s transforming into a health IT professional. Looking at even just the first 3 posts I’m excited to see what Lynn will bring next. It’s always great to have a clinician’s perspective on healthcare IT. I hope Lynn’s able to keep it up.

Kat’s Space – Kat’s blog is a new find for me. She’s a RN and digital marketing interested in tech and social media. It’s too bad I hadn’t found her before now. Sounds like we’d get along really well. She’s also a Google Glass explorer and so she provides some really interesting insights into the Glass and wearable technology space.

Accountable Health – I think we can all use a great accountable health blog. In fact, we can likely use more than one to try and figure out what’s happening with ACOs and other accountable care programs that are in the works. This blog is written by Fred Goldstein. Fred has a unique view of the accountable care world since he’s the Founder of the Population Health Alliance. I think Fred’s blog is one to watch if you care about where healthcare reimbursement is headed.

August 29, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

OCR Fines Are the Least of Your Worries in a HIPAA Related Breach

Written by:

The following is a guest blog post by Art Gross, Founder of HIPAA Secure Now!.
Art Gross Headshot
Ask any medical professional about their biggest concern for protecting patient information and they will probably tell you about the threat of a random audit conducted by the Office of Civil Rights (OCR). OCR is tasked with enforcing HIPAA regulations and has the ability to hand out fines up to $1.5 million per violation for a HIPAA breach and failing to comply with HIPAA regulations.

With recent fines of $4.8 million handed out to New York and Presbyterian Hospital and $1.7 million fine to Concentra Health Services, physicians have good reason to worry.  These massive fines were levied not as the result of a random audit, but for the mandatory reporting of patient data breaches to the Department of Health and Human Services (HHS), and the investigation that followed.  So physicians need to reconsider where their real concerns should lie.

Ponemon Study

The 2013 Cost of a Data Breach Study by the Ponemon Institute calculated lost or stolen patient records at $233 per record. Let’s take a look at how quickly the cost of a HIPAA breach can add up:

# of Records Breached Cost
1 $233
10 $2,330
100 $23,300
1,000 $233,000
10,000

100,000

$2,330,000

$23,330,000

The cost of the recent Community Health Systems 4.5 million patient records breach could cost more than $1 billion!

Whether a medical provider loses 1,000 or 10,000 patient records the financial impact could easily set back the organization or even put it out of business.  But the “hidden cost” of a HIPAA breach that shouldn’t be overlooked is the damage to the provider’s reputation, lost trust from patients and the resulting sharp decline in revenues.

Lost patient records sparks negative publicity.  Take Phoenix Cardiac Surgery (PCS) for example. The Arizona medical practice with five physicians got slapped with a $100,000 fine for a HIPAA breach in 2012. A current search on Google returns the practice’s website plus 28 links to negative news stories related to the HIPAA fine. The consequences? A patient searching a referred cardiac surgeon from PCS finds the negative publicity and decides to continue searching for another surgeon. Or, an existing patient of PCS decides to look for another medical practice that takes every measure to safeguard his privacy.

Other Cost Factors

Beyond revenue loss and a damaged reputation are the direct overhead costs associated with a breach. The cost of discovering and stopping a breach may involve IT services, forensic investigative services to determine which systems and patients were affected, and legal counsel if patients file a lawsuit. There are also hard costs associated with notifying patients affected by the breach, including time spent to pull together their contact information, mailing out notifications and providing toll-free inbound phone numbers to handle complaints. Most organizations also provide identity and credit monitoring services for affected patients. All of these expenses add up, not to mention the cost of lost productivity due to the diverted attention of employees tasked with managing these processes.

Today it’s not uncommon for laptops, tablets and USB drives with patient records to disappear.  Or, for crime rings to hack into EHR systems to steal patient information and commit tax fraud, and for meth dealers to steal patient identities to obtain prescriptions.  If a large hospital system can lose 4.5 million patient records think how easy it is for a hacker to grab thousands of patient records from smaller medical practices and turn them into cash. The threat of a HIPAA breach has never been greater and all organizations should take heed.

Risk Assessment as a First Step

Healthcare organizations, particularly smaller medical practices, should perform a HIPAA risk assessment to look at where patient information is stored and accessed, and how the organization protects that information. It examines the risks of a breach and recommends steps to lower them. Without performing a risk assessment an organization may be lulled into a false sense of security, mistakenly believing they won’t suffer the consequences of a HIPAA breach.  At $233 per lost or stolen record that could be a costly miscalculation.

About Art Gross

Art Gross co-founded Entegration, Inc. in 2000 and serves as President and CEO. As Entegration’s medical clients adopted EHR technology Gross recognized the need to help them protect patient data and comply with complex HIPAA security regulations. Leveraging his experience supporting medical practices, in-depth knowledge of HIPAA compliance and security, and IT technology, Gross started his second company HIPAA Secure Now! to focus on the unique IT requirements of medical practices.  Email Art at artg@hippasecurenow.com.

Full Disclosure: HIPAA Secure Now! is an advertiser on EMR and HIPAA.

August 27, 2014 I Written By

Healthcare IT Career Resources

Written by:

About 10 months ago, we added Healthcare IT Central to the Healthcare Scene family of healthcare IT websites. It’s been a really amazing addition to the network and I’ve been amazed at the thousands of people that have been able to find health IT jobs thanks to Healthcare IT Central. I love blogging because you get the direct interaction with readers, but there’s a really amazing feeling that comes when you play some small role in helping someone find a job.

The other great part about the addition of Healthcare IT Central is the related Healthcare IT Today career blog. If you’re not reading that site, we just added it to our Healthcare Scene email subscription lists so you can receive the latest posts in your email inbox.

Just to give you a little flavor of the type of content we’ve been posting on Healthcare IT Today, we asked the questions, “Has There Been an EHR Consulting Slow Down?” and “Who’s More Satisfied – Full Time Health IT Professionals or Health IT Consultants?” Plus, we even posted really interesting data like a look at the Epic Salary and Bonus structure. Then, since it is a healthcare IT career website, we cover things like LinkedIn tips and LinkedIn as a professional or personal profile.

If you’re someone looking for a healthcare IT job or looking for a better healthcare IT job, we have hundreds of health IT jobs available. You might also check out Cordea Consulting, ESD, and Greythorn that recently posted jobs with us.

If those jobs aren’t your style we have other jobs like this Sales Account Executive at EHR vendor, gMed, or these system analyst jobs at Hathaway-Sycamores Child Family Services and Pentucket Medical.

If you’re an employer looking for amazing healthcare IT professionals, you can register for the site and post your jobs or search our database of over 12,000 active health IT resumes.

Hopefully some of these health IT career resources are helpful to readers of EMR and HIPAA. One thing that’s universal in healthcare is the need to find a job or hire the right talent. Hopefully we’re doing are part to help both sides of the coin.

August 26, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Can a Client Server EHR Provide All the Same Benefits of Cloud EHR?

Written by:

One of the most popular battles discussions we’ve had on this site since the beginning is around client server EHR software versus cloud EHR software. It’s a really interesting discussion and much like our US political system, most people fall into one camp or the other and like to see the world from whatever ideology their company approaches.

The reality I’ve found is that there are pros and cons to each side. Certainly cloud has won out in most industries, but there are some compelling reasons why cloud hasn’t taken hold in many parts of healthcare.

With that in mind, a client server EHR vendor asked me to list out the reasons why someone should go with a Cloud EHR over client server. Here’s my off the cuff responses:

No IT Support Needed beyond desktop support – This is a big benefit that many like. Plus, they add in the cost of the server, the cost of the local IT person and so they see it as a huge benefit to go with cloud software

Automatic Updated Software – Not always true with the cloud, but they like that the software just updates and they don’t have to go around updating software. Of course, this also has its downsides (ie. when an update happens automatically and breaks something)

Small Upfront Cost – Most Cloud solutions are billed on a monthly charge with little to no upfront cost. We could argue the accounting pieces of this and whether it’s really any better, but it feels better even if many cloud providers require the 1-2 year commitment. In some large organizations this type of payment plan is better for their accounting as well (ie. depreciation of equipment, etc)

More Secure – Obviously this could be argued either way, but those that believe cloud is more secure believe that a cloud provider has more resources and expertise to make their cloud secure vs an in house server where no one might have expertise

More Reliable (backup/disaster recovery) – Similar to the secure argument as far as expertise and ability to provide this reliability

Single Database – There are cool things you can do with data when every doctor is on one database and one standard data structure.

Available Everywhere – At home, office, hospital, etc. (Yes, this can be done by many client server as well, but not usually with the same experience).

I’m sure that a cloud EHR provider could add to my list and I hope they will in the comments. As I was making the list, I wondered to myself if a client server EHR vendor could provide all of the benefits listed above. Let me go through each.

No IT Support Needed beyond desktop support – Some EHR vendors will do all the IT support for the user. Plus, it’s a little bit of a misnomer that you need no IT support with a cloud hosted EHR. You still need someone to service your network and computers. More importantly though, most client server EHR vendors are offering a hosted EHR option which basically provides this same benefit to a practice.

Automatic Updated Software – More and more client server vendors are moving to this approach for updates as well. This is particularly true when they offer a hosted EHR environment where they can easily update the EHR. It’s a different mentality for client server EHR vendors, but it can be done in the client server environment.

Small Upfront Cost – We’ve seen this same offer from almost all of the client server EHR companies. It’s a hard switch for EHR companies to make the change from large up front payments to reoccurring revenue, but I’m seeing it happening all over the industry. The only exception might be the big hospital EHR purchase. In the ambulatory EHR market, I think everyone offers the monthly payment option.

More Secure – This is one that could be argued either way. Either one could be more secure. Client Server vs Cloud EHR doesn’t determine the security. A client server EHR can be just as secure or even more secure than a cloud EHR. I agree that generally speaking, cloud EHR is probably more secure than client server, but that’s speaking very broadly. If you care about security, you can secure a client server EHR as much or more than a cloud EHR.

More Reliable (backup/disaster recovery) – Similar to secure, you can invest in a client server infrastructure that is just as reliable as a cloud EHR. It’s true that a cloud EHR vendor can invest more money in redundant systems usually. However, a client server EHR vendor that hosts the EHR could invest just as much.

Single Database – This is the one major challenge where I think client server has a much harder time than a single database cloud EHR provider. Sure, you can export the data from all of the client server EHR software into a single database in order to do queries across client server EHR installs. A few vendors are doing just that. So, I guess it’s possible, but it’s still not happening very many places and not across all the data yet.

Available Everywhere – This can be done by client server as well, but the experience is often a subset of the in office experience. Although, this is rapidly changing. Bandwidth and technology have gotten so good, that even a client server install can be done pretty much anywhere on any device.

Conclusion
Looking through this list, it makes a great case for why client server EHR software is going to be around for a long time to come. There’s nothing on the list that’s so compelling about cloud hosted EHR software that makes it a clear cut winner.

As I thought about this topic, I tried to understand why cloud’s been the clear cut winner in so many other areas of technology. The answer for me is that in our lives portability has mattered a lot more to us. In healthcare it hasn’t mattered as much. Plus, new client server technologies have been portable enough.

Long story short, I’m a fan of cloud technologies in general, but if I were a provider and a client server technology provided me more features, functions, better workflow, etc, than a cloud EHR, I wouldn’t be afraid to select a client server EHR either.

Also worth clarifying is that this post outlines how a client server EHR can provide all of the same benefits of a cloud EHR. However, just because a client server EHR can provide those benefits, doesn’t mean that they do. Many have chosen not to offer the above solutions. Although, the same goes for cloud EHR as well.

What do you think? Are there other reasons why cloud EHR technology is so much better than client server? Is there something I’ve missed? I look forward to reading your comments.

August 25, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Where is Voice Recognition in EHR Headed?

Written by:

I’ve long been interested in voice recognition together with EHR software. In many ways it just makes sense to use voice recognition in healthcare. There was so much dictation in healthcare, that you’d think that the move to voice recognition would be the obvious move. The reality however has been quite different. There are those who love voice recognition and those who’ve hated it.

One of the major problems with voice recognition is how you integrate the popular EHR template documentation methods with voice. Sure, almost every EHR vendor can do free text boxes as well, but in order to get all the granular data it’s meant that doctors have done a mix of clicking a lot of boxes together with some voice recognition.

A few years ago, I started to see how EHR voice recognition could be different when I saw the Dragon Medical Enabled Chart Talk EHR. It was literally a night and day difference between dragon on other EHR software and the dragon embedded into Chart Talk. You could see so much more potential for voice documentation when it was deeply embedded into the EHR software.

Needless to say, I was intrigued when I was approached by the people at NoteSwift. They’d taken a number of EHR software: Allscripts Pro, Allscripts TouchWorks, Amazing Charts, and Aprima and deeply integrated voice into the EHR documentation experience. From my perspective, it was providing Chart Talk EHR like voice capabilities in a wide variety of EHR vendors.

To see what I mean, check out this demo video of NoteSwift integrated with Allscripts Pro:

You can see a similar voice recognition demo with Amazing Charts if you prefer. No doubt, one of the biggest complaints with EHR software is the number of clicks that are required. I’ve argued a number of times that number of clicks is not the issue people make it out to be. Or at least that the number of clicks can be offset with proper training and an EHR that provides quick and consistent responses to clicks (see my piano analogy and Not All EHR Clicks Are Evil posts). However, I’m still interested in ways to improve the efficiency of a doctor and voice recognition is one possibility.

I talked with a number of NoteSwift customers about their experience with the product. First, I was intrigued that the EHR vendors themselves are telling their customers about NoteSwift. That’s a pretty rare thing. When looking at adoption of NoteSwift by these practices, it seemed that doctor’s perceptions of voice recognition are carrying over to NoteSwift. I’ll be interested to see how this changes over time. Will the voice recognition doctors using NoteSwift start going home early with their charts done while the other doctors are still clicking away? Once that happens enough times, you can be sure the other doctors will take note.

One of the NoteSwift customers I talked to did note the following, “It does require them to take the time up front to set it up correctly and my guess is that this is the number one reason that some do not use NoteSwift.” I asked this same question of NoteSwift and they pointed to the Dragon training that’s long been required for voice recognition to be effective (although, Dragon has come a long way in this regard as well). While I think NoteSwift still has some learning curve, I think it’s likely easier to learn than Dragon because of how deeply integrated it is into the EHR software’s terminology.

I didn’t dig into the details of this, but NoteSwift suggested that it was less likely to break during an EHR upgrade as well. Master Dragon users will find this intriguing since they’ve likely had a macro break after their EHR gets upgraded.

I’ll be interested to watch this space evolve. I won’t be surprised if Nuance buys up NoteSwift once they’ve integrated with enough EHR vendors. Then, the tight NoteSwift voice integrations would come native with Dragon Medical. Seems like a good win win all around.

Looking into the future, I’ll be watching to see how new doctors approach documentation. Most of them can touch type and are use to clicking a lot. Will those new “digital native” doctors be interested in learning voice? Then again, many of them are using Siri and other voice recognition on their phone as well. So, you could make the case that they’re ready for voice enabled technologies.

My gut tells me that the majority of EHR users will still not opt for a voice enabled solution. Some just don’t feel comfortable with the technology at all. However, with advances like what NoteSwift is doing, it may open voice to a new set of users along with those who miss the days of dictation.

August 22, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Giving Email Addresses to Patients Who Don’t Have Them

Written by:

In my post, 4 Things Your Patient Portal Should Include, I talked about the thing patients want most in a patient portal is the ability to communicate with someone in the physician office. I still think that’s the most powerful part of a patient portal.

In response to that post, the people at Engaged Care sent me an interesting way that they’re approaching engaging the patient. Their efforts are focused on those patients who don’t have an email address. Check out this video which demonstrates the workflow they offer.

I’m not sure how many patients don’t have an email address, but this is a pretty slick solution to get them signed up for an email address. The other challenge is getting those patients who don’t have an email address motivated and skilled enough to check the newly created email as well. However, maybe access to a well done patient portal might be motivation enough for them to get involved.

The other benefit to these physician provided email addresses is that they are secure. You might remember that native email is not HIPAA secure. The email addresses that Engaged Care provides are HIPAA secure.

I’ll be interested to see how this company does. How many patients actually use the new email addresses and where they take it next. Although, I found the idea of giving patients a secure email address quite interesting.

August 21, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Work IT! Optimize Health Technology with EHR Adoption – Breakaway Thinking

Written by:

The following is a guest blog post by Carrie Yasemin Paykoc, Senior Instructional Designer / Research Analyst at The Breakaway Group (A Xerox Company). Check out all of the blog posts in the Breakaway Thinking series.
workout
Investing in an electronic health record (EHR) is largely based on the decision to improve patient safety, align with clinical guidelines, enhance revenue cycle times, and capture government-based incentives. But without a proper EHR adoption plan in place, healthcare providers risk never optimizing their investment and achieving their intended goals.

Once an EHR is implemented, healthcare organizations must continue striving toward their goals to optimize their systems. Improving workflows, establishing best practices and increasing overall proficiency of end-users in this application are all components of optimization. Healthcare organizations that are able to maintain this level of focus will see improved clinical and financial outcomes.

This process isn’t easy and requires a commitment to the initial performance metrics that drove the healthcare organization to purchase the new system. Today, nearly half of all healthcare organizations use an EHR, but many struggle to ensure it provides clinical value across the organization. They carefully select and implement systems but fail to make the tool work as originally envisioned. Just because they bought a new EHR doesn’t mean it is serving their patients, providers, or bottom line.

A parallel comparison can be made with buying a high-end, a mobile exercise device to track aerobic and anaerobic steps. Individuals seeking a healthier lifestyle invest in these devices, hoping it will help them achieve their personal health goals. After making the initial investment and adapting daily habits to wear the device, one can begin to adopt the technology to achieve improved health goals. But realizing these goals takes work and commitment. If performance is not monitored, results can plateau and, in some cases, regress. This could result in a growing waist line for the person trying to lose weight, an ironic and unfortunate twist. For healthcare organizations, their growing waistline is unhealthy organizational performance, visible through increases in adverse drug events, recurrent admissions, revenue cycle times and government penalties, all symptoms of goal misalignment. The more healthcare organizations look away from their initial performance goals and utilize EHRs for data storage only, the more noticeable the symptoms become. Both individuals and healthcare organizations can benefit from the process of system optimization to make the tool work for the betterment of the individual or organization.

Extensive research has been conducted by The Breakaway Group (TBG), A Xerox Company, to identify elements that lead to optimization. TBG reports the key adoption elements exhibited by healthcare organizations that optimize their EHRs:

Engaged and Clinically Focused Leadership
Healthcare organizations must demonstrate engaged and clinically focused leadership. Clinical leaders must align their EHR by refining workflows, templates, utilization, and reporting to meet their organizations’ clinical and financial goals. The Chief Medical Information Officer (CMIO) is well suited for this venture.

Targeted Education and Communication
Healthcare organizations must provide targeted education and communication.  When system upgrades are released, organizations must effectively and efficiently educate end users to alleviate reductions in proficiency and productivity.

Comprehensive Metrics
Healthcare organizations must be able to use EHR data.  Organizations must move past the superficial use of an EHR and begin to analyze what is entered. The EHR is of little value, if the data is neither clinically valuable nor used.

Sustained Planning and Focus
Healthcare organizations must sustain planning and focus. Change occurs frequently in healthcare, so system optimization requires preparation, adjustment and real-time communication.

With these adoption elements, healthcare organizations can make their technology work as originally intended—to improve patient and financial outcomes. To overcome the EHR implementation plateau, they must focus on their original performance goals to truly optimize health information technology systems. This process isn’t easy. It requires endurance, but the payoff is worth it. It’s time to “Breakaway” from the status quo and work IT– by optimizing use of HIT systems!

Carrie Yasemin Paykoc
Xerox is a sponsor of the Breakaway Thinking series of blog posts.

August 20, 2014 I Written By

Can We Start Being Human?

Written by:

Excuse a moment of somewhat personal commentary, but this story in the New York Times has been making the rounds. Basically, the boards full of smiling babies in a doctor’s office are considered a privacy violation. Here’s an excerpt from the article:

Under the law, the Health Insurance Portability and Accountability Act, baby photos are a type of protected health information, no less than a medical chart, birth date or Social Security number, according to the Department of Health and Human Services. Even if a parent sends in the photo, it is considered private unless the parent also sends written authorization for its posting, which almost no one does.

When I read stories like this, I ask myself “Have we lost all common sense? Can’t we be human?” I get how privacy is important. I’ve written this blog for 9 years and so I know the consequences of HIPAA breaches. Although, I think Dr. Moritz covers my view really well:

“I think we have to have some common sense with this HIPAA business,” Dr. Moritz continued. “To leave medical records open to the public, to throw lab results in the garbage without shredding them, that makes sense” to prohibit. “But if somebody wants to post a picture of something that’s been going on for a millennium and is a tradition, it seems strange to me not to do that,” he said.

I know there are ways to comply with the law and preserve the baby board. Have the parents sign a release form when they drop off the picture. I think you could also add this note in your HIPAA notice that the patient signs before their first visit. However, I think this is missing the point. Isn’t it common sense that someone who sends a picture of their baby to the office isn’t afraid of having that picture shared?

Certainly this change is not life or death stuff. Although, I think the baby boards did provide some humanity to an otherwise sterile office. However, I hate the trend of where this leads. In far too many things we can’t be human anymore. Common sense is missing in so many areas of life and instead of giving people the benefit of the doubt we’re too easy to condemn people who had no ill intent.

I realize there are bad people out there that do bad things. However, they’re the minority and its sad when the minority is able to have such an impact on the majority.

August 19, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Chinese Hackers Reportedly Access 4.5 Million Medical Records

Written by:

The headline of a tech startup blog I read pretty regularly caught my attention today, “Another day, another Chinese hack: 4.5M medical records reportedly accessed at national hospital operator“. The title seems to say it all. It’s almost like the journalist sees the breach as the standard affair these days. Just to be clear, I don’t think he thinks breaches are standard in healthcare, I think he thinks breaches are standard in all IT. As he says at the end of the article:

Community Health Systems joins a long list of large companies suffering from major cybersecurity breaches. Among them, Target, Sony, Global Payment Systems, eBay, Visa, Adobe, Yahoo, AOL, Zappos, Marriott/Hilton, 7-Eleven, NASDAQ, and others.

Yes, healthcare is not alone in their attempt to battle the powers of evil (and some not so evil, but possibly dangerous) forces that are hacking into systems large and small. We can certainly expect this trend to continue and likely get worse as more and more data is stored electronically.

For those interested in the specific story, Community Health Systems, a national hospital provider based in Nashville reported the HIPAA breach in their latest SEC filings. Pando Daily reported that “Chinese Hackers” used a “highly sophisticated malware” to breach Community Health Systems between April and June. What doesn’t make sense to me is this part of the Pando Daily article:

The outside investigators described the breach as dealing with “non-medical patient identification data,” adding that no financial data was stolen. The data, which includes patient names, addresses, birth dates, telephone numbers, and Social Security numbers, was, however, protected under the Health Insurance Portability and Accountability Act (HIPPA).

I’m not sure what they define as financial data, but social security numbers feel like financial data to me. Maybe they meant hospital financial data, but that’s an odd comment since a stack of social security numbers is likely a lot more valuable than some hospital financial data. The patient data they describe could be an issue for HIPAA though.

As is usually the case in major breaches like this, I can’t imagine a chinese hacker is that interested in “patient data.” In fact, from the list, I’d define the data listed as financial data. I’ve read lots of stories that pin the value of a medical record on the black market as $50 per record. A credit card is worth much less. However, I bet if I were to dig into the black market of data (which I haven’t since that’s not my thing), I bet I’d find a lot of buyers for credit card data tied to other personal data like birth date and addresses. I bet it would be hard to find a buyer for medical data. As in many parts of life, something is only as valuable as what someone else is willing to pay for it. People are willing to pay for financial data. We know that.

We shouldn’t use this idea as a reason why we don’t have to worry about the security and privacy of healthcare data. We should take every precaution available to create a culture of security and privacy in our institutions and in our healthcare IT implementations. However, I’m just as concerned with the local breach of a much smaller handful of patient data as I am the 4.5 million medical record breach to someone in China. They both need to be prevented, but the former is not 4.5 million times worse. Well, unless you’re talking about potential HIPAA penalties.

August 18, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Telemedicine A Critical New Approach To Primary Care

Written by:

Telemedical treatment has been a tantalizing possibility for many years, for reasons including a failure of health plans to pay for it and too little bandwidth to support it, but those reasons are quickly being trumped by the need for quick, cheap, convenient care.

In fact, according to research by Deloitte, 75 million of 600 million appointments with general practitioners will be via telemedicine channels this year alone.

While one might assume that this influx is coming from traditional primary care practices which are finding their way online, that doesn’t seem to be the case.

Instead,a growing number of entrepreneurial startups are delivering primary care via smart phone and tablet, including Doctor on Demand and HealthTap, which offers videoconferences with PCPs, and options like Healthcare Magic and JustAnswer, which offer consumers the opportunity to get written responses to their healthcare queries from doctors.

Primary care doctors going into direct primary care are also joining the primary care telemedicine revolution; a key part of their business is based on making themselves available for consultation through all channels, including Skype/Facetime/Google Hangout meetings.

To date, most of the thinking about telemedicine have been that it’s an add-on service which is far to one side of the standard provision of primary care. However,with so many consumers paying out of pocket for primary care — and virtual visits typically priced far more cheaply than on-site visits — we may see a new paradigm emerge in which victims of  high-deductible plans and the uninsured rely completely on telemedical PCPs.

Rather than being merely a new technical development, I believe that the delivery of primary care via telemedical channels is a new form of ongoing primary care delivery.

It will take some work on the part of the telemedicine companies to sustain long-term relationships with patients, notably the use of an EMR to track ongoing care. And telemedicine PCPs will need to develop new approaches to working with other providers smoothly, as coordination of care will remain important. Health IT companies would be wise to consider robust, unified platforms that allow all of this to happen smoothly.

Regardless, the bottom line is that primary care telemedicine isn’t an intriguing sideline, it’s the birth of a new way to think about financing and delivery of care. Let’s see if traditional providers jump in, or if they let the agile new virtual PCP companies take over.

August 15, 2014 I Written By

Katherine Rourke is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.