Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Tips for Women in the Medical Device Industry

Posted on March 4, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ll admit that I’m far from an expert on the challenges and inequities of women in the workforce. I think that everyone that knows me knows that I love working with women and I love strong empowered women. It’s what I hope my daughter will become one day. I’m proud that the Healthcare IT Marketing and PR conference was the first conference to be listed with over 50% female speakers.

I recently saw a stat that there were more CEO’s of the top 1500 companies named “John” (5.3%) than there are women CEOs (4.1%). That’s particularly disturbing since my name is John. It highlighted to me how solving the issues of gender inequality in the workplace is incredibly complex and challenging.

While I admit I don’t have all the answers, I was interested to hear these 5 suggestions for women from Kathryn Stecco, MD.

Women considering entrepreneurial initiatives in medical technology should follow these basic principles.

  1. Start with a big idea that solves a big problem: A new business must start with a powerful idea for a product or service that fills a real unmet need. Market is everything.
  2. Pursue a practical solution:  Focus on products that are safe, effective and easy to use for both physician and patient. If the product doesn’t make physicians’ lives easier, they won’t use it. The product must produce meaningful clinical data that speaks for itself.
  3. Build relationships – early – with clinicians: Medical entrepreneurs must be out in the field developing ties with physicians and getting their input early in the design process. No matter how well designed your product or how impressive your patents, physicians will have the last word on the usefulness of your product. They are vital to your success.
  4. Be prepared to shift gears:  Don’t fall into the trap of becoming so enamored of an idea or a product that you lose sight of its real likelihood of succeeding in the marketplace. You must have the flexibility to move on to something else when changes in the environment cause the ground to shift under your feet and your plans to be upended.
  5. Enjoy the ride!  Successful entrepreneurs make adversity the energy that fuels their creativity. They don’t learn their most valuable lessons in the classroom but in the trenches. They thrive on the long hours, the unpredictability, the rush that comes from building something important and valuable.

Maybe some of these ideas will help some women who are working in the medical device industry. It’s a small thing for sure, but maybe if we all do small things to improve the opportunities for women those small things will turn into something great.

How Can Human Resource Technology Better Help You Manage Your Employees

Posted on March 3, 2015 I Written By

The following is a guest post by Vishal Gandhi, CEO of ClinicSpectrum as part of the Cost Effective Healthcare Workflow Series of blog posts. Follow and engage with him on Twitter @ClinicSpectrum and @csvishal2222.
Vishal Gandhi
In healthcare we love to talk about ways we use technology with patients. We chart patient visits in the Electronic Medical Record. We schedule and bill patients and insurance companies from a Practice Management System. We interact with patients through a patient portal. All of these technologies can be great, but how come we don’t talk more about the way technology can improve how we run our practices and manage our employees?

One example of this is using technology to improve your HR. We see this in many other industries and at a few of the large hospital organizations, but for the most part healthcare hasn’t benefited from great HR practices that utilize technology. As healthcare organizations continue to consolidate, it’s going to be extremely important that every healthcare organization has a well designed human resource program to train, track, and retain key employees.

Let’s look at three areas you can use technology empowered HR practices to track, manage, and improve your human resource efforts:

Employee Growth Milestones
Are you creating a growth plan for your employees? Do you have a system that tracks that growth plan for your employees? If you don’t have either of these, then you’re missing out on a big opportunity. By setting growth milestones or goals for your employees you inspire them to be better and do more. Plus, employees love to know that there are opportunities to grow within your organization and a clear plan of how that growth can be achieved. However, along with setting these milestones, you also have to have a way to track how your employees are doing in their efforts to achieve these milestones. Otherwise, there’s no reason to set a growth milestone if you’re not going to evaluate it later.

Healthcare Human Resouce Management
While you could do this milestone tracking on paper or in a set of Word documents, we know what happens to those documents. They get filed away and forgotten. The better option is to use an employee management system which integrates these growth milestones into your employee’s performance milestones. Then, you can see how an employee’s performance corresponds to their growth milestones. Plus, with an integrated package, you can regularly be reminded of those growth milestones.

Employee Performance Milestone
Now that you’re setting growth milestones for your employees, let’s consider how you can track an employee’s performance. Doing so will encourage better performance and will provide you a way to reward those employees who are delivering great results and work with those employees who aren’t progressing towards their growth milestones.

A great example of this is with your medical billing staff. Using technology you can track the performance of that medical billing staff. How many insurance checks did they do? How many claims are they processing? How many collections phone calls did they complete? Each of these items illustrates how well that medical billing staff is performing their job’s duties. By integrating this tracking into your human resource management system, you have an objective way to evaluate and reward your employees.

Employee Benchmarking and Productivity
Now that your employees have a set of growth milestones and you have the ability to track their performance, you can effectively benchmark your staff and evaluate their productivity. Once again, while this can be done on paper, it’s much more effective and efficient with technology.

Benchmarking your employees against their peers is incredibly valuable because it helps a manager evaluate which employees might need more help and which employees deserve to be rewarded for their hard work. Without these benchmarks, we have to base our evaluations on how we feel and that can often be wrong.

A great human resource management software can facilitate an improved HR program for your employees. Doing so is extremely important to your organization so you can retain their key employees. Human resource management software gives the best employees a roadmap for how to be rewarded in regular performance evaluations. On the other hand, it also helps an organization evaluate their poorly performing employees so they can either help them improve or let them go. Healthcare organizations that choose not to utilize technology in their human resource management efforts are likely to lose their best employees as they fall behind their competitors. That’s a recipe for disaster in the competitive healthcare environment.

The Cost Effective Healthcare Workflow Series of blog posts is sponsored by ClinicSpectrum, a leading provider of workflow automation solutions for healthcare. Check out their healthcare Human Resource management module, HRMSpectrum to help improve your HR management efforts.

Healthcare Data Quality and The Complexity of Healthcare Analytics

Posted on March 2, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The other day I had a really great chat with Khaled El Emam, PhD, CEO and Founder of Privacy Analytics. We had a wide ranging discussion about healthcare data analytics and healthcare data privacy. These are two of the most important topics in the healthcare industry right now and no doubt will be extremely important topics at healthcare conferences happening all through the year.

In our discussion, Khaled talked about what I think are the three most important challenges with healthcare data:

  1. Data Integrity
  2. Data Security
  3. Data Quality

I thought this was a most fantastic way to frame the discussion around data and I think healthcare is lacking in all 3 areas. If we don’t get our heads around all 3 pillars of good data, we’ll never realize the benefits associated with healthcare data.

Khaled also commented to me that 80% of healthcare analytics today is simple analytics. That means that only 20% of our current analysis requires complex analytics. I’m sure he was just giving a ballpark number to illustrate the point that we’re still extremely early on in the application of analytics to healthcare.

One side of me says that maybe we’re lacking a bit of ambition when it comes to leveraging the very best analytics to benefit healthcare. However, I also realize that it means that there’s still a lot of low hanging fruit out there that can benefit healthcare with even just simple analytics. Why should we go after the complex analytics when there’s still so much value to healthcare in simple analytics.

All of this is more of a framework for discussion around analytics. I’m sure I’ll be considering every healthcare analytics I see based on the challenges of data integrity, security and quality.

Restoring Humanity to Health Care – My Experience Part 2

Posted on February 27, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

It seemed appropriate for me to follow up with part 2 of my experience with a new wellness focused medical practice called Turntable Health, an operating partner of Iora Health. In case you missed part 1 of the journey, you can find it here.

Walking into the clinic, there was a different feel. It felt more like walking into a local coffee shop than going for a doctors appointment. The lobby was so inviting that I wondered if some in the community used it as a place to go and work on occasion. I spend a fair amount of time in the Downtown Las Vegas tech community, so it wasn’t a surprise that I actually knew a few of the people in the lobby. So, I was able to connect with some friends while I waited for my appointment.

The check in process was simple and I was invited back by my health coach. In this case the health coach acted very much like an MA or nurse in a regular medical office, but the feel was more friendly an casual. We both knew we had an hour together so there wasn’t the usual frenetic pace the accompanied a doctors office.

I had a couple paper forms to sign (yes, the signature is still often easier on paper), but no major health history to fill out or anything like that. They had a one question survey that I think was about my current state of wellness. Over the hour the health coach did ask many of the questions that would be on a normal health history form and key them into the Iora EHR system. It was a unique approach since it gave me the opportunity to talk about the things as we went through them and many of the things we talked about (ie. my family health history) came up later in my conversation with the doctor.

The exam room looked quite a bit like any other exam room you might visit. The colors and lighting were nice and they had little touches like this local art work display in the exam room (see picture below). It’s kind of interesting to think about a doctor’s office as a kind of local art gallery.

At one point in the conversation with my health coach, we talked a bit about fitness tracking and she quickly emailed me some fitness apps that she liked. Little did she know that I write about such apps and that industry for a living on Smart Phone Healthcare. It also illustrated how much of a need there is for someone to be a trusted content curator of the 30k+ mobile health apps out there. Especially if we want healthcare providers to make a dent in actual usage of these to improve our wellness.

After completing her assessment, my health coach left the room and came back with the doctor. When he came in he told me that my health coach had talked with him about me and my health (in a normal practice this amounts to “Fever in room 3″) and he wanted to talk to me about a few of the issues I was dealing with. When he did this, the doctor and my health coach came into the room and we all sat around a small table. It was almost as if I’d just sat down for hot chocolate (I don’t drink coffee) with my doctor and my health coach.

There were a few differences though. When my doctor sat down he plugged in a chord to display his computer screen (my record) on a big plasma monitor that we could all see. I’m not sure why my health coach didn’t do that too. I almost moved over next to her to watch her enter the data, but I felt like that was just my inner EHR nerd coming out. Plus, I didn’t want her to necessarily know my background in that regard and that I’d be writing about the experience later. I wanted to see what they usually did for patients.

Because we were all sitting around the proverbial exam room “coffee table” I didn’t feel rushed at all. We talked about a couple sports issues I’ve been dealing with and ways that I could make sure they don’t continue to get worse (since I’m definitely not stopping my sports playing). We also spent some time talking about how to work on some long term wellness tracking around high cholesterol and diabetes.

After the visit, I realize that in many ways it wasn’t any different than a regular doctor visit. I could have gone into any doctor’s office and discussed all of these things and likely gotten similar answers. I think part of this is Turntable Health still working on the evolution of how to really treat a patient from a Wellness perspective. However, while many aspects of the treatment were the same, the experience felt different.

The long appointment time. The health coach. The doctor that wasn’t rushed all contributed to a much different visit than you’d get in most doctors’ offices. You can be certain that had I gone to a doctor for my sports issues, we wouldn’t have talked about things like cholesterol and diabetes. There wouldn’t have been time. Was the care any better or worse? It’s the same care that would have been provided by other professionals, but the care was given room to breathe.

As I left the visit, a part of me did feel a little disappointed. You might wonder why after this glowing review of the unique experience. I think the disappointment came from some improperly placed expectations. I’m not sure I really thought deeply about it, but I wish I’d realized that they’re not going to solve your wellness in one visit.

When I think about my psyche as it relates to doctors, I’ve always approached a doctor as someone you go into and they fix you and then you go home. When applying that same psyche to a wellness based approach to medicine, it leads to inappropriate expectations. Wellness is a process that takes time to understand and address. In fact, it’s a process that’s likely never done. So I think that led to my gut reflex expectation of what I’d experience.

I think one way Turntable Health could help to solve these expectations is to do a better job on the first visit to describe the full model and plan for what they want to accomplish with a patient. Otherwise, you really just feel like you’re going in for another doctor’s appointment. I’m not sure if that’s a cool chart of all their services and how they help me improve my wellness or if it’s a list of ways that they’re working to help improve my wellness.

Basically, I wish they’d over communicated with me how Turntable Health was different and how they were going to deploy a suite of professionals and services to better help my overall wellness. It’s easy for those working at Turntable Health to forget that new patients haven’t seen their evolution and don’t know everything they’ve done to improve the primary care experience.

A few other things I’d have loved to seen. First, I filled out their 20 minute (I think it took me 10-15) survey before the appointment. I didn’t get any feeling that the health coach or the doctor had actually seen the results. In fact, the health coach asked me some of the same questions. Redundancy can be appropriate on occasion, but it could have made the visit more efficient if they already knew the answer to those questions and instead of getting the info they could have spent the time talking about the answers as opposed to getting the answers. Plus, I’m sure my answers would have triggered some other discussions. It all made me partially wonder why I filled out the survey in the first place. Were those just part of some research experiment or were they to help me improve my health?

I was quite interested in their portal and what it offered (obviously, since I’m a techguy). It seemed like the framework as opposed to a fully fleshed out solution. I could see where it could grow to something more powerful, but was disappointing on first login. In one area called measurements it had graphs of my Blood Pressure, Fasting Glucose, and Weight. Unfortunately, after one visit they only had one data point and now way for me to easily upload all my weight measurements from my iHealth scale. Hopefully integrations like that are coming since that data could definitely inform my wellness visits. I guess they need to work on the first time user experience for the portal. At least I can schedule appointments through it.

I imagine some of you are probably looking at this as a pretty major investment in my health. Some might even think an hour long appointment would be more time than they want to spend with the doctor. I get that and I don’t always want my appointment to be that long. In fact, now that I have my baseline, I hope that many visits become an email exchange or other electronic method that saves me going into the doctor at all. However, as I’m getting older, I see this as an important investment in my long term health. Hopefully this investment has a good ROI.

With that in mind, I’ll do what I can to keep you updated on my experience. Since I’m on a journey of wellness, I imagine this is Part 2 of Many. I hope you enjoyed the look into my experience.

Restoring Humanity to Health Care – My Experience Part 1

Posted on February 26, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In light of yesterday’s short story post, and also my post on EMR and EHR about concierge medicine, I thought it timely for me to document might entrance into what many are calling the next generation of healthcare. They talk about it as primary care that puts people first.

In my case, it’s my recent membership in Turntable Health, an operating partner of Iora Health. When I had to switch insurance plans this year, I decided to try out this new approach to primary care. The insurance plan I chose included a membership to Turntable Health. For those not familiar with Turntable Health, it was started by the infamous ZDoggMD and is backed by Tony Hsieh’s (CEO of Zappos) Downtown Project in Las Vegas.

To be honest, I’m not sure exactly what I’ve gotten myself into, but that was kind of the point. I can’t remember the last time I went to a primary care doctor. In fact, if someone asked me who my primary care doctor was I wouldn’t have an answer or I might mention one that my wife visited. I’m a relatively healthy person (luckily I have some good orthopedic friends for my sports injuries) and so I’ve never felt the desire to go in and see my doctor. I feel healthy, so why should I go and pay a doctor to tell me I’m healthy? I think this view is shared by many.

Will Turntable Health be able to change my view on this? Will they be able to take a true Wellness approach to things that will change how I view primary care? I’ve written for years about Treating a “Healthy” Patient, and so I’m interested to see if Turntable Health is making that a reality.

One thing is for sure. They’re taking a different approach than most doctors. I scheduled my first appointment for later today (Side Note: Not sure what it says that it took me 1-2 months to schedule my first appointment.). They slotted me in for an hour long appointment (a requirement for the first appointment) so that they can really get to know me and my wellness needs. Plus, they said I’d get a chance to get to meet my care team. A care team? What’s that? I’ll let you know after my appointment, but looking at their team I’d say it includes physicians together with health and wellness coaches.

The idea of a team of people thinking about my and my family’s wellness is intriguing. Although, I’ll admit that this wasn’t the biggest reason I chose to sign up with Turntable Health. It was part of the reason, but I was also excited by the idea of unlimited primary care. With unlimited primary care, it opens the door to things like text messages or eVisits with your doctor since they’re truly interested in your wellness and not churning another office visit to get paid.

With a family of 4 kids, there are dozens of times where my wife and I debate whether an office visit is needed. Every parent knows the debate. Am I just being paranoid or are they really sick? Is that rash something that needs to be treated right away or should I give it some time? Final answer: Let’s just take them in, because I don’t want it to be something bad and then I feel like I’m an awful parent because I chose not to take them in. I’m hopeful that with Turntable Health we can alleviate those fears since we don’t have to pay for the visit and we can start with an online visit which saves us time. That’s extremely compelling to me.

I can already say that my experience has been different. After scheduling my first appointment, I got the usual email confirming my appointment, offering directions to the office, and inviting me to fill out an “Online Health Assessment.” I thought it was cool that they were asking me to fill out those lengthy health history forms electronically before the visit. Turns out I was wrong. It was a survey style assessment of my health and wellness. They asked questions about my mental and physical health. They asked about my diet and exercise. They even asked about my quality of life. There weren’t any questions about my neck issue or the pain in my hand, let alone my allergies or past medical history. I wonder if they’ll do that when I get to the office. Plus, I’ll be interested to see what questions they ask me about that true wellness assessment.

Like I said, this appointment should be interesting. To be honest, I feel like I’m learning a new healthcare system. I know what’s appropriate and how the regular doctors office works. Here I’m not sure what’s right or wrong. Take for example the list of health and wellness classes Turntable Health offers with their membership. What other primary care office offers Tai Chi, Hot Hula and Meditation courses? I might even have to start doing yoga. Why not? It’s free. Although, what a different approach to Wellness.

There you go. There’s part 1 of my introduction into a new model for primary care. How will it go? We will see. How will they handle the fact that I’m a picky eater and that doesn’t jive well with many of their perspectives on Wellness? Will they really care about my wellness enough to reach out to me beyond appointments? How will my family and I react to this outreach? Will we stonewall them or will we embrace the increased interaction? It will be a fun journey and I hope you’ll enjoy me sharing it with you.

All in all, it does feel like they’re trying to restore humanity to healthcare. We’ll see how much we like humanity.

Update: Check out part 2.

“Please Choose One” – A Short Story

Posted on February 25, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Every once in a while I come across a piece of healthcare prose that I have to share, but there’s no good way to share it in pieces. I found that once in The Old Man and the Doctor Fable. It’s a must read if you haven’t read it.

I recently had another such example shared with me called “Please Choose One“. This one took me a second to really get into it, but about a quarter of the way through, I couldn’t stop reading and had to figure out how it ended. I’m sure that many physicians will feel the heartache shared in this short story. Thank you Philip Allen Green, MD for sharing. If you haven’t gone and read it, go read it…we’ll be back here once you’re done.

Obviously, the story is told in an exaggerated worst case scenario fashion. Although, to me that’s what illustrates the point so well. The lesson I took from the story is that we can’t take the human out of healthcare. Technology should help us offer more humanity to patients as opposed to less. Furthermore, we’re at risk for doing the opposite.

What’s your takeaway? I’d love to hear your thoughts on the story.

Thinking About Future EHR Switching When Purchasing EHR Software

Posted on February 24, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

When we start purchasing our EHR, many times we don’t spend enough time thinking about what happens when we reach the end of life for the software we’re purchasing. I was particularly reminded of this when writing my post about the legacy EHR ticking time bombs. During our EHR or other healthcare IT software purchase, we don’t think about 5, 10, 15 years down the road when we might want to switch systems. What happens at the end of a system’s life is not our concern during an EHR purchase, but it should be.

A lot of people like to talk about EHR data portability. This is a very important subject when you’re looking to sunset an old system. However, if you haven’t put the right items in your EHR contract, it becomes a major issue for you to get that data out of the EHR. If you haven’t read the section on EHR contracts in my now somewhat dated EMR selection e-Book, take some time to read it over and check out your EHR contract.

When you can’t get the data out of your EHR, then you’re stuck in a situation that I described in my legacy EHR ticking time bomb post. You limp your legacy EHR system along and have issues with updates, fear the lost of the system completely, and much more. It’s just an ugly situation.

It’s nice to think that an EHR system will just work forever, but technology changes. It’s just the reality of life. I’m interested to see if the concept of an EHR vendor neutral archive will really take off. That would be one major way to combat this. However, I think many are afraid of this option because it’s tough to preserve the granular data elements in the EHR. Plus, it takes a forward thinking CIO to be able to make the investment in it. Although I’ve met some that are doing just this.

What has your organization done to prepare for the day that you’ll sunset your EHR or other healthcare IT systems? Is this a concern for you? Or are you like some CIOs who figure that it will be someone else’s problem?

What’s Your Value Based Care Strategy? What Role Does IT Play?

Posted on February 23, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I pretty regularly take a look at various healthcare IT whitepapers to glean insights into what’s happening in the industry and what advice vendors are offering healthcare organizations. I’ve been keeping a special eye on the changing reimbursement model and move to value based care and so I was interested in this whitepaper titled “How to Win with Value-based Care: Developing Your Practice’s EHR Strategy.”

The whitepaper starts with a dive into some of the changing care and reimbursement models that are emerging in healthcare. Then they offer this 4 step “Winning Strategy” for being ready for these changes:
Step 1: Assess your current situation
Step 2: Develop a customized VBC Plan that’s right for your practice
Step 3: Determine IT solution needs
Step 4: Implementation

In many ways, this 4 step plan could be applied to any project. Of course, the whitepaper dives into a lot more detail for each step. Although, I was struck by step 3. It takes for granted that value based reimbursement will require an IT solution. This whitepaper comes from a healthcare IT company with some value based IT product offerings so you have to question whether IT will be at the core of a practice’s value based care strategy or not.

As I think about the future of coordinated care and value based reimbursement, I think it’s more than fair to say that technology will be at the center of these initiatives. Value based care requires data to prove the quality of the care you’re providing. Certainly you could try and collect some of this data on paper, but does anyone think this is reasonable?

Try identifying all overweight patients in your patient population using paper chats. I can see in my mind’s eye an army of medical records professionals sifting through stacks of paper charts. It’s not a pretty solution and it’s fraught with error. That’s one query on an EHR system.

One of the biggest elements of value based reimbursement will be communication with patients. Can we build that real time communication on the back of snail mail? It sounds almost silly talking about it. Of course we’re going to use mobile devices, secure messages, and even secure video communication. We still have A LOT of work to do in this regard, but it’s the future.

Of course technology is going to be at the core of value based reimbursement. It’s the only way to accomplish what we’re striving to accomplish. The next question is: will the EHR make this possible or are we going to need something new and more advanced?

Are Legacy EHR Sytems the HIPAA Ticking Time Bomb?

Posted on February 20, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Healthcare IT and EHR security is a really important topic right now. Many organizations have started to spend time and resources on this problem after a series of healthcare and non-healthcare breaches. The Anthem breach being the most recent. Overall, this is a great thing for the industry since I think there’s more that could be done in every organization to shore up the privacy and security of patient health data.

In a recent conversation I had with Mike Semel, we talked about some of the challenges associated with legacy EHR and Healthcare IT systems in offices. Our conversation prompted to me to ask the question of whether these legacy EHR systems are the ticking time bombs of many healthcare organizations.

Think about what happens to many of these legacy EHR systems. They get put in some back office or under someone’s desk or in some nondescript closet where they’re largely forgotten. In many cases there are only 1-2 people who regularly use them and in many cases the word “regularly” equates to accessing it a few times a month. These few people are usually not technically savvy and know very little about IT security and privacy.

Do I need to ask the question about how good the security is on a system for which most people have forgotten?

These forgotten systems often don’t get any software updates to the application or the operating system. The former is an issue, but the later is a major problem. Remember that when updates to an operating system are issued, it’s essentially blasted out to the public that there are issues that a hacker can exploit. If you’re not updating the O/S, then these systems make for easy pickings for hackers.

Forget about great audit log tracking and other more advanced security on these legacy systems. In most cases, organizations are just trying to limp them along until they can decommission them and put them out to pasture. It makes for one massive security hole for most organizations.

Of course, this doesn’t even take into the account the fear that many organizations have that these systems will just give up the ghost and stop working all together. There’s nothing quite like security on a Windows 2000 Server box sitting under someone’s desk just waiting for it to die. Hopefully those hard drives and other mechanical elements don’t stop before the data’s end of life requirements.

These legacy systems aren’t pretty and likely present a massive HIPAA privacy and security hole in many organizations. If you don’t have a good handle on your legacy systems, now might be a good time to take a look. Better to do it now than to deal with it after a HIPAA breach or HIPAA audit.

Were Anthem, CHS Cyber Security Breaches Due to Negligence?

Posted on February 19, 2015 I Written By

Katherine Rourke is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Not long ago, health insurance giant Anthem suffered a security breach of historic proportions, one which exposed personal data on as many as 80 million current and former customers. While Anthem is taking steps to repair the public relations damage, it’s beginning to look like even its $100 million cyber security insurance policy is ludicrously inadequate to address what could be an $8B to $16B problem. (That’s assuming, as many cyber security pros do, that it costs $100 to $200 per customer exposed to restore normalcy.)

But the full extent of the healthcare industry hack may be even greater than that. As information begins to filter out about what happens, a Forbes report suggests that the cyber security intrusion at Anthem may be linked to another security breach — exposing 4.5 million records — that took place less than six months months ago at Community Health Systems:

Analysis of open source information on the cybercriminal infrastructure likely used to siphon 80 million Social Security numbers and other sensitive data from health insurance giant Anthem suggests the attackers may have first gained a foothold in April 2014, nine months before the company says it discovered the intrusion. Brian KrebsAnthem Breach May Have Started in April, 2014

Class action suits against CHS were filed last August, alleging negligence by the hospital giant. Anthem also faces class action suits alleging security negligence in Indiana, California, Alabama and Georgia. But the damage to both companies’ image has already been done, damage that can’t be repaired by even the most favorable legal outcome. (In fact, the longer these cases linger in court, the more time the public has to permanently brand the defendants as having been irresponsible.)

What makes these exploits particularly unfortunate is that they may have been quite preventable. Security experts say Anthem, along with CHS, may well have been hit by a well-known and frequently leveraged vulnerability in the OpenSSL cryptographic software library known as the Heartbleed Bug. A fix for Heartbleed, which was introduced in 2011, has been available since April of last year. Though outside experts haven’t drawn final conclusions, many have surmised that neither Anthem nor CHS made the necessary fix which would  have protected them against Heartbleed.

Both companies have released defensive statements contending that these security breaches were due to tremendously sophisticated attacks — something they’d have to do even if a third-grade script kiddie hacked their infrastructure. But the truth is, note security analysts, the attacks almost certainly succeeded because of a serious lack of internal controls.

By gaining admin credentials to the database there was nothing ‒ including encryption ‒ to stop the attack. The only thing that did stop it was a lucky administrator who happened to be paying attention at the right time. Ken Westin – Senior Security Analyst at Tripwire

As much these companies would like to convince us that the cyber security breaches weren’t really their fault — that they were victims of exotic hacker gods with otherworldly skills — the bottom line is that this doesn’t seem to be true.

If Anthem and CHS going to point fingers rather than stiffen up their cyber security protocols, I’d advise that they a) buy a lot more security breach insurance and b) hire a new PR firm.  What they’re doing obviously isn’t working.