Welcome to EMR and HIPAA

Ever since college(which really isn’t that long ago) I’ve been completely fascinated by the idea of Dragon Naturally Speaking and its ability to recognize your voice. Before getting into EMR and the healthcare field the best use of this technology had to be in journal keeping. I think that many more people would be interested in writing journals if they could just dictate their journals each night. In fact, I wish that Dragon Naturally Speaking would come out with a built in journal, mic and their software(possibly on top of linux) just to keep my journal. I guess I’m imagining something similar to an ipod size that you can connect to your computer and upload the file. It could even record your voice so that if you needed it later you could fix any errors. I digress.

Now that I’ve had a heavy dose of EMR experience I can see the value of Dragon Naturally Speaking (and other voice recognition software) in the medical field. First, it is a great baby step for those doctors that are use to dictating their notes. Why not save thousands of dollars of dictation cost, but still allow the doctor to dictate notes directly into an EMR. It’s a great middle ground for those doctors that need a little more convincing about an electronic medical record.

Second, I work with someone who has medical problems that leave her in a lot of pain if she types at any length. Dragon Naturally Speaking couldn’t be a better fit for this problem. She is in a counseling center and so they very rarely have anything but free form entry of notes. They don’t use much granular entry of data into the EMR because each case and each counselor is unique in their style. Voice recognition technology to the rescue.

My biggest problem with voice recognition software and Dragon Naturally Speaking in particular is the cost. The standard edition is priced at a very reasonable price of about $200. The professional version is priced at $600. The medical version is just over $1000. I personally would love to have the standard version for myself since I use simple language(as my blog will certainly show). The professional version just seems like a good way for Dragon Naturally speaking to make some money off of you. The medical version however is the real kicker. It offers some absolutely necessary features like medical dictionaries. I got a list of available medical dictionaries from my friend Eric over at voicerecognition.com:

Allergy, Cardiology, Chiropractic, Dermatology, Disability, Endocrinology, ENT, Family Practice, Gastroenterology, General Medicine, General Surgery, Internal Med, Neurology, Nephrology , OBGYN, Oncology, Ophthalmology, Orthopedics, Plastic Surgery, Pathology, Pediatrics, Podiatry, Psychiatry, Physical Medicine, Physical Therapy , Psychology, Neuro Psychology, Radiology/Nuclear, Medicine, Rheumatology, Urology, Urgent Care, Workers Comp., Drug Update

Honestly I didn’t really know there were that many different medical dictionaries and specialties that could use DNS for EMR. You can see there are plenty of choices. The real question is whether it’s worth $1000. Plus, it is always good to know that you are going to like the product before you spend $1000 just to find out that it wasn’t as good as you would have liked. One good thing I have seen is that if you get into Dragon Naturally Speaking then it is much less expensive to just keep upgrading the product each year. That’s a pretty good situation since you get the latest and greatest, but don’t have to repurchase the entire package.

While I think Dragon Naturally Speaking is great I am really looking forward to the day that Microsoft finally catches up in this arena. Windows has some built in voice recognition software that from everything I’ve read just really doesn’t cut it yet. I hope they invest in this arena so that one day we’ll have this great product for a much more reasonable price.

Securing your desktop machines is probably one of the most important parts of any HIPAA policy. I have a feeling that this topic will continue to get more and more attention as time goes on and people get caught with desktops not being protected. This could definitely lead to a potential HIPAA Lawsuit that I’m sure you want to avoid.

The Healthcare IT Guy recently posted some good information on what is being called “Pod Slurping” where people with a small iPod can extract large amounts of data from your system. There’s some really great posts out there on what you can do with an iPod. When you add all the different types of USB memory sticks and other small data carrying devices you could get into some real trouble if you’re not careful. Protecting yourself against these types of “attacks” will be essential.

I really see two methods of protecting yourself. First, you could create a policy that these types of devices aren’t not allowed in your environment. While this is difficult to control it is definitely a step in the right direction. The key to this working is enforcement whenever somewhat violates this policy. If it is made clear that there are severe consequences for violating this policy it will give you a layer of protection.

Second, there are some new programs out there that are really gaining momentum and becoming a great(albeit expensive) option for the future. My favorite option is Cisco’s Security Agent. I trained on this product and it is very powerful. Because it is so powerful it is often not practical for the small doctor’s office. However, larger organizations should seriously look at this option. Not only can it protect your EMR from rogue usb and iPod devices, but can also minimizes the need for adWare and Anti-virus programs. There are many other software packages on the market that do this also.

I would suggest using a combination of these two ideas to secure your environment. If your software implementation is good you shouldn’t need to worry about the first method, but it is always a good idea to have it in case the software doesn’t work right. Plus, auditors like to see those type of policies.

Blogging is a pretty interesting phenomenon. I must admit that before I started blogging I didn’t really understand what blogging was really about. Even now I sometimes wonder. However, I found blogging to be a great experience for you to put down on paper some of the different things you learn. It motivates you to study a subject in depth which you might not have studied had you not been thinking about blogging the subject. I find EMR and HIPAA very interesting, but I wouldn’t committ nearly the time nor the intensity to my involvement in it if I wasn’t trying to build something of use. Yes, I did say that this EMR and HIPAA blog could be useful. At least that is still my goal. Call me ambitious.

I found an interesting article on working up the career ladder with a blog. As I’ve been blogging I’ve often considered some points in this article before posting something. Here’s the most poignant part:

It now is common for job interviewers, customers and partners to Google your name before engaging with you personally.

If you have built a useful, thoughtful blog history, you could be well positioned to open the door for a fruitful business relationship. If not, you may not even get in the door. You can be sure if you claim to be an expert, you had better have a blog that covers your expertise or the door will be bolted shut.

I have a really common name so good luck on finding my EMR and HIPAA blog by my name. More importantly I plan on putting this blog down on my resume as something that shows my expertise in EMR. This is why I find the second part so important. I better make the sure the content here is good. I wouldn’t go as far as this writer in saying that the door would be bolted shut, because any intelligent business person can realize that this website isn’t just about advancing my career. Often a website can be multifaceted in its goals. If the interviewing company can’t understand that then I’m not sure I want to work for them anyway. That said, I still want to be careful what I say. It’s a fine line that has to be walked. I’ll save most my personal ramblings for my personal blog.

I’d been looking for some lists of EMR companies that I could use for my list of EMR and EHR vendors. I should expect an enourmous list since I’ve talked about how many EMR companies there are out there, but it is still overwhelming looking at some lists I’ve found. Good thing I’m young and will have time to go through it. I plan on going throuh and demoing many of the different EMR’s and will add them to my EHR and EMR Vendor list as I have time to do an appropriate EMR review.

Here’s my currently preferred EMR on this list called DoctorsPartner for those interested in a good EMR company to start their review.

I found 2 different lists for your viewing pleasure, but I put them on a separate page so they don’t make my front page unreadable. I(and you) shouldn’t look at this list too much because it makes evaluating EMR’s too overwhelming.
Read more…

Disclaimer: I understand that Doctors aren’t the only ones with egos and there are many doctors without egos. In fact, I think tech people are probably even more egotistical. The title is meant to be catchy not judgemental. The information below would be aptly applied to almost anyone, but I happen to be talking about EMR and so it is written with reference to Doctors.

When someone decides to implement an EMR in their office it is very important to decide whether a doctor should entered data into an EMR in the exam room or outside the exam room. This could involve wireless tablets(or laptops) or possibly just a really good memory(not my reccommendation). Many of the reasons to do one or the other is listed in a previous post about Pros and Cons of Wireless vs. Wired with an EMR.

One thing that I failed to mention and deserves it’s very own post is in regards to having a brand new EMR and computers in the exam rooms(or tablets). When we started the EMR I could see that my doctors were utterly afraid to take a computer into the exam room. The EMR was new to them and they were scared that they would go into the exam room and look like an idiot in front of their patients since they didn’t know how to use the computer. The reality is that it really does take some time to learn your way around the screens. Most people would be understanding of this, but it isn’t just learning an EMR. Doctors were afraid to do any typing because they were very insecure in their ability to type. Most of their typing is similar to my wife’s hunt and peck method. While effective for my wife it could certainly hamper that Doctor Patient relationship of trust(not to mention a Doctor’s ego).

Now that the Doctors I work with are familiar with the EMR software most of them are less concerned with this issue. Put the emphasis on most. Just another beautiful piece of the EMR Experience.

Moral of the story: Be careful with doctors that are unfamiliar with computers and a new EMR program having a computer in the exam room.

There was a recent news article that described how an emergency room was shutdown because of someone’s attempt to make a little cash. He basically had a little army of robots that would traverse the internet looking for vulerable computers that he could exploit. This technique isn’t anything new and so we should be use to it. However, it is sad when people put other people’s lives at risk because they want to make a buck. There’s really no excuse for it. Unfortunately I don’t think prison is even going to solve the problem. Although I do hope that he is convicted of whatever is possible.

More importantly is why wasn’t the hopsital better prepared for this? Regularly patching windows, anti-virus and adware programs can protect you from most of these attacks. This should give us all a little more interest in making sure our updating and scanning policies are good. My guess is that even the most basic HIPAA compliancy should have protected this hospital from attack.

Thankfully no one was hurt in this story. It will be a very sad day when this is not the case.

I know I’ve noted this before, but since this is my blog I’m glad to say that I can post my personal musings all I want. While I guess I have a devotion to any readership there may be I hope my personal tracking of the blog and updates on its success or failures will be of interest to those who read. If it doesn’t people are welcome to ignore this post(Is that a feature in WordPress?).

I’m 2 months into my EMR and HIPAA blogging experience and I’ve learned more than I could ever imagine. In fact, I realize even more today that I may never have a complete handle on this industry, but I hope that some insights will help other people in “The EMR Experience.”(Maybe this should be the real name of my blog)

Today, I finally went over the 10,000 page hit mark. Not too bad for 2 months. Not too bad for doing it in my free time(and my boring e-commerce class). I think this is pretty significant considering I’ve only done 50 posts so far. The search engines have enjoyed those 50 postsand treated me well by referring new readers. Although some of the search phrases make me wonder why they clicked on my site(subject of a different post).

I only have two major dissappointments to date. First the number of people that lurk the website without commenting. Maybe I need to create some more controversial posts, say something bad about someone’s company or pay people to comment. Second, is the time that I have to committ to posting to the website. I would really have liked some of my other pages like EMR and EHR vendors, EMR vs. Paper Charts, EMR Evaluating and Purchasing, EMR Features and EMR Implementation Ideas to become a tool that could change the way people find, purchase and implement an EMR. It will happen, but I’m slighty saddened by their slow progress. Be patient and please lend any ideas you have.

Thanks to all those that are reading. The site seems to be gaining a certain forward momentum that will hopefully continue to progress and become a very valuable EMR resource on the net.

What better way to add a little bit of education during the wait time. I know that in every doctor’s office I’ve ever been to I’ve read every single thing posted or written on the wall and even read most of the outdated magazines that have been throught the ringer. I think the best solution is actually providing wireless internet access to me in the waiting room, but what about all those people who don’t have a laptop(or didn’t think to bring a laptop) to the Dr’s office?

The idea of having some podcasts available is a great idea. They could be educational as is described in a recent post on EMRUpdate where it gave some good ideas for sources:

Search engines
Sites like Medscape
Ipodder and Itunes both have searches for popular health related RSS feeds with audio

feed://feeds.feedburner.com/healthbeat
http://www.medicinenet.com/script/main/art.asp?articlekey=47403

You could easily digitize your own voice for short lectures on smoking etc., and have them available on the hard drive.

However, why not also include some more popular selections also?

I think this kind of model is perfect for the college health market too. Students are really into technology and would enjoy the use of this information. Also, many colleges have health educators who could spear head the project and create content that would be appropriate for the patients that are visiting. Not to mention advertising special benefits of a college health center like free and confidential HIV tests. I’ve wanted to do it on an even broader version with video and streaming the video and audio across the internet and allow questions where the internet provides nearly complete anonymity. I’ll have to take this into consideration for the new building we’re doing at my office.

I finally got a minute to check out LogMeIn. I’d heard about it for a while and heard that it was free and quite good as an application to access your computer(and access your EMR) remotely similar to remote desktop. I think that for free versions of remote access I like Window’s remote desktop connection better. Remote desktop connection is a little faster response time than LogMeIn and remote desktop does better with the display than LogMeIn. I do see some big pluses for LogMeIn in that it doesn’t completely take over the session like RDP does(at least in XP). When I get back to my remote desktop I have to relogin which can sometimes be quite annoying. On the other hand I must admit that I often find myself connecting to my computer using remote desktop so that my computer is locked from other users getting to it. This mostly occurs when I’m running out of the office or leave from the other side of campus and didn’t have a chance to log me computer out of windows.

I will say that LogMeIn is a step above VNC and I guess TightVNC is in that category too. The best reason to go with LogMeIn is that it will remember all of your computers for you and tell you if they are available to be connected to. No more need to remember the IP address of all the computers you want to connect to remotely. There are other ways to look for remote desktop connections that are open on computers, but I like the idea that in one panel I can see all the computers I support and connect to them at anytime someone calls me with a problem. This is a nice feature and I’m seriously considering using it to manage the desktops of my end users. I could quickly connect to them and see the errors they are having without having to get out of my chair. This sounds quite nice.

On the other hand I have to seriously consider whether I want to have access to all of my end user’s computers. I think just on principle alone they might not like the idea. However, with some convincing about the quality of service provided I think they might go for it. Not to mention LogMeIn is free so that’s a major plus and should make LogMeIn an easier sell.

One thing I’m not sure I like is the little LogMeIn program that you have to have running on each machine. I guess that’s what is happening in remote desktop, but it is in the background and built into Windows. I also would like to run a port scan of a computer that has Log Me In on it. I’d like to see what port it runs on and probably need to find out about a few more of the possible security vulnerabilities of having it on every machine. I don’t want the HIPAA police coming after me and then have to deal with some lawsuit. I wonder if LogMeIn can restrict access to the machines from a certain IP range. That would do pretty good with security. Then, I could still remote into a machine from anywhere if I just have one remote desktop computer open.

Overall, I was pretty impressed with the technology. Some of the advanced(payed for) features were nice too like printing to my local printer from a file on the computer I connect to. Sharing files or sharing a desktop with another user. I could see some real pluses for that in certain situations.

Next up, hamachi. That should take the LogMeIn security to the next level with a little VPN encrption. At least that’s what I’ve heard.

I’ve been finding out that every EMR deals with attachments differently and unfortunately it seems like many haven’t created a well thought out plan of what to do with them. The key from an emr end user perspective is to be able to access the attachment, but still be able to audit who, what, where and when the attachment was viewed. Since an attachment is a file that doesn’t naturally fit in a database it was originally thought that you just put a pointer in the database to a file on a shared drive. This is fine for functionality, but does little for privacy. In fact, here’s a little story from my own experience.

We had our attachments originally stored in a shared folder on the server with pointers in SQL. Some good people in HIM pulled up one of the images using the default Windows Picture and Fax Viewer from our EMR. Something didn’t look right so they wanted to see what other pictures were tied to that patient’s record. Of course at the bottom of Windows Picture and Fax Viewer is the arrows to see the next/previous image. So, they click next and started scrolling through all the images stored on the shared drive regardless of patient. Once they made it to some very personal pictures of a patient they called and let me know of this nice “feature.” Needless to say all the images are stored in the DB now.

When we had the images coming from the database we had to move the existing images into the database. I must admit that I was impressed that we were able to convert 4 gig of images into the database easily on a Saturday. My db backup now is only 3 gig. So, I’m not sure what kind of compression or optimization they are using, but having the images in the database has definitely saved space. I do have to be a little more careful with my backup scheme and when I do backups and restores.