Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Will Growth In Mobile Use Compromise HIPAA Compliance?

Posted on May 31, 2012 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

There’s little doubt that giving doctors mobile access to data via their personal devices can be valuable. We’ve probably all read case studies in which doctors saved a great deal of time and made the right clinical call because they reached to via an iPad, smartphone or Android tablet.

And this is as it should be. We’ve been working to push intelligence to the network for at least the two decades I’ve been writing about IT.

That being said, we haven’t yet gotten our arms around the security problems posed by mobile computing during that period, as hard as IT managers have tried.  Adding a HIPAA compliance requirement to the mix makes things even more difficult. As John wrote about previously, Email is Not HIPAA Secure and Text is Not HIPAA Secure either.

According to one security expert, healthcare providers need to do at least the following to meet HIPAA standards with mobile devices:

  • Protect their private data and ePHI on personal-liable (BYOD) mobile devices;
  • Encrypt all corporate email, data and documents in transit and at rest on all devices ;
  • Remotely configure and manage device policies;
  • Apply dynamic policy controls that restrict access to certain data or applications;
  • Enforce strict access controls and data rights on individual apps and services;
  • Continuously monitor device integrity to ensure PHI transmission;
  • Protect against malicious applications, malware and cyber threats;
  • Centrally manage policies and configurations across all devices;
  • Generate comprehensive compliance reporting across all mobile devices and infrastructure.

Just a wild guess here, but my hunch is that very few providers have gone to these lengths to protect the ePHI on clinicians’ devices.  In fact, my sense is that if Mr. Bad Guy stole a few iPads or laptops from doctors at random right now, they’d find a wide open field. True, the thief probably couldn’t log into the EMR(s) the physician uses, but any other clinical observations or notes — think Microsoft Office apps — would be in the clear in most cases.

Being a journalist, not a security PhD, I can’t tell you I know what must be done. But having talked to countless IT administrators, I can definitely see that this is a nasty, hairy problem, for many reasons including the following:

–  I doubt it’s going to be solved by a single vendor, though I bet you will be or are already getting pitches to that effect  — given the diversity of systems even a modestly-large medical practice runs.

– Two factor authentication that locks up the device for all but the right user sounds good, but add-ons like, say, biometrics isn’t cheap.

– Add too many login steps to doctors already tired of extra clicks and you may see mass defections away from EMR use.

– Remotely managing and patching security software on devices with multiple operating systems and network capabilities is no joke.

If you feel your institution has gotten a grip on this problem, please do chime in and tell me. Or feel free to be a mean ol’ pessimist like myself. Either way, I’d love to hear some of your experiences in protecting mobile data.  Maybe you have a good news story to tell.

Should EMRs Force Workflow Changes?

Posted on May 30, 2012 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Today, I was lurking in the EMR and HIPAA Facebook chat where some readers and publisher John Lynn were talking of things EMR-related.  During that chat, one exchange really brought home to me how far we have to go in even agreeing on how the ideal EMR should work.

During the discussion, one chatroom member said that the biggest problem with EMRs is still that they force doctors to break their workflow.  Another stalwart chatroom member, the insightful @NateOsit, retorted that EMRs should break workflow patterns, as this would promote healthy change.

Well, there you have a conundrum,  if you look closely enough. While people seldom speak of the issue this directly, we’re still arguing over whether EMRs should fit doctors like a glove or change their habits for the (allegedly) better.

This isn’t just an academic question, or I wouldn’t bore you with it. I think the EMR industry will be far more wobbly if the core assumption about its place in life hasn’t been addressed.

At present, I doubt EMR vendors are framing their UI design discussions in these terms. (From the looks of some EMRs, I wonder if they think about doctors at all!) But ultimately, they’re going to have to decide whether they’re going to lead (create workflow patterns that follow, say, a care pathway) or do their best to provide a flexible, doctor-friendly interface.

I’d argue that EMRs should give doctors as many options as possible when it comes to using their system.  Perhaps the system should shape their workflow, but only if the users vote, themselves, that such restrictions are necessary.

But the truth is that when a hospital spends a gazillion bucks on a system, they’re not doing it to win hearts and minds, no matter how much they may protest otherwise.  And when a practice buys a system, they’re usually doing it to meet the demands of the industry, not give their colleagues their heart’s desire.

So let’s admit it.  Though I don’t argue that they’ll ultimately be put to great uses in some cases, ultimately, EMRs are about dollars and bureaucratic face-saving.  So, today’s workflow will just have to take a back seat.

Mobile Health App Ratings by Kaiser

Posted on May 29, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I recently had the chance to sit down with Kaiser’s mobile group at the Health 2.0 conference in Boston. We had a really interesting discussion where I was able to learn a number of interesting things about Kaiser’s approach to mobile healthcare. As everyone knows they have a really unique environment with a number of incredible opportunities, but also with their own unique challenges. I’ll be discussing a number of these items in future posts.

Although one opportunity came to my mind in my discussion with Kaiser: A Mobile Health App Rating service by Kaiser.

Many people might remember my previous post about the atrocious idea of an mHealth App Certification. I think this is a really terrible idea and will do nothing to help physicians and patients be able to weed through the overwhelming number of mobile health apps.

With that side comment, I love the idea of Kaiser using its vast network of doctors and patients to rate various mobile health apps. Sure, there are some issues with this model as well, but the benefits of having so many valid doctors rate mobile health apps could be tremendous.

The challenge with most rating services is that you have no way of knowing if the person rating the service is actually who they say they are. For example, Sermo is supposedly a physician only forum. However, I know a lot of non-physicians that are on the forum. One advantage Kaiser has is that they could know if the person in their network is a Kaiser physician or not.

One key question is whether Kaiser would be open to making their physician mobile health app ratings available to the public. I’m sure this will be a tricky question for them to answer. No doubt they already kind of do some of this already in their internal network. Maybe it’s not totally codified into a website with a formal process, but it could be. Plus, the benefits to healthcare in general could be great.

What do you think of Kaiser physicians rating mobile health apps? Are there other better ways to filter through the volume of mobile health apps that exist out there?

A Memorial Day Message from EMR and HIPAA

Posted on May 28, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

A big thanks to all our military! We’re lucky to have so many brave people who fight for our freedoms. I found a series of Memorial Day Cartoons which each share a message of the real importance of Memorial Day. I’ll post them across the Healthcare Scene network as a way to honor and remember those people who sacrifice so much.

Have a great Memorial Day and enjoy time with your family as I will do also!

EMR Jobs, Olympic EMR, EMR O/S, EHR Dictation, and EMR Purchasing

Posted on May 27, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

You can see we have a jam packed weekend Twitter round up. There were a lot of interesting topics being discussed this week in healthcare social media. As usual, we’ll do our best to provide some of the more interesting tweets. Not to mention we’ll add a bit of our own commentary to provide some background and understanding about the tweets as well.

Now without further ado, a few EMR and healthcare IT tweets for your reading pleasure:


I saw this job tweeted. I didn’t necessarily find this job all that unique, but it’s an interesting contrast to see all the EMR jobs tweeted out, posted on the EMR and EHR Job board, and posted to the Healthcare Scene LinkedIn group. Compare that with experiences like this one posted on EMR Thoughts. It’s such a conundrum that so many don’t have jobs while many can’t find qualified EMR talent.


GE Centricity has been the choice of the USOC for a few years now. I’d love to go to London to see it in action first hand. Anyone want to sponsor that? I do LOVE watching the Olympics!


Does operating system really matter anymore? I’m finding that the operating system is mattering less and less. Ok, with most client server products you need a certain operating system, but with most well done SaaS EHR it doesn’t matter. I’ve reinstalled a few computers recently myself and all I do is reinstall my browser, hook up dropbox and I have probably 90% of what I need.


The sub head on the article describes the link of EHR and dictation better: “Doctors who dictate their clinical notes before they’re entered into an EHR have lower quality of care scores than those who type or enter structured data directly into the EHR, according to Partners Healthcare researchers.” I’m always suspect of these studies. Particularly because they usually have a much narrower focus, but provide for a great headline.

Plus, I think it’s still early on NLP (natural language processing) and CLU (clinical language understanding) technology that will extract more data from unstructured text in real time to support quality care measures. Let’s look at this in 3 years and we’ll see if voice and narrative text is common place or gone the way of the dinosaurs.


I’m sure that this number is lower than many ambulatory EMR companies expect. It’s certainly much less than ONC would predict. I personally predict the number is a bit low. I expect we’ll see a few more EHR purchases than 7-8%, but probably not more than 15%.

ACOs Inhibit Neighbors from Talking

Posted on May 25, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

A comment by Naveen in my post about the Health IT and EHR Bubble, caused me to stop and think:

HIE will eventually become the new necessity in the light of the development of regional ‘community’ systems of care (aka ACOs) – in the same way that EHR’s enable a system to talk, they inhibit neighbors from talking.

I had to think this over a little bit to understand that final part about inhibiting neighbors to talk. If I understand him correctly, the challenge is that if I’m in ACO A and my neighbor is in ACO B, then I actually don’t want to communicate with my neighbor.

This is a bit troubling when you think about the value that can be gleaned from exchanging healthcare data. If we aren’t careful as we build ACOs we might be building in more perverse incentives for doctors to not want to do the right thing. This is a huge problem in healthcare now. We don’t need to make it any worse.

The Real Money is in the ACO, Not Meaningful Use

Posted on May 24, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

John Moore from Chilmark Research offers this great insight for those of us in the healthcare IT and EHR industry:

The MU requirements have become little more than a “spec-sheet” for vendors, consultants and IT shops and departments. These requirements have nothing to do with innovation and have little to do with the dramatic changes that will occur in this industry in the next decade. Quoting that oft-used phrase, “follow the money” one can quickly see that the billions in funding for incentivizing providers to adopt EHRs under the HITECH Act is relative chump change to the dramatic fortunes that may be won or lost under the new value-based payment models that are proliferating throughout the industry – payment models that commonly fall under the rubric of ACO or PCMH. In each of these models, EHRs are important to a degree, they are part of the basic infrastructure. But it is what one does with the data that matters (collect, communicate, collaborate, synthesize, analyze, measure and improve). Therefore, if you want to see innovation look beyond today and the tactical push to effectively adopt and meaningfully use EHRs and towards the future of how that data will be used to drive quality improvements, better outcomes and lowering risk exposure.

As the title says, I translate this to mean: The Real Money is in the ACO (Accountable Care Organizations), Not Meaningful Use

Of course, his description of the current healthcare IT landscape also reminds me of two posts I did previously: EHR is the Database of Healthcare and Is Revenue Cycle Management Sexy?

Both of those posts highlight many of the the observations that John Moore makes. First, if the EHR is nothing more than a repository of data, then it has value (Oracle did pretty well as a database) but it’s limited. Those who can take the data stored in EHR and other healthcare data sources and do something amazing with it are going to be the big winners in healthcare IT. Could an EHR vendor be the one to do this? Possibly, but looking at other industries, I think this is unlikely. That’s why I describe EHR’s similar to databases.

The answer to the question posed in the second post linked above is “Yes, if you like money.” Sure, healthcare isn’t all about money, but money can be a tremendous driving force for doing good as well. It turns out that dealing with revenue cycle problems provides tremendous value to a clinic. However, many people for some reason look past it since they think it’s not “sexy.”

The ACO model that is fast approaching is also going to make this even more important. It’s still too early to describe exactly how it’s all going to play out, but many who don’t have a handle on the business side of their practice are going to miss out.

I’ve heard some describe meaningful use as a high bar to achieve. I disagree. Meaningful use is prescriptive and simple for EHR software to achieve. Sure, it takes some time and effort, but any one with time and effort can achieve it. I don’t think we’ll be able to say the same for ACOs. That’s why the value of the ACO is going to be much higher than meaningful use. It’s the traditional higher risk leads to higher reward.

First EMR and HIPAA Facebook Chat

Posted on May 23, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’m excited to tell you about the first ever EMR and HIPAA Facebook chat on Tuesday May 29th at 9:00 AM PST (Noon EST). I’ll be using this new software I’ve found called Evinar that provides a really interesting experience for users to interact and share media. In many ways, I see a chat using Evinar much like a Twitter chat, but without a lot of the limitations of a Twitter chat.

As most of you know, I’m a regular participant in the #HITsm twitter chats. I enjoy them thoroughly, but do find that it has its limitations as well. Due to the nature of Twitter, I find some of the conversations don’t go nearly as deep as I would like them to go. They stay very high level as opposed to really digging into a topic and exploring the detailed nuances. I think the Evinar platform will provide a better experience that allows those participating to really discuss in depth the topics at hand.

Plus, Evinar turned me on to the idea of a shared media experience as part of the chat. It’s one of those things that you don’t know you’re missing until you have it. If you join the chat (and I hope you will), then you’ll see this shared experience is better in a number of ways.

First, in a Twitter chat it’s often hard to know which topic is being discussed at any given time. I usually open the post that lists the topics, but that only works for a veteran of the chat. This won’t be a problem with Evinar since the topics will be nicely displayed.

Second, Evinar allows participants in the chat to be able to see image, videos, slides, or even a live streaming video all at the same time. This really adds to the experience of the chat. If a discussion mentions a video, then we can push that video out to the users. If a picture supports the discussion, we can display that picture for everyone to see and discuss. We could even take the slides from an ONC meeting for example and discuss the slides.

Hopefully I’ve convinced many of you to join the chat. At the end of the day, the real key to any chat is having a bunch of really smart people there sharing their knowledge with each other. Together we can learn a lot from each other.

All you have to do join is visit the EMR and HIPAA Chat Facebook page on Tuesday May 29th at 9:00 AM PST (Noon EST). There’s also a Facebook event for it if you’d like to RSVP there and connect with others planning to attend, but that’s not required. Also, I’m sure some of you aren’t on Facebook or don’t like that you have to be on Facebook to participate. I too hate the idea of “everyone’s on Facebook”, but I don’t know of any better options. We’ll give this a try and see what people think. If you know of better options that offer similar features, I’m interested.

As for chat topics, I have a number in mind but I’d certainly welcome any topic suggestions from you as well. Remember that the topics can also include videos, images, or presentations.

Healthcare Scene Videos and 5 Questions with EHR Vendor Executive Raul Villar, President of ADP AdvancedMD

Posted on May 22, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Little by little I’m seeing more and more use of video in the healthcare IT and EHR world. It’s amazing to look at the creative ways that people are using video. I think the movement is so important that I’ve been doing a website dedicated to the EMR, EHR & Healthcare IT videos. There’s a large number of people who subscribe to the email list for the EMR Videos website (you can sign up here if you’re interested) and the traffic to the site is growing at a really nice rate.

I’ve also casually started an EMR and HIPAA YouTube channel where I’ve posted a few videos I’ve done over the years. For example, at HIMSS I did a series of interviews with EHR vendors executives called 5 Questions with EHR vendor executives. In fact, I just uploaded another video in that series where I interview Raul Villar, President of ADP AdvancedMD. I’ve embedded the interview with Raul Villar below:

Along with the YouTube channel of my videos, I’ve also created a Healthcare Scene video playlist where I’ll add videos created by other people. If you look at the playlist now, I’ve added part 1 of a 3 part video interview I did with Nuance Healthcare at Health 2.0 Boston.

I think more and more people are interested in video content. Plus, it’s going to be easier and easier to get your video content across all your various devices. So, people will be watching more and more videos.

What trends do you see with video in healthcare IT and EHR? What other ways should the Healthcare Scene Blog Network be using video? I’d love to hear your thoughts.

MU Core Measure: Conduct a Security Risk Analysis – Meaningful Use Monday

Posted on May 21, 2012 I Written By

Lynn Scheps is Vice President, Government Affairs at EHR vendor SRSsoft. In this role, Lynn has been a Voice of Physicians and SRSsoft users in Washington during the formulation of the meaningful use criteria. Lynn is currently working to assist SRSsoft users interested in showing meaningful use and receiving the EHR incentive money.

Lynn Scheps is Vice President, Government Affairs at EHR vendor SRSsoft. In this role, Lynn has been a Voice of Physicians and SRSsoft users in Washington during the formulation of the meaningful use criteria. Lynn is currently working to assist SRSsoft users interested in showing meaningful use and receiving the EHR incentive money. Check out Lynn’s previous Meaningful Use Monday posts.

Perhaps because in the past, CMS has issued little guidance as to exactly what constitutes a security risk analysis for meaningful use purposes, this measure has created a great deal of confusion, and in some cases angst, among providers. Some EPs worry that this measure is so comprehensive that it requires hiring a consultant, while at the other end of the spectrum, others assume that they automatically satisfy this requirement because their EHR is certified to meet the privacy and security standards specified by ONC. Neither is the case. 

Core Meaningful Use Measure: Protect Electronic Health Information

Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies prior to or during the reporting period. 

According to CMS, this measure is not designed to introduce new security requirements above and beyond what is required for a practice to be HIPAA compliant—the HIPAA security rule already demands a security analysis and remediation. However, this does not mean that EPs should just attest “Yes” without being able to back up their attestation with documentation of the process that was undertaken and the steps take to address deficiencies. 

To help clarify this for providers, ONC recently published the “Guide to Privacy and Security of Health Information,” which contains two chapters that specifically address meaningful use. It’s definitely worth a read!