Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Health IT Workforce Shortage Poll

Posted on April 30, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Over on our Healthcare IT job board, we deal with the question of the Healthcare IT workforce shortage all the time. Although, the question of a shortage is a hard once since finding the right people to hire is always hard. Plus, in this artificially stimulated EHR adoption environment, of course many of the resources are tapped out.

I’d love to hear your thoughts and experiences. Are you able to find all the talented healthcare IT people you need? Is there a shortage? I’d love to hear your thoughts in the comments, but at least vote in the poll below.

Where Are the Big Business Associate HIPAA Breaches?

Posted on April 29, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

It seems like I have HIPAA and security on my mind lately. It started with me writing about the 6 HIPAA Compliance Reality Checks whitepaper and then carried over with my piece looking at whether cloud adoption addresses security and privacy concerns. In the later post, there’s been a really rich discussion around the ability of an enterprise organization to be able to secure their systems better than most healthcare organizations.

As part of that discussion I started thinking about the HHS HIPAA Wall of Shame. Off hand, I couldn’t think of any incidents where a business associate (ie. a healthcare cloud provider) was ever posted on the wall or any reports of major HIPAA breaches by a large business associate. Do you know of some that I’ve just missed?

When I looked at the HIPAA Wall of Shame, there wasn’t even a covered entity type for business associates. I guess they’re not technically a covered entity even though they act like one now thanks to HIPAA Omnibus. Maybe that’s why we haven’t heard of any and we don’t see any listed? However, there is a filter on the HIPAA Breach disclosure page that says “Business Associate Present?” If you use that filter, 277 of the breaches had a “business associate present.” Compare that with the 982 breaches they have posted since they started in late 2009.

I took a minute to dig into some of the other numbers. Since they started in 2009, they’ve reported breaches that affected 31,319,872 lives. My rough estimate for 2013 (which doesn’t include some breaches that occurred over a period of time) is 7.25 million lives affected. So far in 2014 they’ve posted HIPAA breaches with 478,603 lives affected.

Certainly HIPAA omnibus only went into effect late last year. However, I wonder if HHS plans to expand the HIPAA Wall of Shame to include breaches by business associates. You know that they’re already happening or that they’re going to happen. Although, not as often if you believe my previous piece on them being more secure.

As I considered why we don’t know of other HIPAA business associate breaches, I wondered why else we might not have heard more. I think it’s naive to think that none of them have had issues. Statistics alone tells us otherwise. I do wonder if there is just not a culture of following HIPAA guidelines so we don’t hear about them?

Many healthcare business associates don’t do much more than pay lip service to HIPAA. Many don’t realize that under the new HIPAA omnibus they’re going to be held accountable similar to a covered entity. If they don’t know those basic things, then can we expect them to disclose when there’s been a HIPAA breach? In healthcare organizations they now have that culture of disclosure. I’m not sure the same can be said for business associates.

Then again, maybe I’m wrong and business associates are just so much better at HIPAA compliance, security and privacy, that there haven’t been any major breaches to disclose. If that’s the case, it won’t last forever.

Going Beyond EHR Data Collection to EHR Data Use with Dr. Dan Riskin

Posted on April 28, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We had a chance to sit down and do a Google Plus hangout with Dan Riskin, MD, CEO and co-founder of Health Fidelity to discuss the challenges of EHR today and how we can reach the real benefits of EHR adoption. We had a great discussion about how the industry is so caught up just getting the data in the EHR software that we’re missing out on the opportunity to get the benefits of actually using the EHR data.

For some reason the Google hangout audio and video didn’t sink right (welcome to the cutting edge of technology), but the audio is good. Just start up the video below and enjoy listening to it like a podcast or radio show. I expect that’s what most of you do anyway with our videos.

I hope you’ll enjoy my interview with Dr. Riskin.

Is the SHIN-NY “Public Utility” HIE Funding a Model for Other HIE?

Posted on April 25, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I first started working with the New York eHealth Collaborative (NYeC) many years ago when they first organized the Digital Health Conference many years ago. Hopefully they’ll have me back again this year since I’ve really enjoyed our ongoing partnership. Plus, it’s a great way for me to get a deeper look into the New York Health IT landscape.

While NYeC organizes this conference, has an accelerator, and is (is this a was yet?) even a REC, the core of everything they do is around their HIE called the SHIN-NY. Unlike some states who don’t have any HIE or RHIO, New York has 10 regional health information exchanges (formerly and for some people still called RHIOs). The SHIN-NY is the platform which connects all of the state’s RHIOs into one connected health network. Plus, I know they’re working on some other more general initiatives that share and get data from organizations outside of New York as well.

While the SHIN-NY has been worked on and sending data for a number of years, the news just came out that Governor Cuomo included $55 million in state funding for the SHIN-NY HIE. This is a unique funding model and it makes me wonder how many other states will follow their lead. Plus, you have to juxtapose this funding with my own state of Nevada’s decision to stop funding the state HIE that was supported with a lot of federal government funds as well.

In my HIE experience, I’ve found that every state is unique in how they fund and grow their HIE. Much of it often has to do with the cultural norms of the state. For example, New York is use to high state taxes that support a number of government programs. Nevada on the other hand is use to no state tax and government funding largely coming from the hospital and gaming sectors. Plus, this doesn’t even take into account the local healthcare bureaucracies and idiosyncrasies that exist.

What do you think of this type of HIE funding model? Do you wish your state would do something similar? Will we see other states follow New York’s example?

I’m excited to see how NY, NYeC and the SHIN-NY do with this HIE funding. Knowing many of the leaders in that organization, I think they’re going to be a great success and have a real impact for good on healthcare in NY.

Do Security and Privacy Concerns Drive Cloud Adoption?

Posted on April 24, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In one of my recent conversations with Dr. Andy Litt, Chief Medical Officer at Dell, he made a really interesting but possibly counter intuitive observation. While maybe not a direct quote from him, I took away this observation from Dr. Litt:

Security and privacy drives people to the cloud.

Talk about an ironic statement. I imagine if I were to talk to a dozen CIOs, they would be more concerned about the security and privacy implications of the cloud. I don’t imagine most would look at the cloud as the solution to some of their security and privacy problems.

However, Dr. Litt is right. Many times a cloud based EHR or other software is much more secure than a server hosted in a doctors office. The reality is that many healthcare organizations large or small just can’t invest the same money in securing their data as compared with a cloud provider.

It’s not for lack of desire to make sure the data is secure and private. However, if you’re a small doctor’s office, you can only apply so many resources to the problem. Even a small EHR vendor with a few hundred doctors can invest more money in the security and privacy of their data than a solo practice. Although, this is true for even very large practices and even many hospitals.

One reason why I think many will disagree with this notion is because there’s a difference between a cloud provider who can be more secure and private and one who actually executes on that possibility. It’s a fair question that everyone should ask. Although, this can be verified. You can audit your cloud provider and see that they’re indeed putting in security and privacy capabilities that are beyond what you’d be able to do on your own.

What do you think? Is hosting in the cloud a way to address security and privacy concerns?

Six Reality Checks of HIPAA Compliance

Posted on April 23, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Between Windows XP causing HIPAA compliance issues and the risk associated with the risk assessment required by meaningful use, many in healthcare are really waking up to the HIPAA compliance requirements. Certainly there’s always been an overtone of HIPAA compliance in the industry, but its one thing to think about HIPAA compliance and another to be HIPAA compliant.

This whitepaper called HIPAA Compliance: 6 Reality Checks is a great wake up call to those that feel they have nothing to worry about when it comes to HIPAA. While many are getting ready, there are still plenty that need a reality check when it comes to HIPAA compliance.

Here’s a look at why everyone could likely benefit from a HIPAA reality check:
(1) Data breaches are a constant threat
(2) OCR audits reveal health care providers are not in compliance
(3) Workforce members pose a significant risk for HIPAA liability
(4) Patients are aware of their right to file a complaint
(5) OCR is increasing its focus on HIPAA enforcement
(6) HIPAA Compliance is not an option, it’s LAW

Obviously, the whitepaper goes into a lot more detail on each of these areas. As I look through the list, what seems clear to me is that HIPAA compliance is a problem. Every organization should ask themselves the following questions:

Are we HIPAA compliant?

What are you doing to mitigate the risk of a breach or HIPAA violation?

When I look at the 6 Reality Checks details in the whitepaper, I realize that everyone could benefit from a harder look at their HIPAA compliance. A little bit of investment now, could save a lot of heartache later.

ACO’s and the Tech Needed to Be Ready

Posted on April 22, 2014 I Written By

The following is a guest post by Barry Haitoff, CEO of Medical Management Corporation of America.
Barry Haitoff
For those not familiar with ACOs (Accountable Care Organizations), I want to provide some insight into ACOs and how a medical practice can better prepare themselves for the coming shift in reimbursement, which is epitomized by the ACO. This is a challenging subject since the ACO is a somewhat nebulous idea that’s rapidly changing, but hopefully I can provide you some strategies that will help you be prepared for the coming changes.

You may remember when we talked in a previous post about the Value Based Payment Modifier and its impact on healthcare reimbursement. As we talked about in that post, healthcare reimbursement is changing and CMS is looking to only pay those providers who are providing quality care. As part of this movement, an ACO is an organization that works on behalf of a community of patients to ensure quality care.

The metrics of how they’ll measure what they reimburse and what they consider quality care are likely to rapidly change over the next few years while CMS figures out how to measure this. However, one key to being ready for this shift is that you’ll need to be part of an organization or group of providers that will take accountability for a patient population.

In some areas of the country, the hospitals are leading these organizations, but in other areas groups of physicians are coming together to form an ACO of just physicians. Either way can work. The key is that the members of these groups are going to each share in the reimbursement the group receives for improving the quality of healthcare patients in the community receive.

Also worth noting is that membership in an ACO isn’t necessarily a prerequisite for value based reimbursement. Whether you choose to be a member of an ACO or not, you’re going to be impacted by value based reimbursement and will need to be ready for the change. Not being ready could lead to lower reimbursement for the services you provide.

While it’s great that organizations of doctors are coming together to meet the need for ACOs, much more is going to be needed to do well in an ACO reimbursement world. The reality is that an ACO can’t exist without technology. Don’t even think about trying to meet the ACO requirements without the use of technology. ACOs will base their reimbursement on trackable data that can be aggregated across a community of providers that are likely on hundreds of different systems. Try doing that on paper. It just won’t happen.

In fact, many people probably think that their EHR software will be enough to meet the needs of the ACO as well. I believe this to be a myth. Without a doubt, the EHR will play a major role in the gathering and distribution of the EHR data. However, unless you’re a homogeneous ACO with providers that are all on the same single instance of an EHR, you’re going to need a whole suite of services that connect, aggregate, and interpret the EHR data for the community of patients. Add on top of that the communication needs of an ACO and the care manager style tracking that will need to occur and it’s unlike your EHR is going to be up to the task of an ACO. They’ll be too busy dealing with meaningful use and EHR certification.

Let me highlight three places where an ACO will need technology:

Communication
One of the key needs in an ACO is quality communication. This communication will happen provider to provider, provider to care manager, provider to patient, and care manager to patient and vice versa. You can expect that this communication will be a mix of secure text messaging and secure emails. In some cases it will be facilitated by a patient portal, but most of the secure messaging platforms for healthcare are much slicker and more effective than a patient portal that so far patients have rarely used.

Are you using a next generation secure messaging system to communicate with other providers, your staff, and the patient? You’ll likely need to use one in an ACO.

Provider Data Aggregation
Much like paper charts won’t be enough in an ACO world, faxed documents won’t be enough either. Providers in an ACO will need to have patient data from across the entire community of ACO providers. At a minimum providers in an ACO will need to have their EHRs connected with Direct, but most will need to have some sort of outside HIE that helps transfer, aggregate and track all the data that’s available for a patient in the ACO.

The ACO and doctor will really benefit from all the patient data being available at the click of the button. Without it, I’m not sure that ACOs will be able to meet the required quality measures.

Patient Data Aggregation
While all of the providers will need to be sharing their patient data, I think most ACOs will benefit from aggregating patient data as well. At first the ACO won’t be aggregating all of the patient generated data that’s available. Instead, they’ll find a slice of their patient community where they can have the most impact. Then, they’ll work with those patients to improve the care they receive. This is going to require ACOs to receive and track patient generated data. Without it, the ACO won’t have any idea how it’s doing. With so many patients on mobile devices or with access to the internet, what an amazing opportunity we have to really engage with patients.

Those are just a few of the ways technology is going to be needed for the coming changes in healthcare reimbursement and the shift towards value based care in things we call ACOs. Far too many providers are sitting on the sidelines while they let ACOs settle into place. What a missed opportunity. The fact that the ACOs are rapidly changing means that if you participate and make your voice heard, you can help to shape the direction of them going forward. We definitely need more doctors involved in these conversations.

Medical Management Corporation of America, a leading provider of medical billing services, is a proud sponsor of EMR and HIPAA.

Breaking News: Meaningful Use is Not Covering Costs

Posted on April 21, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In one of my recent interviews with a healthcare IT consulting company, they revealed some breaking news for those of us in the EHR world. They told me point blank that:

Meaningful Use is Not Covering Costs

Ok, so that’s not really breaking news. Although, it seems that very few people want to actually articulate this point. It almost feels like heresy that someone would “complain” about the fact that the government is spending $36 billion on EHR incentives and that the money isn’t enough to cover the implementation of these EHR systems.

Actually, I should clarify that last point. The EHR incentive money is covering the costs to purchase the systems. It’s not covering the costs of implementing those EHR systems and then poking, prodding and otherwise cajoling end users to show meaningful use of that system (not to be confused with meaningfully using the system).

Let me also be clear that I’m not complaining about the EHR incentive money. I’ve done enough of that previously. What I’m just trying to acknowledge is something that everyone who deals with the EHR budget already realizes, but no one seems to want to say it. Organizations are spending more money on EHR and meaningful use than they’re getting from the government.

I think this is important for a couple reasons. First, many organizations didn’t budget any EHR money beyond what the EHR incentive money. You can certainly argue this was a mistake on their part, but that’s going to leave a bunch of organizations in a lurch. We’re already seeing the fall out of this as news reports keep coming out about hospitals systems in financial trouble due to the costs of their EHR system. Plus, in each of these cases, it seems their costs continue to balloon out of control with no end in sight. It makes me wonder if the compressed meaningful use timeline is partially to blame for a rushed implementation and poor EHR implementation and cost planning.

Second, there is still a swash of providers and organizations that haven’t yet implemented their EHR. If you can’t support the cost of EHR with government money, how does that bode for those who won’t be getting any EHR incentive money? One could make the argument that they’ll actually be in a better position since they won’t have to worry about meaningful use and can just focus on getting value out of their EHR. Hopefully that’s the case, but many of the meaningful use functions are now hardcoded into the EHR systems. Even if an organization isn’t planning on attesting to meaningful use, that doesn’t mean they won’t be forced by their EHR software to do a bunch of things they wouldn’t have done otherwise.

What are you seeing from your perspective? Is the EHR incentive money covering the costs of an EHR implementation? What are the impacts if it doesn’t?

EMR Interfaces, MU vs Quality Care, and Data Outside EMR

Posted on April 20, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.


I’m not sure I agree completely with this tweet. I don’t know enough about Covery My Meds to say either way. Although, I wondered if many EMRs will integrate with Covery My Meds. From my experience, EMR vendors don’t want to interface with many outside software companies. A few embrace outside companies interfacing with them. We’ll see if that changes over time.


I haven’t had a chance to look at this study yet, but did anyone think that quality of care would improve because of MU?


No doubt we’ll eventually have outside data from wellness tracking apps incorporated in EMR, but I don’t think it will ever be a free for all. There are tens of thousands of wellness apps and I don’t see doctors wanting data from just any app. They’ll want to only get data from apps they trust. That’s a high bar for most apps. Plus, once you win the trust of one doctor, you still have to win the trust of all the other doctors. There’s not a trusted third party that doctors look to for apps.

The Programmer – Healthcare Divide

Posted on April 18, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve regularly seen the divide (sometimes really wide) between the programmer and technical people in an organization and the healthcare professionals. For example, a healthcare IT company recently emailed me about an issue they had with their main developer. They asked the insightful question, “Is it possible to find quality developers who are not, shall we say, “difficult”?”

There’s no simple answer to this question, but let me first suggest that this divide isn’t something that just happens between tech people and non-tech people. I’m sure many doctors feel the same way when dealing with other people who try and do their job. It turns out, people are hard to work with in general.

That disclaimer aside, tech people do like to think they’re in a tribe of their own. Check out this video which definitely comes from a programmer perspective and illustrates the divide that often exists.

Just the fact that the programmer feels like they’re considered a “code monkey” describes a major part of the issue. Much like I wrote about today on EMR and EHR, one of the keys is making a human connection as opposed to treating a programmer like a code monkey that’s just there to do your bidding. While there are exceptions, most people respond to someone who deeply cares about the individual and works to understand their needs as much as the project’s needs or their own needs.

The reason I think there’s usually a big divide between the healthcare people and the tech people is that it’s a real challenge for these two groups to connect. The healthcare people don’t want to talk about Battlestar Gallactica and Game of Thrones and the tech people don’t want to talk about Dancing with the Stars and The Voice. Yet, this is what needs to happen to build trust between the two different groups. It’s a rare breed that enjoys both.

If all of this fails, then try the nuclear option. Bring donuts. Most people can relate to donuts.