Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

“Blended” Super User Team

Posted on December 31, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

At a conference I attended this Fall, I heard one person describe the “blended” super user team that they used during their EHR implementation. This is such a valuable idea for any EHR implementation. Having each areas input can really improve your probability for success. The various viewpoints will help you avoid major issues that could hijack or derail completely your EHR implementation.

The key thing you have to do with a blended super user team is to make sure you don’t demean the feedback, comments, and suggestions of anyone on the team. If you demean or belittle many of the people mentioned (technical, front desk, HIM, nurses, etc), then they’ll shut down and end up being a thorn in the side of your EHR implementation as opposed to a support. However, if you thoughtfully listen to, consider, and appreciate the feedback from all of these people, then you’ll be able to benefit from their ongoing support and insights in the process. I’ve seen both things happen and it’s not pretty for anyone when the staff feel alienated. It can get really ugly.

It turns out these “blended” super user teams are also what you need to optimize your EHR implementation as well. Sometimes that can be the same people that were part of the EHR implementation super team, but you also want to integrate other voices to the conversation as well.

Many doctors love to just pour as much work as possible on their staff. Indeed, you want to have everyone in your organization working to the highest level of their license. You also want to make sure you’re utilizing your most expensive resource (usually the doctor) in the most effective way possible. However, if you only focus on optimizing the doctors time and not the rest of the staff, that will eventually catch up with you. Once it catches up with you, the doctor will be doing work they don’t want to do, the other staff will feel overworked and no one will be happy.

You have to optimize the entire EHR spectrum to get the most value out of your EHR investment.

Wearables And Mobile Apps Pose New Data Security Risks

Posted on December 30, 2014 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

In the early days of mobile health apps and wearable medical devices, providers weren’t sure they could cope with yet another data stream. But as the uptake of these apps and devices has grown over the last two years, at a rate surpassing virtually everyone’s expectations, providers and payers both have had to plan for a day when wearable and smartphone app data become part of the standard dataflow. The potentially billion-dollar question is whether they can figure out when, where and how they need to secure such data.

To do that, providers are going to have to face up to new security risks that they haven’t faced before, as well as doing a good job of educating patients on when such data is HIPAA-protected and when it isn’t. While I am most assuredly not an attorney, wiser legal heads than mine have reported that once wearable/app data is used by providers, it’s protected by HIPAA safeguards, but in other situations — such as when it’s gathered by employers or payers — it may not be protected.

For an example of the gray areas that bedevil mobile health data security, consider the case of upstart health insurance provider Oscar Health, which recently offered free Misfit Flash bands to its members. The company’s leaders have promised members that use the bands that if their collected activity numbers look good, they’ll offer roughly $240 off their annual premium. And they’ve promised that the data will be used for diagnostics or any other medical purpose. This promise may be worthless, however, if they are still legally free to resell this data to say, pharmaceutical companies.

Logical and physical security

Meanwhile, even if providers, payers and employers are very cautious about violating patients’ privacy, their careful policies will be worth little if they don’t take a look at managing the logical and physical security risks inherent in passing around so much data across multiple Wi-Fi, 4G and corporate networks.

While it’s not yet clear what the real vulnerabilities are in shipping such data from place to place, it’s clear that new security holes will pop up as smartphone and wearable health devices ramp up to sharing data on massive scale. In an industry which is still struggling with BYOD security, corralling data that facilities already work with on a daily basis, it’s going to pose an even bigger challenge to protect and appropriately segregate connected health data.

After all, every time you begin to rely on a new network model which involves new data handoff patterns — in this case from wired medical device or wearable data streaming to smartphones across Wi-Fi networks, smart phones forwarding data to providers via 4G LTE cellular protocols and providers processing the data via corporate networks, there has to be a host of security issues we haven’t found yet.

Cybersecurity problems could lead to mHealth setbacks

Worst of all, hospitals’ and medical practices’ cyber security protocols are quite weak (as researcher after researcher has pointed out of late). Particularly given how valuable medical identity data has become, healthcare organizations need to work harder to protect their cyber assets and see to it that they’ve at least caught the obvious holes.

But to date, if our experiences with medical device security are any indication, not only are hospitals and practices vulnerable to standard cyber hacks on network assets, they’re also finding it difficult to protect the core medical devices needed to diagnose and treat patients, such as MRI machines, infusion pumps and even, in theory, personal gear like pacemakers and insulin pumps.  It doesn’t inspire much confidence that the Conficker worm, which attacked medical devices across the world several years ago, is still alive and kicking, and in fact, accounted for 31% the year’s top security threats.

If malevolent outsiders mount attacks on the flow of connected health data, and succeed at stealing it, not only is it a brand-new headache for healthcare IT administrators, it could create a crisis of confidence among mHealth shareholders. In other words, while patients, providers, payers, employers and even pharmaceutical companies seem comfortable with the idea of tapping digital health data, major hacks into that data could slow the progress of such solutions considerably. Let’s hope those who focus on health IT security take the threat to wearables and smartphone health app data seriously going into 2015.

Top 10 Cybersecurity Predictions for 2015

Posted on December 29, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The people at Coalfire have put out this infographic which identifies their Top 10 Cybersecurity Predictions for 2015. I’m not sure how much 2015 matters, but I do think that this list is worthy of your consideration. Are you ready for these threats and changes? What are you doing to get ready? I believe increased security will be an important topic in 2015.

Top Ten Cybersecurity Predictions for 2015

Elder Care, EMR to Control Doctors, and EMR to Educate Med Students

Posted on December 28, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.


I think the elder care market is going to be a great opportunity. However, I wonder if we’re currently ahead of the curve. You have to make so many compromises to really do well in the elder care market. 5-10 years from now you won’t have to make those compromises.


I can definitely see this. I think that EMR can also be used to hold people accountable. Your view on these depends on your position in healthcare and whose using them to control you or hold you accountable.


I really love this concept and I love it paired with the previous tweet. EMR documentation templates can create a framework for med students to learn. Many worry that it will create robotic doctors, but I don’t think that is the case. Implemented properly, it can help med students be less robotic and more effective.

Meaningful Use Created A Big Need for Certified MAs

Posted on December 26, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

One of the changes that as best I can tell has come from meaningful use (if there are other forces at play, I’d love to hear them) is the push to use certified MAs. A whole cottage industry has sprung up around certifying MAs. In fact, I even know some EHR vendors who are certifying MAs because it’s such an important need.

Now when I say need, I use that word lightly. It’s a need because meaningful use requires that many of the MAs be certified in order for that MA to participate in many aspects of the meaningful use program. The EHR vendors that are doing it likely don’t want to be in this business at all. However, for their customers to be successful with meaningful use, they need their MAs to be certified.

Certainly there are ways for a doctor to attest to meaningful use without using certified MAs. For example, if you use RNs, then their RN certification is sufficient to meet the needs of meaningful use. Plus, you can have MAs do some tasks in the office that aren’t impacted by meaningful use. However, if you’re using an MA in your office and want to attest to meaningful use, you probably need to have that MA certified.

I’ll admit that I’m not an expert on the MA certification, but I can’t imagine that this new MA certification improves the quality of care that a patient receives in the office. I’d love to be proven wrong on this. Does your office provide better patient care because you know have a group of certified MAs as opposed to non-certified MAs? I just don’t see a short certification like the one that’s required making a huge difference.

Chalk this up to one more layer of bureaucracy and hoop jumping that’s required for a clinic. When will we start really focusing on the value of something? Is there a value to these certified MAs that I’m missing? If so, I’d love to hear about it.

Merry Christmas!

Posted on December 25, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I hope everyone’s enjoying their Christmas. Here’s a look into mine (with 2 of my beautiful children). Merry Christmas!

wpid-20141225_193217.jpg

Your Brain on Exercise

Posted on December 24, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

It’s Christmas Eve, so I thought I’d keep it short and sweet. This is a cool tweet with a really interesting image of a brain scan while sitting and one while exercising.

Pretty cool stuff. In the future we’ll have real time access to data like this from all parts of our body. That really excites me. Now time to stop sitting and go do something physical (does eating count?).

Lessons from the Year of the Breach Infographic

Posted on December 23, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This only partially applies to healthcare, but considering all the breaches from inside and outside of healthcare I thought that readers would find it useful. This infographic was created by Lifelock (you can imagine why they did). The best part of the infographic is the 8 suggestions at the end. We definitely have to be more vigilant.

Managing a Data Breach

Congress Asks ONC to Decertify EHRs That Proactively Block Information Sharing

Posted on December 22, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

A big thanks to A. Akhter, MD for pointing out the 2014 Omnibus Appropriations bill (word is in Washington they’re calling it the CRomnibus bill) which asks ONC to address the interoperability challenges. HIMSS highlighted the 2 sections which apply to ONC and healthcare interoperability:

Office of the National Coordinator for Information Technology – Information Blocking.

The Office of the National Coordinator for Information Technology (ONC) is urged to use its certification program judiciously in order to ensure certified electronic health record technology provides value to eligible hospitals, eligible providers and taxpayers. ONC should use its authority to certify only those products that clearly meet current meaningful use program standards and that do not block health information exchange. ONC should take steps to decertify products that proactively block the sharing of information because those practices frustrate congressional intent, devalue taxpayer investments in CEHRT, and make CEHRT less valuable and more burdensome for eligible hospitals and eligible providers to use. The Committee requests a detailed report from ONC no later than 90 days after enactment of this act regarding the extent of the information blocking problem, including an estimate of the number of vendors or eligible hospitals or providers who block information. This detailed report should also include a comprehensive strategy on how to address the information blocking issue.”

Office of the National Coordinator for Information Technology – Interoperability.

The agreement directs the Health IT Policy Committee to submit a report to the House and Senate Committees on Appropriations and the appropriate authorizing committees no later than 12 months after enactment of this act regarding the challenges and barriers to interoperability. The report should cover the technical, operational and financial barriers to interoperability, the role of certification in advancing or hindering interoperability across various providers, as well as any other barriers identified by the Policy Committee.”

Everyone is talking about the first section which talks about taking “steps to decertify products that proactively block the sharing of information.” This could be a really big deal. Unfortunately, I don’t see how this will have any impact.

First, it would be really hard to prove that an EHR vendor is proactively blocking information sharing as required by EHR certification. I believe it will be pretty easy for an EHR vendor to show that they meet the EHR certification criteria and can exchange information using those standards. From what I understand, the bigger problem is that you can pass EHR certification using various flavors of the standard.

It seems to me that Congress should have really focused on why the meaningful use requirements were so open ended as to not actually get us to a proper standard for interoperability. They kind of get to this with their comment “certify only those products that clearly meet current meaningful use program standards.” However, if the MU standards aren’t good, then it doesn’t do any good to make sure that EHR vendors are meeting the MU program standard.

Of course, I imagine ONC wasn’t ready to admit that the MU standard wasn’t sufficiently defined for quality interoperability. Hopefully this is what will be discovered in the second piece of direction ONC received.

I could be wrong, but I don’t think the problem is EHR vendors not meeting the MU certification criteria for interoperability. Instead, I think the problem is that the MU certification criteria isn’t good enough to achieve simple interoperability between EHR systems.

If you think otherwise, I’d love to be proven wrong. Does this really give ONC some power to go after bad actors?

As an extension to this discussion, Carl Bergman has a great post on EMR and EHR which talks about what’s been removed from this bill. It seems that the Unique Patient Identifier gag rule has been removed.

Are Client Server EHR Holding Back Healthcare?

Posted on December 19, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The number one topic of debate on this blog has definitely been Client Server EHR versus SaaS EHR. There are staunch parties on both sides of this aisle. No doubt both sides have a case to make and we’ll see both in healthcare for a long time to come. Although, I think that long term the SaaS EHR will win out.

As I was thinking about this recently, I realized that while client server EHR can do everything a SaaS EHR can do, it definitely makes a lot of things much harder to accomplish.

It’s much harder to create an API that connects to 2000 client server EHR installs.

It’s much harder to make 2000 client server EHR installs interoperable.

It’s much harder to evaluate data across 2000 client server EHR installs.

I’m sure I could keep going with this list, but you get the point. Even though something is possible, it doesn’t mean that they’re actually going to do it. In fact, if it’s hard to do, then it takes extreme pressure for them to do it.

All of this has me begging the question of whether client server installs are holding back the EHR industry. Up until now, many of the things I mention above haven’t been that important. Going forward I think that all three of the things I mention above are going to be very important.

The good thing is that I see many client server EHR moving to some kind of hosted EHR solution. That solves some of the problems mentioned above. At least if it’s a hosted EHR solution, they can control the environment and more easily implement things like API access and interoperability. That’s much harder in the client server world where if you have 2000 EHR installs, you have 2000 unique setups.

Of course, as soon as a large SaaS EHR has a massive breach, healthcare will go running after the client server EHR. The battle lines are drawn and each side knows each other very well. Although, I think the SaaS EHR have the high ground right now. We’ll see how that continues over time. Client server EHR have done an amazing job battling.