Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

First Impressions of RSNA 2015 (#RSNA15)

Posted on November 30, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This year will be my first time attending RSNA (see my full schedule of healthcare IT conferences), the massive radiology conference held in Chicago each year. I’d been wanting to check it out for years, but traveling to Chicago right after the Thanksgiving holiday never seemed all that appealing to me. Don’t ask me what convinced me to do it this year. I’m not sure why other than a real desire to experience the show first hand. I’d heard it was massive and would be worth my time. I’ll be sure to let you know what I think.

I’ve already got a schedule that’s nearly as full as HIMSS or MGMA and that’s saying something. I’ll be interested to see how many of them give me the radiology pitch as opposed to the healthcare IT pitch. I think I’ve made myself pretty clear, but we’ll see when we get to the actual meetings. Of course, there’s plenty of healthcare IT that’s worth hearing about. Not to mention amazing innovations around 3D printing and other mobile health technologies. I even saw a virtual reality viewer that I hope I get a chance to check out.

As I’ve prepared for my first trip to RSNA, I’ve been watching the #RSNA15 hashtag on Twitter. It’s been a great way for me to connect with those in the RSNA community. Plus, it’s given me a good overview of what’s likely to be topic of conversations at RSNA. The power of Twitter and hashtags is really amazing to me.

One thing that surprised me on the Twitter stream is how the message to Radiologists is very similar to many of the other healthcare IT events I go to around the country. No, I’m not talking about the #RSNA15 tweetup or the Cannoli Shooters. It seems that radiologists are being encouraged to be more involved in health care. This tweet illustrates an example of this message:

Here’s a good roundup of tweets from the opening RSNA keynotes and day 1 of RSNA 2015:

I look forward to seeing many of you at RSNA and reporting on the event for those of you who can’t make it.

Could the Drive to Value-Based Healthcare Undermine Security?

Posted on November 27, 2015 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As we all know, the healthcare industry’s move toward value-based healthcare is forcing providers to make some big changes. In fact, a recent report by peer60 found that 64% of hospitals responding cited oncoming value-based reimbursement as their top challenge. Meanwhile, only 30% could say the same of improving information security according to peer60, which recently surveyed 320 hospital leaders.

Now, the difference in concern over the two issues can be chalked up, at least in part, to the design of the survey. Obviously, there’s a good chance that a survey of CIOs would generate different results. But as the report’s authors noted, the survey might also have exposed a troublesome gap in priorities between health IT and the rest of the hospital C-suite.

It’s hardly surprising hospital leaders are focused on the life-and-death effects of a major change in payment policy. Ultimately, if a hospital can’t stay in business, protecting data won’t be an issue anymore. But if a hospital keeps its doors open, protecting patient data must be given a great deal of attention.

If there is a substantial gap between CIOs and their colleagues on security, my guess is that the reasons include the following:

  • Assuming CIOs can handle things:  Lamentable though it may be, less-savvy healthcare leaders may think of security as a tech-heavy problem that doesn’t concern them on a day-to-day level.
  • Managing by emergency:  Though they might not admit it publicly, reactive health executives may see security problems as only worth addressing when something needs fixing.
  • Fear of knowing what needs to be done:  Any intelligent, educated health exec knows that they can’t afford to let security be compromised, but they don’t want to face up to the time, money and energy it takes to do infosec right.
  • Overconfidence in existing security measures:  After approving the investment of tens or even hundreds of millions on health IT, non-tech health leaders may find it hard to believe that perfect security isn’t “built in” and complete.

I guess the upshot of all of this is that even sophisticated healthcare executives may have dysfunctional beliefs about health data security. And it’s not surprising that health leaders with limited technical backgrounds may prefer to attack problems they do understand.

Ultimately, this suggests to me that CIOs and other HIT leaders still have a lot of ‘splaining to do. To do their best with security challenges, health IT execs need the support from the entire leadership team, and that will mean educating their peers on some painful realities of the trade.

After all, if security is to be an organization-wide process — not just a few patches and HIPAA training sessions — it has to be ingrained in everything employees do. And that may mean some vigorous exchanges of views on how security fosters value.

Happy Thanksgiving!

Posted on November 26, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Today is a day of real gratitude for me. I love Thanksgiving and the time to enjoy family and taking time out to be grateful for all the many blessings in my life. One of my greatest blessings is to be a full time blogger. I feel so lucky to be able to do something as amazing and impactful as blogging. Of course, I couldn’t live this dream if it weren’t for you the reader. So, I’m really grateful to so many of you who have supported my blogs for so long even with all my frailties and mistakes. Thank you!

Happy Thanksgiving!
Five orange pumpkins sit in a row in front of a distressed, wooden background.

“It Was a Good Call Day” – Ode to Health Care Holiday Workers

Posted on November 25, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Leave it to ZDoggMD to honor those healthcare people working the holidays in just the right way. This time he does it with a parody of Ice Cube that he calls “It Was a Good Call Day.” Be sure to wait for the surprise ending.

Enjoy the video below and a massive thank you to those in health care that are spending their holiday away from family at work.

What Would New Care Delivery Models Look Like If Created Today?

Posted on November 24, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.


This tweet has been on my mind the last month. I’m sure that many in the trenches probably think that this type of thinking is a pipe dream and not worthy of discussion. While it’s true that we can’t go back and change the past, this type of thinking may predict where we need to go in the future.

I and many others have long talked about the way EHR software was built to maximize billing and then meaningful use. The focus of the EHR was not on how to improve patient care, but was really built around how the organization could manage it’s billing and make more money. So, we shouldn’t be too surprised that the EHR systems we have today aren’t these amazing systems that dramatically improve the care we provide.

With that said, there’s a sea change happening in health care when it comes to how organizations are being reimbursed based on value. Might I suggest that an organization that wants to be ready for this change in reimbursement might want to take the time to think about what care models would look like if they were created from scratch today without the overhead of the past.

I’m not the only one thinking about this. Check out this tweet from Linda Stotsky that quotes Rasu Shrestha, MD, MBA.


In the article that’s linked to in that tweet Rasu describes the real challenge of rethinking our care models:

What does it truly mean to have a patient-centered approach to care? As a clinician, I can tell you confidently that most of my colleagues tend to get defensive amid talk of the need to adopt a patient-centric approach to care. “Of course, we’re focused on the patient!” seems to be the most common reaction. Many simply assume that because care is essentially imparted onto a patient, everything we do, naturally, is patient-centric

Then he offers this frank comment:

But where is the patient in all of this? Is a system designed to help document our attempts to cure the patient, and help bill for the associated services, really the best we can do? Perhaps the problem is bigger than just the EMR. Perhaps our frequently paternalistic, and often heroic, approaches to care have been cherished, celebrated and incentivized for far too long. Perhaps we need to rethink care in a big way.

I agree with Rasu. He also quotes Ellen Stoval, survivor or three bouts of cancer who says, “We have been chasing the cure, rather than the care.” I’m actually optimistic that these changes are happening. We’re going to see a drastically improved health care system. It’s going to take time, but most changes do. What’s most exciting is that if we navigate these shifts properly, then doctors will finally get to practice medicine the way they imagined medicine. Instead of churning patients to meet revenue, they could actually spend more time caring for patients. That’s something worth aspiring towards.

Healthcare Data Breaches Infographic

Posted on November 23, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Royal Jay has put out this infographic (see below) which summarizes the impact of many of the health care data breaches we’ve seen hitting the news over the past few years. One problem with these infographics is that the numbers are so huge, I think many organizations have grown numb to breaches. I imagine many organizations kind of throw their hands up in the air and say that a breach is inevitable. That’s a scary position to take. Certainly you can’t be 100% secure, but you can make it hard enough that a breach is less likely.

What stands out to you in this health care data breach infographic:
Breached_Infographic_20151113

We Share Health Data with Marketing Companies, Why Not with Healthcare Providers? Answer: $$

Posted on November 20, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

For those who don’t realize it, your health data is being shared all over the place. Yes, we like to think that our health care data is being stored and protected and that laws like HIPAA keep them safe, but there are plenty of ways to legally share health care data today. In fact, many EHR vendors sell your health care data for a pretty penny.

Of course, many would argue that it’s shared in a way that complies with all the laws and that it’s done in a way that your health record isn’t individually identified. They’re only sharing your health data in a de-identified manner. Others would argue that you can’t deidentify the health data and that there are ways to reidentify the data. I’ll leave those arguments for another post. We’ll also leave the argument over whether all this sharing of health data (usually to marketing, pharma and insurance companies) is safe or not for a future post as well.

What’s undeniable is that health data for pretty much all of us is being bought and sold all over health care. If you don’t believe it’s so, take a minute to look at the work of Deborah Peel from Patient Privacy Rights and learn about her project theDataMap. She’ll be happy to inform you of all the ways data is currently being bought and sold. It’s a really big business.

Here’s where the irony comes in. We have no trouble sharing health data (Yes, even EHR vendors have no problem sharing data and lets be clear that not all EHR vendors share data with these outside companies but mare are sharing data) with marketing companies, payers and pharma companies that are willing to pay for access to that data. Yet, when we ask EHR vendors to share health data with other EHR vendors or with an HIE, they balk at the idea as if it’s impossible. They follow that up with a bunch of lame excuses about HIPAA privacy or the complexity of health care data.

Let’s call a spade a spade. We could pretty easily be interoperable in health care if we wanted to be interoperable. We know that’s true because when the money is there from these third party companies, EHR vendors can share data with them. The problem has been that the money has never been there before for EHR vendors to be motivated enough to make interoperability between EHR vendors possible. In fact, you could easily argue that the money was instructing EHR vendors not to be interoperable.

However, times are changing. Certainly the government pressure to be interoperable is out there, but that doesn’t really motivate the industry if there’s not some financial teeth behind it. Luckily the financial teeth are starting to appear in the form of value based reimbursement and the move away from fee for service. That and other trends are pushing healthcare providers to want interoperable health records as an important part of their business. That’s a far cry from where interoperability was seen as bad for their business.

I heard about this shift first hand recently when I was talking with Micky Tripathi, President & CEO of the Massachusetts eHealth Collaborative. Micky told me that his organization had recently run a few RFPs for healthcare organizations searching for an EHR. As part of the EHR selection process Micky recounted that interoperability of health records was not only included in the RFP, but was one of the deciding factors in the healthcare organizations’ EHR selections. The same thing would have never been said even 3-5 years ago.

No doubt interoperability of health records has a long way to go, but there are signs that times are changing. The economics are starting to make sense for organizations to embrace interoperablity. That’s a great thing since we know they can do it once the right economic motivations are present.

Doing a Proper HIPAA Risk Assessment with Mike Semel

Posted on November 19, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

HIPAA Risk Assessments have become a standard in healthcare. However, not everyone is doing a proper HIPAA Risk Assessment that would hold up to a HIPAA audit. In this video, we sits down with HIPAA Expert Mike Semel to discuss the HIPAA Risk Assessment and what a health care organization can do to make sure they’ve done a proper HIPAA Risk Assessment.

Learn more about Mike Semel and his services on the Semel Consulting website.

Full Disclosure: Semel Consulting is a sponsor of Healthcare Scene.

The Future is Now – Physician Discontent and Adopting EHRs Today – Breakaway Thinking

Posted on November 18, 2015 I Written By

The following is a guest blog post by Carrie Yasemin Paykoc, Senior Instructional Designer / Research Analyst at The Breakaway Group (A Xerox Company). Check out all of the blog posts in the Breakaway Thinking series.
Carrie Yasemin Paykoc

In the movie Back to the Future II, a young man named Marty McFly and his time-traveling companion Doc Brown travel thirty years into the future—October 21 2015—to unite his parents and correct the space-time continuum. Although this “future” date occurred several weeks ago, the technological advancements presented in the movie are not far off from reality.  In the “future” Marty cruises around his home town on a new hoverboard and the sky is filled with mechanical drones. There are a few hologram images and people are dressed in brightly colored, plastic outfits. Aside from the fashion statement, many of these technological advancements are well under way. The future is now!

Not all technology has advanced as rapidly as depicted in the movie, though. From a health information technology (HIT) perspective, it often feels like we are back in 1985 dreaming of better technology.  Electronic health records (EHRs) present one of the biggest opportunities for improvement in healthcare.

A recent study published by the RAND Corporation and sponsored by the American Medical Association (AMA) examined how satisfied physicians are with their EHRs. It found that they approve of the concept of EHRs and are largely satisfied by the ability to remotely access patient information at any time. Most physicians, practice leaders, and staff also agreed that advancements in EHR technology such as improved interoperability and improved interfaces have great potential to improve care as well as physician and patient satisfaction. On the other hand, the current state of EHRs worsened overall professional satisfaction among respondents. Data entry, usability, inefficient workflows, and lack of interoperability were a few of the main pain points mentioned in the study.

A recent parody of Jay Z’s Empire State of Mind articulates many of these same frustrations. “Just a glorified billing system with patient info tacked on,” is one of the poignant lyrics mentioned in the video.  Many physicians are fantasizing about going “back to the future” or using a more sophisticated system.

In order to move forward in advancing EHRs and HIT, clinicians, support staff, and administration need to take responsibility for their organization’s initial technology investment. If data entry, usability, and inefficient workflows are causing pain, it is time to re-revaluate those clinical workflows and escalate system issues and enhancements to their vendors.

Each time I am onsite with a client preparing for go-live I am reminded of all the energy spent on implementing these systems. But it is equally important that clinical leaders re-evaluate their initial workflows and develop a plan for sustained use after the initial excitement has faded. And during this time, leaders must provide feedback and escalate system issues to their vendor.

Engaged clinical leadership is required to not only adopt the current state of EHRs but to transform the future of health information technology. How can clinical leaders do both? First, realize an EHR is not something you can throw-away or easily replace without enormous costs.  In our consumer-based culture, old technologies like cell phones or televisions are often thrown out for the latest advancements. Although EHRs are in many ways less sophisticated than some consumer-based applications, most of those applications (if not all) do not have the ability to improve patient care or patient safety. If using today’s EHR technology saves more lives than using paper alone, it is our collective responsibility to adopt these systems.

Once this paradigm shift has occurred and clinical leaders have made a sustained commitment to using EHRs, progressive and impactful change can occur. Conversations can begin to shift to improving clinical workflows, enhancing interfaces, improving interoperability, and utilizing health information exchanges. But these later conversations will never occur if the focus is on the initial difficulties and stress associated with implementing and using these systems. In order to live up to our vision of the “future,” we must accept the realities of today.

Xerox is a sponsor of the Breakaway Thinking series of blog posts.

Owensboro Health Muhlenberg Community Hospital Breach

Posted on November 17, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In this week in HIPAA Breach rubber-necking, we have the FBI discovering suspicious network activity from third parties at Owensboro Health Muhlenberg Community Hospital, a 135 bed acute care hospital in Kentucky. Here’s a description of the incident:

On September 16, 2015, the Federal Bureau of Investigation (FBI) notified the hospital of suspicious network activity involving third parties. Upon learning this information, the hospital took immediate action, including initiating an internal investigation and engaging a leading digital forensics and security firm to investigate this matter. Based upon this review, the hospital confirmed that a limited number of computers were infected with a keystroke logger designed to capture and transmit data as it was entered onto the affected computers. The infection may have started as early as January 2012.

I’m quite interested in how they came up with the January 2012 date. Was that the date that the infected computers were installed? Are they just being cautious and assuming that the computers could have had the keylogger since the beginning and they’re handling the breach that way?

Of course, Muhlenberg Community Hospital is sending breach notifications to all patients in their records database, employees and contractors and providers that were credentialed at the hospital since 2012. They don’t give a number of how many records or people this constitutes, but it have to be a massive number.

Here’s a look at what information they think could have been accessed by the keylogger:

The affected computers were used to enter patient financial data and health information, information about persons responsible for a patient’s bill and employee/contractor data, including potentially name, address, telephone number(s), birthdate, Social Security number, driver’s license/state identification number, medical and health plan information (such health insurance number, medical record number, diagnoses and treatment information, and payment information), financial account number, payment card information (such as primary account number and expiration date) and employment-related information. Additionally, some credentialing-related information for providers may be impacted. The hospital also believes that the malware could have captured username and password information for accounts or websites that were accessed by employees, contractors or providers using the affected terminals. The hospital has no indication that the data has been used inappropriately.

They’re offering the usual identity protection services to all those affected. However, I was quite interested in their expanded list of steps people can take to guard against possible identity theft and fraud:

  • Enroll in Identity Protection Services
  • Explanation of Benefits Review
  • Check Credit Reports
  • Review Payment Card Statements
  • Change Your Passwords
  • Consult the Identity Theft Protection Guide

It’s clear that the number of breaches is accelerating. However, this case is particularly interesting because it could have been breached for the past 3 years and they’re just now finding it out. I expect we’ll see a lot more of this activity in the future.