Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

What If Your Doctor Knew All Your Health Searches?

Posted on June 30, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Back in 2013, the Pew Research Internet Project found that 72% of internet users looked online for health information. This was well before the most recent update to Dr. Google. It’s only a matter of time that those health searches will end up going through some sort of AI solution (Siri, Alexa, Galaxy, etc) we bring into the home.

Imagine if we connected this font of health information and questions together with the healthcare establishment. What if your doctor had access to all of the health related searches you were doing? Might he be able to provide better service to you and your family?

Yes, I realize that this idea will be extremely controversial. There are some major privacy challenges and issues with this idea, but there’s also a lot of potential benefits. It seems a little bit hypocritical that we ask doctors to be open and transparent with our health records if we as patients aren’t going to be open and transparent with our medical concerns. Certainly, we should be able to control what and with whom we share this information, but I believe that many will be willing to share it with their doctors.

Yes, this will require a pretty dramatic shift in how our medical professionals will handle a patient visit. However, if I’ve been doing a bunch of searches around back pain, imagine how much different my visit to the doctor for an earache would be. Could that provide the opportunity for the doctor to talk to me about my back pain searches?

It’s fascinating to think how this is almost the complete opposite of the office visit today. I’ve seen doctors that wanted to only deal with one issue at a time. Those doctors have learned the special dance that allows them to avoid talking about more than the presenting concern. Many doctors learn essentially a new language that makes sure that they get in and out of the exam room quickly without bringing up the rabbit hole of potential health problems a patient might be actually experiencing.

That’s the reality of today’s medicine. This is what we pay them to do. That’s changing with things like CCM where a healthcare provider is paid to dig in a little deeper. It’s certainly not enough to fully change these behaviors.

Until the reimbursement fully changes over to doctors getting paid to keep you healthy, a doctor knowing your health searches won’t be of interest to most doctors. However, once reimbursement changes, a doctor will become much more interested in what’s really ailing you. Your online searches certainly will say a lot about your health, both physical and mental.

How Can Small Practices Thrive with MACRA?

Posted on June 29, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

UPDATE: In case you missed the live interview, you can watch the recorded conversation below:

2016 July - How Small Practices Can Thrive with MACRA - Headshots

On Thursday, July 7, 2016 at 3:30 PM ET (12:30 PM PT) I’ll be hosting a live video interview with the Chief Medical Officers of both Modernizing Medicine and Kareo. All of healthcare has been hit with the MACRA legislation and many talking heads are saying that MACRA is going to be a challenge for small practices. In this discussion, we’ll talk about how small practices can thrive within the changes that MACRA provides.

The great part is that you can join my live conversation with this panel of experts and even add your own comments to the discussion or ask them questions. All you need to do to watch live is visit this blog post on Thursday, July 7, 2016 at 3:30 PM ET (12:30 PM PT) and watch the video embed at the bottom of the post or you can subscribe to the blab directly. We’ll be doing a more formal interview for the first 30 minutes and then open up the Blab to others who want to add to the conversation or ask us questions. The conversation will be recorded as well and available on this post after the interview.

Here are a few more details about our panelists:

We hope you’ll join us live or enjoy the recorded version of our conversation. Plus, considering the length of the MACRA legislation, we welcome you to come and provide your insights into what the MACRA legislation means for small practices. We hope this will be an open discussion of the legislation and what impact it will have on small practices. Dr. Giannulli and Dr. Sherling are very well versed on the topic and will provide some tremendous insight into what to expect from MACRA.

If you’d like to see the archives of Healthcare Scene’s past interviews, you can find and subscribe to all of Healthcare Scene’s interviews on YouTube.

Finally, if you’d like to learn more about MACRA for small practices, I’ll be doing a detailed webinar on what we know about MACRA on July 13th at 1 PM ET (10 AM PT).

Applying Geospatial Analysis to Population Health

Posted on June 28, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This post is sponsored by Samsung Business. All thoughts and opinions are my own.

Megan Williams wrote a very interesting piece called “Geospatial Analysis: The Next Era of Population Health” in which she highlighted Kaiser’s efforts to use geospatial analysis as part of their population health efforts. Here’s her description of their project:

This means using data to inform policy adjustments and create intervention programs that lead to meaningful change. One of the best examples of this lies with healthcare giant Kaiser Permanente. In April, they launched a database that gave researchers the ability to examine patient DNA and bump it against behavioral and environmental health factors. The goal of the project is to pull information from half a million patients and use it to build one of the most “diverse repositories of environmental, genetic and health data in the world,” which could then be used to inform research around conditions including diabetes and cancer and their relationships to issues including localized violence, pollution, access to quality food and other factors.

This type of effort from Kaiser is quite incredible and I believe will truly be part of the way we shift the cost curve on healthcare costs. One challenge to this effort is that Kaiser has a very different business model than the rest of the healthcare system. They’re in a unique position where their business benefits from these types of population health efforts. Plus, Kaiser is very geographically oriented.

While Kaiser’s business model is currently very different, one could argue that the rest of healthcare is moving towards the Kaiser model. The shift to value based care and accountable care organizations is going to require the same geospatial analysis that Kaiser is building out today. Plus, hospital consolidation is providing real geographic dominance that wasn’t previously available. Will these shifting reimbursement models motivate all of the healthcare systems to care about the 99% of time patients spend outside of our care? I think they will and large healthcare organizations won’t have any choice in the matter.

There are a number of publicly and privately available data stores that are going to help in the geospatial analysis of a population’s health, but I don’t believe that’s going to be enough. In order to discover the real golden insights into a population, we’re going to have to look at the crossroads of data stores (behavioral, environmental, genomic, etc) combined together with personal health data. Some of that personal health data will come from things like EHR software, but I believe that the most powerful geospatial personal health data is going to come from an individual’s cell phone.

This isn’t a hard vision to see. Most of us now carry around a cell phone that knows a lot more about our health than we realize. Plus, it has a GPS where all of those actions can be plotted geospatially. Combine this personally collected health data with these large data stores and we’re likely to get a dramatically different understanding of your health.

While this is an exciting area of healthcare, I think we’d be wise to take a lesson from “big data” in healthcare. Far too many health systems spent millions of dollars building up these massive data warehouses of enterprise health data. Once they were built, they had no idea how to get value from them. Since then, we’ve seen a shift to “skinny data” as one vendor called it. Minimum viable data sets with specific action items tied to that data.

We should likely do the same with geospatial data and population health and focus on the minimum set of data that will provide actual results. We should start with the skinny data that delivers an improvement in health. Over time, those skinny data sets will combine into a population health platform that truly leverages big data in healthcare.

Where do you see geospatial data being used in healthcare? Where would you like to see it being used? What are the untapped opportunities that are waiting for us?

For more content like this, follow Samsung on Insights, Twitter, LinkedIn , YouTube and SlideShare.

Are You Ready for Stage 2 HIPAA Audits?

Posted on June 27, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Many organizations probably didn’t even realize that OCR (HHS’ department in charge of HIPAA) had put in place HIPAA audits since the pilot program only audited 115 covered entities. That’s likely to change for a lot more healthcare organizations (including business associates) as Stage 2 HIPAA Audits are rolled out. Is your organization ready for a HIPAA Audit?

After spending about 2 months scouring the Stage 2 HIPAA Audit prototol, HIPAA One put together a great comparison of the simplicity of stage 1 HIPAA audits versus stage 2 HIPAA audits:

What it was – Phase 1 of the OCR’s Privacy, Security and Breach Notification Audit Program:
  1. HITECH added Breach Notification to HIPAA and endorsed the OCR‘s Audit Program.
  2. Contained 169 total protocols.
  3. Pilot program included 115 covered entities.
What it is now – the HIPAA Audit Program-Phase 2:
  1. OCR is implementing Phase 2 to include both CEs and business associates (every covered entity and business associate is eligible for an audit)
  2. Provides an opportunity for the OCR to identify best practices, risks and issues before they result in bigger problems (e.g. resulting in a breach) through the expanded random audit program.
  3. 180 Enhanced protocols (groups of instructions) which contain the following updates:
    1. Privacy – 708 updates (individual lines of instructions)
      1. Most notable changes are more policies and procedures surrounding the HIPAA Privacy Officer as well as some changes for Health Plans and Business Associates.
    2. Security – 880 updates (individual lines of instructions)
      1. Most notable changes are that Health Plans must have assurances from their plan sponsors and all companies now have to get proof of HIPAA compliance from their business associates, vendors and subcontractors.

That’s a lot of changes that are going to impact a lot of organizations. How many organizations have spent the time seeing which of these changes are going to impact their organization? I’m sure the answer to that is not many since “ignorance is bliss” is the mantra of many healthcare organizations when it comes to HIPAA compliance.

Particularly interesting is that HIPAA One points out that many of the checklists, books, commercial compliance software, and even ONC’s own SRA tool are likely outdated for these new changes to the HIPAA audit protocol. They’re probably right, so make sure whatever tool you’re using to do a HIPAA SRA takes into account the new HIPAA audit protocol.

Just so we’re clear, there actually hasn’t been a change to the HIPAA Omnibus update in 2013. However, the HIPAA audit protocol clarifies how the HIPAA law will be interpreted during an audit. That means that many of the gray areas in the law have been clarified through the audit protocol.

In HIPAA One’s blog post, they outline some important next steps for healthcare organizations. I won’t replicate it here, but go and check it out if you’re a HIPAA compliance officer for your organization or forward it to your HIPAA compliance officer if you’re not. The first suggestion is a really key one since you want to make sure you’re getting your HIPAA audit emails from OCR.

It’s taken HHS and OCR a while to roll out the full HIPAA audit program. However, it’s fully functioning now and I expect 2016 will be a real wake-up call for many organizations that aren’t prepared for a HIPAA audit. Plus, many others will be woken up when their friends fail their HIPAA audit.

Is your organization ready for a HIPAA audit?

Full Disclosure: HIPAA One is an advertiser on Healthcare Scene.

Philips Breathless Choir Video

Posted on June 24, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

It’s Friday and so I always like to share something a little bit lighter or fun. This week I want to share this incredible video from Philips that documents the “Breathless Choir” that they put together:

What a brilliant idea (I guess I need to invite Philips marketing department to speak at my healthcare marketing conference) and a great story! In many ways it reminds me of the “Singing Sisters” which I covered when they were on America’s Got Talent. They both had cystic fibrosis and totally killed it singing on stage despite their unique challenges even just trying to breathe.

No doubt Philips did this partly as a way to promote their various medical devices like the SimplyGo Mini which is a portable oxygen concentrator, but the story is still beautiful. Many corporate products really can make patients’ lives better while a corporation makes a profit too. I have a great friend who has cystic fibrosis and I’m sure he’d enjoy a device that was as portable as this. Not to mention something much more stylish than that ugly green oxygen container I’ve seen him lugging around.

Considering the video above has gotten 8.4 million views, it’s fair to say that this story has resonated with millions of people. For me personally, it reminded me of the importance of the work we’re doing. When we do it well, we can improve patients’ lives and give them freedoms they didn’t think were possible. When we do it poorly, it can have the opposite impact. Thanks Philips for putting together this video.

Has Electronic Health Record Replacement Failed?

Posted on June 23, 2016 I Written By

The following is a guest blog post by Justin Campbell, Vice President, Galen Healthcare.
Justin Campbell
A recent Black Book survey of hospital executives and IT employees who have replaced their Electronic Health Record system in the past three years paints a grim picture. Respondents report higher than expected costs, layoffs, declining revenues, disenfranchised clinicians and serious misgivings about the benefits of switching systems. Specifically:

  • 14% of all hospitals that replaced their original EHR since 2011 were losing inpatient revenue at a pace that wouldn’t support the total cost of their replacement EHR
  • 87% of hospitals facing financial challenges now regret the decision to change systems
  • 63% of executive level respondents admitted they feared losing their jobs as a result of the EHR replacement process
  • 66% of system users believe that interoperability and patient data exchange functionality have declined

Surely, this was not the outcome expected when hospitals rushed to replace paper records in response to Congressional incentives (and penalties) included in the 2009 American Recovery and Reinvestment Act.

But the disappointment reflected in this survey only sheds light on part of the story. The majority of hospitals depicted here were already in financial difficulty. It is understandable that they felt impelled to make a significant change and to do so as quickly as possible. But installing an electronic record system, or replacing one that is antiquated, requires much more than a decision to do so. We should not be surprised that a complex undertaking like this would be burdened by complicated and confusing challenges, chief among which turned out to be “usability” and acceptance.

Another Black Book report, this one from 2013, revealed:

  • 66% of doctors using EHR systems did not do so willingly
  • 87% of those unwilling to use the system claimed usability as their primary complaint
  • 84% of physician groups chose their EHR to reach meaningful use incentives
  • 92% of practices described their EHR as “clunky” and/or difficult to use

None of this should surprise us but we need to ask: was usability really the key driver for EHR replacement? Is usability alone accountable for lost revenue, employment anxiety and buyers’ remorse? Surely organizations would not have dumped millions into failed EHR implementations only to rip-and-replace them due to usability problems and provider dissatisfaction. Indeed, despite the persistence of functional obstacles such as outdated technology, hospitals continue to make new EMR purchases. Maybe the “reason for the rip-and-replace approach by some hospitals is to reach interoperability between inpatient and outpatient data,” wrote Dr. Donald Voltz, MD in EMR and EHR.

Interoperability is linked to another one of the main drivers of EHR replacement: the mission to support value-based care, that is, to improve the delivery of care by streamlining operations and facilitating the exchange of health information between a hospital’s own providers and the caregivers at other hospitals or health facilities. This can be almost impossible to achieve if hospitals have legacy systems that include multiple and non-communicative EHRs.

As explained by Chief Nurse Executive Gail Carlson, in an article for Modern Healthcare, “Interoperability between EHRs has become crucial for their successful integration of operations – and sometimes requires dumping legacy systems that can’t talk to each other.

Many hospitals have numerous ancillary services, each with their own programs. The EHRs are often “best of breed.” That means they employ highly specialized software that provides excellent service in specific areas such as emergency departments, obstetrics or lab work. But communication between these departments is compromised because they display data differently.

In order to judge EHR replacement outcomes objectively, one needs to not just examine the near-term financials and sentiment (admittedly, replacement causes disruption and is not easy), but to also take a holistic view of the impact to the system’s portfolio by way of simplification and future positioning for value-based care. The majority of the negative sentiment and disappointing outcomes may actually stem from the migration and new system implementation process in and of itself. Many groups likely underestimated the scope of the undertaking and compromised new system adoption through a lackluster migration.

Not everyone plunged into the replacement frenzy. Some pursued a solution such as dBMotion to foster care for patients via intercommunications across all care venues. In fact, Allscripts acquired dBMotion to solve for interoperability between its inpatient solution (Eclipsys SCM) and its outpatient EMR offering (Touchworks). dBMotion provides a solution for those organizations with different inpatient and outpatient vendors, offering semantic interoperability, vocabulary management, EMPI and ultimately facilitating a true community-based record.

Yet others chose to optimize what they had, driven by financial constraints. There is a thin line separating EHR replacement from EHR optimization. This is especially true for those HCOs that are neither large enough nor sufficiently funded to be able to afford a replacement; they are instead forced to squeeze out the most value they can from their current investment.

The optimization path is much more pronounced with MEDITECH clients, where a large percentage of their base remains on the legacy MAGIC and C/S platforms.

Denni McColm, a hospital CIO, told healthsystemCIO why many MEDITECH clients are watching and waiting before they commit to a more advanced platform:

“We’re on MEDITECH’s Client/Server version, which is not their older version and not their newest version, and we have it implemented really everywhere that MEDITECH serves. So we have the hospital systems, home care, long-term care, emergency services, surgical center — all the way across the continuum. We plan to go to their latest version sometime in the next few years to get the ambulatory interface for the providers. It should be very efficient — reduced clicks, it’s mobile friendly, and our docs are anxious to move to it,” but we’ll decide when the time is right, she says.

What can we discern from these different approaches and studies?  It’s too early to be sure of the final score. One thing is certain though: the migrations and archival underpinnings of system replacement are essential. They allow the replacement to deliver on the promise of improved usability, enhanced interoperability and take us closer to the goal of value-based care.

About Justin Campbell
Justin is Vice President, Strategy, at Galen Healthcare Solutions. He is responsible for market intelligence, segmentation, business and market development and competitive strategy. Justin has been consulting in Health IT for over 10 years, guiding clients in the implementation, integration and optimization of clinical systems. He has been on the front lines of system replacement and data migration and is passionate about advancing interoperability in healthcare and harnessing analytical insights to realize improvements in patient care. Justin can be found on Twitter at @TJustinCampbell

AMA’s Digital Health ‘Snake Oil’ Claim Creates Needless Conflict

Posted on June 22, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Earlier this month, the head of the American Medical Association issued a challenge which should resonate for years to come. At this year’s annual meeting, Dr. James Madara argued that many direct-to-consumer digital health products, apps and even EMRs were “the digital snake oil of the early 21st century,” and that doctors will need to serve as gatekeepers to the industry.

His comments, which have been controversial, weren’t quite as immoderate as some critics have suggested. He argued that some digital health tools were “potentially magnificent,” and called on doctors to separate useful products from “so-called advancements that don’t have an appropriate evidence base, or that just don’t work that well – or that actually impede care, confuse patients, and waste our time.”

It certainly makes sense to sort the digital wheat from the chaff. After all, as of late last year there were more than 165,000 mobile health apps on the market, more than double that available in 2013, according to a study by IMS Institute for Healthcare Informatics. And despite the increasing proliferation of wearable health trackers, there is little research available to suggest that they offer concrete health benefits or promote sustainable behavior change.

That being said, the term “snake oil” has a loaded historical meaning, and we should hold Dr. Madara accountable for using it. According to Wikipedia, “snake oil” is an expression associated with products that offer questionable or unverifiable quality or benefits – which may or may not be fair. But let’s take things a bit further. In the same entry, Wikipedia defines a snake oil salesman “is someone who knowingly sells fraudulent goods or who is themselves a fraud, quack or charlatan.” And that’s a pretty harsh way to describe digital health entrepreneurs.

Ultimately, though, the issue isn’t whether Dr. Madara hurt someone’s feelings. What troubles me about his comments is they create conflict where none needs to exist.

Back in the 1850s, when what can charitably be called “entrepreneurs” were selling useless or toxic elixirs, many were doubtless aware that the products they sold had no benefit or might even harm consumers. And if what I’ve read about that era is true, I doubt they cared.

But today’s digital health entrepreneurs, in contrast, desperately want to get it right. These innovators – and digital health product line leaders within firms like Samsung and Apple – are very open to working with clinicians. In fact, most if not all work directly with both staff doctors and clinicians in community practice, and are always open to getting guidance on how to support the practice of medicine.

So while Dr. Madara’s comments aren’t precisely wrong, they suggest a fear and distrust of technology which doesn’t become any 21st century professional organization.

Think I’m wrong? Well, then why didn’t the AMA leader announce the formation of an investment fund to back the “potentially magnificent” advances he admits exist? If the AMA did that, it would demonstrate that even a 169-year-old organization can adapt and grow. But otherwise, his words suggest that the venerable trade group still holds disappointingly Luddite views better suited for the dustbin of history.

UPDATE:  An AMA representative has informed me that I got some details in the story above wrong, and I’m eager to correct my error. According to Christopher Khoury, vice president of environmental analysis and strategic analytics with the group, the AMA is indeed investing in digital health innovation. He notes that in January, the group announced the formation of San Francisco-based Health2047 (www.health2047.com), for which it serves as lead investor. Health2047 is dedicated to furthering the commercialization of digital tools and solutions that help practicing physicians. It also sponsors Matter, a healthcare incubator based in Chicago.

NFL Players’ Medical Records Stolen

Posted on June 21, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’d been meaning to write about this story for a while now, but finally got around to it. In case you missed it, Thousands of NFL players’ medical records were stolen. Here’s a piece of the DeadSpin summary of the incident:

In late April, the NFL recently informed its players, a Skins athletic trainer’s car was broken into. The thief took a backpack, and inside that backpack was a cache of electronic and paper medical records for thousands of players, including NFL Combine attendees from the last 13 years. That would encompass the vast majority of NFL players

The Redskins later issues this statement:

The Washington Redskins can confirm that a theft occurred mid-morning on April 15 in downtown Indianapolis, where a thief broke through the window of an athletic trainer’s locked car. No social security numbers, Protected Health Information (PHI) under HIPAA, or financial information were stolen or are at risk of exposure.

The laptop was password-protected but unencrypted, but we have no reason to believe the laptop password was compromised. The NFL’s electronic medical records system was not impacted.

It’s interesting that the Redskins said that it didn’t include any PHI that would be covered by HIPAA rules and regulations. I was interested in how HIPAA would apply to an NFL team, so I reached out to David Harlow for the answer. David Harlow, Health Blawg writer, offered these insights into whether NFL records are required to comply with HIPAA or not:

These records fall in a gray zone between employment records and health records. Clearly the NFL understands what’s at stake if, as reported, they’ve proactively reached out to the HIPAA police. At least one federal court is on record in a similar case saying, essentially, C’mon, you know you’re a covered entity; get with the program.

Michael Magrath, current Chairman, HIMSS Identity Management Task Force, and Director of Healthcare Business, VASCO Data Security offered this insight into the breach:

This is a clear example that healthcare breaches are not isolated to healthcare organizations. They apply to employers, including the National Football League. Teams secure and protect their playbooks and need to apply that philosophy to securing their players’ medical information.

Laptop thefts are common place and one of the most common entries (310 incidents) on the HHS’ Office of Civil Rights portal listing Breaches Affecting 500 or More Individuals. Encryption is one of the basic requirements to secure a laptop, yet organizations continue to gamble without it and innocent victims can face a lifetime of identity theft and medical identity theft.

Assuming the laptop was Windows based, security can be enhanced by replacing the static Windows password with two-factor authentication in the form of a one-time password. Without the authenticator to generate the one-time password, gaining entry to the laptop will be extremely difficult. By combining encryption and strong authentication to gain entry into the laptop the players and prospects protected health information would not be at risk, all because organizations and members wish to avoid few moments of inconvenience.

This story brings up some important points. First, healthcare is far from the only industry that has issues with breaches and things like stolen or lost laptops. Second, healthcare isn’t the only one that sees the importance of encrypting mobile devices. However, despite the importance, many organizations still aren’t doing so. Third, HIPAA is an interesting law since it only covers PHI and covered entities. HIPAA omnibus expanded that to business associates. However, there are still a bunch of grey areas that aren’t sure if HIPAA applies. Plus, there are a lot of white areas where your health information is stored and HIPAA doesn’t apply.

Long story short, be smart and encrypt your health data no matter where it’s stored. Be careful where you share your health data. Anyone could be breached and HIPAA will only protect you so much (covered entity or not).

Sansoro Hopes Its Health Record API Will Unite Them All

Posted on June 20, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

After some seven years of watching the US government push interoperability among health records, and hearing how far we are from achieving it, I assumed that fundamental divergences among electronic health records at different sites posed problems of staggering complexity. I pricked up my ears, therefore, when John Orosco, CTO of Sansoro Health, said that they could get EHRs to expose real-time web services in a few hours, or at most a couple days.

What does Sansoro do? Its goal, like the FHIR standard, is to give health care providers and third-party developers a single go-to API where they can run their apps on any supported EHR. Done right, this service cuts down development costs and saves the developers from having to distribute a different version of their app for different customers. Note that the SMART project tries to achieve a similar goal by providing an API layer on top of EHRs for producing user interfaces, whereas Sansoro offers an API at a lower level on particular data items, like FHIR.

Sansoro was formed in the summer of 2014. Researching EHRs, its founders recognized that even though the vendors differed in many superficial ways (including the purportedly standard CCDs they create), all EHRs dealt at bottom with the same fields. Diagnoses, lab orders, allergies, medications, etc. are the same throughout the industry, so familiar items turn up under the varying semantics.

FHIR was just starting at that time, and is still maturing. Therefore, while planning to support FHIR as it becomes ready, Sansoro designed their own data model and API to meet industry’s needs right now. They are gradually adding FHIR interfaces that they consider mature to their Emissary application.

Sansoro aimed first at the acute care market, and is expanding to support ambulatory EHR platforms. At the beginning, based on market share, Sansoro chose to focus on the Cerner and Epic EHRs, both of which offer limited web services modules to their customers. Then, listening to customer needs, Sansoro added MEDITECH and Allscripts; it will continue to follow customer priorities.

Although Orosco acknowledged that EHR vendors are already moving toward interoperability, their services are currently limited and focus on their own platforms. For various reasons, they may implement the FHIR specification differently. (Health IT experts hope that Argonaut project will ensure semantic interoperability for at least the most common FHIR items.) Sansoro, in contrast can expose any field in the EHR using its APIs, thus serving the health care community’s immediate needs in an EHR-agnostic manner. Emissary may prevent the field from ending up again the way the CCD has fared, where each vendor can implement a different API and claim to be compliant.

This kind of fragmented interface is a constant risk in markets in which proprietary companies are rapidly entering an competing. There is also a risk, therefore, that many competitors will enter the API market as Sansoro has done, reproducing the minor and annoying differences between EHR vendors at a higher level.

But Orosco reminded me that Google, Facebook, and Microsoft all have competing APIs for messaging, identity management, and other services. The benefits of competition, even when people have to use different interfaces, drives a field forward, and the same can happen in healthcare. Two directions face us: to allow rapid entry of multiple vendors and learn from experience, or to spend a long time trying to develop a robust standard in an open manner for all to use. Luckily, given Sansoro and FHIR, we have both options.

Dear Nurses – Fun Friday

Posted on June 17, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This week my cousin sent me a message late at night on Facebook. She’s a nurse and had just experienced her first patient who coded on her. Needless to say it was a traumatic experience and she was reeling from the experience. I’m not sure how much I helped her, but I tried to show some empathy and at least be there to listen to her in her time of need.

This experience reminded me of what a challenging job it is to be a nurse. We certainly don’t show them enough appreciation. With this in mind, it seemed fitting for this Fun Friday post to share ZDoggMD’s “Dear Nurses” parody of Tupac Shakur’s “Dear Mama.”

A big thank you to all the nurses out there that make healthcare great and don’t get nearly the recognition they deserve.