Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

IT Leaders Question Allscripts Acquisition of McKesson EIS

Posted on August 31, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she’s served as editor in chief of several healthcare B2B sites.

Not long ago, I shared the results of a poll featured on HISTalk on the potential benefits of the Allscripts acquisition of McKesson EIS. The poll asked readers “Who will benefit most from the proposed acquisition of McKesson EIS by Allscripts?”

Roughly equal numbers of respondents said Allscripts customers would benefit (29%) and McKesson customers (27%). However, a new research report from Reaction Data suggests that many of their peers doubt that things will work out for McKesson customers or even do much to build Allscripts’ market position.

A number of health IT leaders quoted in the report say they’re fearful that McKesson solutions will get short shrift under Allscripts management. Others suggest that both vendors are behind the curve, especially McKesson, and that Allscripts is unlikely to spend enough money on it to catch up to current standards.

Their comments included the following observations:

  • I don’t see Allscripts as a major player in this space anymore and the acquisition will likely further stress the enterprise. Perhaps in combination they can cobble together a suite of tools, but integration will likely be clunky at best for some time.” – CIO
  • I do not see that McKesson brings anything beneficial to Allscripts, other than more users. McKesson’s products are very different from Allscripts’ current products and so will further dilute their efforts to bring quality product forward.” –CFO
  • McKesson is behind. Does not look like a smart choice moving forward.” –Director of IT
  • Just like Cerner buying Siemens, we were told they would support it and yada yada, here we are on Cerner after having to drop much more cash than we should have been required to.”—CIO

it’s worth noting, for the record, that all the feedback on the acquisition wasn’t negative. Positive comments included the following:

  • Combining Paragon, as the only true integrated, Microsoft SQL-based, hospital and ambulatory HIS on the market, with a solid vendor that focuses exclusively on HIT, is a win-win for the healthcare industry.” – CIO
  • “McKesson was losing and continues to lose ground on EHR systems to Epic and Cerner. They are withering on the vine. This acquisition will help them solidify their position in the market.”– Vice President of Finance

Still, most health IT leaders seemed to think the deal wouldn’t help either party that much. In particular, they were skeptical that McKesson’s high-profile Paragon solution was salvageable. “Paragon…is antiquated,” wrote one manager of information technology. “It will take a big bag of money and a lot of time to fix that.”

To summarize, while HIT execs conceded that the merger might buy Allscripts some customers and time, they felt it wasn’t likely to benefit their organizations. In fact, some argued that the deal could actually undercut the future of their McKesson systems: “Allscripts may focus on their own EMR and how those products I have with McKesson will interact with them rather than on McKesson products as a whole,” worried one director of information technology.

On top of everything else, the previous analysis by HISTalk doesn’t inspire much confidence that the acquisition will work on a corporate level. The analysis asserts that EMR vendors should be judged by the number of 250+ bed hospitals they have as customers, and points out that Allscripts controls only 6% of that market. (Epic, in contrast, has 20%, the article notes, citing HIMSS Analytics data.)

If I’m reading this right, it seems that Allscripts will take two mediocre and/or unfashionable solution sets and try to crossbreed them into a more popular set of tools, in the process scaring whatever loyal customers they have left. All sarcasm aside, I’d like to ask: Has this ever worked before?

Gaining End User Buy-In to Your EHR – Breakaway Thinking

Posted on August 30, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This post is part of the Breakaway Thinking blog post series which is sponsored by Breakaway Learning Solutions, a Conduent Company.

One of the universal truths about EHR software is that if you don’t get user buy-in, your EHR efforts will fail. You may even complete your EHR implementation, but not having user buy-in will wreak havoc on your ability to use the EHR to improve your organization. The failures may not be immediately apparent, but you can be sure your users will cause it to fail if they haven’t bought into the project.

On the other hand, organizations that do get end user buy-in to their EHR generally see great results.

The best way to ensure end user buy-in to EHR is through great leadership. This is highlighted in this whitepaper Leadership Insights: Gaining Value from Technology Investments, but what can leaders do to help create EHR buy-in with their organization?

One key to ensuring organizational buy-in is to set clear goals. Ideally these goals are created collaboratively with your team. However, it is most important that your EHR goals are attractive to your end users. If the end users are interested and excited about the goals you’ve set for the EHR project, then they’re more likely to support the project. Plus, setting these goals gives the project an important guide when you’re faced with tough decisions. Not to mention these goals serve as the perfect way to evaluate the success or failure of the EHR post-implementation.

Another way to ensure EHR buy-in from your end users is to invest in effectively training those users. There are a lot of skills a doctor needs to see patients effectively. Learning to use an EHR effectively is a learnable skill as well. However, you must invest in training that ensures end users have the skills they need to be effective EHR users. Effective training is a powerful way to improve EHR buy-in within your organization even if you have a less than perfect workflow.

Implementing an EHR often requires a change to your organization’s workflow. Many organizations postpone these workflow changes until after the initial implementation. They see this as a phased approach to the changes brought on by a new EHR. If you’ve done this, don’t forget to go back and reevaluate your current workflow against the new opportunities available in the EHR. You’ll often discover new workflows that will better serve your users and patients.

Finally, cultivating a group of peer champions for your EHR is a great way to get EHR buy-in. These peer champions can be there when challenging situations arise that need to be resolved. As advanced users, they can share solutions to problems with their peers in a powerful way that can’t be replicated by support desks.

The one theme across all of these ideas is having a great leader who understands their end users needs and then empowers them to be successful. Each of the above are just strategies a leader can employ to better understand, empower, and assist their end users to successfully use their EHR.

What other strategies do you use in your organization to gain EHR buy-in? What have been the consequences to organizations that haven’t spent the time and money to get buy-in? What could they and should they have done differently? Share your thoughts in the comments.

Learn more about the Breakaway Thinking blog series sponsor, Breakaway Learning Solutions, and download their FREE whitepaper “Leadership Insights: Gaining Value from Technology Investments.”

Digital Strategies for Improving Consumer Experience – #HITsm Chat Topic

Posted on August 29, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 9/1 at Noon ET (9 AM PT). This week’s chat will be hosted by Kyra Hagan (@HIT_Mktg_Maven) from @InfluenceHlth on the topic of “Digital Strategies for Improving Consumer Experience.”

‘Healthcare Consumerism’ is fundamentally changing the entire healthcare delivery system. Accelerated by the ACA and evolving digital landscape, consumers are taking a more active role in their healthcare management. With this paradigm shift, they expect higher quality care, greater choice and on-demand digital experiences. Like a consumer researching and booking a hotel online, healthcare consumers are ‘comparison shopping’ for the provider that best meets their needs – expecting the same timely, personalized and omni-channel experience they’ve grown accustomed to via the retail and hospitality industries.

However, unlike most industries that are leveraging data to gather behavioral insights and investing in tailored digital marketing strategies, healthcare has been sluggish to adopt new models that recharacterize patients as consumers. In fact, in a recent survey conducted by Gartner, CEOs said that two of their three most immediate technical needs are better capability in digital marketing and customer experience management. Yet, only 14% of healthcare marketing budgets went to digital efforts in 2015, while industries like retail consistently increase digital spend by double-digits annually.

Join this Twitter chat to explore how digital strategies can help hospital and healthcare leaders improve the overall healthcare consumer experience at their facilities.

Reference Materials:

Here are the questions that will serve as the framework for this week’s #HITsm chat:
T1: What do you see as the largest barriers keeping hospitals and health systems from implementing digital strategies? #HITsm

T2: What’s the first thing you’d tell a hospital/health system that is looking to improve its consumer experience via digital? #HITsm

T3: 93% of CMOs feel increased pressure to improve ROI. What digital strategies have you seen to be successful in proving ROI? #HITsm

T4: How can healthcare draw inspiration from other thriving industries like retail and hospitality in the digital realm? #HITsm

T5: Many CEOs are adding Chief Experience Officers to their team to lead consumer-focused digital change. Thoughts on this role? #HITsm

Bonus: What can we as HIT leaders do to help drive the digital transformation that the healthcare industry needs? #HITsm

Upcoming #HITsm Chat Schedule
9/8 – Digital Health Innovation in Pharma
Hosted by Naomi Fried (@naomifried)

9/15 – Unchat
This chat will have no agenda and no topic. It will be a community free-for-all where anyone can introduce any topic, subject, question, image, video, etc that they want. This could get interesting.

9/22 – TBD
TBD

9/29 – TBD
TBD

We look forward to learning from the #HITsm community! As always, let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

HHS HIPAA Breach Wall of Shame Updated

Posted on August 28, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

HHS has recently updated the HHS Wall of Shame…I mean the HIPAA Breach Reporting Tool (HBRT). Whatever you want to call the tool, you can find the most updated version here. Here’s a short description from the press release about the updates to the breach notification tool:

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) today launched a revised web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and to learn how all breaches of health information are investigated and successfully resolved. The HIPAA Breach Reporting Tool (HBRT) features improved navigation for both those looking for information on breaches and ease-of-use for organizations reporting incidents. The tool also helps educate industry on the types of breaches that are occurring, industry-wide or within particular sectors, and how breaches are commonly resolved following investigations launched by OCR, which can help industry improve the security posture of their organizations.

The new design is nice and it makes sense to finally archive some of the breaches on the list. How long should we condemn an organization that’s had a breach by having them on the list? Of course, it is still available on the archive.

Since the start of the HIPAA Breach notification tool (October 2009), there have been 1674 breach notifications (only includes breaches of 500 people or more). In just the last 24 months they’ve posted 364 breaches with nearly 28 million individuals affected. I’ll have to get my friends at Qlik to import the data to do more analysis of the data. Here’s a look at the data the tool provides:

The tool includes: the name of the entity; state where the entity is located; number of individuals affected by the breach; the date of the breach; type of breach (e.g., hacking/IT incident, theft, loss, unauthorized access/disclosure); and location of the breached information (e.g., laptop, paper records, desktop computer).

I wish they included more details on what caused the breach and more practical ways to defend against the various breaches. That would make the list a lot more actionable. However, I also understand why that would be a hard task to accomplish.

Just looking over some of the recent breaches, I wasn’t shocked by the number of hacking incidents that are being reported. We’ve widely reported on these types of hacking incidents as well. However, I was pretty shocked by how many of the recent breaches were by email. Once again, I wish I had a lot more information about what actually happened with these email breaches. Looks like HHS collects it when someone files a breach. I guess I understand why they can’t share the individual answers, but it would be nice to have some summary reports of actions taken by those that were breached.

What do you think of HHS’ updates to this tool? Is it useful in helping them reach their goal of making the industry safer? Is there something else they could do with the tool to make it work better? We look forward to reading your thoughts in the comments.

Business Associates are NOT Responsible for Clients’ HIPAA Compliance, BUT They Still Might Be At-Risk

Posted on August 25, 2017 I Written By

The following is a guest blog post by Mike Semel from Semel Consulting.

“Am I responsible for my client’s HIPAA compliance?”

“What if I tell my client to fix their compliance gaps, and they don’t? Am I liable?”

“I told a client to replace the free cable Internet router with a real firewall to protect his medical practice, but the doctor just won’t spend the money. Can I get in trouble?”

“We are a cloud service provider. Can we be blamed for what our clients do when using our platform?”

 “I went to a conference and a speaker said that Business Associates were going to be held responsible for their clients’ compliance. Is this true???”

I hear questions like these all the time from HIPAA Business Associates.

The answers are No, No, No, No, and No.

“A business associate is not liable, or required to monitor the activities of covered entities under HIPAA, but a BA has similar responsibilities as a covered entity with respect to any of its downstream subcontractors that are also BA’s,” said Deven McGraw, Deputy Director for Health Information Privacy, US Department of Health and Human Services Office for Civil Rights (OCR), Acting Chief Privacy Officer for the Office of the National Coordinator for Health Information Technology. on August 17, 2017.

So, while you aren’t responsible for your clients’ HIPAA compliance, what they do (or don’t do) still might cost you a lot, if you aren’t careful.

In my book, How to Avoid HIPAA Headaches, there are stories about HIPAA Covered Entities that suffered when their Business Associates failed to protect PHI. North Memorial Health Care paid $ 1.55 million in HIPAA penalties based on an investigation into the loss of an unencrypted laptop by one of its Business Associates, Accretive Health.

Cottage Health, a California healthcare provider, is being sued by its insurance company to get $ 4.1 million back from a settlement after Cottage Health’s IT vendor, a Business Associate,  accidently published patient records to the Internet.

Your marketing activities; what you and your salespeople say to prospects and clients; and your written Terms & Conditions; may all create liability and financial risks for you. These must be avoided.

Semel Consulting works with a lot of Business Associates.

Many are IT companies, because I spent over 30 years owning my own IT companies. I’ve been the Chief Information Officer for a hospital and a K-12 school district, and the Chief Operating Officer for a cloud backup company. I now lead a consulting company that helps clients address their risks related to regulatory compliance, cyber security, and disaster preparedness. I speak at conferences, do webinars, and work with IT companies that refer their clients to us.

I look at the world through risk glasses. What risks do our clients have? How can I eliminate them, minimize them, or share them? When we work with our healthcare and technology industry clients, we help you identify your risks, and quantify them, so you know what resources you should reasonably allocate to protect your finances and reputation.

Under HIPAA, compliance responsibility runs one way – downhill.

Imagine a patient on top of a hill. Their doctor is below the patient. You are the doctor’s IT support company, below the doctor, and any vendors or subcontractors you work with are below you.

The doctor commits to the patient that he or she will secure the patient’s Protected Health Information (PHI) in all forms – verbal, written, or electronic. This is explained in the Notice of Privacy Practices (NPP) that the doctor gives to patients.

Under HIPAA, the doctor is allowed to hire vendors to help them do things they don’t want to do for themselves. Vendors can provide a wide variety of services, like IT support; paper shredding; consulting; malpractice defense; accounting; etc. The patient is not required to approve Business Associates, and does not have to know that outsourcing is happening. This flexibility is also explained in the patient’s Notice of Privacy Practices.

As a vendor that comes in contact with PHI, or the systems that house it, you are a HIPAA Business Associate. This requires you to sign Business Associate Agreements and, since 2013, when the HIPAA Omnibus Final Rule went into effect, it also means that you must implement a complete HIPAA compliance program and be liable for any breaches you cause.

IT companies may decide to resell cloud services, online backup solutions, or store servers in a secure data center. Since the HIPAA Omnibus Final Rule went into effect, a Business Associate’s vendors (known as subcontractors) must also sign Business Associate Agreements with their customers, and implement complete HIPAA compliance programs.

Because compliance responsibility runs downhill, the doctor is responsible to the patient that his Business Associates will protect the patient’s confidential information. The Business Associates assures the doctor that they, and their subcontractors, will protect the patient’s confidential information. Subcontractors must commit to Business Associates that they will protect the information. A series of two-party agreements are required down the line from the doctor to the subcontractors.

It doesn’t work the other way. Subcontractors are not responsible for Business Associates, and Business Associates are not responsible for Covered Entities, like doctors.

HIPAA compliance responsibility, and legal and financial liability, are different.

A HIPAA Covered Entity is responsible for selecting compliant vendors. Business Associates are responsible for selecting compliant subcontractors. Subcontractors must work with compliant subcontractors.

Because Covered Entities are not liable for their Business Associates, and Business Associates are not liable for their Subcontractors, they are not required to monitor their activities. But, you still need to be sure your vendors aren’t creating risks. The Office for Civil Rights (OCR) says that:

… if a covered entity finds out about a material breach or violation of the contract by the business associate, it must take reasonable steps to cure the breach or end the violation, and, if unsuccessful, terminate the contract with the business associate. If termination is not feasible (e.g., where there are no other viable business alternatives for the covered entity), the covered entity must report the problem to the Department of Health and Human Services Office for Civil Rights. See 45 CFR 164.504(e)(1).

With respect to business associates, a covered entity is considered to be out of compliance with the Privacy Rule if it fails to take the steps described above. If a covered entity is out of compliance with the Privacy Rule because of its failure to take these steps, further disclosures of protected health information to the business associate are not permitted.

In its Cloud Service Provider (CSP) HIPAA Guidance released in 2016, the OCR said:

A covered entity (or business associate) that engages a CSP should understand the cloud computing environment or solution offered by a particular CSP so that the covered entity (or business associate) can appropriately conduct its own risk analysis and establish risk management policies, as well as enter into appropriate BAAs.  See 45 CFR §§ 164.308(a)(1)(ii)(A); 164.308(a)(1)(ii)(B); and 164.502. 

Both covered entities and business associates must conduct risk analyses to identify and assess potential threats and vulnerabilities to the confidentiality, integrity, and availability of all ePHI they create, receive, maintain, or transmit.  For example, while a covered entity or business associate may use cloud-based services of any configuration (public, hybrid, private, etc.),[3] provided it enters into a BAA with the CSP, the type of cloud configuration to be used may affect the risk analysis and risk management plans of all parties and the resultant provisions of the BAA.

How can a Business Associate be affected by a client’s compliance failure?  Here are some scenario’s.

(FYI, I am not a lawyer and this is not legal advice. These ideas came out of meetings I had with my attorney to review our contracts and our marketing. Talk to your lawyer to make sure you are protected!)

  1. IT companies should never tell your client, “We’ll be responsible for your IT so you can focus on your medical practice.”

Sound familiar? This is what many IT Managed Service Providers tell their prospects and clients.

Then the client has a data breach because they were too cheap to buy a firewall, they refused to let you implement secure passwords because it would inconvenience their staff, or they lost an unencrypted thumb drive even though you had set up a secure file sharing platform.

Someone files a HIPAA complaint, the OCR conducts an investigation, and your client pays a big fine. Then they sue you, saying you told them IT was your responsibility. Maybe they misunderstood what you included in your Managed Services. Maybe you did not clearly explain what responsibility you were accepting, and what IT responsibility was still theirs. Either way, you could spend a lot on legal fees, and even lose a lawsuit if a jury believes you made the client believe you were taking over their compliance responsibility.

  1. You must clearly identify what is, and what is not, included in your services.

Your client pays you a monthly fee for your services. Then they have a breach. They may expect that all the tasks you perform, and the many hours of extra labor you incur, are included in their monthly fee. They get mad when you say you will be charging them for additional services, even though they have just hired a lawyer at $ 500 per hour to advise them. Without written guidelines, you may not be able to get paid.

  1. You must be sure you get paid if your client drags you into something that is not your fault.

Imagine you were the IT company that set up an e-mail server for a recent presidential candidate. As unlikely as this may sound, this becomes a political issue. You just did what the client requested, but now you must hire attorneys to advise you. You must hire a public relations firm to deal with the media inquiries and protect your name in the marketplace. You must send your techs and engineers – your major source of a lot of income – to Washington for days to testify in front of Congress, after they spent more unbillable time preparing their testimony.

Who pays? How do you keep from losing your client? How do you protect your reputation?

HOW TO PROTECT YOUR FINANCES AND YOUR REPUTATION

  • Make sure you and your salespeople are careful to not overpromise your services. Make sure you and your sales team tell your prospects and clients that they are always ultimately responsible for their own security and compliance.
  • Make sure your contracts and Terms and Conditions properly protect you by identifying what services are/aren’t covered, and when you can bill for additional services. Don’t forget to include your management time when sending bills. Use a competent lawyer familiar with your needs to write your agreements and advise you on any agreements presented to you by others.
  • State in your Terms & Conditions that you will be responsible for your own company’s compliance (you are anyway) but that you are not responsible for your clients’ compliance.
  • Include terms that require your client to pay for ALL costs related to a compliance violation, government action, investigation, lawsuit, or other activity brought against them, that requires your involvement. Use a competent lawyer familiar with your needs to write your agreements and advise you on any agreements presented to you by others.
  • My attorney said we should include “change in government regulations” in our Force Majeure clause to allow us to modify our contract or our pricing before a contract expires. The 2013 HIPAA Omnibus Rule created a lot of expensive responsibilities for Business Associates. You don’t want to get stuck in an existing contract or price model if your costs suddenly increase because of a new law or rule.
  • Get good Professional Liability or Errors & Omissions insurance to protect you if you make a mistake, are sued, or dragged into a client’s investigation. Make sure you understand the terms of the policy and how it covers you. Make sure it includes legal representation. Ask for a custom policy if you need special coverage.
  • Make a negative a positive by promoting that you offer the specialized services clients will need in case they are ever audited, investigated, or sued.

If you do this right, you will protect your business and leverage compliance to increase your profits. When you focus on compliance, you can get clients willing to pay higher prices because you understand their compliance requirements. I know. I have generated millions of dollars in revenue using compliance as a differentiator.

About Mike Semel

Mike Semel is a noted thought leader, speaker, blogger, and best-selling author. He is the President and Chief Security Officer of Semel Consulting, focused on HIPAA (and other regulatory) compliance; cyber security; and Business Continuity planning. Mike is a Certified Business Continuity Professional through the Disaster Recovery Institute, a Certified HIPAA Professional, Certified Security Compliance Specialist, and Certified Health IT Specialist. He has owned or managed technology companies for over 30 years; served as Chief Information Officer (CIO) for a hospital and a K-12 school district; and managed operations at an online backup company.

Are EMR Vendors Really This Clueless?

Posted on August 24, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she’s served as editor in chief of several healthcare B2B sites.

I know that EMR vendors don’t always understand their end-users as well as they should. That’s a shame, but it’s likely to happen given how far apart their day-to-day lives are. Still, I was truly taken aback by the following.

In the introduction to a report on nurse perceptions of EHRs, researchers shared some words on their market research philosophy. I don’t think the writers intended to criticize anyone, but nonetheless, the vendors don’t come out looking very good in the process.

“Some (mainly vendors) have questioned why we conduct research to front-line users of core HIT systems, such as physicians, nurses, billers, schedulers etc.,” they wrote. “They argue that only the high-ranking decision-makers matter when it comes to tracking customer satisfaction (NPS) and winning a greater piece of the market. We’ve had senior leaders among prominent vendors essentially tell us that they don’t care about what frontline users have to say.”

Okay. (Taking a breath, letting out the bad air, taking in the good.) I don’t wanna go off on a rant here, but are those vendors completely stupid?  Are they trying to destroy whatever credibility they have left among end users?  Are they hinting that we should just sell their companies’ stocks short and live in the Bahamas the rest of our days?

To be clear, the researchers actually put a reasonably cheerful spin on all of this. They suggest, ever so politely, that if vendors pay attention to end users, they will “unlock a competitive gold mine.”  “Yes, it would require additional development resources, adjusting some roadmap goals, and resetting internal expectations, but the payoff is a quantifiable Unique Selling Proposition that just doesn’t exist very often in HIT – having a highly-rated platform among users,” they note, quite reasonably.

Being me, however, I’ll be a bit less nice. Vendors, I’m amazed we still have a health IT industry if that’s really how your leaders really think. It takes a uniquely dumb organization to keep selling products the actual users hate, and an even dumber one to ignore user feedback that could fix the problem.

While healthcare organizations may have rammed a jerry-rigged mess down users’ throats for a while, that can’t last forever — in fact, the day of reckoning is coming soon. As EMR users become more confident, wired and demanding, they’ll demand that their systems actually work for them. Imagine that!

This reckoning won’t just impact your future plans, it will come to bite you now.

If you were hoping to turn your multi-year contract into a nice, fat revenue stream, forget it. Users will scream (and inflict some pain) if the EMR is lousy to use. In a population health-based world calling for everyone to be clinical data power users, they’ll have far more clout. You’ll either spend tons of time fixing and updating things or lose your contract if your customer has an out. Either way, you’ve hollowed out your revenue stream. Good luck with that.

Consumer Data Liquidity – The Road So Far, The Road Ahead – #HITsm Chat Topic

Posted on August 23, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 8/25 at Noon ET (9 AM PT). This week’s chat will be hosted by Greg Meyer (@Greg_Meyer93) on the topic of “Consumer Data Liquidity – The Road So Far, The Road Ahead.”

As my summer tour of interoperability forums, lectures, and webinars winds down, patient engagement/data liquidity is arguably the hottest talk in town.  This leads me to a time of reflection looking back to my own personal experience over the last 10-15 years (yes, I’m still a fairly young guy) starting with early attempts to access my own family’s records, moving on to witnessing the consumer revolution of Dave deBronkart and Regina Holiday, and finally tracking the progression of HealthIT and public health legislation.  We’ve come a long way from the ubiquity of paper and binders and Xerox (oh my) to CDs and PDFs to most recently CDAs, Direct, and FHIR with the latter paving the way for a new breed of apps and tools.

With the lightning speed of change in technology and disruption vis-à-vis consumer devices, one would expect a dramatic shift in the consumer experience over the past 10 years with nirvana in the not too distant future.  Contrary to intuitive thinking, we haven’t come as far as we would like to think.  Even with legislation and a progression of technology such as C-CDA, OpenNotes, Direct, BlueButton, FHIR, and the promise of apps to bring it all together, pragmatically a lot of same the core broken processes and frustrations still exist today.  In July, ONC released a study on the health records request process based on a small sampling of consumers and 50 large health organizations.  Although most of the stories include modern technical capabilities, the processes reek of variance and inefficiencies that have persisted since the long lost days of the house call.

Not to put the whole state of affairs in gloom, there is still a potentially bright future not too far ahead.  With the convergence of forces from contemporary technical standards and recent legislation like the 21st Century Cures Act, consumer data liquidity is staying in the forefront of public health.  And let’s not forget the consumer.  It is partly because of the consumer revolution and patients demanding portability of their records that is forcing providers and vendors to open their systems as platforms of accessibility instead of fostering silos and walled gardens.

This week’s chat will explore the progression of health data access from the consumer’s perspective.

Here are the questions that will serve as the framework for this week’s #HITsm chat:
T1: Describe your perception/experiences of consumer data access 10-15 years ago. #HITsm

T2: Contrast your previous experience to today. Is your experience better, worse, or the same? #HITsm

T3: What gaps exist between what is available today (data, apps, networks, etc.) vs what you would like to have? #HITsm

T4: Would you prefer to manage/move your data yourself or expect HealthIT to do it for you. #HITsm

T5: Beyond FHIR, APIs, and apps, what is the future of consumer access and data liquidity? #HITsm

Bonus: Remember “Gimme My DaM Data?” What would be your slogan for consumer access? #HITsm

Upcoming #HITsm Chat Schedule
9/1 – Digital Strategies for Improving Consumer Experience
Hosted by Kyra Hagan (@HIT_Mktg_Maven from @InfluenceHlth)

9/8 – Digital Health Innovation in Pharma
Hosted by Naomi Fried (@naomifried

We look forward to learning from the #HITsm community! As always, let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

Why Do We Settle in Healthcare?

Posted on August 22, 2017 I Written By

The following is a guest blog post by Monica Stout, Marketing Director at MedicaSoft. This is the introductory blog in a three-part sponsored blog post series focused on new Health IT for integration. Each month, a different MedicaSoft expert will share insights on new and innovative technology and its applications in healthcare.

Imagine your typical Friday night. You’ve worked hard all week and now you’re ready to watch Netflix. You’ve picked the perfect movie. You’re ready to watch. You hit a button and your movie is right there, available and on demand. But what if it didn’t work? You’d be annoyed. You’d hop on social media to complain or see if Netflix is down. Someone somewhere would hear you.

On Black Friday or Cyber Monday, you might visit Walmart.com to search for some holiday deals. These are the busiest shopping days of the year. What if the website didn’t work? Or, what if you had to enter your shipping and billing data every single time you viewed an item? You’d be outraged. You might hop on social media to complain or see if others are experiencing the same problem. Someone somewhere would hear you.

Now imagine it’s the middle of winter and you’ve caught the latest bug du jour. You call your doctor for an appointment. When you arrive, you’re handed a clipboard and asked to fill out the same repetitive paper form with your health information that you fill out every time you visit. You’re certain they have this information already, but you’re required to fill it out yet again. You might wait 30, 40, or 60 minutes past your appointment time before you’re called back to a room.

Once you’ve made it to an exam room, a nurse comes in to take your vitals. The nurse will ask questions about what medications you are on. Nine times out of ten, the medications the nurse repeats back to you are outdated or entirely incorrect. You wonder where that data came from and are sure you’ve told this particular office the same thing the last four times you’ve gone there, so why is it wrong? Again, you wait in the exam room for the doctor. Your doctor comes in and spends more time looking at a laptop screen and clicking than making eye contact with you. Do you hop on social media and complain? Probably not. Does anybody hear you? No, because you’ve accepted that this is just how it is. In fact, you were grateful to receive a same-day appointment instead of waiting at home in misery.

The technology exists today to make things work and work fast. Other industries have intuitive UIs that people use every single day – we use them so much we don’t think about them. So, why do we settle for what doesn’t work in healthcare? Why do we accept a system that isn’t operating in ways that are beneficial or efficient to us as patients or to our doctors or nurses? Shouldn’t health information technology and the systems that support our health, well-being, and in certain situations, life or death, work more efficiently than our television subscription services or retail websites? Technology can do better in healthcare.

The technology on the back-end of Wal-Mart’s servers was robust enough to handle Black Friday and deploy with over 200 million users online THREE YEARS AGO. Amazing, right? But it’s that way because people won’t accept something that doesn’t work. If Wal-Mart’s website wasn’t available come Cyber Monday, consumers would vote with their dollars and move on to another retailer’s website that did work. That retailer would get all the business. Yet in healthcare, we keep revisiting a system that’s broken – where our health records are disjointed, incomplete, exist in duplicate (or many, many more), and just don’t work well together across practices, hospitals, or health systems. We don’t have a one centralized record with our health information serving as our source of truth. Sharing data across our providers is broken.

I realize that healthcare is more complicated than simply voting with our dollars and moving on, but why is that? The Wharton School Economics Professor Eric K. Clemons wrote a great piece on why healthcare is complicated. The technology is there to help advance healthcare to be what humans need it to be, so when will we stop accepting less? When will we demand more?

There is technology that’s easy to use and access, makes your information available, and centralizes your health information into one record. In our subsequent guest blogs, our experts will talk in more detail about these best of breed technologies and how they can be applied to healthcare to capture, exchange, and share data.

About Monica Stout
Monica is a HIT teleworker in Grand Rapids, Michigan by way of Washington, D.C., who has consulted at several government agencies, including the National Aeronautics Space Administration (NASA) and the U.S. Department of Veterans Affairs (VA). She’s currently the Marketing Director at MedicaSoft. Monica can be found on Twitter @MI_turnaround or LinkedIn.

About MedicaSoft
MedicaSoft  designs, develops, delivers, and maintains EHR, PHR, and UHR software solutions and HISP services for healthcare providers and patients around the world. For more information, visit www.medicasoft.us or connect with us on Twitter @MedicaSoftLLC, Facebook, or LinkedIn.

Nurses Still Unhappy With EHRs

Posted on August 21, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she’s served as editor in chief of several healthcare B2B sites.

A new research report looking at nurses’ perceptions of EHRs suggests that despite countless iterations, many still don’t meet the needs of one of their key user groups. While the statistics included in the report are of some value, the open text responses nurses shared tell a particularly important story of what they’re facing of late.

The study, which was conducted by Reaction Data, draws on responses from 245 nurses and nurse leaders, 85% of whom work for a hospital and 15% a medical practice. Categories in which the participants fell broke out as follows:

* Nurses                                          49%
* CNOs                                            18%
* Nurse Managers                           14%
* Directors of Nursing                     12%
* Nurse Practitioners                       2%
* Informatics Nurse                         2%
* VP of Nursing                               2%
* Director, Clinical Informatics        1%

As with most other research houses, Reaction gets the party started by offering a list of vendors’ market share. I take all of these assessments with a grain of salt, but for what it’s worth their data ranks Epic and Meditech at the top, with a 20% market share each, followed by Cerner at 18%, Allscripts with 8% and McKesson with 6%.

The report summary I’ve used to write this item doesn’t share its stats on how the nurses’ ranked specific platforms and how likely they were to recommend those platforms. However, it does note that 63% of respondents said their organization wasn’t actively looking at replacing their EHR, while just 17% said that their employer was actively looking. (Twenty percent said they didn’t know.)

Where the rubber really hit the road, though, was in the comments section. When asked what the EHR needed to improve to support them, nurses had some serious complaints to air:

  • “Many aspects, too many to list. Unfortunately we ‘customized’ many programs, so they don’t necessarily speak to each other…” —Nurse Manager
  • “When we purchased this system 4 years ago, we were told that everything would be unified on one platform within 2 years, but this did not happen and will not happen.” –CNO
  • “Horrible and is a patient safety risk!” –RN
  • “Coordination of care. Very fragmented documentation.” –CNO

So let’s see: We’ve got incompatible modules, questionable execution, safety risks and basic patient care support problems. While the vendors aren’t responsible for customers’ integration problems, I’d find this report disheartening if I were on their team. It seems to me that they ought to step up and address issues like these. I wonder if they see these things as their responsibility?

In the meantime, I’d like to offer a quick postscript. The report’s introduction makes a point of noting – rightly, I think – that the inclusion of a high percentage of non-manager nurses makes the study results far more valuable. Apparently, not everyone agrees.

In fact, some of the vendors the firm met with said flat out that they only want to know what executives have to say – and that other users’ views didn’t matter to them.

Wow. I won’t respond any further than to promise that I’ll stomp all over that premise in a separate column. Stay tuned.

Healthcare Orgs May Be Ramping Up Cybersecurity Efforts

Posted on August 18, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she’s served as editor in chief of several healthcare B2B sites.

As I’ve noted (too) many times in the past, healthcare organizations don’t have a great track record when it comes to cybersecurity. Compared to other industries, healthcare organizations spend relatively little on IT security overall, and despite harangues from people like myself, this has remained the case for many years.

However, a small new survey by HIMSS suggests that the tide may be turning. It’s not incredibly surprising to hear, as health it leaders have been facing increasingly frequent cybersecurity attacks. A case in point: In a recent study by Netwrix Corp., more than half of healthcare organizations reported struggling with malware, and that’s just one of many ongoing cyber security threats.

The HIMSS cybersecurity survey, which tallies responses from 126 IT leaders, concluded that security professionals are focusing on medical device security, and that patient safety, data breaches and malware were their top three concerns.

In the survey, HIMSS found that 71% of respondents were allocating some of their budgets toward cybersecurity and that 80% said that their organization employed dedicated cybersecurity staff.

Meanwhile, 78% of respondents were able to identify a cybersecurity staffing ratio (i.e. the number of cybersecurity specialists versus other employees), and 53% said the ratio was 1:500 which, according to HIMSS is considered the right ratio for information-centric, risk-averse businesses with considerable Internet exposure.

Also of note, it seems that budgets for cybersecurity are getting more substantial. Of the 71% of respondents whose organizations are budgeting for cybersecurity efforts, 60% allocated 3% or more of their overall budget to the problem. And that’s not all. Eleven percent of respondents said that they were allocating more than 10% of the budget to cybersecurity, which is fairly impressive.

Other stats from the survey included that 60% of respondents said their organizations employed a senior information security leader such as a Chief Information Security Officer.  In its press release covering the survey, it noted that CISOs and other top security leaders are adopting cybersecurity programs that cut across several areas, including procurement and education/training. The security leaders are also adopting the NIST Cybersecurity Framework.

According to HIMSS, 85% of respondents said they conduct a risk assessment at least once a year, and that 75% of them regularly conduct penetration testing. Meanwhile, 75% said they had some type of insider threat management program in place within their healthcare organization.

One final note: In the report, HIMSS noted that acute care providers had more specific concerns was cybersecurity than non-acute care providers. Over the next few years, as individual practices merge with larger ones, and everyone gets swept up into ACOs, I wonder if that distinction will even matter anymore.

My take is that when smaller organizations work with big ones, everyone’s tech is set up reach the level better-capitalized players have achieved, and that will standardize everyone’s concerns. What do you think?