Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Legacy Health IT Systems – So Old They’re Secure

Posted on April 21, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve been thinking quite a bit about the ticking time bomb that is legacy healthcare IT systems. The topic has been top of mind for me ever since Galen Healthcare Solutions wrote their Tackling EHR & EMR Transition series of blog posts. This is an important topic even if it’s not a sexy one.

I don’t think we need to dive into the details of why legacy healthcare IT systems are a security risk for most healthcare organizations. Hospitals and health systems have hundreds of production systems that they’re trying to keep secure. It’s not hard to see why legacy systems get forgotten. Forgotten systems are ripe for hackers and others that want to do nefarious things.

Although, I did hear someone recently talking about legacy health IT systems who said that they had some technology in their organization that was so old it was secure again. I guess there’s something to say about having systems that are so old that hackers don’t have tools that can breach such old systems or that can read old files. Not to mention that many of these older systems weren’t internet connected.

While I find humor in the idea that something could be so old that it’s secure again, that’s not the reality for most legacy systems. Most old systems can be breached and will be breached if they’re not considered “production” when it comes to patching and securing them.

When you think about the costs of updating and securing your legacy systems like you would a production system for security purposes, it’s easy to see why finding a way to sunset these legacy systems is becoming a popular option. Sure, you have to find a way to maintain the integrity of the data, but the tools to do this have come a long way.

The other reason I like the idea of migrating data from a legacy system and sunsetting the old system is that this often opens the door for users to be able to access the legacy data. When the data is stored on the legacy system it’s generally not used unless it’s absolutely necessary. If you migrate that legacy data to an archival platform, then the data can be used by more people to influence care. That’s a good thing.

Legacy health IT systems are a challenge that isn’t going to go away. In fact, it’s likely to get worse as we transition from one software to the next. Having a strategy for these legacy systems which ensures security, compliance, and extracts value is going to be a key to success for every healthcare organization.

Staying Connected Beyond the Patient Visit

Posted on April 20, 2017 I Written By

The following is a guest blog post by Brittany Quemby, Marketing Strategist for Stericycle Communication Solutions, as part of the Communication Solutions Series of blog posts. Follow and engage with them on Twitter: @StericycleComms
Brittany Quemby - Stericycle
I see it everywhere I go – heads down, thumbs flexing. We live in an era where our devices occupy our lives. When I’m sitting at the airport waiting for my flight, standing in line at the grocery store, waiting to be called at my doctor’s office, I see it – heads down, thumbs flexing. Although I wish we weren’t always heads down in our phones, it is inevitable, we rely on our smartphone to stay connected.  As it stands today, roughly two-thirds of Americans own a smart phone, meaning they have access to email, voice, and text at their fingertips.

The increase in connectivity that the smartphone gives its user provides physicians a whole new way to communicate beyond the patient visit. Below are some tips that can help healthcare professionals stay connected while improving engagement, behaviors, and revenue outcomes.

Consider the patient’s preferences
Quite often only one piece of contact information is gathered for a patient and it is typically a home phone number. Patients expect to be communicated with where it is convenient for them, and in a recent survey on preferred communication methods, 76 percent off respondents said that text messages were more convenient above emails and phone calls.  If you are looking to connect with patients in a meaningful way, consider asking them their preferred method of contact to help maximize your engagement.

Use a various methods of communication
Recently we surveyed over 400 healthcare professionals to learn about the ways they are communicating and engaging with their patients. Our findings revealed that 41 percent of physicians and healthcare professionals utilize various methods to connect and communicate with their patients.  Long gone are the days when you could reach someone by a simple phone call. Today, if I need to get in touch with someone this is how it goes down: I will email them, then I will call them to let them know I emailed them, and then I text them to tell them to go read my email.  A recent report shows that on average 91 percent of all United States consumers use email daily and that text messages have a 45 percent response rate and a 98 percent open rate. Connecting with patients through multiple channels of communication can show a significant change in patient responsiveness and behavior, including an increase in healthcare ownership, a decrease in no shows, and a substantial increase in revenue.

Automate your patient communication messages
Investing in an automated patient communication solution is a great way to connect with your patients beyond the doctor’s office. It will not only increase patient behaviors, efficiencies, satisfaction and convenience, but will also dramatically impact your bottom-line.

A comprehensive automated patient communication platform allows include regular and frequent communication from your organization to the patient in a simple and easy way.  Consider implementing some of the following automated communication tactics to help you increase your practice’s efficiencies while continuing to engage with patients outside of the office:

  • Send appointment reminders: Send automated appointment reminders to ensure patients show up to their appointment both on time and prepared.
  • Follow-up communication: Patients only retain 20 to 60 percent of information that is shared with them during the appointment. Send a text or email with pertinent follow-up information to increase patient satisfaction and decrease readmissions.
  • Program promotion: Connect with patients to encourage them to come in for important initiatives your practice is holding like your flu-shot clinic.
  • Message broadcast: Communicate important information like an office closure or rescheduling due to severe weather.

The Communication Solutions Series of blog posts is sponsored by Stericycle Communication Solutions, a leading provider of high quality call center & telephone answering servicespatient access services and automated communication technology. Stericycle Communication Solutions combines a human touch with innovative technology to deliver best-in-class communication services.  Connect with Stericycle Communication Solutions on social media: @StericycleComms

tranSMART and i2b2 Show that Open Source Software Can Fuel Precision Medicine

Posted on April 19, 2017 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Medical reformers have said for years that the clinic and the research center have to start working closely together. The reformists’ ideal–rarely approached by any current institution–is for doctors to stream data about treatments and outcomes to the researchers, who in turn inject the insights that their analytics find back into the clinic to make a learning institution. But the clinicians and researchers have trouble getting on the same page culturally, and difficulties in data exchange exacerbate the problem.

On the data exchange front, software developers have long seen open source software as the solution. Proprietary companies are stingy in their willingness to connect. They parcel out gateways to other providers as expensive favors, and the formats often fail to mesh anyway (as we’ve always seen in electronic health records) because they are kept secret. In contrast, open source formats are out for everyone to peruse, and they tend to be simpler and more intuitive. As open source, the software can be enhanced by anyone with programming skill in order to work with other open source software.

Both of these principles are on display in the recent merger announced by two open source projects, the tranSMART Foundation and i2b2. As an organizational matter, this is perhaps a minor historical note–a long-awaited rectification of some organizational problems that have kept apart two groups of programmers who should always have been working together. But as a harbinger of progress in medicine, the announcement is very significant.

tranSMART logo

Here’s a bit about what these two projects do, to catch up readers who haven’t been following their achievements.

  • i2b2 allows doctors to transform clinical data into a common format suitable for research. The project started in 2004 in response to an NIH Roadmap initiative. It was the brainchild of medical researchers trying to overcome the frustrating barriers to extracting and sharing patient data from EHRs. The nugget from which i2b2 came was a project of the major Boston hospital consortium, Partners Healthcare. As described in another article, the project was housed at the Harvard Medical School and mostly funded by NIH.

  • The “trans” in tranSMART stands for translational research, the scientific effort that turns chemistry and biology into useful cures. It was a visionary impulse among several pharma companies that led them to create the tranSMART Foundation in 2013 from a Johnson & Johnson project, as I have documented elsewhere, and then to keep it open source and turn it into a model of successful collaboration. Their software helps researchers represent clinical and research data in ways that facilitate analytics and visualizations. In an inspired moment, the founders of the tranSMART project chose the i2b2 data format as the basis for their project. So the tranSMART and i2b2 foundations have always worked on joint projects and coordinated their progress, working also with the SMART open source API.

Why, then, have tranSMART and i2b2 remained separate organizations for the past three or four years? I talked recently with Keith Elliston, CEO of the tranSMART, who pointed to cultural differences as the factor that kept them apart. A physician culture drove i2b2, whereas a pharma and biochemistry research culture drove tranSMART. In addition, as development shops, they evolved in very different ways from the start.

tranSMART, as I said, adopted a robust open source strategy early on. They recognized the importance of developing a community, and the whole point of developing a foundation–just like other stalwarts of the free software community, such as the Apache Foundation, OpenStack Foundation, and Linux Foundation–was to provide a nurturing but neutral watering hole from which many different companies and contributors could draw what they need. Now the tranSMART code base benefits from 125 different individual contributors.

In contrast, i2b2 started and remained a small, closely-knit team. Although the software was under an open source license, the project operated in a more conservative model, although accepting external contributions.

Elliston says the two projects have been talking for the last two and a half years about improving integration and more recently merging, and that each has learned the best of what the other has to offer in order to meet in the middle. tranSMART is adopting some of i2b2’s planning, while i2b2 is learning how to organize a community around its work.

Together they believe their projects can improve more quickly. Ultimately, they’ll contribute to the movement to target cures to patients, proceeding now under the name Precision Medicine. Fund-raising and partnerships will be easier.

I have written repeatedly about these organizations to show the power that free and open source software brings to medicine. Their timely merger shows that open source overcomes cultural and institutional barriers. What it did for these two organizations it can do for the fractured landscape of hospitals, clinics, long-term care facilities, behavioral health centers, and other medical institutions struggling to work together. My hope is that the new foundation’s model for collaboration, as well as the results of its research, can slay the growing monster of health care costs and make us all healthier.

Disruptive Innovation vs Incremental Improvement – #HITsm Chat Topic

Posted on April 18, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 4/21 at Noon ET (9 AM PT). This week’s chat will be hosted by Colin Hung (@Colin_Hung) on the topic of “Disruptive Innovation vs Incremental Improvement”.

The term “disruptive innovation” has been driven into our minds by technology and business media. It is the goal of many #HealthIT startups as well as innovation teams at healthcare organizations. Everyone is hoping that their technology or service will be labeled as the next disruptive innovation. I dare say that we are in danger of becoming so obsessed with being disruptive that we are ignoring the here-and-now.

When Clayton Christensen coined the term “disruptive innovation” back in the 90s, he used a very strict definition:

A process by which a product or service takes root initially in simple applications at the bottom of a market and then relentlessly moves up market, eventually displacing established competitors.

In a more recent 2015 HBR article Christensen warns about labeling every improvement as disruptive:

Many researchers, writers, and consultants use “disruptive innovation” to describe any situation in which an industry is shaken up and previously successful incumbents stumble. But that’s much too broad a usage.

If we get sloppy with our labels or fail to integrate insights from subsequent research and experience into the original theory, then managers may end up using the wrong tools for their context, reducing their chances of success. Over time, the theory’s usefulness will be undermined.

Using Christensen’s definition, a disruptive innovation in healthcare would be something that starts off in the underserved part of the market (ex: people who don’t seek care or can’t afford it) and would be seen by incumbents (healthcare providers) as an inferior solution. Slowly that new product/service would go up-market until it replaces the incumbents. Using this lens, many of today’s supposed disruptive #HealthIT innovations fall short. There aren’t many that are aimed at the underserved healthcare markets.

When you use the more common definition, a disruptive innovation is anything that shakes up an incumbent’s market. In a perverse way, this common understanding leads to fear and self-preserving actions. By labeling something as disruptive, you immediately put incumbents on notice – and in response they raise barriers to protect themselves. In a risk-adverse environment like healthcare, convincing someone to adopt a new technology or process is difficult enough but when you label a technology as disruptive, additional barriers get raised: How will it affect privacy? How will clinicians react to it? Will it impact billing? Very few healthcare organizations want to be first to adopt an unproven technology/process.

So the question is, do we even need to proactively seek disruptive innovation in healthcare? Can we not just focus on rapid incremental improvements instead? Let’s fix EHRs so that they aren’t administrative burdens on physicians. Let’s redesign patient portals to be easier to use and let’s fill them with the content patients actually want. Let’s figure out ways to make healthcare payments more transparent. Are we so desperate for a label that we’ve lost sight of making an everyday difference?

Join me on Friday April 21st at 12:00pm ET as we discuss the following questions on #HITsm:

The Questions
T1: Is healthcare too biased against adopting disruptive innovations? Can this bias ever be overcome? #HITsm

T2: Are #HealthIT companies too focused on finding/funding TOMORROW’s disruptive innovation (aka moonshot) vs improvements TODAY? #HITsm

T3: Is the problem just one of labeling? Does it matter in #HealthIT that something is disruptive vs incremental? #HITsm

T4: What do you believe will be the next disruptive innovation in healthcare?  #HITsm

T5: What can be done in healthcare to create an environment where innovation AND improvements are welcomed & encouraged? #HITsm

Bonus: If you had unlimited resources and budget, how would you use them to disrupt healthcare? #HITsm

Be sure to also join tonight’s #hcldr chat where Colin is starting the conversation around disruptive innovation vs incremental improvement.

Upcoming #HITsm Chat Schedule
4/28 – Where Did You Start and How Did You Get Here? The Story of Your Healthcare Career Path
Hosted by Lizzie Barrett (@eliztbarrett)

5/5 – Precision Health 101: Understanding the Keys to Value
Hosted by Bob Rogers (@ScientistBob) from @IntelHealth

5/12 – TBD
TBD

5/19 – Patient Education Using Healthcare Social Media
Hosted by Anne Zieger (@annezieger)

5/26 – TBD
Hosted by Chad Johnson (@OchoTex)

We look forward to learning from the #HITsm community! As always let us know if you have ideas for how to make #HITsm better.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

AMIA Shares Recommendations On Health IT-Friendly Policymaking

Posted on April 17, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The American Medical Informatics Association has released the findings from a new paper addressing health IT policy, including recommendation on how policymakers can support patient access to health data, interoperability for clinicians and patient care-related research and innovation.

As the group accurately notes, the US healthcare system has transformed itself into a digital industry at astonishing speed, largely during the past five years. Nonetheless, many healthcare organizations haven’t unlocked the value of these new tools, in part because their technical infrastructure is largely a collection of disparate systems which don’t work together well.

The paper, which is published in the Journal of the American Medical Informatics Association, offers several policy recommendations intended to help health IT better support value-based health, care and research. The paper argues that governments should implement specific policy to:

  • Enable patients to have better access to clinical data by standardizing data flow
  • Improve access to patient-generated data compiled by mHealth apps and related technologies
  • Engage patients in research by improving ways to alert clinicians and patients about research opportunities, while seeing to it that researchers manage consent effectively
  • Enable patient participation in and contribution to care delivery and health management by harmonizing standards for various classes of patient-generated data
  • Improve interoperability using APIs, which may demand that policymakers require adherence to chosen data standards
  • Develop and implement a documentation-simplification framework to fuel an overhaul of quality measurement, ensure availability of coded EHRs clinical data and support reimbursement requirements redesign
  • Develop and implement an app-vetting process emphasizing safety and effectiveness, to include creating a knowledgebase of trusted sources, possibly as part of clinical practice improvement under MIPS
  • Create a policy framework for research and innovation, to include policies to aid data access for research conducted by HIPAA-covered entities and increase needed data standardization
  • Foster an ecosystem connecting safe, effective and secure health applications

To meet these goals, AMIA issued a set of “Policy Action Items” which address immediate, near-term and future policy initiatives. They include:

  • Clarifying a patient’s HIPAA “right to access” to include a right to all data maintained by a covered entity’s designated record set;
  • Encourage continued adoption of 2015 Edition Certified Health IT, which will allow standards-based APIs published in the public domain to be composed of standard features which can continue to be deployed by providers; and
  • Make effective Common Rule revisions as finalized in the January 19, 2017 issue of the Federal Register

In looking at this material, I noted with interest AMIA’s thinking on the appropriate premises for current health IT policy. The group offered some worthwhile suggestions on how health IT leaders can leverage health data effectively, such as giving patients easy access to their mHealth data and engaging them in the research process.

Given that they overlap with suggestions I’ve seen elsewhere, we may be getting somewhere as an industry. In fact, it seems to me that we’re approaching industry consensus on some issues which, despite seeming relatively straightforward have been the subject of professional disputes.

As I see it, AMIA stands as good a chance as any other healthcare entity at getting these policies implemented. I look forward to seeing how much progress it makes in drawing attention to these issues.

DNA Tests and Meaningful Use Humor – Fun Friday

Posted on April 14, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

It’s Friday, so time for a little humor to start your weekend. First up is one that regular readers of this site will appreciate when it comes to the now tainted phrase: meaningful use:

This Dilbert comic seemed particularly relevant given that 23andMe just got FDA authorization for their consumer genetic health risk reports.

Have a great weekend!

No Duh, FTP Servers Pose PHI Security Risk

Posted on April 12, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The File Transfer Protocol is so old – it was published in April 1971 – that it once ran on NCP, the predecessor of TCP/IP. And surprise, surprise, it’s not terribly secure, and was never designed to be so either.

Security researchers have pointed out that FTP servers are susceptible to a range of problems, including brute force attacks, FTP bounce attacks, packet capture, port stealing, spoofing attacks and username enumeration.

Also, like many IP specifications designed prior before standard encryption approaches like SSL were available, FTP servers don’t encrypt traffic, with all transmissions in clear text and usernames, passwords, commands and data readable by anyone sniffing the network.

So why am I bothering to remind you of all of this? I’m doing so because according to the FBI, cybercriminals have begun targeting FTP servers and in doing so, accessing personal health information. The agency reports that these criminals are attacking anonymous FTP servers associated with medical and dental facilities. Plus, don’t even know they have these servers running.

Getting into these servers is a breeze, the report notes. With anonymous FTP servers, attackers can authenticate to the FTP server using meaningless credentials like “anonymous” or “ftp,” or use a generic password or email address to log in. Once they gain access to PHI, and personally identifiable information (PII), they’re using it to “intimidate, harass, and blackmail business owners,” the FBI report says.

As readers may know, once these cybercriminals get to an anonymous FTP server, they can not only attack it, but also gain write access to the server and upload malicious apps.

Given these concerns, the FBI is recommending that medical and dental entities ask their IT staff to check their networks for anonymous FTP servers. And if they find any, the organization should at least be sure that PHI or PII aren’t stored on those servers.

The obvious question here is why healthcare organizations would host an anonymous FTP server in the first place, given its known vulnerabilities and the wide variety of available alternatives. If nothing else, why not use Secure FTP, which adds encryption for passwords and data transmission while retaining the same interface as basic FTP? Or what about using the HTTP or HTTPS protocol to share files with the world? After all, your existing infrastructure probably includes firewalls, intrusion detection/protection solutions and other technologies already tuned to work with web servers.

Of course, healthcare organizations face a myriad of emerging data security threats. For example, the FDA is so worried about the possibility of medical device attacks that it issued agency guidance on the subject. The agency is asking both device manufacturers and healthcare facilities to protect medical devices from cybersecurity threats. It’s also asking hospitals and healthcare facilities to see that they have adequate network defenses in place.

But when it comes to hosting anonymous FTP servers on your network, I’ve got to say “really?” This has to be a thing that the FBI tracks and warns providers to avoid? One would think that most health IT pros, if not all, would know better than to expose their networks this way. But I suppose there will always be laggards who make life harder for the rest of us!

Healthcare Content Creation for the Audience Economy – #HITsm Chat Topic

Posted on April 11, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 4/14 at Noon ET (9 AM PT). This week’s chat will be hosted by Jess Clifton (@jslentzclifton), Sarah Bennight (@sarahbennight), and Steve Sisko (@shimcode) on the topic of “Healthcare Content Creation for the Audience Economy”.

The Healthcare IT Marketing and PR Conference (HITMC) took place last week and, as would be expected from an event largely attended by “marketing people,” social media lit up with content, insight, opinions and a bit of wackiness. Almost 2200 tweets were shared on Twitter alone during the three-day conference with the lion’s share of those tweets addressing the following topics:

  • Inspiration including leveraging influencer/champions, employees and the importance of passion
  • Content including case studies, personalization, repurposing, strategies, and use of experts as content creators.
  • Buyer Personas & Customer Journeys
  • Importance of Video and visual content
  • Innovation
  • Pitching media outlets and others to convey your content
  • Tips, tips and more tips

Based on the above and all the good information emanating from the HITMC event, this week’s #HITsm chat will explore “Healthcare Content Creation for the Audience Economy” via the following topics:

The Questions
T1: What are some of the ways content & messages can be made inspirational and humanized? #HITsm

T2: What are characteristics of a ‘good’ SME and how do you identify SME’s in your organization, tribe, circle of associates? #HITsm

T3: What are most effective types of ‘personalized content’ to share w/ a buyer & at what point in their journey? #HITsm

T4: What are some of the ways video can be used to market and support healthcare products/services?  #HITsm

T5: What’s not going to change in Healthcare in the next 10 years and how will content remain the same as it is today? #HITsm

Bonus: What are some of the best content marketing tips you learned at the HITMC? Or would like to share if you didn’t attend? #HITsm

Content, Insight, Opinions, Tips & Bits of Wackiness from #HITMC
For a curated list of tweets emanating from the HITMC event, check out this blog post.

Upcoming #HITsm Chat Schedule
4/21 – Innovation vs Incremental
Hosted by @Colin_Hung

4/28 – TBD

5/5 – TBD
Hosted by @IntelHealth

We look forward to learning from the #HITsm community! As always let us know if you have ideas for how to make #HITsm better.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

Will Data Aggregation For Precision Medicine Compromise Patient Privacy?

Posted on April 10, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Like anyone else who follows medical research, I’m fascinated by the progress of precision medicine initiatives. I often find myself explaining to relatives that in the (perhaps far distant) future, their doctor may be able to offer treatments customized specifically for them. The prospect is awe-inspiring even for me, someone who’s been researching and writing about health data for decades.

That being the case, there are problems in bringing so much personal information together into a giant database, suggests Jennifer Kulynych in an article for OUPblog, which is published by Oxford University Press. In particular, bringing together a massive trove of individual medical histories and genomes may have serious privacy implications, she says.

In arguing her point, she makes a sobering observation that rings true for me:

“A growing number of experts, particularly re-identification scientists, believe it simply isn’t possible to de-identify the genomic data and medical information needed for precision medicine. To be useful, such information can’t be modified or stripped of identifiers to the point where there’s no real risk that the data could be linked back to a patient.”

As she points out, norms in the research community make it even more likely that patients could be individually identified. For example, while a doctor might need your permission to test your blood for care, in some states it’s quite legal for a researcher to take possession of blood not needed for that care, she says. Those researchers can then sequence your genome and place that data in a research database, and the patient may never have consented to this, or even know that it happened.

And there are other, perhaps even more troubling ways in which existing laws fail to protect the privacy of patients in researchers’ data stores. For example, current research and medical regs let review boards waive patient consent or even allow researchers to call DNA sequences “de-identified” data. This flies in the face of conventional wisdom that there’s no re-identification risk, she writes.

On top of all of this, the technology already exists to leverage this information for personal identification. For example, genome sequences can potentially be re-identified through comparison to a database of identified genomes. Law enforcement organizations have already used such data to predict key aspects of an individual’s face (such as eye color and race) from genomic data.

Then there’s the issue of what happens with EMR data storage. As the author notes, healthcare organizations are increasingly adding genomic data to their stores, and sharing it widely with individuals on their network. While such practices are largely confined to academic research institutions today, this type of data use is growing, and could also expose patients to involuntary identification.

Not everyone is as concerned as Kulynych about these issues. For example, a group of researchers recently concluded that a single patient anonymization algorithm could offer a “standard” level of privacy protection to patient, even when the organizations involved are sharing clinical data. They argue that larger clinical datasets that use this approach could protect patient privacy without generalizing or suppressing data in a manner that would undermine its usefulness.

But if nothing else, it’s hard to argue Kulynych’s central concern, that too few rules have been updated to reflect the realities of big genomic and medical data stories. Clearly, state and federal rules  need to address the emerging problems associated with big data and privacy. Otherwise, by the time a major privacy breach occurs, neither patients nor researchers will have any recourse.

Healthcare IT Marketing Is Needed – #HITMC

Posted on April 7, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The past 3 days, I’ve been deep in the thralls of the Healthcare IT Marketing and PR Conference (HITMC). It brings together a few hundred of the leading healthcare IT marketing and PR professionals. This year we have quite a few healthcare (not IT) marketing and PR professionals as well. I think at HITMC 2018 we’re going to have to expand the conference to include all healthcare marketers as well. Regardless, I’m extremely proud of being part of such a great community.

Yes, I said community, because that’s what HITMC really is…it’s a community of healthcare IT marketing and PR professionals. It’s something special and I think those in attendance at the conference feel it when they attend the event. Those who attend, care for each other and want to see the rest of the community be successful. At this year’s event we’ve also incorporated a number of outside perspectives to try and make sure we’re not just an echo chamber of the same people saying the same things. That’s a challenge that we’ll continue to battle.

What’s been amazing to me about this community is how much they want to improve healthcare. Certainly there are a few outliers that are only in this for the money. However, the large majority of marketing and PR professionals do the work they do because they believe they can impact healthcare in a good way. They believe that the products and services their company offers can make healthcare better. That’s a powerful idea and I assure you that most of them have this as their goal. They could probably make more money pedaling nail polish or other consumer product, but they chose healthcare because of the unique mission healthcare offers.

At last year’s event I had this epiphany when I realized that the work we do with the Healthcare IT Marketing and PR community is important not just for the individuals who attend the conference and not for the companies whom they represent, but for healthcare as a whole. Many of the marketing and PR professionals in the HITMC community work for companies that can make healthcare better. Many doctors, nurses, front desk staff, etc are suffering needlessly because they don’t know that there’s a solution to their problems out there. That’s where marketing and PR professionals come in. If they’re not doing their job, then many people suffer in ignorance.

As I mentioned, there are some rotten apples out there that are only in it for the money. They aren’t trying to market something of value, they’re just trying to line the coffers of their company. However, my experience is that these people are more the exception than the rule.

This conference is exhausting to organize. Especially for my wife who bears the largest burden as I’m busy working on the conference. However, when I think about the importance of the work we do, it makes me proud to be a small part of the extraordinary HITMC (Health IT Marketing and PR Community).