Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Healthcare IT Career Resources

Written by:

About 10 months ago, we added Healthcare IT Central to the Healthcare Scene family of healthcare IT websites. It’s been a really amazing addition to the network and I’ve been amazed at the thousands of people that have been able to find health IT jobs thanks to Healthcare IT Central. I love blogging because you get the direct interaction with readers, but there’s a really amazing feeling that comes when you play some small role in helping someone find a job.

The other great part about the addition of Healthcare IT Central is the related Healthcare IT Today career blog. If you’re not reading that site, we just added it to our Healthcare Scene email subscription lists so you can receive the latest posts in your email inbox.

Just to give you a little flavor of the type of content we’ve been posting on Healthcare IT Today, we asked the questions, “Has There Been an EHR Consulting Slow Down?” and “Who’s More Satisfied – Full Time Health IT Professionals or Health IT Consultants?” Plus, we even posted really interesting data like a look at the Epic Salary and Bonus structure. Then, since it is a healthcare IT career website, we cover things like LinkedIn tips and LinkedIn as a professional or personal profile.

If you’re someone looking for a healthcare IT job or looking for a better healthcare IT job, we have hundreds of health IT jobs available. You might also check out Cordea Consulting, ESD, and Greythorn that recently posted jobs with us.

If those jobs aren’t your style we have other jobs like this Sales Account Executive at EHR vendor, gMed, or these system analyst jobs at Hathaway-Sycamores Child Family Services and Pentucket Medical.

If you’re an employer looking for amazing healthcare IT professionals, you can register for the site and post your jobs or search our database of over 12,000 active health IT resumes.

Hopefully some of these health IT career resources are helpful to readers of EMR and HIPAA. One thing that’s universal in healthcare is the need to find a job or hire the right talent. Hopefully we’re doing are part to help both sides of the coin.

August 26, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Can a Client Server EHR Provide All the Same Benefits of Cloud EHR?

Written by:

One of the most popular battles discussions we’ve had on this site since the beginning is around client server EHR software versus cloud EHR software. It’s a really interesting discussion and much like our US political system, most people fall into one camp or the other and like to see the world from whatever ideology their company approaches.

The reality I’ve found is that there are pros and cons to each side. Certainly cloud has won out in most industries, but there are some compelling reasons why cloud hasn’t taken hold in many parts of healthcare.

With that in mind, a client server EHR vendor asked me to list out the reasons why someone should go with a Cloud EHR over client server. Here’s my off the cuff responses:

No IT Support Needed beyond desktop support – This is a big benefit that many like. Plus, they add in the cost of the server, the cost of the local IT person and so they see it as a huge benefit to go with cloud software

Automatic Updated Software – Not always true with the cloud, but they like that the software just updates and they don’t have to go around updating software. Of course, this also has its downsides (ie. when an update happens automatically and breaks something)

Small Upfront Cost – Most Cloud solutions are billed on a monthly charge with little to no upfront cost. We could argue the accounting pieces of this and whether it’s really any better, but it feels better even if many cloud providers require the 1-2 year commitment. In some large organizations this type of payment plan is better for their accounting as well (ie. depreciation of equipment, etc)

More Secure – Obviously this could be argued either way, but those that believe cloud is more secure believe that a cloud provider has more resources and expertise to make their cloud secure vs an in house server where no one might have expertise

More Reliable (backup/disaster recovery) – Similar to the secure argument as far as expertise and ability to provide this reliability

Single Database – There are cool things you can do with data when every doctor is on one database and one standard data structure.

Available Everywhere – At home, office, hospital, etc. (Yes, this can be done by many client server as well, but not usually with the same experience).

I’m sure that a cloud EHR provider could add to my list and I hope they will in the comments. As I was making the list, I wondered to myself if a client server EHR vendor could provide all of the benefits listed above. Let me go through each.

No IT Support Needed beyond desktop support – Some EHR vendors will do all the IT support for the user. Plus, it’s a little bit of a misnomer that you need no IT support with a cloud hosted EHR. You still need someone to service your network and computers. More importantly though, most client server EHR vendors are offering a hosted EHR option which basically provides this same benefit to a practice.

Automatic Updated Software – More and more client server vendors are moving to this approach for updates as well. This is particularly true when they offer a hosted EHR environment where they can easily update the EHR. It’s a different mentality for client server EHR vendors, but it can be done in the client server environment.

Small Upfront Cost – We’ve seen this same offer from almost all of the client server EHR companies. It’s a hard switch for EHR companies to make the change from large up front payments to reoccurring revenue, but I’m seeing it happening all over the industry. The only exception might be the big hospital EHR purchase. In the ambulatory EHR market, I think everyone offers the monthly payment option.

More Secure – This is one that could be argued either way. Either one could be more secure. Client Server vs Cloud EHR doesn’t determine the security. A client server EHR can be just as secure or even more secure than a cloud EHR. I agree that generally speaking, cloud EHR is probably more secure than client server, but that’s speaking very broadly. If you care about security, you can secure a client server EHR as much or more than a cloud EHR.

More Reliable (backup/disaster recovery) – Similar to secure, you can invest in a client server infrastructure that is just as reliable as a cloud EHR. It’s true that a cloud EHR vendor can invest more money in redundant systems usually. However, a client server EHR vendor that hosts the EHR could invest just as much.

Single Database – This is the one major challenge where I think client server has a much harder time than a single database cloud EHR provider. Sure, you can export the data from all of the client server EHR software into a single database in order to do queries across client server EHR installs. A few vendors are doing just that. So, I guess it’s possible, but it’s still not happening very many places and not across all the data yet.

Available Everywhere – This can be done by client server as well, but the experience is often a subset of the in office experience. Although, this is rapidly changing. Bandwidth and technology have gotten so good, that even a client server install can be done pretty much anywhere on any device.

Conclusion
Looking through this list, it makes a great case for why client server EHR software is going to be around for a long time to come. There’s nothing on the list that’s so compelling about cloud hosted EHR software that makes it a clear cut winner.

As I thought about this topic, I tried to understand why cloud’s been the clear cut winner in so many other areas of technology. The answer for me is that in our lives portability has mattered a lot more to us. In healthcare it hasn’t mattered as much. Plus, new client server technologies have been portable enough.

Long story short, I’m a fan of cloud technologies in general, but if I were a provider and a client server technology provided me more features, functions, better workflow, etc, than a cloud EHR, I wouldn’t be afraid to select a client server EHR either.

Also worth clarifying is that this post outlines how a client server EHR can provide all of the same benefits of a cloud EHR. However, just because a client server EHR can provide those benefits, doesn’t mean that they do. Many have chosen not to offer the above solutions. Although, the same goes for cloud EHR as well.

What do you think? Are there other reasons why cloud EHR technology is so much better than client server? Is there something I’ve missed? I look forward to reading your comments.

August 25, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Where is Voice Recognition in EHR Headed?

Written by:

I’ve long been interested in voice recognition together with EHR software. In many ways it just makes sense to use voice recognition in healthcare. There was so much dictation in healthcare, that you’d think that the move to voice recognition would be the obvious move. The reality however has been quite different. There are those who love voice recognition and those who’ve hated it.

One of the major problems with voice recognition is how you integrate the popular EHR template documentation methods with voice. Sure, almost every EHR vendor can do free text boxes as well, but in order to get all the granular data it’s meant that doctors have done a mix of clicking a lot of boxes together with some voice recognition.

A few years ago, I started to see how EHR voice recognition could be different when I saw the Dragon Medical Enabled Chart Talk EHR. It was literally a night and day difference between dragon on other EHR software and the dragon embedded into Chart Talk. You could see so much more potential for voice documentation when it was deeply embedded into the EHR software.

Needless to say, I was intrigued when I was approached by the people at NoteSwift. They’d taken a number of EHR software: Allscripts Pro, Allscripts TouchWorks, Amazing Charts, and Aprima and deeply integrated voice into the EHR documentation experience. From my perspective, it was providing Chart Talk EHR like voice capabilities in a wide variety of EHR vendors.

To see what I mean, check out this demo video of NoteSwift integrated with Allscripts Pro:

You can see a similar voice recognition demo with Amazing Charts if you prefer. No doubt, one of the biggest complaints with EHR software is the number of clicks that are required. I’ve argued a number of times that number of clicks is not the issue people make it out to be. Or at least that the number of clicks can be offset with proper training and an EHR that provides quick and consistent responses to clicks (see my piano analogy and Not All EHR Clicks Are Evil posts). However, I’m still interested in ways to improve the efficiency of a doctor and voice recognition is one possibility.

I talked with a number of NoteSwift customers about their experience with the product. First, I was intrigued that the EHR vendors themselves are telling their customers about NoteSwift. That’s a pretty rare thing. When looking at adoption of NoteSwift by these practices, it seemed that doctor’s perceptions of voice recognition are carrying over to NoteSwift. I’ll be interested to see how this changes over time. Will the voice recognition doctors using NoteSwift start going home early with their charts done while the other doctors are still clicking away? Once that happens enough times, you can be sure the other doctors will take note.

One of the NoteSwift customers I talked to did note the following, “It does require them to take the time up front to set it up correctly and my guess is that this is the number one reason that some do not use NoteSwift.” I asked this same question of NoteSwift and they pointed to the Dragon training that’s long been required for voice recognition to be effective (although, Dragon has come a long way in this regard as well). While I think NoteSwift still has some learning curve, I think it’s likely easier to learn than Dragon because of how deeply integrated it is into the EHR software’s terminology.

I didn’t dig into the details of this, but NoteSwift suggested that it was less likely to break during an EHR upgrade as well. Master Dragon users will find this intriguing since they’ve likely had a macro break after their EHR gets upgraded.

I’ll be interested to watch this space evolve. I won’t be surprised if Nuance buys up NoteSwift once they’ve integrated with enough EHR vendors. Then, the tight NoteSwift voice integrations would come native with Dragon Medical. Seems like a good win win all around.

Looking into the future, I’ll be watching to see how new doctors approach documentation. Most of them can touch type and are use to clicking a lot. Will those new “digital native” doctors be interested in learning voice? Then again, many of them are using Siri and other voice recognition on their phone as well. So, you could make the case that they’re ready for voice enabled technologies.

My gut tells me that the majority of EHR users will still not opt for a voice enabled solution. Some just don’t feel comfortable with the technology at all. However, with advances like what NoteSwift is doing, it may open voice to a new set of users along with those who miss the days of dictation.

August 22, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Giving Email Addresses to Patients Who Don’t Have Them

Written by:

In my post, 4 Things Your Patient Portal Should Include, I talked about the thing patients want most in a patient portal is the ability to communicate with someone in the physician office. I still think that’s the most powerful part of a patient portal.

In response to that post, the people at Engaged Care sent me an interesting way that they’re approaching engaging the patient. Their efforts are focused on those patients who don’t have an email address. Check out this video which demonstrates the workflow they offer.

I’m not sure how many patients don’t have an email address, but this is a pretty slick solution to get them signed up for an email address. The other challenge is getting those patients who don’t have an email address motivated and skilled enough to check the newly created email as well. However, maybe access to a well done patient portal might be motivation enough for them to get involved.

The other benefit to these physician provided email addresses is that they are secure. You might remember that native email is not HIPAA secure. The email addresses that Engaged Care provides are HIPAA secure.

I’ll be interested to see how this company does. How many patients actually use the new email addresses and where they take it next. Although, I found the idea of giving patients a secure email address quite interesting.

August 21, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Can We Start Being Human?

Written by:

Excuse a moment of somewhat personal commentary, but this story in the New York Times has been making the rounds. Basically, the boards full of smiling babies in a doctor’s office are considered a privacy violation. Here’s an excerpt from the article:

Under the law, the Health Insurance Portability and Accountability Act, baby photos are a type of protected health information, no less than a medical chart, birth date or Social Security number, according to the Department of Health and Human Services. Even if a parent sends in the photo, it is considered private unless the parent also sends written authorization for its posting, which almost no one does.

When I read stories like this, I ask myself “Have we lost all common sense? Can’t we be human?” I get how privacy is important. I’ve written this blog for 9 years and so I know the consequences of HIPAA breaches. Although, I think Dr. Moritz covers my view really well:

“I think we have to have some common sense with this HIPAA business,” Dr. Moritz continued. “To leave medical records open to the public, to throw lab results in the garbage without shredding them, that makes sense” to prohibit. “But if somebody wants to post a picture of something that’s been going on for a millennium and is a tradition, it seems strange to me not to do that,” he said.

I know there are ways to comply with the law and preserve the baby board. Have the parents sign a release form when they drop off the picture. I think you could also add this note in your HIPAA notice that the patient signs before their first visit. However, I think this is missing the point. Isn’t it common sense that someone who sends a picture of their baby to the office isn’t afraid of having that picture shared?

Certainly this change is not life or death stuff. Although, I think the baby boards did provide some humanity to an otherwise sterile office. However, I hate the trend of where this leads. In far too many things we can’t be human anymore. Common sense is missing in so many areas of life and instead of giving people the benefit of the doubt we’re too easy to condemn people who had no ill intent.

I realize there are bad people out there that do bad things. However, they’re the minority and its sad when the minority is able to have such an impact on the majority.

August 19, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Chinese Hackers Reportedly Access 4.5 Million Medical Records

Written by:

The headline of a tech startup blog I read pretty regularly caught my attention today, “Another day, another Chinese hack: 4.5M medical records reportedly accessed at national hospital operator“. The title seems to say it all. It’s almost like the journalist sees the breach as the standard affair these days. Just to be clear, I don’t think he thinks breaches are standard in healthcare, I think he thinks breaches are standard in all IT. As he says at the end of the article:

Community Health Systems joins a long list of large companies suffering from major cybersecurity breaches. Among them, Target, Sony, Global Payment Systems, eBay, Visa, Adobe, Yahoo, AOL, Zappos, Marriott/Hilton, 7-Eleven, NASDAQ, and others.

Yes, healthcare is not alone in their attempt to battle the powers of evil (and some not so evil, but possibly dangerous) forces that are hacking into systems large and small. We can certainly expect this trend to continue and likely get worse as more and more data is stored electronically.

For those interested in the specific story, Community Health Systems, a national hospital provider based in Nashville reported the HIPAA breach in their latest SEC filings. Pando Daily reported that “Chinese Hackers” used a “highly sophisticated malware” to breach Community Health Systems between April and June. What doesn’t make sense to me is this part of the Pando Daily article:

The outside investigators described the breach as dealing with “non-medical patient identification data,” adding that no financial data was stolen. The data, which includes patient names, addresses, birth dates, telephone numbers, and Social Security numbers, was, however, protected under the Health Insurance Portability and Accountability Act (HIPPA).

I’m not sure what they define as financial data, but social security numbers feel like financial data to me. Maybe they meant hospital financial data, but that’s an odd comment since a stack of social security numbers is likely a lot more valuable than some hospital financial data. The patient data they describe could be an issue for HIPAA though.

As is usually the case in major breaches like this, I can’t imagine a chinese hacker is that interested in “patient data.” In fact, from the list, I’d define the data listed as financial data. I’ve read lots of stories that pin the value of a medical record on the black market as $50 per record. A credit card is worth much less. However, I bet if I were to dig into the black market of data (which I haven’t since that’s not my thing), I bet I’d find a lot of buyers for credit card data tied to other personal data like birth date and addresses. I bet it would be hard to find a buyer for medical data. As in many parts of life, something is only as valuable as what someone else is willing to pay for it. People are willing to pay for financial data. We know that.

We shouldn’t use this idea as a reason why we don’t have to worry about the security and privacy of healthcare data. We should take every precaution available to create a culture of security and privacy in our institutions and in our healthcare IT implementations. However, I’m just as concerned with the local breach of a much smaller handful of patient data as I am the 4.5 million medical record breach to someone in China. They both need to be prevented, but the former is not 4.5 million times worse. Well, unless you’re talking about potential HIPAA penalties.

August 18, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Why You Should Stage Patient Portal Implementations

Written by:

In response to a discussion I started on LinkedIn about the 4 Things Your Patient Portal Should Include, Travis Moore, MBA, RN, VP at MEDSEEK, added some really great insight into how to have a successful patient portal implementation:

I agree with your assessment on trying to do too much. While many portals on the market, including MEDSEEK’s Empower Patient Portal offer a variety of features, what we at MEDSEEK have found is that it is best to roll out with a subset of features vs. the “big bang” approach for two major reasons. One, you don’t want to overwhelm patients with too many features, as they don’t end up using the “essential” ones appropriately to better activate them in their care. It’s like buying the SLR camera that does 100 things. Reality is, you use 3 of the features for a period of time to get the job done, but then over time, you get comfortable and want to take on more because you take a class, a friend teaches you, etc., and your photos become even better. Same for patient portals, you have to have the features available for future use to further enhance the experience, but roll them out methodically.

And two, many organizations just can’t handle the “do everything at once” deployment, operationally speaking. It’s not a technology “thing”, it’s an operational and cultural issue. I can say from first hand experience as Nurse on both the usage, and deployment end, you have to deploy these patient engagement tools in chunks because if your front line personnel, nurses, aren’t able to clearly articulate to the patient what value it will bring to them when they access it, patients are less likely to use the variety of features in a patient portal. And to Mike’s point about a comprehensive view, that’s exactly why an Enterprise solution is required to bring all of that data together into one view for the patient….and with ACOs, the importance of the enterprise access is even more critical. Patient’s don’t know or care what EMRs, scheduling, or billing systems an HCO has, they just want the “Expedia or Banking-like” experience to see and act upon the information regardless of the source system. It is also critical moving forward that interactive plans of care are accessible and actionable for the patients, and / or their family members, to better engage and activate patients in their care where they spend most of their time, outside the four walls of the organization.

I like the idea of a staged portal implementation. Unfortunately, sometimes that’s not possible since some patient portals are an all or nothing exercise. Plus, meaningful use has accelerated so many implementations. It’s too bad, because there’s real value in staged deployments. The beauty of staged deployments is that once you roll out a few features, then people are interested in what else you can roll out. I’ve seen this same principle work in staged EHR implementations as well. Of course, that provides the added challenge of being ready to roll out the rest of the features as well. Otherwise, you end up with unhappy end users.

August 13, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

What Can We Learn from Robin Williams

Written by:

“You treat a disease, you win, you lose. You treat a person, I’ll guarantee you’ll win.” – Robin Williams

One of the best quotes from the amazing movie Patch Adams. Maybe it was naive of me, but when I got my first job in healthcare I thought a lot about the movie Patch Adams. Besides being a great movie, it illustrated so well the impact great healthcare can have on people’s lives.

I realize that as an IT person I only have a tangential impact on patients, but that’s ok with me. I still know the impact I can have on many people’s lives and that’s exciting to me. Sitting in board rooms or IT offices, we could use more people thinking about the patient and not just the bottom line. I think that’s the message of Patch Adams that’s portrayed so well by Robin Williams.

Here’s another clip from one of my favorite Robin William’s movies: Read more..

August 12, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Complete Health IT Security is a Myth, But That Doesn’t Mean We Shouldn’t Try

Written by:

As I mentioned, last week I had the opportunity to attend the Black Hat conference in Las Vegas. There were over 9000 attendees and 180+ speakers sharing on the latest and greatest IT security and privacy topics. Black Hat is more appropriately called a hackers conference (although Defcon is more hardcore hacker than Black Hat which had plenty of corporate prensence) for good reason. You turn off your devices and be careful what you do. There’s a certain paranoia that comes when one of the vendor handouts is a foil credit card cover that prevents someone from stealing your credit card number. I didn’t quite have my tin foil hat on, but you could start to understand the sentiment.

One of the most interesting things about Black Hat is to get an idea of the mentality of the hacker. Their creative process is fascinating. Their ability to work around obstacles is something we should all learn to incorporate into our lives. I think for most of these hackers, there’s never a mentality of something can’t be done. It’s just a question of figuring out a way to work around whatever obstacles are in their way. We could use a little more of this mentality in dealing with the challenges of healthcare.

The biggest thing I was reminded of at the event was that complete security and privacy is a myth. If someone wants to get into something badly enough, they’ll find a way. As one security expert I met told me, the only secure system is one that’s turned off, not connected to anything, and buried underground. If a computer or device is turned on, then it’s vulnerable.

The reality is that complete security shouldn’t be our goal. Our goal should be to make our systems secure enough that it’s not worth someone’s time or effort to break through the security. I can assure you that most of healthcare is far from this level of security. What a tremendous opportunity that this presents.

The first place to start in any organization is to create a culture of security and privacy. The one off efforts that most organization apply after a breach or an audit aren’t going to get us there. Instead, you have to incorporate a thoughtful approach to security into everything you do. This starts at the RFP continues through the procurement process extends into the implementation and continues on through the maintenance of the product.

Security and privacy efforts in an organization are hard to justify since they don’t increase the bottom line. This is another reason why the efforts need to be integrated into everything that’s done and not just tied to a specific budget line item. As a budget line item, it’s too easy to cut it out when budgets get tight. The good news is that a little effort throughout the process can avoid a lot of heartache later on. Ask an organization that’s had a breach or failed an audit.

August 11, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Comprehensive Patient View, Social Media Time, and Linking Millions of EMR

Written by:


You don’t really need to click on the link above. The answer is no. The answer is that it probably won’t ever happen. There are just too many source systems where our health data is stored and it’s getting more complicated, not less.


If the social media maven Mandi has a challenge getting her social media on, now you can understand why many others “don’t have the time.” It takes a commitment and many don’t want to make that commitment. It doesn’t make them bad people. We all only have so many hours in a day.


No need to read this link either. Although, I found it great that they described the challenge as linking millions of EMR. Let’s be generous and say there are 700 EHR vendors. Unfortunately, that doesn’t describe what it takes to make EMR interoperable. To use a cliche phrase, if you’ve connected with one Epic installation, you’ve connected with one Epic installation. I know it’s getting better, but it’s not there. If you want interoperable EMR data, you need to connect a lot of different installs.

August 10, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.