Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

An Alternate Way Of Authenticating Patients

Posted on July 5, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Lately, I’ve been experimenting with a security app I downloaded to my Android phone. The app, True Key by Intel Security, allows you to log in by presenting your face for a scan or using your fingerprint. Once inside the app, you can access your preferred apps with a single click, as it stores your user name and passwords securely. Next, I simplified things further by downloading the app to my laptop and tablet, which synchs up whatever access info I enter across all devices.

From what I can see, Intel is positioning this as a direct-to-consumer play. The True Key documentation describes the app as a tool non-techies can use to access sites easily, store passwords securely and visit their favorite sites across all of their devices without re-entering authentication data. But I’m intrigued by the app’s potential for enterprise healthcare security access control.

Right now, there are serious flaws in the way application access is managed. As things stand, authentication information is usually stored in the same network infrastructure as the applications themselves, at least on a high-level basis. So the process goes like this, more or less: Untrusted device uses untrusted app to access a secure system. The secure system requests credentials from the device user, verifies them against an ID/PW database and if they are correct, logs them in.

Of course, there are alternatives to this approach, ranging from biometric-only access and instantly-generated, always-unique passwords, but few organizations have the resources to maintain super-advanced access protocols. So in reality, most enterprises have to firewall up their security and authentication databases and pray that those resources don’t get hacked. Theoretically, institutions might be able to create another hacking speed bump by storing authentication information in the cloud, but that obviously raises a host of additional security questions.

So here’s an idea. What if health IT organizations demanded that users install biometrically-locked apps like True Key on their devices? Then, enterprise HIT software could authenticate users at the device level – surely a possibility given that devices have unique IDs – and let users maintain password security at their end. That way, if an enterprise system was hacked, the attacker could gain access to device information, but wouldn’t have immediate access to a massive ID and PW database that gave them access to all system resources.

What I’m getting at, here, is that I believe healthcare organizations should maintain relationships with patients (as represented by their unique devices) rather than their ID and password. While no form of identity verification is perfect, to me it seems a lot more like that it’s really me logging in if I had to use my facial features or fingerprint as an entry point. After all, virtually any ID/PW pair chosen by a user can be guessed or hacked, but if you authenticate to my face/fingerprint and a registered device, the odds are high that you’re getting me.

So now it’s your turn, readers. What flaws do you see in this approach? Have you run into other apps that might serve this purpose better than True Key? Should HIT vendors create these apps? Have at it.

NIST Goes After Infusion Pump Security Vulnerabilities

Posted on January 28, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As useful as networked medical devices are, it’s become increasingly apparent that they pose major security risks.  Not only could intruders manipulate networked devices in ways that could harm patients, they could use them as a gateway to sensitive patient health information and financial data.

To make a start at taming this issue, the National Institute of Standards and Technology has kicked off a project focused on boosting the security of wireless infusion pumps (Side Note: I wonder if this is in response to Blackberry’s live hack of an infusion pump). In an effort to be sure researchers understand the hospital environment and how the pumps are deployed, NIST’s National Cybersecurity Center of Excellence (NCCoE) plans to work with vendors in this space. The NCCoE will also collaborate on the effort with the Technological Leadership Institute at the University of Minnesota.

NCCoE researchers will examine the full lifecycle of wireless infusion pumps in hospitals, including purchase, onboarding of the asset, training for use, configuration, use, maintenance, decontamination and decommissioning of the pumps. This makes a great deal of sense. After all, points of network connection are becoming so decentralized that every touchpoint is suspect.

The team will also look at what types of infrastructure interconnect with the pumps, including the pump server, alarm manager, electronic medication administration record system, point of care medication, pharmacy system, CPOE system, drug library, wireless networks and even the hospital’s biomedical engineering department. (It’s sobering to consider the length of this list, but necessary. After all, more or less any of them could conceivably be vulnerable if a pump is compromised.)

Wisely, the researchers also plan to look at the way a wide range of people engage with the pumps, including patients, healthcare professionals, pharmacists, pump vendor engineers, biomedical engineers, IT network risk managers, IT security engineers, IT network engineers, central supply workers and patient visitors — as well as hackers. This data should provide useful workflow information that can be used even beyond cybersecurity fixes.

While the NCCoE and University of Minnesota teams may expand the list of security challenges as they go forward, they’re starting with looking at access codes, wireless access point/wireless network configuration, alarms, asset management and monitoring, authentication and credentialing, maintenance and updates, pump variability, use and emergency use.

Over time, NIST and the U of M will work with vendors to create a lab environment where collaborators can identify, evaluate and test security tools and controls for the pumps. Ultimately, the project’s goal is to create a multi-part practice guide which will help providers evaluate how secure their own wireless infusion pumps are. The guide should be available late this year.

In the mean time, if you want to take a broader look at how secure your facility’s networked medical devices are, you might want to take a look at the FDA’s guidance on the subject, “Cybersecurity for Networked Medical Devices Containing Off-the-Shelf Software.” The guidance doc, which was issued last summer, is aimed at device vendors, but the agency also offers a companion document offering information on the topic for healthcare organizations.

If this topic interests you, you may also want to watch this video interview talking about medical device security with Tony Giandomenico, a security expert at Fortinet.

Biometric Use Set To Grow In Healthcare

Posted on January 15, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

I don’t know about you, but until recently I thought of biometrics as almost a toy technology, something you’d imagine a fictional spy like James Bond circumvent (through pure manliness) when entering the archenemy’s hideout. Or perhaps retinal or fingerprint scans would protect Batman’s lair.

But today, in 2016, biometric apps are far from fodder for mythic spies. The price of fingerprint scan-based technology has fallen to nearly zero, with vendors like Apple offering fingerprint-based security options as a standard part of its iOS iPhone operating system. Another free biometric security option comes courtesy of Intel’s True Key app, which allows you to access encrypted app data by scanning and recognizing your facial features. And these are just trivial examples. Biometrics technologies, in short, have become powerful, usable and relatively affordable — elevating them well above other healthcare technologies for some security problems.

If none of this suggests to you that the healthcare industry needs to adopt biometrics, you may have a beef with Raymond Aller, MD, director of informatics at the University of Southern California. In an interview with Healthcare IT News, Dr. Aller argues that our current system of text-based patient identification is actually dangerous, and puts patients at risk of improper treatments and even death. He sees biometric technologies as a badly needed, precise means of patient identification.

What’s more, biometrics can be linked up with patients’ EMR data, making sure the right history is attached to the right person. One health system, Novant Health, uses technology registering a patient’s fingerprints, veins and face at enrollment. Another vendor is developing software that will notify the patient’s health insurer every time that patient arrives and leaves, steps which are intended to be sure providers can’t submit fradulent bills for care not delivered.

As intriguing as these possibilities are, there are certainly some issues holding back the use of biometric approaches in healthcare. And many are exposed, such as Apple’s Touch ID, which is vulnerable to spoofing. Not only that, storing and managing biometric templates securely is more challenging than it seems, researchers note. What’s more, hackers are beginning to target consumer-focused fingerprint sensors, and are likely to seek access to other forms of biometric data.

Fortunately, biometric security solutions like template protection and biocryptography are becoming more mature. As biometric technology grows more sophisticated, patients will be able to use bio-data to safely access their medical records and also pay their bills. For example, MasterCard is exploring biometric authentication for online payments, using biometric data as a password replacement. MasterCard Identity Check allows users to authenticate transactions via video selfie or via fingerprint scanning.

As readers might guess from skimming the surface of biometric security, it comes with its own unique security challenges. It could be years before biometric authentication is used widely in healthcare organizations. But biometric technology use is picking up speed, and this year may see some interesting developments. Stay tuned.

Measuring Patient Discomfort Using Brainwave Activity

Posted on December 30, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Digital health opportunities are popping up everywhere and in every part of the nation. The IoT Journal (Internet of Things) recently profiled a hospital down the street from me who is exploring IoT’s potential to bring drug free relief to patients. Here’s a short excerpt from the article:

Until recently, when health-care providers wanted to gauge the level of discomfort a patient was enduring, they typically had to ask that individual to rate his or her pain—for example, on a scale of 1 to 10—and then use that information to plan treatment accordingly. If they wanted to ease the patient’s pain, they needed to administer medication.

Several months ago AccendoWave released an alternative solution that does not require medication and is personalized to each patient. The system was released in June 2015, says Martha Lawrence, AccendoWave’s founder and CEO, and has since been tested at several facilities. The company has spent seven years researching its solution for assessing patient discomfort levels, and is now using a headband that measures electroencephalography (EEG) activity and prompts a tablet PC to provide content aimed at reducing that discomfort.

The AccendoWave headband, which has seven EEG sensor leads built into it, transmits its brain-wave measurements to the tablet via a Bluetooth connection. The tablet, a Samsung Tab 4, uses its built-in AccendoWave software to process patient brain-wave data and then display diversionary content, including games, music, video clips and full-length movies. If, as a patient views a specific piece of content, the brain waves change to indicate increasing comfort, that content remains on the screen. If the content does not appear to have a positive effect on the brain waves, the software continues to select other content until it displays something appealing to the patient.

Pretty interesting approach. The article does note that they don’t use the brainwave data to determine how much medication to administer. They just use it as a way to assess the system’s effectiveness. They also do patient surveys to assess the impact of the device on a patient’s comfort. The article says that since the hospital implemented the system in the hospital, “1,600 patients have used the device to date, and more than 450 have completed surveys…More than 90 percent of responders reported viewing the system in a positive light.”

I’ve seen these EEG sensors for a while and they’re pretty neat. However, I always wondered how they’d actually be implemented and how they could be used to benefit patient care. No doubt it’s still early in their efforts to use and assess brainwaves, but it’s a pretty interesting solution to tie brain wave activity to soothing images. I’ll be watching to see how this evolves.

Are These Types of Breaches Really Necessary?

Posted on December 28, 2015 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Over the past couple of days, I took the time to look over Verizon’s 2015 Protected Health Information Data Breach Report.  (You can get it here, though you’ll have to register.)

While it contained many interesting data points and observation — including that 90% percent of the industries researchers studied had seen a personal health information breach this year — the stat that stood out for me was the following. Apparently, almost half (45.5%) of PHI breaches were due to the lost or theft of assets. Meanwhile, issue of privileges and miscellaneous errors came in at distant second and third, at just over 20% of breaches each.

In case you’re the type who likes all the boxes checked, the rest of the PHI breach-causing list, dubbed the “Nefarious Nine,” include “everything else” at 6.7%, point of sale (3.8%), web applications (1.9%), crimeware, (1.4%), cyber-espionage (0.3%), payment card skimmers (0.1%) and denial of service at a big fat zero percent.

According to the report’s authors, lost and stolen assets have been among the most common vectors for PHI exposure for several years. This is particularly troubling given that one of the common categories of breach — theft of a laptop — involves data which was not encrypted.

If stolen or lost assets continue to be a problem year after year, why haven’t companies done more to address this problem?

In the case of firms outside of the healthcare business, it’s less of a surprise, as there are fewer regulations mandating that they protect PHI. While they may have, say, employee worker’s compensation data on a laptop, that isn’t the core of what they do, so their security strategy probably doesn’t focus on safeguarding such data.

But when it comes to healthcare organizations — especially providers — the lack of data encryption is far more puzzling.

As the report’s authors point out, it’s true that encrypting data can be risky in some situations; after all, no one wants to be fumbling with passwords, codes or biometrics if a patient’s health is at risk.

That being said, my best guess is that if a patient is in serious trouble, clinicians will be attending to patients within a hospital. And in that setting, they’re likely to use a connected hospital computer, not a pesky, easily-stealable laptop, tablet or phone. And even if life-saving data is stored on a portable device, why not encrypt at least some of it?

If HIPAA fears and good old common sense aren’t good enough reasons to encrypt that portable PHI, what about the cost of breaches?  According to one estimate, data breaches cost the healthcare industry $6 billion per year, and breaches cost the average healthcare organization $3.5 million per year.

Then there’s the hard-to-measure cost to a healthcare organization’s brand. Patients are becoming increasingly aware that their data might be vulnerable, and a publicly-announced breach might give them a good reason to seek care elsewhere.

Bottom line, it would be nice to see out industry take a disciplined approach to securing easily-stolen portable PHI. After years of being reminded that this is a serious issue, it’s about time to institute a crackdown.

Mark Cuban’s Suggestion to Do Regular Blood Tests

Posted on April 24, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve been really intrigued by the tweets from Mark Cuban and the response from many to his tweets from those in the healthcare IT community. Here’s a summary of the 3 tweets which ignited the discussion:

  1. If you can afford to have your blood tested for everything available, do it quarterly so you have a baseline of your own personal health
  2. create your own personal health profile and history. It will help you and create a base of knowledge for your children, their children, etc
  3. a big failing of medicine = we wait till we are sick to have our blood tested and compare the results to “comparable demographics”

My friends Dan Munro and Gregg Masters have both been writing a lot about the subject, but there are many others as well. They’ve been hammering Mark Cuban for “giving medical advice” to people when he’s not a doctor. I find these responses really ironic since many of the people who are railing against Mark Cuban are the same people who are calling for us to take part in the quantified self movement.

What I think these people who rail against Mark Cuban want to say is: Don’t misunderstand what Mark’s saying. More testing doesn’t always improve healthcare. In fact, more testing can often lead to a lot of unneeded healthcare.

This is a noble message that’s worthy of sharing. However, I think Mark Cuban understands this. That’s why one of his next tweets told people to get the tests, but don’t show the results to their doctors until they’re sick. In fact, Mark even suggests in his tweets that the history of all these tests could be beneficial to his children and their children. He also calls it a baseline. Mark’s not suggesting that people get these blood tests as a screening for something, but as a data store of health data that could be beneficial sometime in the future.

How is Mark Cuban storing the results of a bunch of blood tests any different than him storing the results from his fitbit or other health sensor?

One problem some people have pointed out is that if you’re doing these blood tests as a baseline, then what if the blood tests weren’t accurate? Then, you’d be making future medical decisions based on a bunch of incorrect data. This is an important point worth considering, but it’s true of any health history. Plus, how are we suppose to make these blood tests more accurate? If the Mark Cuban’s of the world want to be our guinea pigs and do all these blood tests, that’s fine with me. Having them interested in the data could lead to some breakthroughs in blood testing that we wouldn’t have discovered otherwise.

Along with improving the quality of the data the tests produce, it’s possible that having all of this data could help people discover something they wouldn’t have otherwise seen. Certainly any of these possible discoveries should go through the standard clinical trial process before being applied to patients broadly. However, researchers only have so much time and so many resources to commit to clinical trials. Could all the data from a wide swatch of blood tests better help a research identify which research or clinical trials are worth pursuing first? I think so.

For me it all goes back to the wide variety of health sensors that are hitting the market. A blood test is just a much more powerful test than many of the health sensors we see on the market today. So, the warning to be careful about what you read into all these blood tests is an incredibly important message. However, with that fair warning, I don’t see any problem with Mark’s suggestion. In fact, I think all of the extra data could lead to important discoveries that improve the quality of the tests and what measurements really matter.

How Secure Are Wearables?

Posted on October 1, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

JaneenB asks a really fantastic question in this tweet. Making sure that wearables are secure is going to be a really hot topic. Yesterday, I was talking with Mac McMillan from Cynergistek and he suggested that the FDA was ready to make medical device security a priority. I’ll be interested to see what the FDA does to try and regulate security in medical devices, but you can see why this is an important thing. Mac also commented that while it’s incredibly damaging for someone to hack a pacemaker like the one Vice President Cheney had (has?), the bigger threat is the 300 pumps that are installed in a hospital. If one of them can be hacked, they all can be hacked and the process for updating them is not simple.

Of course, Mac was talking about medical device security from more of an enterprise perspective. Now, let’s think about this across millions of wearable devices that are used by consumers. Plus, many of these consumer wearable devices don’t require FDA clearance and so the FDA won’t be able to impose more security restrictions on them.

I’m not really sure the answer to this problem of wearable security. Although, I think two steps in the right direction could be for health wearable companies to first build a culture of security into their company and their product. This will add a little bit of expense on the front end, but it will more than pay off on the back end when they avoid security issues which could literally leave the company in financial ruins. Second, we could use some organization to take on the effort of reporting on the security (or lack thereof) of these devices. I’m not sure if this is a consumer reports type organization or a media company. However, I think the idea of someone holding organizations accountable is important.

We’re definitely heading towards a world of many connected devices. I don’t think we have a clear picture of what this means from a security perspective.

Has the Google Glass Hype Passed?

Posted on September 23, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

It seems to me that the hype over Google Glass is done. Enough people started using them and many couldn’t see the apparent value. In fact, some are wondering if Google will continue to invest in it. They’ve gone radio silent on Google Glass from what I’ve seen. We’ll see if they’re planning to abandon the project or if they’re just reloading.

While the future of Google Glass seems unsure to me, I think the idea of always on, connected computing is still alive and well. Whether it’s eyeware, a watch or dome other wearable doesn’t matter to me. Always on, connected computing is a powerful concept.

I’m also interested in the telemedicine and second screen approaches that have been started using Google Glass in Healthcare. Both of these concepts will be an important part of the fabric of health care going forward.

I still remember the wow factor that occurred when I first used Google Glass. It still amazes me today. I just wish it were a little more functional and didn’t hurt my eyes when I used it for long periods.

What do you think of Google Glass and the category of always on computing?  Do you see something I’m missing?

Is The Future of Smart Clothing Modular or Integrated?

Posted on September 4, 2014 I Written By

Kyle is CoFounder and CEO of Pristine, a VC backed company based in Austin, TX that builds software for Google Glass for healthcare, life sciences, and industrial environments. Pristine has over 30 healthcare customers. Kyle blogs regularly about business, entrepreneurship, technology, and healthcare at kylesamani.com.

OMSignal recently raised $10M to build sensors into smart clothes. Sensoria recently raised $5M in pursuit of the same mission, albeit using different tactics. Meanwhile, Apple hired the former CEO of Burberry, Angela Ahrendts, to lead its retail efforts.

And Google is pushing Android Wear in a major way, with significant adoption and uptake by OEMs.

There’re two distinct approaches that are evolving in the smart clothing space. OMSignal, Sensoria, and Apple are taking a full-stack, vertical approach. OMSignal and Sensoria are building sensors into clothing and selling their own clothes directly to consumers. Although Apple hasn’t announced anything to compete with OMSignal or Sensoria, it’s clear they’re heading into the smart clothing space in traditional Apple fashion with the launch of Health, the impending launch of the iWatch, and the hiring of Angela Ahrendts.

Google, on the other hand, is licensing Android Wear to OEM vendors in traditional Google fashion: by providing the operating system and relevant Google Services to OEMs who can customize and configure and compete on retail and marketing. Although Google is yet to announce partnerships with any more traditional clothing vendors, it’s inevitable that they’ll license Android Wear to more traditional fashion brands that want to produce smart, sensor-laden clothing.

Apple’s vertically-integrated model is powerful because it allows Apple to pioneer new markets that require novel implementations utilizing intertwined software and hardware. Pioneering a new factor is especially difficult when dealing with separate hardware and software vendors and all of the associated challenges: disparate P&Ls, different visions, and unaligned managerial mandates. However, once the new form factor is understood, modular hardware and software companies can quickly optimize each component to drive down costs and create new choices for consumers. This approached has been successfully played out in the PC, smartphone, and tablet form factors.

Apple’s model is not well-suited to being the market leader in terms of raw volume. Indeed, Apple optimizes towards the high end, not the masses and this strategy has served them well. But it will be interesting to see how they, along with other vertically integrated smart-clothing vendors, approach the clothing market. Fashion is already an established industry that is predicated on variety, choice, and personalization; these traits are the antithesis of the Apple model. There’s no way that 20% or even 10% of the population will wear t- shirts, polos, tank tops, dresses, business clothes, etc., (which I’ll collectively call the “t-shirt market”) made by a single company. No one company can so single-handedly dominate the t-shirt market. People simply desire too many choices for that to happen.

OMSignal and Sensoria don’t need to worry about this problem as much as Apple since they’re targeting niche use cases in fitness and health. However, as they scale and set their sites on the mass consumer market, they will need to figure out a strategy to drive massive personalization. Apple, given its scale and brand, will need to address the personalization problem in the t- shirt market before they enter it.

The t-shirt market is going to be exciting to watch over the coming decades. There are enormous opportunities to be had. Let the best companies win!

Feel free to a drop a comment with how you think the market will play out. Will the startups open up their sensors to 3rd party clothing companies? Will Apple? How will Google counteract?

Where is Voice Recognition in EHR Headed?

Posted on August 22, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve long been interested in voice recognition together with EHR software. In many ways it just makes sense to use voice recognition in healthcare. There was so much dictation in healthcare, that you’d think that the move to voice recognition would be the obvious move. The reality however has been quite different. There are those who love voice recognition and those who’ve hated it.

One of the major problems with voice recognition is how you integrate the popular EHR template documentation methods with voice. Sure, almost every EHR vendor can do free text boxes as well, but in order to get all the granular data it’s meant that doctors have done a mix of clicking a lot of boxes together with some voice recognition.

A few years ago, I started to see how EHR voice recognition could be different when I saw the Dragon Medical Enabled Chart Talk EHR. It was literally a night and day difference between dragon on other EHR software and the dragon embedded into Chart Talk. You could see so much more potential for voice documentation when it was deeply embedded into the EHR software.

Needless to say, I was intrigued when I was approached by the people at NoteSwift. They’d taken a number of EHR software: Allscripts Pro, Allscripts TouchWorks, Amazing Charts, and Aprima and deeply integrated voice into the EHR documentation experience. From my perspective, it was providing Chart Talk EHR like voice capabilities in a wide variety of EHR vendors.

To see what I mean, check out this demo video of NoteSwift integrated with Allscripts Pro:

You can see a similar voice recognition demo with Amazing Charts if you prefer. No doubt, one of the biggest complaints with EHR software is the number of clicks that are required. I’ve argued a number of times that number of clicks is not the issue people make it out to be. Or at least that the number of clicks can be offset with proper training and an EHR that provides quick and consistent responses to clicks (see my piano analogy and Not All EHR Clicks Are Evil posts). However, I’m still interested in ways to improve the efficiency of a doctor and voice recognition is one possibility.

I talked with a number of NoteSwift customers about their experience with the product. First, I was intrigued that the EHR vendors themselves are telling their customers about NoteSwift. That’s a pretty rare thing. When looking at adoption of NoteSwift by these practices, it seemed that doctor’s perceptions of voice recognition are carrying over to NoteSwift. I’ll be interested to see how this changes over time. Will the voice recognition doctors using NoteSwift start going home early with their charts done while the other doctors are still clicking away? Once that happens enough times, you can be sure the other doctors will take note.

One of the NoteSwift customers I talked to did note the following, “It does require them to take the time up front to set it up correctly and my guess is that this is the number one reason that some do not use NoteSwift.” I asked this same question of NoteSwift and they pointed to the Dragon training that’s long been required for voice recognition to be effective (although, Dragon has come a long way in this regard as well). While I think NoteSwift still has some learning curve, I think it’s likely easier to learn than Dragon because of how deeply integrated it is into the EHR software’s terminology.

I didn’t dig into the details of this, but NoteSwift suggested that it was less likely to break during an EHR upgrade as well. Master Dragon users will find this intriguing since they’ve likely had a macro break after their EHR gets upgraded.

I’ll be interested to watch this space evolve. I won’t be surprised if Nuance buys up NoteSwift once they’ve integrated with enough EHR vendors. Then, the tight NoteSwift voice integrations would come native with Dragon Medical. Seems like a good win win all around.

Looking into the future, I’ll be watching to see how new doctors approach documentation. Most of them can touch type and are use to clicking a lot. Will those new “digital native” doctors be interested in learning voice? Then again, many of them are using Siri and other voice recognition on their phone as well. So, you could make the case that they’re ready for voice enabled technologies.

My gut tells me that the majority of EHR users will still not opt for a voice enabled solution. Some just don’t feel comfortable with the technology at all. However, with advances like what NoteSwift is doing, it may open voice to a new set of users along with those who miss the days of dictation.