Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

AMIA Shares Recommendations On Health IT-Friendly Policymaking

Posted on April 17, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The American Medical Informatics Association has released the findings from a new paper addressing health IT policy, including recommendation on how policymakers can support patient access to health data, interoperability for clinicians and patient care-related research and innovation.

As the group accurately notes, the US healthcare system has transformed itself into a digital industry at astonishing speed, largely during the past five years. Nonetheless, many healthcare organizations haven’t unlocked the value of these new tools, in part because their technical infrastructure is largely a collection of disparate systems which don’t work together well.

The paper, which is published in the Journal of the American Medical Informatics Association, offers several policy recommendations intended to help health IT better support value-based health, care and research. The paper argues that governments should implement specific policy to:

  • Enable patients to have better access to clinical data by standardizing data flow
  • Improve access to patient-generated data compiled by mHealth apps and related technologies
  • Engage patients in research by improving ways to alert clinicians and patients about research opportunities, while seeing to it that researchers manage consent effectively
  • Enable patient participation in and contribution to care delivery and health management by harmonizing standards for various classes of patient-generated data
  • Improve interoperability using APIs, which may demand that policymakers require adherence to chosen data standards
  • Develop and implement a documentation-simplification framework to fuel an overhaul of quality measurement, ensure availability of coded EHRs clinical data and support reimbursement requirements redesign
  • Develop and implement an app-vetting process emphasizing safety and effectiveness, to include creating a knowledgebase of trusted sources, possibly as part of clinical practice improvement under MIPS
  • Create a policy framework for research and innovation, to include policies to aid data access for research conducted by HIPAA-covered entities and increase needed data standardization
  • Foster an ecosystem connecting safe, effective and secure health applications

To meet these goals, AMIA issued a set of “Policy Action Items” which address immediate, near-term and future policy initiatives. They include:

  • Clarifying a patient’s HIPAA “right to access” to include a right to all data maintained by a covered entity’s designated record set;
  • Encourage continued adoption of 2015 Edition Certified Health IT, which will allow standards-based APIs published in the public domain to be composed of standard features which can continue to be deployed by providers; and
  • Make effective Common Rule revisions as finalized in the January 19, 2017 issue of the Federal Register

In looking at this material, I noted with interest AMIA’s thinking on the appropriate premises for current health IT policy. The group offered some worthwhile suggestions on how health IT leaders can leverage health data effectively, such as giving patients easy access to their mHealth data and engaging them in the research process.

Given that they overlap with suggestions I’ve seen elsewhere, we may be getting somewhere as an industry. In fact, it seems to me that we’re approaching industry consensus on some issues which, despite seeming relatively straightforward have been the subject of professional disputes.

As I see it, AMIA stands as good a chance as any other healthcare entity at getting these policies implemented. I look forward to seeing how much progress it makes in drawing attention to these issues.

No Duh, FTP Servers Pose PHI Security Risk

Posted on April 12, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The File Transfer Protocol is so old – it was published in April 1971 – that it once ran on NCP, the predecessor of TCP/IP. And surprise, surprise, it’s not terribly secure, and was never designed to be so either.

Security researchers have pointed out that FTP servers are susceptible to a range of problems, including brute force attacks, FTP bounce attacks, packet capture, port stealing, spoofing attacks and username enumeration.

Also, like many IP specifications designed prior before standard encryption approaches like SSL were available, FTP servers don’t encrypt traffic, with all transmissions in clear text and usernames, passwords, commands and data readable by anyone sniffing the network.

So why am I bothering to remind you of all of this? I’m doing so because according to the FBI, cybercriminals have begun targeting FTP servers and in doing so, accessing personal health information. The agency reports that these criminals are attacking anonymous FTP servers associated with medical and dental facilities. Plus, don’t even know they have these servers running.

Getting into these servers is a breeze, the report notes. With anonymous FTP servers, attackers can authenticate to the FTP server using meaningless credentials like “anonymous” or “ftp,” or use a generic password or email address to log in. Once they gain access to PHI, and personally identifiable information (PII), they’re using it to “intimidate, harass, and blackmail business owners,” the FBI report says.

As readers may know, once these cybercriminals get to an anonymous FTP server, they can not only attack it, but also gain write access to the server and upload malicious apps.

Given these concerns, the FBI is recommending that medical and dental entities ask their IT staff to check their networks for anonymous FTP servers. And if they find any, the organization should at least be sure that PHI or PII aren’t stored on those servers.

The obvious question here is why healthcare organizations would host an anonymous FTP server in the first place, given its known vulnerabilities and the wide variety of available alternatives. If nothing else, why not use Secure FTP, which adds encryption for passwords and data transmission while retaining the same interface as basic FTP? Or what about using the HTTP or HTTPS protocol to share files with the world? After all, your existing infrastructure probably includes firewalls, intrusion detection/protection solutions and other technologies already tuned to work with web servers.

Of course, healthcare organizations face a myriad of emerging data security threats. For example, the FDA is so worried about the possibility of medical device attacks that it issued agency guidance on the subject. The agency is asking both device manufacturers and healthcare facilities to protect medical devices from cybersecurity threats. It’s also asking hospitals and healthcare facilities to see that they have adequate network defenses in place.

But when it comes to hosting anonymous FTP servers on your network, I’ve got to say “really?” This has to be a thing that the FBI tracks and warns providers to avoid? One would think that most health IT pros, if not all, would know better than to expose their networks this way. But I suppose there will always be laggards who make life harder for the rest of us!

Will Data Aggregation For Precision Medicine Compromise Patient Privacy?

Posted on April 10, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Like anyone else who follows medical research, I’m fascinated by the progress of precision medicine initiatives. I often find myself explaining to relatives that in the (perhaps far distant) future, their doctor may be able to offer treatments customized specifically for them. The prospect is awe-inspiring even for me, someone who’s been researching and writing about health data for decades.

That being the case, there are problems in bringing so much personal information together into a giant database, suggests Jennifer Kulynych in an article for OUPblog, which is published by Oxford University Press. In particular, bringing together a massive trove of individual medical histories and genomes may have serious privacy implications, she says.

In arguing her point, she makes a sobering observation that rings true for me:

“A growing number of experts, particularly re-identification scientists, believe it simply isn’t possible to de-identify the genomic data and medical information needed for precision medicine. To be useful, such information can’t be modified or stripped of identifiers to the point where there’s no real risk that the data could be linked back to a patient.”

As she points out, norms in the research community make it even more likely that patients could be individually identified. For example, while a doctor might need your permission to test your blood for care, in some states it’s quite legal for a researcher to take possession of blood not needed for that care, she says. Those researchers can then sequence your genome and place that data in a research database, and the patient may never have consented to this, or even know that it happened.

And there are other, perhaps even more troubling ways in which existing laws fail to protect the privacy of patients in researchers’ data stores. For example, current research and medical regs let review boards waive patient consent or even allow researchers to call DNA sequences “de-identified” data. This flies in the face of conventional wisdom that there’s no re-identification risk, she writes.

On top of all of this, the technology already exists to leverage this information for personal identification. For example, genome sequences can potentially be re-identified through comparison to a database of identified genomes. Law enforcement organizations have already used such data to predict key aspects of an individual’s face (such as eye color and race) from genomic data.

Then there’s the issue of what happens with EMR data storage. As the author notes, healthcare organizations are increasingly adding genomic data to their stores, and sharing it widely with individuals on their network. While such practices are largely confined to academic research institutions today, this type of data use is growing, and could also expose patients to involuntary identification.

Not everyone is as concerned as Kulynych about these issues. For example, a group of researchers recently concluded that a single patient anonymization algorithm could offer a “standard” level of privacy protection to patient, even when the organizations involved are sharing clinical data. They argue that larger clinical datasets that use this approach could protect patient privacy without generalizing or suppressing data in a manner that would undermine its usefulness.

But if nothing else, it’s hard to argue Kulynych’s central concern, that too few rules have been updated to reflect the realities of big genomic and medical data stories. Clearly, state and federal rules  need to address the emerging problems associated with big data and privacy. Otherwise, by the time a major privacy breach occurs, neither patients nor researchers will have any recourse.

Study: “Information Blocking” By Vendors And Providers Persists

Posted on April 6, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A newly-released study suggests that both EHR vendors and providers may still be interfering with the free exchange of patient healthcare data. The researchers concluded that despite the hearty disapproval of both Congress and healthcare providers, the two still consider “information blocking” to be in their financial interest.

To conduct the study, which appears in this month’s issue of The Milbank Quarterly, researchers conducted a national survey between October 2015 and January 2015. Researchers reached out to leaders driving HIE efforts among provider organizations. The study focused on how often information blocking took place, what forms it took and how effective various policy strategies might be at stopping the practice.

It certainly seems that the practice continues to be a major issue of concern to HIE leaders. Eighty-three percent of respondents said they were very familiar with information blocking, while just 12 percent reported having just some familiarity with the practice and 5 percent said they had minimal familiarity. On average, the respondents offered a good cross-industry view, having worked with 18 EHR vendors and with 31 hospitals or health systems on average.

Forms of Blocking:

If the research is accurate, information blocking is a widespread and persistent problem.

When questioned about specific forms of information by EHR vendors, 29 percent of respondents said that vendors often or routinely roll out products with limited interoperability capabilities. Meanwhile, 47 percent said that vendors routinely or often charge high fees for sharing data across HIEs, and 42 percent said that the vendors routinely or often make third-party access to standardized data harder than it needs to be. (For some reason, the study didn’t mention what types of information blocking providers have instituted.)

Frequency of blocking:

It’s hardly surprising that most of the respondents were familiar with information blocking issues, given how often the issue comes up.

In fact, a full fifty percent said that EHR vendors routinely engaged in information blocking, 33 percent said that the vendors blocked information occasionally, with only 17 percent stating that EHR vendors rarely did so.

Interestingly, the HIE managers said that providers were also engaged in information blocking, though fewer did so than among the vendor community. Twenty-five percent reported that providers routinely engage in information blocking, and 34 percent saying that providers did so occasionally. Meanwhile, 41 percent said information blocking by providers was rare.

Motivations for blocking:

Why do HIE participants block the flow of health data? It seems that at present they get something important out of it, and unless somebody stops them it makes sense to continue.

When it came to EHR vendors, the respondents felt that their motivations included a desire to maximize short-term revenue, with 41 percent reporting that this was a routine motivation and 28 percent that it was an occasional motivation. They also felt EHR vendors blocked information to improve the chances that providers would choose their platform over competing products, with 44 percent of respondents saying this was routine and 11 percent that it was occasional.

Meanwhile, they believed that hospitals and health systems, the most common motivation was to improve revenue by strengthening their competitive advantage, with 47 percent seeing this as routine and 30 percent occasional. Also, respondents said providers wanted to accommodate priorities other than data exchange, with 29 percent seeing this as routine and 31 percent occasional.

Solutions:

So what can be done about vendor and provider information blocking? There are a number of ways policymakers can get involved, but few have done so as of yet.

When given a choice of policy-based strategies, 67 percent said that making this practice illegal would be very effective. Meanwhile, respondents said that three strategies would be very or moderately effective. They included prohibiting gag clauses and encouraging public reporting and comparisons of vendors and their products (93 percent); requiring stronger demonstrations of product interoperability (92 percent) and national policies defining policies and standards for core aspects of information exchange.

Meanwhile, when it came to reducing information blocking by providers, respondents recommended that CMS roll out stronger incentives for care coordination and risk-based contracts (97 percent) and public reporting or other efforts shining a spotlight on provider business practices (93 providers).

#TransformHIT Think Tank Hosted by DellEMC

Posted on April 5, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.


DellEMC has once again invited me back to participate at the 6th annual #TransformHIT Healthcare Think Tank event happening Tuesday, April 18, 2017 from Noon ET (9 AM PT) – 3 PM ET (Noon PT). I think I’ve been lucky enough to participate 5 of the 6 years and I’ve really enjoyed every one of them. DellEMC does a great job bringing together really smart, interesting people and encourages a sincere, open discussion of major healthcare IT topics. Plus, they do a great job making it so everyone can participate, watch, and share virtually as well.

This year they asked me to moderate the Think Tank which will be a fun new adventure for me, but my job will be made easy by this exceptional list of people that will be participating:

  • John Lynn (@techguy)
  • Paul Sonnier (@Paul_Sonnier)
  • Linda Stotsky (@EMRAnswers)
  • Joe Babaian (@JoeBabaian)
  • Dr. Joe Kim (@DrJosephKim)
  • Andy DeLaO (@cancergeek)
  • Dan Munro (@danmunro)
  • Dr. Jeff Trent (@TGen)
  • Shahid Shah (@ShahidNShah)
  • Dave Dimond(@NextGenHIT)
  • Mike Feibus (@MikeFeibus)

This panel is going to take on three hot topics in the healthcare industry today:

  • Consumerism in Healthcare
  • Precision Medicine
  • Big Data and AI in Healthcare

The great thing is that you can watch the whole #TransformHIT Think Tank event remotely on Livestream (recording will be available after as well). We’ll be watching the #TransformHIT tweet stream and messages to @DellEMCHealth during the event as well if you want to ask any questions or share any insights. We’ll do our best to add outside people’s comments and questions into the discussion. The Think Tank is being held in Phoenix, AZ, so if you’re local there are a few audience seats available if you’d like to come watch live and meet any of the panelists in person. Just let me know in the comments or on our contact us page and I can give you more details.

If you have an interest in healthcare consumerism, precision medicine, or big data and AI in healthcare, then please join us on Tuesday, April 18, 2017 from Noon ET (9 AM PT) – 3 PM ET (Noon PT) for the live stream. It’s sure to be a lively and interesting discussion.
Read more..

HL7 Releases New FHIR Update

Posted on April 3, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

HL7 has announced the release of a new version of FHIR designed to link it with real-world concepts and players in healthcare, marking the third of five planned updates. It’s also issuing the first release of the US Core Implementation Guide.

FHIR release 3 was produced with the cooperation of hundreds of contributors, and the final product incorporates the input of more than 2,400 suggested changes, according to project director Grahame Grieve. The release is known as STU3 (Standard for Trial Use, release 3).

Key changes to the standard include additional support for clinical quality measures and clinical decision support, as well as broader functionality to cover key clinical workflows.

In addition, the new FHIR version includes incremental improvements and increased maturity of the RESTful API, further development of terminology services and new support for financial management. It also defined an RDF format, as well as how FHIR relates to linked data.

HL7 is already gearing up for the release of FHIR’s next version. It plans to publish the first draft of version 4 for comment in December 2017 and review comments on the draft. It will then have a ballot on the version, in April 2018, and publish the new standard by October 2018.

Among those contributing to the development of FHIR is the Argonaut project, which brings together major US EHR vendors to drive industry adoption of FHIR forward. Grieve calls the project a “particularly important” part of the FHIR community, though it’s hard to tell how far along its vendor members have come with the standard so far.

To date, few EHR vendors have offered concrete support for FHIR, but that’s changing gradually. For example, in early 2016 Cerner released an online sandbox for developers designed to help them interact with its platform. And earlier this month, Epic announced the launch of a new program, helping physician practices to build customized apps using FHIR.

In addition to the vendors, which include athenahealth, Cerner, Epic, MEDITECH and McKesson, several large providers are participating. Beth Israel Deaconess Medical Center, Intermountain Healthcare, the Mayo Clinic and Partners HealthCare System are on board, as well as the SMART team at the Boston Children’s Hospital Informatics Program.

Meanwhile, the progress of developing and improving FHIR will continue.  For release 4 of FHIR, the participants will focus on record-keeping and data exchange for the healthcare process. This will encompass clinical data such as allergies, problems and care plans; diagnostic data such observations, reports and imaging studies; medication functions such as order, dispense and administration; workflow features like task, appointment schedule and referral; and financial data such as claims, accounts and coverage.

Eventually, when release 5 of FHIR becomes available, developers should be able to help clinicians reason about the healthcare process, the organization says.

E-Patient Update: Reducing Your Patients’ Security Anxiety

Posted on March 31, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Even if you’re not a computer-savvy person, these days you can hardly miss the fact that healthcare data is a desirable target for cyber-criminals. After all, over the past few years, healthcare data breaches have been in the news almost every day, with some affecting millions of consumers.

As a result, many patients have become at least a bit afraid of interacting with health data online. Some are afraid that data stored on their doctor or hospital’s server will be compromised, some are afraid to manage their data on their own, and others don’t even know what they’re worried about – but they’re scared to get involved with health data online.

As an e-patient who’s lived online in one form or another since the 80s (anyone remember GEnie or Compuserve?) I’ve probably grown a bit too blasé about security risks. While I guard my online banking password as carefully as anyone else, I don’t tend to worry too much about abstract threats posed by someone who might someday, somehow find my healthcare data among millions of other files.

But I realize that most patients – and providers – take these issues very seriously, and with good reason. Even if HIPAA weren’t the law of the land, providers couldn’t afford to have patients feel like their privacy wasn’t being respected. After all, patients can’t get the highest-quality treatment available if they aren’t comfortable being candid about their health behaviors.

What’s more, no provider wants to have their non-clinical data hacked either. Protecting Social Security numbers, credit card details and other financial data is a critical responsibility, and failing at it could cost patients more than their privacy.

Still, if we manage to intimidate the people we’re trying to help, that can’t be good either. Surely we can protect health data without alienating too many patients.

Striking a balance

I believe it’s important to strike a balance between being serious about security and making it difficult or frightening for patients to engage with their data. While I’m not a security expert, here’s some thoughts on how to strike that balance, from the standpoint of a computer-friendly patient.

  • Don’t overdo things: Following strong security practices is a good idea, but if they’re upsetting or cumbersome they may defeat your larger purposes. I’m reminded of the policy of one of my parents’ providers, who would only provide a new password for their Epic portal if my folks came to the office in person. Wouldn’t a snail mail letter serve, at least if they used registered mail?
  • Use common-sense procedures: By all means, see to it that your patients access their data securely, but work that into your standard registration process and workflow. By the time a patient leaves your office they should have access to everything they need for portal access.
  • Guide patients through changes: In some cases, providers will want to change their security approach, which may mean that patients have to choose a new ID and password or otherwise change their routine. If that’s necessary, send them an email or text message letting them know that these changes are expected. Otherwise they might be worried that the changes represent a threat.
  • Remember patient fears: While practice administrators and IT staff may understand security basics, and why such protections are necessary, patients may not. Bear in mind that if you take a grim tone when discussing security issues, they may be afraid to visit your portal. Keep security explanations professional but pleasant.

Remember your goals

Speaking as a consumer of patient health data, I have to say that many of the health data sites I’ve accessed are a bit tricky to use. (OK, to be honest, many seem to be designed by a committee of 40-something engineers that never saw a gimmicky interface they didn’t like.)

And that isn’t all. Unfortunately, even a highly usable patient data portal or app can become far more difficult to use if necessary security protections are added to the mix. And of course, sometimes that may be how things have to be.

I guess I’m just encouraging providers who read this to remember their long-term goals. Don’t forget that even security measures should be evaluated as part of a patient’s experience, and at least see that they do as little as possible to undercut that experience.

After all, if a girl-geek and e-patient like myself finds the security management aspect of accessing my data to be a bummer, I can only imagine other consumers will just walk away from the keyboard. With any luck, we can find ways to be security-conscious without imposing major barriers to patient engagement.

Healthcare CIOs Focus On Optimizing EMRs

Posted on March 30, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Few technical managers struggle with more competing priorities than healthcare CIOs. But according to a recent survey, they’re pretty clear what they have to accomplish over the next few years, and optimizing EMRs has leapt to the top of the to-do list.

The survey, which was conducted by consulting firm KPMG in collaboration with CHIME, found that 38 percent of CHIME members surveyed saw EMR optimization as their #1 priority for capital investment over the next three years.  To gather results, KPMG surveyed 122 CHIME members about their IT investment plans.

In addition to EMR optimization, top investment priorities identified by the respondents included accountable care/population health technology (21 percent), consumer/clinical and operational analytics (16 percent), virtual/telehealth technology enhancements (13 percent), revenue cycle systems/replacement (7 percent) and ERP systems/replacement (6 percent).

Meanwhile, respondents said that improving business and clinical processes was their biggest challenge, followed by improving operating efficiency and providing business intelligence and analytics.

It looks like at least some of the CIOs might have the money to invest, as well. Thirty-six percent said they expected to see an increase in their operating budget over the next two years, and 18 percent of respondents reported that they expect higher spending over the next 12 months. On the other hand, 63 percent of respondents said that spending was likely to be flat over the next 12 months and 44 percent over the next two years. So we have to assume that they’ll have a harder time meeting their goals.

When it came to infrastructure, about one-quarter of respondents said that their organizations were implementing or investing in cloud computing-related technology, including servers, storage and data centers, while 18 percent were spending on ERP solutions. In addition, 10 percent of respondents planned to implement cloud-based EMRs, 10 percent enterprise systems, and 8 percent disaster recovery.

The respondents cited data loss/privacy, poorly-optimized applications and integration with existing architecture as their biggest challenges and concerns when it came to leveraging the cloud.

What’s interesting about this data is that none of the respondents mentioned improved security as a priority for their organization, despite the many vulnerabilities healthcare organizations have faced in recent times.  Their responses are especially curious given that a survey published only a few months ago put security at the top of CIOs’ list of business goals for near future.

The study, which was sponsored by clinical communications vendor Spok, surveyed more than 100 CIOs who were CHIME members  — in other words, the same population the KPMG research tapped. The survey found that 81 percent of respondents named strengthening data security as their top business goal for the next 18 months.

Of course, people tend to respond to surveys in the manner prescribed by the questions, and the Spok questions were presumably worded differently than the KPMG questions. Nonetheless, it’s surprising to me that data security concerns didn’t emerge in the KPMG research. Bottom line, if CIOs aren’t thinking about security alongside their other priorities, it could be a problem.

Nursing Informatics Pros Seeing Growing Salaries, Opportunities

Posted on March 24, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Here’s something I missed in the explosion of news around HIMSS17. According to a recent study released late last month by the organization, nurse informaticists are largely well-paid and satisfied with their jobs.

According to the American Nurses Association, nurse informaticists have broad responsibilities, including integrating data and supporting provider and patient decision-making. The job description continues evolve with health IT trends, and may vary from one institution to the other,but their work usually involves a mix of nursing science, health records management and information technology solutions.

As the job description has solidified, nursing informatics has begun to become a well-liked specialty. Eighty percent of respondents to the HIMSS study, the 2017 Nursing Informatics Workforce Survey, reported being satisfied or highly satisfied with their careers, HIMSS found. This may be in part due to their pay, with almost half respondents telling researchers that they had a base salary of over $100,000. Not only that, 34 percent said they also got a bonus.

Meanwhile, highly-trained nursing informaticists did better still. Those who had gotten a nursing informatics certification or post-graduate degree took home higher salaries than those who hadn’t. With over half of those who had additional education made more than $100,000 a year, as opposed to 37 percent of those who didn’t, the trade group said.

In addition, nurse informaticists are advancing themselves to a striking degree, with over half of respondents having a post-graduate degree, often in informatics or nursing informatics, HIMSS reported. (Of this group, 57 percent had completed post-graduate degrees, and 29 percent had a master’s degree or PhD in informatics.)

Meanwhile, 41 percent of nurses are involved in a formal informatics program, and almost half had a certification. These efforts seem be paying off, with two-fifths of respondents reporting that they moved into a new position with more responsibility after they got certified.

As nurse informaticists grow, they are accumulating deeper levels of experience.  All told, 31 percent of respondents had more than 10 years of informatics experience, 36 percent had five to 10 years of experience – dwarfing the 24 percent that had just one to four years. One-third of respondents said they’d been in their current position for more than five years, and a majority of respondents reported having seven years plus of related experience.

While these nurses seem like they enjoy their careers, they are still facing some bureaucracy-related problems.  For example, when asked about their concerns, they rated a lack of administrative and staffing resources as the top barrier to their success.

Ongoing shifts in their reporting roles may also be leading to some dissatisfaction. While most respondents told HIMSS that they reported to the information systems or tech department of their organization, a growing number report to administrative or corporate headquarters. (On the other hand, one-third said that their organization has a senior nursing informatics executive or CNIO, which one would hope proves to offer extra support.)

Though the HIMSS summary doesn’t say so explicitly, it seems very likely that demand for nurse informaticists is outstripping supply, given the substantial salaries these experts can command. If your organization needs to recruit such a person, be prepared for some tough competition.

EMR Information Management Tops List Of Patient Threats

Posted on March 23, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A patient safety organization has reached a conclusion which should be sobering for healthcare IT shops across the US. The ECRI Institute , a respected healthcare research organization, cited three critical health IT concerns in its list of the top 10 patient safety concerns for 2017.

ECRI has been gathering data on healthcare events and concerns since 2009, when it launched a patient safety organization. Since that time, ECRI and its partner PSOs have collected more than 1.5 million event reports, which form the basis for the list. (In other words, the list isn’t based on speculation or broad value judgments.)

In a move that won’t surprise you much, ECRI cited information management in EMRs as the top patient safety concern on its list.

To address this issue, the group suggests that healthcare organizations create cross-functional teams bringing varied perspectives to the table. This means integrating HIM professionals, IT experts and clinical engineers into patient safety, quality and risk management programs. ECRI also recommends that these organizations see that users understand EMRs, report and investigate concerns and leverage EMRs for patient safety programs.

Implementation and use of clinical decision support tools came in at third on the list, in part because the potential for patient harm is high if CDS workflows are flawed, the report says.

If healthcare organizations want to avoid these problems, they need to give a multidisciplinary team oversight of the CDS, train end users in its use and give them access to support, the safety group says. ECRI also recommends that organizations monitor the appropriateness of CDS alerts, evaluating the impact on workflow and reviewing staff responses.

Test result reporting and follow-up was ranked fourth in the list of safety issues, driven by the fact that the complexity of the process can lead to distraction and problems with follow-up.

The report recommends that healthcare organizations respond by analyzing their test reporting systems and monitor their effectiveness in triggering appropriate follow-ups. It also suggests implementing policies and procedures that make it clear who is accountable for acting on test results, encouraging two-way conversations between healthcare professionals and those involved in diagnostic testing and teaching patients how to address test information.

Patient identification issues occupied the sixth position on the list, with the discussion noting that about 9 percent of misidentification problems lead to patient injury.

Healthcare leaders should prioritize this issue, engaging clinical and nonclinical staffers in identifying barriers to safe identification processes, the ECRI report concludes. It notes that if a provider has redundant patient identification processes in place, this can increase the probability that identification problems will occur. Also, it recommends that organizations standardize technologies like electronic displays and patient identification bands, and that providers consider bar-code systems and other patient identification helps.

In addition to health IT problems, ECRI identified several clinical and process issues, including unrecognized patient deterioration, problems with managing antimicrobial drugs, opioid administration and monitoring in acute care, behavioral health issues in non-behavioral-health settings, management of new oral anticoagulants and inadequate organization systems or processes to improve safety and quality.

But clearly, resolving nagging health IT issues will be central to improving patient care. Let’s make this the year that we push past all of them!