Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Compromise Assessments & Penetration Testing in Healthcare

Posted on June 21, 2017 I Written By

The following is a guest blog post by Steven Marco, CISA, ITIL, HP SA and President of HIPAA One®.
Steven Marco - HIPAA expert
As healthcare providers continue to embrace technology, are patients being left vulnerable? If a recent incident involving patient portals is any indication, then the answer is a resounding “yes.”

True Health Diagnostics, a Frisco, TX-based healthcare services company recently became aware of a security flaw in their patient portal after an IT consultant logged in to view their test results and accessed other patient’s records by accident.  Upon investigating the issue it was determined that because True Health uses sequential numbers on their patient record PDF files, users of the patient portal could easily alter a digit in the URL and therefore view the medical information of other patients (also known as Forceful Browsing).

This recent event should serve as both a reminder and a warning to healthcare organizations using patient portals that in order to prevent a similar disclosure, implementing (and testing!) safeguards is necessary. There are two different actions an organization can take to either understand the scope of a breach and/or assess their level of security to prevent a disclosure.

Compromise Assessment: Due-Diligence Task

A compromise assessment is a due-diligence task used to verify that an organization hasn’t experienced a security breach. Essentially, it answers the question: “Have we been breached?”

Completed by a group of whitehat hackers or IS professionals, the goal is to access an organization’s various systems and verify if/when they were comprised and estimate the damage/exposure that has/could be done on their customer’s data. By gaining an understanding of the extent of the breach, the organization can in turn create a plan to remedy the issue and notify the appropriate parties of the disclosure.

Penetration Testing: Proactive Approach

In simple terms, conducting a penetration test is a proactive approach to finding any security deficiencies before a breach occurs or hackers find a way in. A penetration test answers to the question “How secure are we?”

By performing an authorized simulated attack, organizations can gain a much greater understanding of their security infrastructure. Although penetration testing alone will not ensure a network is compliant or secure, it will identify gaps between the existence threats and controls that an organization has in place.

Penetration testing has many other benefits, including:

  • Revealing where procedures may be failing – Especially if insecure services are being used for administration or if critical security patches are missing due to inadequate configuration and change management processes/procedures.
  • Exposing poor password policy – Including the use of default or weak passwords, password reuse and use of incremental passwords.
  • Justification to management – For approval of additional security technologies. For example: Showing upper management that penetration testers were able to hack into the system and email the entire customer database.
  • Acts as a “second set of eyes” – Critical if using an independent provider when hosting ePHI/PII.

Interested in more details on penetration testing? Check out HIPAA One’s penetration testing blog post.

About Steven Marco
Steven Marco is the President of HIPAA One®, leading provider of HIPAA Risk Assessment software for practices of all sizes.  HIPAA One is a proud sponsor of EMR and HIPAA and the effort to make HIPAA compliance more accessible for all practices.  Are you HIPAA Compliant?  Take HIPAA One’s 5 minute HIPAA security and compliance quiz to see if your organization is risk or learn more at HIPAAOne.com.

Jabba the Hutt EHRs Are Alive And Well

Posted on June 19, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

If you follow @ehrandhit on Twitter, then you might have noticed that we’ve set it up to tweet out links to articles from Healthcare Scene’s database of 11,000+ blog posts. Sometimes I see these tweets and I remember amazing posts like the one I saw today about Jabba the Hutt EMR.

Here’s the concept of the Jabba the Hutt EMR as I described it back in 2011:

Many long time readers of EMR and HIPAA will know I like to call big, bulky, old EMR software systems, Jabba the Hutt EMR. I think comparing these old legacy EMR software to Jabba the Hutt is a great comparison. For those that don’t know Star Wars that well (and I’m no expert), Jabba the Hutt was a very powerful figure. Although, over time he’d grown so big that he wasn’t very nimble (to say the least). So, despite his power and prestige, there was little to admire about him.

Does that sound a bit like some legacy EMR software? They’re big and powerful figures in the industry. However, their software has grown to the point that it’s clunky and not very nimble. Getting something changed on it is difficult and it’s built on a platform that makes it hard to add new features. Thus, they are Jabba the Hutt EMR.

I love that I had “long time readers” in 2011, but I digress. Does this still sound like a lot of the EHR vendors out there? The cynic might suggest it’s every EHR vendor. Good thing I’m not cynical.

In that post I went on to list things that might be characteristics you could look for to identify the Jabba the Hutt EMR software. It has some good ones, but I think it’s time to update the list. Here’s an updated list that you might find beneficial (and a little entertaining).

You might be a Jabba the Hutt EHR if…
you’re part of every interoperability organization, but not actually interoperable.

You might be a Jabba the Hutt EHR if…
it costs as much for consultants to implement your software as your software.

You might be a Jabba the Hutt EHR if…
you hard coded 16 RXNorm codes to pass certification.

You might be a Jabba the Hutt EHR if…
you EHR certification is your EHR innovation plan.

You might be a Jabba the Hutt EHR if…
your programmers have never spent time in a clinic or hospital observing users.

You might be a Jabba the Hutt EHR if…
you’re afraid to talk to the media.

You might be a Jabba the Hutt EHR if…
your patient portal is your patient engagement strategy.

You might be a Jabba the Hutt EHR if…
HL7 and FHIR are your API strategy.

You might be a Jabba the Hutt EHR if…
you put AI and machine learning in a press release after implementing basic slicing and dicing analytics.

As I said in 2011, the more of these your EHR has, the more likely they’re a Jabba the Hutt EHR. I’m sure many of you could add to the list. Please do so in the comments.

Inspector General Says CMS Made $729 Million In Questionable EHR Incentive Payments

Posted on June 16, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A new report from the HHS Office of Inspector General has concluded that over a three-year period, CMS made roughly $729.4 million in EHR incentive payments to providers who didn’t comply with program requirements.

To determine whether the incentive program was functioning appropriately, the OIG audited payments made between May 2011 to June 2014.

After sampling payment records for 100 eligible professionals, the agency found 14 EPs, who received payments totaling $291,022, who didn’t meet incentive criteria.  The auditors found that the 14 had either failed to meet bonus criteria or didn’t provide proof that they had.

Then, the OIG used the data to extrapolate how much CMS had spent on invalid payments, which is how it arrived at the $729 million estimate. In other words, given the margin of error across the sampled incentive payments, the OIG assumed that 12% of all incentive payments were in error. (The analysis also concluded that CMS mistakenly paid $2.3 million to EPs switching between Medicare and Medicaid programs.)

Not surprisingly, the OIG has recommended that CMS recover the $291,000 in payments made to the sampled providers. It also suggested that the agency review EP payments issued during the audit period to see what other errors were made. Of course, the ultimate goal is to get back the approximately $729.4 million the agency may have paid out in error.

In addition, the OIG  called on CMS to review a random sample of self-attested documentation from after the audit period, to determine whether additional inappropriate payments were made to EPs.

And to make sure the EPs don’t get payments under both Medicare and Medicaid incentive programs for the same program year, the report urged CMS to conduct edits of the National Level Depository system.

As part of this report, the OIG noted that allowing providers to self-report compliance data leaves the incentive payment program open to fraud, and recommended keeping a closer eye on these reports. CMS seems to have had at least some sympathy for this argument, as it apparently agreed partly or fully with all of the OIG’s suggested actions.

One side effect of the OIG report it brings back attention to the Meaningful Use program, which has been eclipsed by MACRA but still clings to life. Eligible providers can still report either Modified Stage 2 or Stage 3 in 2017, the main difference being you need a full year of data for Stage 2 but only 90 days for Stage 3.

But MACRA does change things, as its performance standards will test providers in new ways. This year, providers have a chance to get situated with either the MIPS or APM track, and those who jump in now are likely to benefit.

Meanwhile, the future of Meaningful Use remains fuzzy. To my knowledge, the agency has no immediate plans to restructure the current incentive program to audit provider reports in depth. In fact, given that providers are more concerned about MACRA these days, I doubt CMS will bother.

That being said, it’s fair to assume that incentive payouts will get a bit more attention going forward. So be prepared to defend your attestation if need be.

E-Patient Update:  I Was A Care Coordination Victim

Posted on June 12, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Over the past few weeks, I’ve been recovering from a shoulder fracture. (For the record, I wasn’t injured engaging in some cool athletic activity like climbing a mountain; I simply lost my footing on the tile floor of a beauty salon and frightened a gaggle of hair stylists. At least I got a free haircut!)

During the course of my treatment for the injury, I’ve had a chance to sample both the strengths and weaknesses of coordinated treatment based around a single EMR. And unfortunately, the weaknesses have shown up more often than the strengths.

What I’ve learned, first hand, is that templates and shared information may streamline treatment, but also pose a risk of creating a “groupthink” environment that inhibits a doctor’s ability to make independent decisions about patient care.

At the same time, I’ve concluded that centralizing treatment across a single EMR may provide too little context to help providers frame care issues appropriately. My sense is that my treatment team had enough information to be confident they were doing the right thing, but not enough to really understand my issues.

Industrial-style processes

My insurance carrier is Kaiser Permanente, which both provides insurance and delivers all of my care. Kaiser, which reportedly spent $4 billion on the effort, rolled out Epic roughly a decade ago, and has made it the backbone of its clinical operations. As you can imagine, every clinician who touches a Kaiser patient has access to that patient’s full treatment history with Kaiser providers.

During the first few weeks with Kaiser, I found that physicians there made good use of the patient information they were accumulating, and used it to handle routine matters quite effectively. For example, my primary care physician had no difficulty getting an opinion on a questionable blood test from a hematologist colleague, probably because the hematologist had access not only to the test result but also my medical history.

However, the system didn’t serve me so well when I was being treated for the fracture, an injury which, given my other issues, may have responded better to a less standardized approach.  In this case, I believe that the industrial-style process of care facilitated by the EMR worked to my disadvantage.

Too much information, yet not enough

After the fracture, as I worked my way through my recovery process, I began to see that the EMR-based process used to make Kaiser efficient may have discouraged providers from inquiring more deeply into my particulalr circumstances.

And yes, this could have happened in a paper world, but I believe the EMR intensified the tendency to treat as “the fracture in room eight” rather than an individual with unique needs.

For example, at each step of the way I informed physicians that the sling they had provided was painful to use, and that I needed some alternative form of arm support. As far as I can tell, each physician who saw me looked at other providers’ notes, assumed that the predecessor had a good reason for insisting on the sling, and simply followed suit. Worse, none seemed to hear me when I insisted that it would not work.

While this may sound like a trivial concern, the lack of a sling alternative seemed to raise my level of pain significantly. (And let me tell you, a shoulder fracture is a very painful event already.)

At the same time, otherwise very competent physicians seemed to assume that I’d gotten information that I hadn’t, particularly education on my prognosis. At each stage, I asked questions about the process of recovery, and for whatever reason didn’t get the information I needed. Unfortunately, in my pain-addled state I didn’t have the fortitude to insist they tell me more.

My sense is that my care would’ve benefited from both a more flexible process and more information on my general situation, including the fact that I was missing work and really needed reassurance that I would get better soon. Instead, it was care by data point.

Dealing with exceptions

All that being said, I know that the EMR alone isn’t itself to blame for the problems I encountered. Kaiser physicians are no doubt constrained by treatment protocols which exist whether or not they’re relying on EMR-based information.

I also know that there are good reasons that organizations like Kaiser standardize care, such as improving outcomes and reducing care costs. And on the whole, my guess is that these protocols probably do improve outcomes in many cases.

But in situations like mine, I believe they fall short. If nothing else, Kaiser perhaps should have a protocol for dealing with exceptions to the protocols. I’m not talking about informal, seat-of-the-pants judgment call, but an actual process for dealing with exceptions to the usual care flow.

Three weeks into healing, my shoulder is doing much better, thank you very much. But though I can’t prove it, I strongly suspect that I might have hurt less if physicians were allowed to make exceptions and address my emerging needs. And while I can’t blame the EMR for this experience entirely, I believe it played a critical role in consolidating opinion and effectively limiting my options.

While I have as much optimism about the role of EMRs as anyone, I hope they don’t serve as a tool to stifle dissension and oversimplify care in the future. I, for one, don’t want to suffer because someone feels compelled to color inside of the lines.

Legal Ramifications of EHRs Selling Data

Posted on June 6, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Prompted by an engagement with prominent healthcare lawyer, Matt Fisher (@Matt_R_Fisher), on Twitter, Healthcare Scene decided to sit down with Matt to talk about the challenging topic of EHR vendors selling patient data. As a basis for the discussion, I suggested to Matt that EHR vendors were selling the EHR data and so we should dive into the details of when they are legally allowed to sell EHR data and when they are not.

That’s exactly what we did in my video interview with Matt Fisher below. Turns out there are a lot of little nuances to when and how an EHR vendor can sell patient data and HIPAA is only one of them. Plus, Matt and I also talk a bit about how a doctor and a patient can try and find out when and where their patient data is being sold. Learn about all the details in this video:

Is there anything you would add to the discussion? Were there any details or questions you think we missed? Let us know in the comments and we’ll do our best to get the answers.

eCW (eClinicalWorks) Settles Whistleblower Lawsuit for $155 Million

Posted on May 31, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In many of my press panels and other discussions at the Healthcare IT Marketing and PR Conference, I’ve argued that there’s very little “Breaking News” when it comes to healthcare IT. Today is an example where this is not true. The news just broke that EHR vendor, eCW (eClinicalWorks), has settled a whistleblower lawsuit against them for $155 million.

The suit was filed by Brendan Delaney, a software technician formerly employed by the New York City Division of Health Care Access and Improvement, by his law firm Phillips & Cohen LLP against eClinicalWorks. eClinicalWworks and three of its founders (Chief Executive Officer Girish Navani, Chief Medical Officer Rajesh Dharampuriya, M.D., and Chief Operating Officer Mahesh Navani) are jointly liable for the payment of $154.92 million. Separately, Developer Jagan Vaithilingam will pay $50,000, and Project Managers Bryan Sequeira, and Robert Lynes will each pay $15,000. As a whistleblower, Delaney stands to receive $30 million of the settlement.

Here’s the summary of the complaints against eCW from the Justice Department’s press release about the settlement:

In its complaint-in-intervention, the government contends that ECW falsely obtained that certification for its EHR software when it concealed from its certifying entity that its software did not comply with the requirements for certification. For example, in order to pass certification testing without meeting the certification criteria for standardized drug codes, the company modified its software by “hardcoding” only the drug codes required for testing. In other words, rather than programming the capability to retrieve any drug code from a complete database, ECW simply typed the 16 codes necessary for certification testing directly into its software. ECW’s software also did not accurately record user actions in an audit log and in certain situations did not reliably record diagnostic imaging orders or perform drug interaction checks. In addition, ECW’s software failed to satisfy data portability requirements intended to permit healthcare providers to transfer patient data from ECW’s software to the software of other vendors. As a result of these and other deficiencies in its software, ECW caused the submission of false claims for federal incentive payments based on the use of ECW’s software.

Most people are writing about how eCW didn’t fully integrate the RxNorm codes, but instead hard coded the 16 codes that the certification process used. That’s embarrassing so it’s not a surprise that so many people are sharing that part of the story. However, I think the bigger part of the violation is probably around the data portability requirements. I bet a lot of EHR vendors are sweating right now as they look at the way they implemented those requirements. Not to mention the EHR audit logs which are poor in many EHR. Plus, the scariest claim is eClinicalWork’s inability to reliably record diagnostic imagine orders or perform drug interaction checks. Those are patient safety issues and exist in many EHR software.

If you want to dig into the weeds like I did, then you can see the government complaint against eClinicalWorks that was filed May 12, 2017 and the final settlement agreement with eClinicalWorks. Even more insightful was looking at the original complaint from Delaney against eClinicalWorks. Comparing the original whistleblower complaint to the government complaint against eClinicalWorks is very interesting. You’ll see that the government didn’t grab on to everything that was originally filed by Delaney. I imagine that’s a standard legal practice to file as many areas as possible and see what the government decides to use. It seems like Phillips & Cohen have represented a number of whistleblowers so I’m sure they were expert at this.

Girish Navani, CEO and Co-Founder or eClinicalWorks, offered this statement about the settlement:

“Today’s settlement recognizes that we have addressed the issues raised, and have taken significant measures to promote compliance and transparency. We are pleased to put this matter behind us and concentrate all of our efforts on our customers and continued innovations to enhance patient care delivery.”

Looking at the bigger picture, I’m certain that every EHR vendor is going through their EHR certification process and looking at all the statements they’ve made to make sure they’re not going to be in a similar situation. Not to mention the anti-kick back laws that were mentioned in the settlement. I’m sure there are other EHR vendors that are in violation of both of these items just as much as eCW.

Former ONC National Coordinator, Farrzad Mostashari seems to agree with me. Farzad tweeted, “Wow!! I hope this changes the attitude of the EHR vendor space more broadly.” Then, he later tweeted, “Let me be plain-spoken. eClinicalWorks is not the only EHR vendor who flouted certification /misled customers
Other vendors better clean up.”

Farzad then nailed it when he tweeted “There are a LOT of doctor’s office staff looking at their EHR today and wondering if there’s $30M worth of false promises hidden there”

I do wonder if Farzad Mostashari feels a little guilty of the role he played in this process since he oversaw such a porous EHR certification process. I’ve been against EHR certification for a long time because I thought it provided so little value to providers. The fact that it can be gamed by 16 codes being hard coded is a perfect example of why EHR Certification is a waste. Although, one could argue that without EHR certification, this suit would have never happened and maybe eClinicalWorks could still be selling the same product today.

I do find this quote from the US Attorney’s Office for the District of Vermont press release a little over the top (which I think is common on these things):

“Electronic health records have the potential to improve the care provided to Medicare and Medicaid beneficiaries, but only if the information is accurate and accessible,” said Special Agent in Charge Phillip Coyne of HHS-OIG. “Those who engage in fraud that undermines the goals of EHR or puts patients at risk can expect a thorough investigation and strong remedial measures such as those in the novel and innovative Corporate Integrity Agreement in this case.”

Another topic I haven’t seen anyone else cover is the impact that this settlement will have on eCW’s customers that used eCW to attest to meaningful use. Technically it shows that eCW wasn’t appropriately certified, so that means that they weren’t using a certified EHR and therefore shouldn’t have been eligible for meaningful use incentives. I asked one friend about this and he suggested that CMS had previously said that it would not hold eligible providers and eligible hospitals responsible for EHRs that calculated the meaningful use measures the wrong way. So, we’ll probably see this same approach with eCW users that got EHR incentive money on what we now know was not appropriately certified.

I was also intrigued by the Corporate Integrity Agreement (CIA) that eClinicalWorks entered into with HHS-OIG. There are a lot of details and oversight that eCW will get from OIG, but it also required eClinicalWorks to “allow customers to obtain updated versions of their software free of charge and to give customers the option to have ECW transfer their data to another EHR software provider without penalties or service charges. [emphasis added]”

Free updates is pretty clear and ironic since not wanting to update all their clients is one possible hypothesis for why they didn’t really push the proper upgrades. Hopefully all eCW users will do it now or they might be facing their own violations for using outdated software that has known clinical issues. However, the kicker in the CIA detail above is that eClinicalWorks has to give customers the option to have eClinicalWorks transfer their data to another EHR without penalty or service charges. I wonder how many will take them up on this requirement and what the details will be. I still wish this was required of all EHR vendors, but that’s a story for another day.

How many EHR vendor marketing groups are putting together their eClinicalWorks Rescue Plan to take in the downtrodden eCW users? I’m not sure these will be as successful as other EHR switching marketing efforts like those we see when an EHR is being shut down.

I’m sorry to say that I think this is likely only the beginning of such lawsuits. In fact, it’s probably already woken up a lot of potential whistle blowers. Hopefully it’s woken up a lot of EHR vendors as well.

Health IT Usability Comic and a Little Rant – Fun Friday

Posted on May 26, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This comic reminds me of healthcare IT and EHR government regulations lately. See if you can relate to this great Dilbert comic.

For healthcare I might change the wording to say…

“Your certification and regulation requirements include four hundred features.”

“Do you realize that no doctor is able to use a product with that level of complexity?”

“Good point. How can I certify “Easy to use?””

I’m reminded of the keynote I saw the US CIO give. He said that one of the biggest challenges is taking regulation off the books. I’d love to see HHS and ONC see how many regulations they could remove as opposed to continuing to create new regulations.

If they’re not sure where to start, let me give them an idea. If you’ve required the collection of data which you haven’t ever used, that regulation is gone. That should do away with 3/4 of the healthcare regulations.

P.S. Sorry to take a Fun Friday and make it not so fun. I couldn’t help myself.

Both US And International Doctors Unimpressed With Govt Telehealth Adoption

Posted on May 25, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A new survey by physician social network SERMO has concluded that both US and foreign physicians aren’t impressed with national and local telehealth efforts by governments.

The US portion of the survey, which had 1,651 physician respondents, found that few US doctors were pleased with the telehealth adoption efforts in their state. Forty-one percent said they felt their state had done a “fair” job in adopting telehealth, which 44 percent said the state’s programs were either “poor” or “very poor.” Just 15 percent of US physicians rated their state’s telehealth leaders as doing either “well” or “very well” with such efforts.

Among the various states, Ohio’s programs got the best ratings, with 22 percent of doctors saying the state’s telehealth programs were doing “well” or “very well.” California came in in second place, with 20 percent of physician-respondents describing their state’s efforts as doing “well” or “very well.”

On the flip side, 59 percent of New Jersey doctors said the state’s telehealth efforts were “poor” or “very poor.” New York also got low ratings, with 51 percent of doctors deeming the state’s programs were “poor” or “very poor.”

Interestingly, physicians based outside the US had comparable – though slightly more positive — impressions of their countries’ telehealth efforts. Thirty-eight percent of the 1,831 non-US doctors responding to the survey rated their country as having done a “fair” job with telehealth adoption, a stronger middle ground than in the US. That being said, 43 percent said their country has done a “poor” or “very poor” job with adopting telehealth programs, while just 19 percent rated their countries’ efforts as going “well” or “very well.”

As with state-by-state impressions in the US, physicians’ impressions of how well their country was doing with telehealth adoption varied significantly.  Spain got the best rating, with 26 percent of physicians saying efforts there were going “well” or “very well.” Meanwhile, the United Kingdom got the worst ratings, with 62 percent of doctors describing telehealth efforts there as “poor” or “very poor.”

Of course, all of this begs the question of what doctors were taking into account when they rated their country or state’s telehealth-related initiatives.

What makes doctors feel one telehealth adoption program is effective and another not effective? What kind of support are physicians looking for from their state or country? Are there barriers to implementation that a government entity is better equipped to address than private industry? Do they want officials to support the advancement of telehealth technology?  I’d prefer to know the answers to these questions before leaping to any conclusions about the significance of SERMO’s data.

That being said, it does seem that doctors see some role for government in promoting the growth of telehealth use, if for no other reason than that that they’re paying enough attention to know whether such efforts are working or not. That surprises me a bit, given that the biggest obstacles to physician telehealth adoption are generally getting paid for such services and handling the technology aspects of telemedicine delivery.

But if the study is any indication, doctors want more support from public entities. I’ll be interested to see whether Ohio and California keep leading the pack in this country — and what they’re doing right.

Seven Factors That Will Make 2018 A Challenging Year For EMR Vendors

Posted on May 24, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Unless they’re monumentally important, I generally don’t regurgitate the theories researchers develop about health IT. But this time I’m changing strategies. While their analysis may not fit in the “earth shattering” category, I thought their list of factors that will shape 2018’s EMR market was dead on, so here it is.

According to a report created by analyst firm Kalorama Research, a number of trends are brewing which could make next year a particularly, well, interesting one for EMR vendors. (By the by, the allegedly Chinese curse, “May you live in interesting times” probably wasn’t Chinese in origin — it seems to have been minted in the 19th century by a British politician named Joseph Chamberlain. But I digress.)

According to Kalorama publisher Bruce Carlton, many forces are converging, including:

  • Frustrated physicians: Physician rage over clunky EMRs may boil over next year. No one vendor seems positioned to scoop up their business, but of course many will try.
  • Hospital EMR switches: While hospitals have been switching out EMRs for quite some time, defections may climb to new levels. Their main objective: Improve workflows.
  • Emerging technologies: Trendy approaches like dashboarding, blockchain and advanced big data analytics will begin to be integrated with existing EMR technologies. Or as the report notes, “the Old EMR doesn’t cut it anymore.”
  • IT staff shortages: It takes a pretty seasoned IT pro to run an EMR, but they’re hard to find, especially if you want them to have a lot of relevant experience. But without their expertise, provider organizations may not get the most out of their systems. This may spell opportunity for vendors offering better service, the report says.
  • Breach of the day: With each cybersecurity breach, EMRs get negative coverage, and the effects of this bad PR are accreting. Tales of ransomware, a particularly lurid form of cybercrime, are only making things worse.
  • Many EMR vendors remain: Despite a barrage of M&A activity in the sector, there are still over 1,000 vendors in the EMR space, Kalorama notes. In other words, competition for EMR customers will still be brisk, particularly given that no one vendor – even giants like Cerner and Epic – owns more than one-fifth of the market (This assertion comes from firm’s own market estimates.)
  • New Administration, new goals: To date the White House hasn’t proposed specific changes to health IT policy, but one clue comes from the appointment of an HHS Secretary who dislikes the meaningful use program. Anything could happen here.

In addition to the factors cited by Kalorama, I’d suggest one other trend to consider. As I’ve noted above, Kalorama argues that customers will demand EMRs that incorporate sexy new technologies, perhaps more so than in the past. I’d go further with this projection. From what I’m hearing, a consensus is emerging that EMR architectures must be completely deconstructed and rethought for today’s data.

With important data flows emerging from wearables, apps, remote monitoring devices and the like, it may not makes sense to put a big database at the center of the EMR platform anymore. After all, what’s the point of setting up an enterprise EMR as the ultimate source of truth if so much important data is being generated by mobile devices at the network edge?

Anyway, that’s my two cents, along with Kalorama’s predictions. What do you think 2018 will look like for EMR vendors, and why?

How Will APIs Change Health IT? – #HITsm Chat Topic

Posted on May 23, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 5/26 at Noon ET (9 AM PT). This week’s chat will be hosted by Chad Johnson (@OchoTex) on the topic of “How Will APIs Change Health IT?.”

First, let’s define API: An application programming interface (API) is a set of standards that enable communication between multiple sources, most typically software applications. More specifically, an API is a set of routines, protocols, and data standards defined by a software vendor (an EHR for example) that specify how other vendor applications can contribute to or remove data from their database.

Other industries have profited from modern API integration, driven by the boost of internet technologies such as cloud applications and smart phones. Almost every consumer-facing technology runs on modern APIs – facebook, Twitter, Waze, Mint, etc. Facebook’s internal API, for example, pulls in data from all your friends’ FB feeds and displays it onto your feed. FB’s external API allows you to post items to your facebook feed using other applications, such as Instagram or Twitter.

Can you think of a popular/widespread/well known example of APIs in healthcare? No? Not surprisingly, healthcare has some catching up to do with APIs.

The good news for healthcare is that providers and vendors are realizing the potential impact modern APIs have on workflows, patient care, and… profits. The HL7 FHIR healthcare standard, along with Meaningful Use Stage 3 API requirements, have solidified the hype and marked API and cloud integration almost essential to understand.

Let’s discuss that in this week’s #HITsm chat.

T1: What barriers do you see for API adoption in hospitals? #HITsm

T2: Will EHRs eventually allow two-way API connectivity (read & write)? #HITsm

T3: Can API connectivity change perceptions about ‘siloed’ EHR patient databases? #HITsm

T4: Will APIs motivate hospitals to store their patient data in the cloud? #HITsm

T5: Will APIs open up the door to other vendors and applications? Or just broaden current EHR footprint? #HITsm

Bonus: What innovative solutions do you predict creative IT teams can employ for patients and caregivers? #HITsm

Upcoming #HITsm Chat Schedule
6/2 – Patient Stories, Not Just for Story Time Anymore
Hosted by the #WTFix Community

6/9 – TBD
Hosted by TBD

6/16 – TBD
Hosted by Danielle Siarri (@innonurse)

6/16 – TBD
Hosted by Megan Janas (@TextraHealth)

We look forward to learning from the #HITsm community! As always let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.