Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Looking at EHR Internationally

Posted on August 24, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Today, I’m sitting in my hotel room in Dubai (Check out my full health IT conference schedule) looking out over this incredible city. This is the 3rd time I’ve come to Dubai to teach an EHR workshop and so I’ve had a chance to fall in love with some many things. Not the least of which is the people that come to participate in the workshop. Each time is a unique perspective with people coming from around the middle east including countries like Saudia Arabia, Oman, Bahrain, Qatar, and of course Abu Dhabi and Dubai in the UAE to name a few.

There’s something incredible about coming to a place that is culturally so different and yet when I talk about EHR software it’s more alike than it is different. A great example of this is the often large divide between doctors and EHR implementers. It seems that everyone struggles to get doctors to take enough time to really learn how to use the EHR effectively. Then, despite not doing the training they complain that the EHR doesn’t work properly. If you’ve ever been part of an EHR implementation you know this cycle well.

What I find interesting in the middle east is that they don’t feel suffocated by regulations like we have in the US. There’s much more freedom available to them to innovate. However, there’s not the same drive to innovate here that exists in most US markets. It’s interesting to sense this disconnect between the opportunity to innovate and the desire to innovate.

I think there’s also a bit of a misconception about the region. From the US perspective, we often see these rich middle eastern countries and think that they just have as much money as they want and they can spend lavishly on anything. When you look at some of the amazing buildings or the indoor ski slopes in Dubai it’s easy to see how this perspective is well deserved. However, that’s not the reality that most of these healthcare organizations face. This seems to be particularly true with gas prices being quite low. In many ways, this is a similar to what many doctors experience. Doctors like to drive the Mercedes, but then complain that they aren’t really paid as much as people think. That creates a disconnect between what’s seen and the reality. I think the middle east suffers from this disconnect as well.

What’s most heartening about the experience of talking EHR internationally is that there’s one core thing that seems to exist everywhere. That’s a desire to truly make a difference for the patient. That’s the beautiful part of working in healthcare. We all have a desire to make life better for a patient. It’s amazing how this principle is universal. Now, if we could just all execute it better.

Improving Clinical Workflow Can Boost Health IT Quality

Posted on August 18, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

At this point, the great majority of providers have made very substantial investments in EMRs and ancillary systems. Now, many are struggling to squeeze the most value out of those investments, and they’re not sure how to attack the problem.

However, according to at least one piece of research, there’s a couple of approaches that are likely to pan out. According to a new survey by the American Society for Quality, most healthcare quality experts believe that improving clinical workflow and supporting patients online can make a big diference.

As ASQ noted, providers are spending massive amounts of case on IT, with the North American healthcare IT market forecast to hit $31.3 by 2017, up from $21.9 billion in 2012. But healthcare organizations are struggling to realize a return on their spending. The study data, however, suggests that providers may be able to make progress by looking at internal issues.

Researchers who conducted the survey, an online poll of about 170 ASQ members, said that 78% of respondents said improving workflow efficiency is the top way for healthcare organizations to improve the quality of their technology implementations. Meanwhile, 71% said that providers can strengthen their health IT use by nurturing strong leaders who champion new HIT initiatives.

Meanwhile, survey participants listed a handful of evolving health IT options which could have the most impact on patient experience and care coordination, including:

  • Incorporation of wearables, remote patient monitoring and caregiver collaboration tools (71%)
  • Leveraging smartphones, tablets and apps (69%)
  • Putting online tools in place that touch every step of patient processes like registration and payment (69%)

Despite their promise, there are a number of hurdles healthcare organizations must get over to implement new processes (such as better workflows) or new technologies. According to ASQ, these include:

  • Physician and staff resistance to change due to concerns about the impact on time and workflow, or unwillingness to learn new skills (70%)
  • High cost of rolling out IT infrastructure and services, and unproven ROI (64%)
  • Concerns that integrating complex new devices could lead to poor interfaces between multiple technologies, or that haphazard rollouts of new devices could cause patient errors (61%)

But if providers can get past these issues, there are several types of health IT that can boost ROI or cut cost, the ASQ respondents said. According to these participants, the following HIT tools can have the biggest impact:

  • Remote patient monitoring can cut down on the need for office visits, while improving patient outcomes (69%)
  • Patient engagement platforms that encourage patients to get more involved in the long-term management of their own health conditions (68%)
  • EMRs/EHRs that eliminate the need to perform some time-consuming tasks (68%)

Perhaps the most interesting part of the survey report outlined specific strategies to strengthen health IT use recommended by respondents, such as:

  • Embedding a quality expert in every department to learn use needs before deciding what IT tools to implement. This gives users a sense of investment in any changes made.
  • Improving available software with easier navigation, better organization of medical record types, more use of FTP servers for convenience, the ability to upload records to requesting facilities and a universal notification system offering updates on medical record status
  • Creating healthcare apps for professional use, such as medication calculators, med reconciliation tools and easy-to-use mobile apps which offer access to clinical pathways

Of course, most readers of this blog already know about these options, and if they’re not currently taking this advice they’re probably thinking about it. Heck, some of this should already be old hat – FTP servers? But it’s still good to be reminded that progress in boosting the value of health IT investments may be with reach. (To get some here-and-now advice on redesigning EMR workflow, check out this excellent piece by Chuck Webster – he gets it!)

One Example Of Improving Telehealth Documentation 

Posted on August 16, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Over the past year or two, the pressure has risen for providers to better document telehealth encounters, a pressure which has only mounted as the volume of such consults has grown. But until recently, telemedicine notes have been of little value, as they’ve met few of the key criteria that standard notes must meet.

The fact that such consults aren’t integrated with EMRs has made such an evolution even trickier. I guess doctors might be able to squeeze the patient’s video screen into one corner, allowing the clinician to work within the existing EMR display, but that would make both the consult and the note-taking rather inefficient, wouldn’t it?  The bottom line is that if telemedicine is to take its place alongside of other modes of care, this state of affairs is unsustainable.

For one thing, health plans that reimburse for telehealth services won’t be satisfied with vague assurances that such care made a difference – they’ll want some basis for analyzing its impact, which can’t be done without at least some basic diagnostic and care-related information. Also, providers will need similar records, for reasons which include the need to integrate the information into the patient’s larger record and to track the progress of this approach.

All of which is to note that I was happy to stumble across an example of a telemedicine provider that’s making efforts to improve its consult notes. While the provider, Doctor on Demand, hasn’t exactly reinvented the telehealth record, it’s improving those records, and to my way of thinking that deserves a shout-out.

As some readers may know, Doctor on Demand is a consumer-facing telemedicine provider which offers video visits with primary care doctors, counselors and psychiatrists. Its competitors include HealthTap and American Well. Because the company works with my health plan, United Healthcare, I’ve used its services to deal with off-hours issues as they arise.

Just today I had a video visit with a Doctor on Demand doctor to address a mild asthma care issue, after which I reviewed the physician’s notes. When I did so, I was happy to see that those notes included a ICD-10 diagnosis code. The notes also incorporated a consumer-level summary of what the diagnosed condition was, what to do about it, what its prognosis was and how to follow up. Essentially, Doctor on Demand’s notes have evolved from a sentence of two of informal suggestions to a more-structured document not unlike a set of hospital discharge instructions.

Don’t get me wrong, I’m certainly well aware that these are just baby steps. Doctor on Demand will have to move a lot further in this direction before consult documentation offers much to other providers. That being said, adding a formal diagnosis code gives the company a better means for analyzing key patterns of utilization internally by presenting condition, which can help its leaders look at whom they serve. Doctor on Demand can also use this information to pitch deals with potential partners, by sharing data on its population and underscoring its capabilities. In other words, these changes should make an impact.

Ultimately, telehealth documentation will have to meet the same expectations that other healthcare documentation does. And it’s not clear to me how freestanding telemedicine firms like Doctor on Demand will bridge that gap. After all, generating complete documentation takes far more than a few useful gestures. Even if the company threw a high-end EMR at the problem, merging it with the existing workflow is likely to be a huge undertaking. But still, making a bit of progress is worthwhile. I hope Doctor on Demand’s competitors are taking similar steps.

E-Patient Update:  Registration Can Add Value To Care 

Posted on August 15, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

For those of you who end up seeking care in hospital emergency departments now and again, the following will probably be familiar. You’re spending the precious few minutes you get with the ED doc discussing your situation, having a test done or asking a nurse some rather personal questions, and a hapless man or woman shows up and inserts themselves into the moment. Why? Because they want to collect registration information.

While these clerks are typically pleasant enough, and their errand relatively brief, their interruption has consequences. In my case, their entry into the room has sometimes caused a nurse or doctor to lose their train of thought, or an explanation in progress was never finished. As if that weren’t irritating enough, the registration clerk – at least at my local community hospital – typically asks questions I’ve already answered previously, or asks me to sign forms I could easily have reviewed at an earlier stage in the process.

Not only that, there have been at least a couple of situations in which a nurse or doctor was so distracted by the clerk’s arrival that some reasonably important issues didn’t get handled. Don’t get me wrong, the skilled team at this facility recovered and addressed these issues before they could escalate, but there’s no guarantee that this will always happen, particularly if the patient isn’t used to keeping track of their care process.

Also, given that alarm fatigue is already leading to patient care mistakes and near-misses, it seems odd that this hospital would squeeze yet another distraction into its ED routine. At least the alarms are intended to serve as clinical decision support and avoid needless errors. Collecting my street address a second time doesn’t rise to that level of importance.

Of course, hospitals need the information the clerk collects, for a variety of legal and operational reasons. I have no problem signing a form giving it permission to bill my insurer, affirming that I don’t need disability accommodations or agreeing to a facility’s “no smoking on campus” policy. And I certainly want any provider that treats me to have full and accurate insurance information, as I obviously don’t want to be billed for the care myself!  But is it really necessary to interrupt a vital care process to accomplish this?

As I see it, verifying registration information could be done much more effectively if it took place at a different point in the sequence of care – at the moment when physicians decide whether to discharge or admit that patient.  After all, if the patient is well enough to answer questions and sign forms while lying in an ED bed, they’re likely to remain so through the admissions process, and verify their financial and personal information once they’re settled (or even while they’re waiting to be transported to their bed). Meanwhile, if the patient is being discharged, they could just as easily provide signatures and personal data as they prepare to leave.

But the above would simply make registration less intrusive. What about adding real value to the process, for both the hospital and the patient? Instead of having a clerk gather this information, why not provide the patient with a tablet which presents the needed information, allowing patients to enter or edit their personal details at leisure.

Then, as they digitally sign off on registration, it would be a great time to ask the patient a few details which help the facility understand the patient’s need for support and care coordination. Why not find out, before the patient is discharged, whether they have a primary care doctor or relevant specialist, whether they can afford their medications, whether they can get to post-discharge visits and the like? This improves results for the patient and ties in with a value-based focus on continuity of care.

These days, it’s not enough just to eliminate pointless workflow disruptions. Let’s leverage the amazing consumer IT platforms we have to make things better!

If MACRA Fails, It Will Be a Failure of IT, Not Doctors or Regulators

Posted on August 8, 2016 I Written By

The following is a guest blog by Steve Daniels, president of Able Health.

There has been a whole lot of mudslinging over the last month between regulators and healthcare providers over MACRA, which shifts Medicare payments further toward pay-for-performance starting January 1. On the one hand, CMS Acting Administrator Andy Slavitt is clear that CMS is ready for change. “We need to get out of the mode of paying physicians just to run tests and prescribe medicines,” he told a Senate Finance Committee hearing. Meanwhile, Dr. Thomas Eppes of the American Medical Association has called MACRA a “quantum shift” and pushed for a delay.

Yes, the Medicare Quality Payment Program instituted by MACRA should—and will—evolve based on comments made on the proposed rule. But the reality is the program provides enormous opportunity for providers to increase bonus payments, while streamlining reporting requirements across a patchwork of outdated and duplicative programs. And it’s worth noting that the potential penalties under the Merit-Based Incentive Payment System (MIPS) over the next four years are actually lower than the sum of the penalties of the programs it is replacing.

To meet MACRA goals, it will take a well-prepared team of providers and administrators—empowered by data and well-designed tools. Doctors can’t be solely responsible for achieving patient outcomes, reducing costs and documenting it all for CMS as they go. Unfortunately, the history of health IT has not been kind—or affordable—to doctors. And today, the health IT stack has a new challenge—keeping pace with the proliferation of value-based programs, from accessing data all the way through enabling new clinical practice.

We must move from a mindset of meeting Meaningful Use checkboxes toward supporting a more effective way of operating. And in the modern world of software-as-as-service, there’s no good reason left that IT needs to cost providers millions of dollars. We can do better. As things stand, if MACRA fails, it will be a failure of IT, not doctors or regulators.

Gathering all the data

For value-based care to work, patient data needs to be made available for providers to coordinate with each other, as well as to payers, to properly evaluate performance based on all known information. Those still blocking or jacking up prices for data access are complicit in obstructing the vision of a learning value-based system.

It is time to remove technical barriers through modern and open data standards like FHIR, as well as rules and unreasonable fees that prevent parties from accessing data when they need it. Thankfully, the Advancing Care Information performance category will reflect the emphasis on information exchange set forth in Meaningful Use Stage 3.

Calculating performance flexibly

The new era of performance-based pay requires continuous monitoring of quality and cost, with the ability to track progress across multiple programs on an ongoing basis. To measure quality today, we often use static algorithms hard-coded by EHRs vendors and health system IT departments, conforming to standards set by NCQA or CMS.

But providers need tools that are tailored not just to one or two programs like Meaningful Use and PQRS, but across the organization’s full range of value-based programs as these program continue to expand, evolve, and proliferate. With efforts to standardize IT for quality measures stalling, vendors need to focus less on one-size-fits-all quality measure calculations and more on flexible systems that enable measures to be rapidly constructed and customized to move with the trends. Expect change to be the norm.

Informing new behaviors

With so many health IT professionals focused on gathering and reporting data, it is not surprising that design has taken a back seat so far. But this year, not a single population health vendor earned an “A” rating from Chilmark, due to poor user engagement and clinical workflow. This is no longer acceptable. The challenge of enabling the new clinical and administrative behaviors associated with value-based care is too vast. User experience must be top of mind for any IT implementation, with representative users involved from the start. We have seen the impact of poor user experience in the fee-for-service system, from frustrated clinicians to alarming patient safety issues.

Design is even more important when the challenge is not just documenting billing codes but also achieving health outcomes for patients across a care team. Don’t bombard clinicians with notifications and force clumsy form-filling. Instead, employ best practices from cognitive psychology to inform professionals with lightweight and intelligent touchpoints. Automate documentation and interpretation of data wherever possible.

A new era of health IT

Whether or not it’s delayed, the Quality Payment Program is coming. And the healthcare industry is moving inexorably toward value-based care. Will health IT step up to the challenge of building toward a value-based future that is accessible to all providers? Or will we sit back and wait for the next list of requirements?

About Steve Daniels
Steve Daniels is the President of Able Health, which helps providers succeed under MACRA and value-based programs. Formerly the design lead for IBM Watson for healthcare and a lifelong patient advocate, he is passionate about the role of open data exchange and intuitive experience design in fostering a continuously improving healthcare system. Find him on Twitter and LinkedIn.

ONC Announces Winners Of FHIR App Challenge

Posted on August 3, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The ONC has announced the first wave of winners of two app challenges, both of which called for competitors to use FHIR standards and open APIs.

As I’ve noted previously, I’m skeptical that market forces can solve our industry’s broad interoperability problems, even if they’re supported and channeled by a neutral intermediary like ONC. But there’s little doubt that FHIR has the potential to provide some of the benefits of interoperability, as we’ll see below.

Winners of Phase 1 of the agency’s Consumer Health Data Aggregator Challenge, each of whom will receive a $15,000 award, included the following:

  • Green Circle Health’s platform is designed to provide a comprehensive family health dashboard covering the Common Clinical Data Set, using FHIR to transfer patient information. This app will also integrate patient-generated health data from connected devices such as wearables and sensors.
  • The Prevvy Family Health Assistant by HealthCentrix offers tools for managing a family’s health and wellness, as well as targeted data exchange. Prevvy uses both FHIR and Direct messaging with EMRs certified for Meaningful Use Stage 2.
  • Medyear’s mobile app uses FHIR to merge patient records from multiple sources, making them accessible through a single interface. It displays real-time EMR updates via a social media-style feed, as well as functions intended to make it simple to message or call clinicians.
  • The Locket app by MetroStar Systems pulls patient data from different EMRs together onto a single mobile device. Other Locket capabilities include paper-free check in and appointment scheduling and reminders.

ONC also announced winners of the Provider User Experience Challenge, each of whom will also get a $15,000 award. This part of the contest was dedicated to promoting the use of FHIR as well, but participants were asked to show how they could enhance providers’ EMR experience, specifically by making clinical workflows more intuitive, specific to clinical specialty and actionable, by making data accessible to apps through APIs. Winners include the following:

  • The Herald platform by Herald Health uses FHIR to highlight patient information most needed by clinicians. By integrating FHIT, Herald will offer alerts based on real-time EMR data.
  • PHRASE (Population Health Risk Assessment Support Engine) Health is creating a clinical decision support platform designed to better manage emerging illnesses, integrating more external data sources into the process of identifying at-risk patients and enabling the two-way exchange of information between providers and public health entities.
  • A partnership between the University of Utah Health Care, Intermountain Healthcare and Duke Health System is providing clinical decision support for timely diagnosis and management of newborn bilirubin according to evidence-based practice. The partners will integrate the app across each member’s EMR.
  • WellSheet has created a web application using machine learning and natural language processing to prioritize important information during a patient visit. Its algorithm simplifies workflows incorporating multiple data sources, including those enabled by FHIR. It then presents information in a single screen.

As I see it, the two contests don’t necessarily need to be run on separate tracks. After all, providers need aggregate data and consumers need prioritized, easy-to-navigate platforms. But either way, this effort seems to have been productive. I’m eager to see the winners of the next phase.

E-Patient Update: Is It Appropriate to Trash “Dr. Google”?

Posted on August 1, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Apparently, a lot of professionals have gotten a bit defensive about working with Google-using customers. In fact, when I searched Google recently for the phrase “Don’t confuse your Google search with my” it returned results that finished the phrase with “law degree,” “veterinary degree,” “nursing degree” and even “library degree.” And as you might guess, it also included “medical degree” among its list of professions with a Google grudge.

I first ran across this anti-Dr.-Google sentiment about a year ago, when a physician posted a picture of a coffee mug bearing this slogan on LinkedIn. He defended having the mug on his desk as a joke. But honestly, doc, I don’t think it’s funny. Let me explain.

First, I want to concede a couple of points. Yes, humor means different things to different people, and a joke doesn’t necessarily define a doctor’s character. And to be as fair as possible, I’m sure there are patients who use Web-based materials as an excuse to second-guess medical judgment in ways which are counterproductive and even inappropriate. Knowledge is a good thing, but not everyone has good knowledge filters in place.

That being said, I have, hmmm, perhaps a few questions for clinicians who are amused by this “joke,” including:

  • Wouldn’t people’s health improve if they considered themselves responsible for learning as much as possible about health trends, wellness and/or any conditions they might have?
  • Don’t we want patients to be as engaged as possible when they are talking with their doctors (as well as other clinicians)? And doesn’t that mean being informed about key issues?
  • Does this slogan suggest that patients shouldn’t challenge physicians to explain discrepancies between what they read and what they’re being told?
  • Does this attitude bleed over to a dislike of all consumer-generated health data, even if it’s being generated by an FDA-approved device? If so, have you got a nuanced understanding of these technologies and a well-informed opinion on their merits?

Please understand, I am in no way anti-doctor. The truth is, I trust, admire and rely upon the clinicians who keep my chronic illnesses at bay. I have a sense of the pressures they confront, and have immense respect for their dedication and empathy.

That being said, I need clinicians to collaborate with me and help me learn what I need to know, not discourage and mock my efforts. And I need them to be open to the benefits of new technologies – be they the web-based medical content that didn’t exist when you were in med school, remote monitoring, wearables, sensor-laden t-shirts, mobile apps, artificial intelligence or flying cars.

So, I hope you understand now why I’m offended by that coffee mug. If a doctor dislikes something so elementary as a desire to learn, I doubt we’ll get along.

A List Of Must-Have EMR Features

Posted on July 28, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

When a doctor tells you what features they believe need to be in an EMR, it’s worth a listen. And when that doctor has personally managed the ongoing development of their own EMR, I find their ideas to be even more interesting.

Such informed recommendations are just what Hayward Zwerling, MD, has to offer. Zwerling is a practicing physician, and also the creator of the ComChart ambulatory EMR, which he launched in 1990 and kept on the market until 2015. Zwerling recently published a list of features which, he argues, should be in virtually every EMR. Below, here’s a sampling of his suggestions:

Lab features:

  • Provide a button displaying all abnormal lab results, and make the resulting list sortable by test name, test date or any other available parameter.
  • Allow the physician to display any subset of the patient’s lab results, and offer an option to omit individual results and resort the displayed data. Also, allow doctors to export the data in cvs or Excel format.
  • Permit doctors to create lab test charts on the fly, including any combination of tests from the patient’s existing lab work. In addition, make it possible to incorporate this chart into a Progress Note approved up to chart for the patient.
  • Make it easy for the doctor to create an association between incoming test results and specific medicines. (For example, if a cholesterol test result appears, include the name of any statin the patient currently takes.) And make it possible to create lab charts which include concurrent medication information, with just one click.
  • Clearly display who ordered a test and to whom a copy of the test was distributed.

Progress Notes:

  • Allow physicians to create test result charts from within the Progress Notes section.
  • Permit physicians to add selected free text from the Progress Notes to the problem list, medicine list, allergy list, family history or old problem list by highlighting the data and clicking a single button.
  • Create a free text field on the Progress Note layout allowing doctors to enter information that is not an official part of the patient’s chart. For example, the clinician might write a note such as “Daughter wants issue of her mother’s depression to be discussed at the mother’s next visit, and daughter does not want to be identified.”
  • Allow doctors to search free text Progress Notes for a word or phrase. Also, make it possible to search some or all of the entire EMR’s free text Progress Notes in this matter.

Zwerling goes on at much greater length in his post on The Health Care Blog, so much so that his suggestions spill over into a separate blog entry. But this subset of suggestions make the point on their own. He clearly believes — quite reasonably — that doctors should have access to simple, easy-to-understand tools when they use EMRs, and that there should be no need to refer to a manual or attend training classes.

He sums it up thusly: “The feature should be presented to the user in a manner which make it intuitively obvious how to utilize the feature.” Really, don’t we all agree with him? And if so, why are so few EMRs organized this way?

E-Patient Update:  When EMRs Didn’t Matter, But Should Have

Posted on July 27, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The other day I went to an urgent care clinic, suffering from a problem which needed attention promptly. This clinic is part of the local integrated health system’s network, where I’ve been seen for nearly 20 years. This system uses Epic everywhere in its network to coordinate care.

I admittedly arrived rather late and close to when the clinic was going to close. But I truly didn’t want to make a wasteful visit to the ED, so I pressed on and presented myself to the receptionist. And sadly, that’s where things got a bit hairy.

The receptionist said: “We’ve already got five patients to see so we can’t see anyone else.” Uncomfortable as I was, I fought back with what seemed like logic to me: “I need help and a hospital would be a waste. Could someone please check my medical records? The doctors will understand what I need and why it’s urgent.”

The receptionist got the nurse, who said “I’m sorry, but we aren’t seeing any more patients today.” I asked, “But what about the acuity of a given case, such as mine for example? Can’t you prioritize me? It’s all in my medical records and I know you’re online with Epic!”  She shook her head at me and walked away.

I sat in reception for a while, too irritated to walk out and too uncomfortable to let go of the issue. Man, it was no fun, and I called those folks some not-nice things in my mind – but more than anything else, wondered why they wouldn’t look at data on a well-documented patient like me for even a moment.

About 20 minutes before the place officially closed for the night, a nurse practitioner I know (let’s call him Ed) walked out into the waiting room and asked me what I needed. I explained in just a few words what I was after. Ed, who had reviewed my record, knew what I needed, knew why it was important and made it happen within five minutes. Officially, he wasn’t supposed to do that, but he felt comfortable helping because he was well-informed.

Truthfully, I realize this story is relatively trivial, but as I see it, it brings an important issue to the fore. And the issue is that even when seeing chronically-ill patients such as myself, whose comings and goings are well documented, providers can’t or won’t do much to exploit that data.

You hear a lot of talk about big data and analytics, and how they’ll change healthcare or even the world as we know it. But what about finding ways to better use “small data” produced by a single patient? It seems to me that clinicians don’t have the right tools to take advantage of a single patient’s history, or find it too difficult to do so. Either way, though, something must be done.

I know from personal experience that if clinicians don’t know my history, they can’t treat me efficiently and may drive up costs by letting me get sicker. And we need more Eds out there making the save. So let’s make the chart do a better job of mining patient’s data. Otherwise, having an EMR hardly matters.

Attackers Try To Sell 600K Patient Records

Posted on July 22, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

New research has concluded that attackers recently infiltrated U.S. healthcare institutions and stole at least 600,000 patient records, then attempted to sell more than 3 TB of associated data. The attacks, which were discovered by security firm InfoArmor, targeted not only hospitals, but also private clinics and vendors of medical equipment and supplies such as orthopedics, eWeek reports.

According to InfoArmor, the attacker gained access to the patient data by exploiting weak user credentials, and hacked Remote Desktop Protocol connections on some servers with static external IP addresses. The data thief also used a local privilege escalation exploit to access system files for added patching and backdooring, InfoArmor chief intelligence officer Andrew Komarov told eWeek.

And sadly, some healthcare institutions made it pretty easy for intruders. In some cases, data thieves were able to exfiltrate data stored in Microsoft Access desktop databases without any special user access segregation or rights control in place, Komarov told the magazine.

Future exploits may emerge through medical device connections, as many institutions aren’t paying enough attention to device security, he warns.”[Providers] think that the medical device is just a device for their specific function and sometimes they don’t [have] knowledge of misconfigured devices in their networks,” Komarov said.

So what will become of the data?  Many things, and none of them good. Some cyber criminals will sell Social Security numbers and other scammers will use to sell fraudulent healthcare services,. Cyber-grifters who steal a patient’s history of illness and their biography can use them to take advantage of consumers, he pointed out. And to sharpen their con, such criminals can even buy select data focused on geographic regions, Komarov noted in a follow-up chat with me.

To address exploits engineered by remote access sessions, one consulting firm is pitching technology allowing administrators to go over remote sessions with a fine-toothed comb.

Balazs Scheidler, CTO of security vendor BalaBit, notes that while remote access to internal IT resources is common, using protocols such as Microsoft Remote Desktop or Citrix ICA, IT managers don’t always have enough visibility into who’s accessing systems, when they are logging in and from where systems are being accessed. BalaBit is pitching a system which offers “CCTV-like” recording of user sessions, including screen contents, mouse movements, clicks and keystrokes.

But the truth is, regardless of what approach providers take, they simply have to step up security measures across the board. If attackers can access your data through a vulnerable Microsoft Access database, clearly something is out of order. And in fact many cases, it’s just that easy for attackers to get into your network.