Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

#HIMSS16 Mix Tape

Posted on February 5, 2016 I Written By

Colin Hung is the co-founder of the #hcldr (healthcare leadership) tweetchat one of the most popular and active healthcare social media communities on Twitter. Colin is a true believer in #HealthIT, social media and empowered patients. Colin speaks, tweets and blogs regularly about healthcare, technology, marketing and leadership. He currently leads the marketing efforts for @PatientPrompt, a Stericycle product. Colin’s Twitter handle is: @Colin_Hung

On February 29th the #HealthIT community will descend on Las Vegas for the annual HIMSS conference and exhibition.

One of the best parts about attending HIMSS is getting the chance to meet people in real life who I interact with through social media. There is nothing quite like meeting someone face to face for the first time yet feeling like you already know them. I think hugging and fist bumps are the official greetings at HIMSS. It’s an absolute blast to be able to share stories and laughs with likes of Mandi Bishop, John Lynn , Rasu Shrestha and Wen Dombrowski.

With an expected attendance of 45,000 this year, I’m hoping to meet even more people than ever before at the various HIMSS gatherings.

Last year, ahead of HIMSS15, I decided to do a fun blog post. I asked some friends to send me a song they thought reflected what was happening in #HealthIT at the time. I compiled everyone’s selections along with the reasons behind their choice. I called it the HIMSS15 Mix Tape. The response was amazing. I had so many people DM me and stop me at the conference to give me their song choice. Even John Lynn blogged about it.

This year, I asked an even larger number of friends to contribute a song. So without further rambling, here is the #HIMSS16 Mix Tape. Enjoy!

HIMSS16 Mix Tape

Night on Bald Mountain – Disney’s Fantasia. Chosen by Regina Holliday @ReginaHolliday. “Disney. Because although morning will come, we now walk among the terrors.”

Confident – Demi Levato. Chosen by Mandi Bishop @MandiBPro. “For a couple reasons: 1) it’s beyond time #HealthITChicks / #WomenInHIT got equal recognition and pay for their contributions to the field, and I’m seeing an increasing strength of voice supporting those efforts, 2) patients have had enough of their attempts to engage being discounted by clinicians and other caregivers, and we are all demanding respect and inclusion at the table of our healthcare decisions.”

Stronger – Kelly Clarkson. Chosen by John Lynn @techguy. “This should be the anthem of those of us in healthcare IT.  First, do no harm, but don’t be afraid to take some risks and make mistakes.  Not taking some risks is killing more people than doing something and sometimes making mistakes.  Healthcare will be stronger for the mistakes we make.”

Runnin’ Down A Dream –  Tom Petty & the Heartbreakers. Chosen by Melody Smith Jones @melsmithjones. “I got into this industry because my grandmother died of cancer in rural USA in 2003. I’ve been running down the dream of care everywhere ever since. I believe 2016 will bring us the most growth in Connected Health that we have seen to date.”

Talk to Me – Stevie Nicks. Chosen by David Harlow @healthblawg. “The chorus includes the line: “You can talk to me/You can set your secrets free, baby” which can be read as a coded message to legacy systems … One of the verses goes: “Our voices stray from the common ground where they/Could meet/The walls run high/ … / Oh, let the walls burn down, set your secrets free” — a prescient call to interoperability, to communication, to enabling broader collaboration across provider, payor and health care information technology silos. We’re almost there, Stevie.”

Heroes – David Bowie. Chosen by Nick van Terheyden @drnic1. “Because I love that track and was sad to see David Bowie leave this universe. But also: We need to be heroes for Healthcare and I hope Healthcare Technology can beat the madness of our system and Ch-ch-ch-ch-change the world:

A million dead-end streets / And every time I thought I’d got it made / It seemed the taste was not so sweet…… / We can be Heroes, just for one day / We can beat them, for ever and ever … ICYMI – I blended the lyrics from David Bowie’s Changes with Heroes”

Another Brick in the Wall – Pink Floyd. Chosen by Rasu Shrestha @RasuShrestha. “In memory of Meaningful Use ‘All in all it was just a brick in the wall…’ “

Numb – Linkin Park. Chosen by me @Colin_Hung. I think many physicians, nurses, administrators and patients are numb from all the competing priorities this past year and from the years of chasing Meaningful User dollars. I think this verse sums it up:

I’m tired of being what you want me to be / Feeling so faithless, lost under the surface / Don’t know what you’re expecting of me / Put under the pressure of walking in your shoes / (Caught in the undertow, just caught in the undertow) / Every step that I take is another mistake to you

Fire – Jimi Hendrix. Chosen by Chad Johnson @OchoTex. “The reason is simple: HL7 FHIR continues to dominate the headlines and discussions around health data interoperability, and rightfully so. FHIR will bring exciting changes to interoperability.”

Taking Care of Business – Bachman-Turner Overdrive. Chosen by Charles Webster @wareFLO. “Taking care of business in healthcare means getting sh*%$t done. Effectively and efficiently accomplishing goals is only possible with great…wait for it…WORKFLOW”

I Want It All – Queen. Chosen by Joe Lavelle @Resultant. “Because we want it all – Interoperability, “our damn data”, #mhealth, Patient Engagement, Population Health, Telemedicine. etc.”

Robot Rock – Daft Punk. Chosen by AJ Montpetit @ajmontpetit. “We’re heading to the integration of AI into healthcare to create a streamlined experience, and assist in comprehension of all the multiple factors that each patient has individually.”

Upgrade U – Beyoncé. Chosen by Cari McLean @carimclean. “I’ll go with a song that not only always makes me dance but one that reflects a growing happening in healthcare. I chose this song because the EHR replacement market is growing as the rip and replace trend continues and health information exchange is prioritized.”

Give Me Novacaine – Green Day. Chosen by Linda Stotsky @EMRAnswers. “LOL- because providers are in PAIN!!! They need something to soften the blows”

Changes – David Bowie. Chosen by Brad Justus @BradJustus. “A classic from a classic and something that is a constant in #HealthIT”

Fight Song – Rachel Platten. Chosen by Jennifer Dennard @JennDennard. “I think it encapsulates the #healthITchicks ethos – not to mention patient advocates’ – quite well :)”

 What Do You Mean – Justin Bieber. Chosen by Sarah Bennight @sarahbennight. “For SO many reasons. What do you mean MU is going away? What do you mean you need me to fill out ANOTHER demographic profile, what do you mean you don’t have my allergies? What do you mean by interoperable? I could go on all day, but we all have real jobs to do….like to figure out this healthcare IT thing :) Plus in the Justin B song…you hear a clock…do you ever feel like Health IT is running out of time? I don’t agree with JB on ANYTHING, but I agree we are running out of time.”

Shape of Things – David Bowie. Chosen by Pat Rich @pat_health. “In my mind this song evokes the futuristic world of health IT in a steampunk/sci-fi sort of way”

Hello – Adele. Chosen by Bill Bunting @WTBunting. “Because there is an emerging side of healthcare that’s trying to break free and be heard (i.e. adoption), and no one is answering the call to do so”

Under Pressure – Queen & David Bowie. Chosen by Joy Rios @askjoyrios. “There is so much pressure to get through these health IT initiatives unscathed and there’s so much at risk if they get it wrong.  I see providers across the country dealing with so much change, when they mostly just want to focus on their practice. Unfortunately, the changes are not letting up. I feel like the healthcare system is right in the middle of its metamorphosis… not a caterpillar anymore, but by no means a butterfly!”

Please Please Me – The Beatles. Chosen by Jim Tate @jimtate. “Providers want better EHRs”

New New Minglewood Blues – The Grateful Dead. Chosen by Brian Ahier @ahier. “Because I was inspired by this @healthblawg post ‘The New New Meaningful Use’ “

EHR State of Mind – ZDoggMDChosen by Andy DeLaO @CancerGeek. “Does it really need an explanation? J”

Dha Tete – Pandit Shyamal Bose. Chosen by Wen Dombrowski @HealthcareWen. “Some reasons I like this song:

  • Focus, Mindfulness
  • Flow states
  • Collaboration, Staying in Sync with each other (it is actually 2 people duet)
  • Speed, Moving fast
  • Precision, deciveness
  • Artistry, Beauty”

You Can Get It If You Really Want – Jimmy Cliff. Chosen by Steve Sisko @ShimCode. “I believe true, widespread interoperability is not that far away. The technology, standards (FHIR, OpenNotes), and group consensus (outfits like CommonWell, The Sequoia Project) are finally coming together.

You can get it if you really want / But you must try, try and try, try and try / You’ll succeed at last

Do you have a song you think reflects #HealthIT or healthcare at the moment? Add it to the comments below!

[Update: Here is a link to a Spotify playlist of the entire #HIMSS16 Mix Tape https://open.spotify.com/user/12163763158/playlist/7mO6DlpVa4MoJ7roW0bqiG or if you like videos, here is a YouTube playlist https://www.youtube.com/playlist?list=PLOxadHqniaPTYUUY5cMSmW14VZQpngUOU]

Making Precision Medicine a Reality with Dr. Delaney, SAP & Curtis Dudley, VP at Mercy

Posted on February 4, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

UPDATE: In case you missed the live interview, you can watch the interview on YouTube below:

You can also watch the “after party” where Shahid Shah joins us and extends the discussion we started:

Making Precision Medicine a Reality-blog

Ever since President Obama announced the precision medicine initiative, it’s become a hot topic in every healthcare organization. While it’s great to talk theoretically about what’s happening with precision medicine, I’m always more interested with what’s actually happening to make medicine more precise. That’s why I’m excited to sit down with a great panel of experts that are actually working in the trenches where precision medicine is being implemented.

On Monday, February 8, 2016 at 2 PM ET (11 AM PT) I’ll be hosting a live video interview with Curtis Dudley from Mercy and Dr. David Delaney from SAP where we’re going to dive into the work Curtis Dudley and his team are doing at Mercy around perioperative services analytics that improved quality outcomes and reduced delivery costs.

The great part is that you can join my live conversation with this panel of experts and even add your own comments to the discussion or ask them questions. All you need to do to watch live is visit this blog post on Monday, February 8, 2016 at 2 PM ET (11 AM PT) and watch the video embed at the bottom of the post or you can subscribe to the blab directly. We’ll be doing a more formal interview for the first 30 minutes and then open up the Blab to others who want to add to the conversation or ask us questions. The conversation will be recorded as well and available on this post after the interview.

Here are a few more details about our panelists:

If you can’t join our live video discussion or want to learn more, check out Mercy’s session at HIMSS16 called “HANA as the Key to Advanced Analytics for Population Health and Operational Performance” on March 1, 2016 at 11:00 a.m. at SAP Booth #5828.

If you’d like to see the archives of Healthcare Scene’s past interviews, you can find and subscribe to all of Healthcare Scene’s interviews on YouTube.

To Improve Health Data Security, Get Your Staff On Board

Posted on February 2, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As most readers know, last year was a pretty lousy one for healthcare data security. For one thing, there was the spectacular attack on health insurer Anthem Inc., which exposed personal information on nearly 80 million people. But that was just the headline event. During 2015, the HHS Office for Civil Rights logged more than 100 breaches affecting 500 or more individuals, including four of the five largest breaches in its database.

But will this year be better? Sadly, as things currently stand, I think the best guess is “no.” When you combine the increased awareness among hackers of health data’s value with the modest amounts many healthcare organizations spend on security, it seems like the problem will actually get worse.

Of course, HIT leaders aren’t just sitting on their hands. According to a HIMSS estimate, hospitals and medical practices will spend about $1 billion on cybersecurity this year. And recent HIMSS survey of healthcare executives found that information security had become a top business priority for 90% of respondents.

But it will take more than a round of new technical investments to truly shore up healthcare security. I’d argue that until the culture around healthcare security changes — and executives outside of the IT department take these threats seriously — it’ll be tough for the industry to make any real security progress.

In my opinion, the changes should include following:

  • Boost security education:  While your staff may have had the best HIPAA training possible, that doesn’t mean they’re prepared for growing threat cyber-strikes pose. They need to know that these days, the data they’re protecting might as well be money itself, and they the bankers who must keep an eye on the vault. Health leaders must make them understand the threat on a visceral level.
  • Make it easy to report security threats: While readers of this publication may be highly IT-savvy, most workers aren’t. If you haven’t done so already, create a hotline to report security concerns (anonymously if callers wish), staffed by someone who will listen patiently to non-techies struggling to explain their misgivings. If you wait for people who are threatened by Windows to call the scary IT department, you’ll miss many legit security questions, especially if the staffer isn’t confident that anything is wrong.
  • Reward non-IT staffers for showing security awareness: Not only should organizations encourage staffers to report possible security issues — even if it’s a matter of something “just not feeling right” — they should acknowledge it when staffers make a good catch, perhaps with a gift card or maybe just a certificate. It’s pretty straightforward: reward behavior and you’ll get more of it.
  • Use security reports to refine staff training: Certainly, the HIT department may benefit from alerts passed on by the rest of the staff. But the feedback this process produces can be put to broader use.  Once a quarter or so, if not more often, analyze the security issues staffers are bringing to light. Then, have brown bag lunches or other types of training meetings in which you educate staffers on issues that have turned up regularly in their reports. This benefits everyone involved.

Of course, I’m not suggesting that security awareness among non-techies is sufficient to prevent data breaches. But I do believe that healthcare organizations could prevent many a breach by taking advantage of their staff’s instincts and observational skills.

Wearable Health Trackers Could Pose Security Risks

Posted on February 1, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Last October, security researchers made waves when they unveiled what they described as a 10-second hack of a Fitbeat wearable health tracker. At the Hack.Lu 2015 conference, Fortinet security researcher Axelle Apvrille laid out a method for hacking the wearable through its Bluetooth radio. Apparently, Aprville was able to infect the Fitbit Flex from as much as 15 feet away, manipulate data on the tracker, and use the Flex to distribute his code to a computer.

Fitbit, for its part, denied that its devices can serve as vehicles for infecting users with malware. And Aprville himself admitted publicly that his demonstration was more theoretical than practical. In a tweet following the conference, he noted that he had not demonstrated a way to execute malicious code on the victim’s host.

But the incident does bring attention to a very serious issue. While consumers are picking up health trackers at a breathless pace, relatively little attention has been paid to whether the data on these devices is secure. Perhaps even more importantly, too few experts are seeking ways to prevent these devices can be turned into a jumping-off point for malware. After all, like any other lightly-guarded Internet of Things device, a wearable tracker could ultimately allow an attacker to access enterprise healthcare networks, and possibly even sensitive PHI or financial data.

It’s not as though we aren’t aware that connected healthcare devices are rich hunting grounds. For example, security groups are beginning to focus on securing networked medical devices such as blood gas analyzers and wireless infusion pumps, as it’s becoming clear that they might be accessible to data thieves or other malicious intruders. But perhaps because wearable trackers are effectively “healthcare lite,” used almost exclusively by consumers, the threat they could pose to healthcare organizations over time hasn’t generated a lot of heat.

But health tracker security strategies deserve a closer look. Here’s some sample suggestions on how to secure health and fitness devices from Milan Patel, IoT Security Program Director at IBM:

  • Device design: Health tracker manufacturers should establish a secure hardware and software development process, including source code analysis to pinpoint code vulnerabilities and security testing to find runtime vulnerabilities. Use trusted manufacturers who secure components, and a trusted supply chain. Also, deliver secure firmware/software updates and audit them.
  • Device deployment:  Be sure to use strong encryption to protect privacy and integrity of data on the device, during transmission from device to the cloud and on the cloud. To further control device data, give consumers the ability to set up user and usage privileges for their data, and an option to anonymize the data.Secure all communication channels to protect against data change, corruption or observation.
  • Manage security:  Include trackers in the set of technology being monitored, and set alerts for intrusion. Audit logging is desirable for the devices, as well as the network connections and the cloud. The tracker should ideally be engineered to include a fail-safe operation — dropping the system down to incapability, safely — to protect against attacks.

This may sound like a great deal of effort to expend on these relatively unsophisticated devices. And at present, it just may be overkill. But it’s worth preparing for a world in which health trackers are increasingly capable and connected, and increasingly attractive to the attackers who want your data.

NIST Goes After Infusion Pump Security Vulnerabilities

Posted on January 28, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As useful as networked medical devices are, it’s become increasingly apparent that they pose major security risks.  Not only could intruders manipulate networked devices in ways that could harm patients, they could use them as a gateway to sensitive patient health information and financial data.

To make a start at taming this issue, the National Institute of Standards and Technology has kicked off a project focused on boosting the security of wireless infusion pumps (Side Note: I wonder if this is in response to Blackberry’s live hack of an infusion pump). In an effort to be sure researchers understand the hospital environment and how the pumps are deployed, NIST’s National Cybersecurity Center of Excellence (NCCoE) plans to work with vendors in this space. The NCCoE will also collaborate on the effort with the Technological Leadership Institute at the University of Minnesota.

NCCoE researchers will examine the full lifecycle of wireless infusion pumps in hospitals, including purchase, onboarding of the asset, training for use, configuration, use, maintenance, decontamination and decommissioning of the pumps. This makes a great deal of sense. After all, points of network connection are becoming so decentralized that every touchpoint is suspect.

The team will also look at what types of infrastructure interconnect with the pumps, including the pump server, alarm manager, electronic medication administration record system, point of care medication, pharmacy system, CPOE system, drug library, wireless networks and even the hospital’s biomedical engineering department. (It’s sobering to consider the length of this list, but necessary. After all, more or less any of them could conceivably be vulnerable if a pump is compromised.)

Wisely, the researchers also plan to look at the way a wide range of people engage with the pumps, including patients, healthcare professionals, pharmacists, pump vendor engineers, biomedical engineers, IT network risk managers, IT security engineers, IT network engineers, central supply workers and patient visitors — as well as hackers. This data should provide useful workflow information that can be used even beyond cybersecurity fixes.

While the NCCoE and University of Minnesota teams may expand the list of security challenges as they go forward, they’re starting with looking at access codes, wireless access point/wireless network configuration, alarms, asset management and monitoring, authentication and credentialing, maintenance and updates, pump variability, use and emergency use.

Over time, NIST and the U of M will work with vendors to create a lab environment where collaborators can identify, evaluate and test security tools and controls for the pumps. Ultimately, the project’s goal is to create a multi-part practice guide which will help providers evaluate how secure their own wireless infusion pumps are. The guide should be available late this year.

In the mean time, if you want to take a broader look at how secure your facility’s networked medical devices are, you might want to take a look at the FDA’s guidance on the subject, “Cybersecurity for Networked Medical Devices Containing Off-the-Shelf Software.” The guidance doc, which was issued last summer, is aimed at device vendors, but the agency also offers a companion document offering information on the topic for healthcare organizations.

If this topic interests you, you may also want to watch this video interview talking about medical device security with Tony Giandomenico, a security expert at Fortinet.

Security Concerns Threaten Mobile Health App Deployment

Posted on January 26, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Healthcare organizations won’t get much out of deploying mobile apps if consumers won’t use them. And if consumers are afraid that their personal data will be stolen, they’ve got a reason not to use your apps. So the fact that both consumers and HIT execs are having what I’d deem a crisis of confidence over mHealth app security isn’t a good sign for the current crop of mobile health initiatives.

According to a new study by security vendor Arxan, which polled 815 consumers and 268 IT decision-makers, more than half of consumer respondents who use mobile health apps expect their health apps to be hacked in the next six months.

These concerns could have serious implications for healthcare organizations, as 76% of health app users surveyed said they would change providers if they became aware that the provider’s apps weren’t secure. And perhaps even more significantly, 80% of consumer health app users told Arxan that they’d switch to other providers if they found out that the apps that alternate provider offered were better secured. In other words, consumer perceptions of a provider’s health app security aren’t just abstract fears — they’re actually starting to impact patients’ health decision making.

Perhaps you’re telling yourself that your own apps aren’t terribly exposed. But don’t be so sure. When Arxan tested a batch of 71 popular mobile health apps for security vulnerabilities, 86% were shown to have a minimum of two OWASP Mobile Top 10 Risks. The researchers found that vulnerable apps could be tampered with and reverse-engineered, as well as compromised to provide sensitive health information. Easily-done hacks could also force critical health apps to malfunction, Arxan researchers concluded.

The following data also concerned me. Of the apps tested, 19 had been approved by the FDA and 15 by the UK National Health Service. And at least where the FDA is concerned, my assumption would be that FDA-tested apps were more secure than non-approved ones. But Arxan’s research team found that both FDA and National Health Service-blessed apps were among the most vulnerable of all the apps studied.

In truth, I’m not incredibly surprised that health IT leaders have some work to do in securing mobile health apps. After all, mobile health app security is evolving, as the form and function of mHealth apps evolve. In particular, as I’ve noted elsewhere, mobile health apps are becoming more tightly integrated with enterprise infrastructure, which takes the need for thoughtful security precautions to a new level.

But guidelines for mobile health security are emerging. For example, in the summer of last year, the National Institute of Standards and Technology released a draft of its mobile health cybersecurity guidance, “Securing Electronic Records on Mobile Devices” — complete with detailed architecture. Also, I’d wager that more mHealth standards should emerge this year too.

In the mean time, it’s worth remembering that patients are paying close attention to health apps security, and that they’re unlikely to give your organization a pass if they’re hacked. While security has always been a high-stakes issue, the stakes have gotten even higher.

What’s Happening at MEDITECH w/ Helen Waters, VP @MEDITECH

Posted on January 25, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

UPDATE: Here’s the video recording of my interview with Helen Waters from MEDITECH

MEDITECH - Helen Waters

Many in the large hospital EHR space have argued that it’s a two horse race between Cerner and Epic. However, many forget how many users MEDITEH still has using its healthcare IT products. Not to mention MEDITECH was originally founded in 1969 and has a rich history working in the space. On Friday, January 29, 2016 at 1 PM ET (10 AM PT), I’ll be sitting down with Helen Waters, VP at MEDITECH to talk about the what’s happening with MEDITECH and where MEDITECH fits into the healthcare IT ecosystem.

You can join my live conversation with Helen Waters and even add your own comments to the discussion or ask Helen questions. All you need to do to watch live is visit this blog post on Friday, January 29, 2016 at 1 PM ET (10 AM PT) and watch the video embed at the bottom of the post or you can subscribe to the blab directly. We’ll be doing a more formal interview for the first 30 minutes and then open up the Blab to others who want to add to the conversation or ask us questions. The conversation will be recorded as well and available on this post after the interview.

We’re interested to hear Helen’s comments about the culture and history of MEDITECH along with what MEDITECH’s doing with its products to change perceptions and misconceptions around the MEDITECH product. We’ll also be sure to ask Helen about important topics like interoperability and physician dissatisfaction (“Too Many Clicks!”). We hope you’ll join us to learn more about what’s happening with MEDITECH.

If you’d like to see the archives of Healthcare Scene’s past interviews, you can find and subscribe to all of Healthcare Scene’s interviews on YouTube.

Workflow Redesign Is Crucial to Adopting a New Health IT System – Breakaway Thinking

Posted on January 20, 2016 I Written By

The following is a guest blog post by Todd Stansfield, Instructional Writer from The Breakaway Group (A Xerox Company). Check out all of the blog posts in the Breakaway Thinking series.
Todd Stansfield
Workflow analysis and redesign have long been touted as essential to health IT adoption. Most organizations recognize the importance of modifying current workflows to capitalize on efficiencies created by a new application and identify areas where the system must be customized to support existing workflows. Despite this recognition, there remains room for improvement. In fact, last month the Office of the National Coordinator (ONC) identified the impact of new IT systems on clinical workflows as one of the biggest barriers to interoperability (ouch).

A successful redesign includes both an analysis of current workflows and desired future workflows.

Key stakeholders – direct and indirect – should take part in analyzing existing workflows. An objective third party should also be present to ask the right questions and facilitate the discussion. This team can collaborate to model important workflows, ideally in visual form to stimulate thorough analysis. To ensure an efficient and productive meeting, you should model workflows that are the most common, result in productivity losses, have both upstream and downstream consequences and involve multiple parties. The National Learning Consortium recommends focusing only on what occurs 80 percent of the time.

Once you document current workflows, you can set your sights on the future. Workflow redesign meetings are the next step; you need them to build a roadmap of activities leading up to a go-live event and beyond – from building the application to engaging and educating end users. Individuals from the original workflow analysis sessions should be included, and they should be joined by representatives from your health IT vendor (who can define the system’s capabilities) and members of your leadership team (who can answer questions and provide support).

After the initial go-live, you need to periodically perform workflow analysis and continue adjusting the roadmap to address changes to the application and processes.

Why should you spend all the time and effort to analyze and redesign workflows? Three reasons:

  1. It makes your organization proactive in your upcoming implementation and road to adoption. You’ll anticipate and avoid problems that will otherwise become bigger headaches.
  2. It’s the perfect opportunity to request customizations to adapt your application to desired workflows.
  3. It gives your staff a chance to mentally and emotionally prepare for a change to their daily habits, increasing buy-in and decreasing resistance to the switch.

Thorough and disciplined workflow redesign is an important step to adopting a new health IT application, but of course it’s not the only one. You’ll still need leadership to engage end users in the project, education that teaches learners how to use the new application to perform their workflow, performance metrics to evaluate adoption, and continual reinforcement of adoption initiatives as the application and workflows change over time.

Xerox is a sponsor of the Breakaway Thinking series of blog posts.

Biometric Use Set To Grow In Healthcare

Posted on January 15, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

I don’t know about you, but until recently I thought of biometrics as almost a toy technology, something you’d imagine a fictional spy like James Bond circumvent (through pure manliness) when entering the archenemy’s hideout. Or perhaps retinal or fingerprint scans would protect Batman’s lair.

But today, in 2016, biometric apps are far from fodder for mythic spies. The price of fingerprint scan-based technology has fallen to nearly zero, with vendors like Apple offering fingerprint-based security options as a standard part of its iOS iPhone operating system. Another free biometric security option comes courtesy of Intel’s True Key app, which allows you to access encrypted app data by scanning and recognizing your facial features. And these are just trivial examples. Biometrics technologies, in short, have become powerful, usable and relatively affordable — elevating them well above other healthcare technologies for some security problems.

If none of this suggests to you that the healthcare industry needs to adopt biometrics, you may have a beef with Raymond Aller, MD, director of informatics at the University of Southern California. In an interview with Healthcare IT News, Dr. Aller argues that our current system of text-based patient identification is actually dangerous, and puts patients at risk of improper treatments and even death. He sees biometric technologies as a badly needed, precise means of patient identification.

What’s more, biometrics can be linked up with patients’ EMR data, making sure the right history is attached to the right person. One health system, Novant Health, uses technology registering a patient’s fingerprints, veins and face at enrollment. Another vendor is developing software that will notify the patient’s health insurer every time that patient arrives and leaves, steps which are intended to be sure providers can’t submit fradulent bills for care not delivered.

As intriguing as these possibilities are, there are certainly some issues holding back the use of biometric approaches in healthcare. And many are exposed, such as Apple’s Touch ID, which is vulnerable to spoofing. Not only that, storing and managing biometric templates securely is more challenging than it seems, researchers note. What’s more, hackers are beginning to target consumer-focused fingerprint sensors, and are likely to seek access to other forms of biometric data.

Fortunately, biometric security solutions like template protection and biocryptography are becoming more mature. As biometric technology grows more sophisticated, patients will be able to use bio-data to safely access their medical records and also pay their bills. For example, MasterCard is exploring biometric authentication for online payments, using biometric data as a password replacement. MasterCard Identity Check allows users to authenticate transactions via video selfie or via fingerprint scanning.

As readers might guess from skimming the surface of biometric security, it comes with its own unique security challenges. It could be years before biometric authentication is used widely in healthcare organizations. But biometric technology use is picking up speed, and this year may see some interesting developments. Stay tuned.

Meaningful Use Is Going to Be Replaced – #JPM16

Posted on January 12, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Big news came out today during the JP Morgan annual healthcare conference in San Francisco. Andy Slavitt, acting administrator of CMS, live tweeted his own talk at the event including this bombshell:


Technically meaningful use is not quite over, but it’s heading that way. We always read about lame duck head coaches in sports. I guess this is the version of a lame duck government program? Of course, this is just coming from the acting administrator of CMS. It’s not yet law. So, all those working on meaningful use reports, keep working.

The end of meaningful use as we know it will be generally welcome news to most in healthcare. Although, I’m sure that most will also take it with a grain of salt. Many in healthcare likely worry that the “something better” that replaces meaningful use and MACRA will actually be something worse. The cynics might argue that nothing could be worse, but I’ve never seen the government back down from that challenge.

What interests me is what levers they have available to them to be able to make changes. Can they do it without congressional action? Are doctors angry enough that congress will take action? What will happen to the remaining $10-20 billion allocated to meaningful use? What will hospitals and doctors that were counting on the meaningful use money do? Will they not get it anymore or will it be available in a new program? Obviously, there are more questions than answers at this point.

All in all, I’m glad to hear that Andy Slavitt is open to change. I suggested they blow up meaningful use a couple years ago.

Andy also did a tweetstorm to outline the 4 themes for reforming the MACRA and post-MU tech program:

These all seem surprisingly reasonable and mirror many of the comments I hear from doctors. However, the challenge is always in the implementation of these ideas. Some of them are very hard to track and reward. I can’t argue with the principles though. They highlight some of the major challenges associated with healthcare tech. It’s going to take some time to infuse entrepreneurship instead of regulation back into the EHR world, but these guidelines are a good step towards that effort.

UPDATE: Here’s the full text of Andy Slavitt’s talk at the JP Morgan Healthcare Conference.