Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

ONC Offers Two Interoperability Measures

Posted on July 14, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

For a while now, it’s been unclear how federal regulators would measure whether the U.S. healthcare system was moving toward the “widespread interoperability” MACRA requires. But the wait is over, and after reviewing a bunch of comments, ONC has come through with some proposals that seem fairly reasonable at first glance.

According to a new blog entry from ONC, the agency has gotten almost 100 comments on how to address interoperability. These recommendations, the agency concluded, fell into four broad categories:

  • Don’t create any significant new reporting burdens for providers
  • Broaden the scope of interoperability measurements to include providers and individuals that are not eligible for Medicare and Medicaid EHR incentives
  • Create measures that examine usage and usefulness of exchanged information, as well as the impact on health outcomes, in addition to measuring the exchange itself
  • Recognize that given the complexity of measuring interoperability, it will take multiple data sources, and that more discussions will be necessary to create an effective model for such measurements

In response, ONC has come up with two core measures which address not only the comments, but also its own analysis and MACRA’s specific definitions of “widespread interoperability.”

  • Measure #1: Proportion of healthcare providers electronically engaging in the following core domains of interoperable exchange of health information: sending; receiving; finding (querying); and integrating information received outside sources.
  • Measure #2: Proportion of healthcare providers who report using information electronically received through outside providers and sources for clinical decision-making.

To measure these activities, ONC expects to be able to draw on existing national surveys of hospitals and office-based physicians. These include the American Hospital Association’s AHA Information Technology Supplement Survey and the CDC National Center for Health Statistics’ annual National Electronic Health Record Survey of office-based physicians.

The reasons ONC would like to use these data sources include that they are not limited to Medicare and Medicaid EHR incentive program participants, and that both surveys have relatively high response rates.

I don’t know about you, but I was afraid things would be much worse. Measuring interoperability is quite difficult, given that just about everyone in the healthcare industry seems to have a slightly different take on what true interoperability actually is.

For example, there’s a fairly big gulf between those who feel interoperability only happens when all data flows from provider to provider, and those who feel that sharing a well-defined subset (such as that found in the Continuity of Care Document) would do the trick just fine. There is no way to address both of these models at the same time, much less the thousand shades of gray between the two extremes.

While its measures may not provide the final word on the subject, ONC has done a good job with the problem it was given, creating a model which is likely to be palatable to most of the parties involved. And that’s pretty unusual in the contentious world of health data interoperability. I hope the rollout goes equally well.

A Tale of 2 T’s: When Analytics and Artificial Intelligence Go Bad

Posted on July 13, 2016 I Written By

Prashant Natarajan Iyer (AKA "PN") is an analytics and data science professional based out of the Silicon Valley, CA. He is currently Director of Product Management for Healthcare products. His experience includes progressive & leadership roles in business strategy, product management, and customer happiness at eCredit.com, Siemens, McKesson, Healthways & Oracle. He is currently coauthoring HIMSS' next book on big data and machine learning for healthcare executives - along with Herb Smaltz PhD and John Frenzel MD. He is a huge fan of SEC college football, Australian Cattle Dogs, and the hysterically-dubbed original Iron Chef TV series. He can be found on Twitter @natarpr and on LinkedIn. All opinions are purely mine and do not represent those of my employer or anyone else!!

Editor’s Note: We’re excited to welcome Prashant to the Healthcare Scene family. He brings tremendous insights into the ever evolving field of healthcare analytics. We feel lucky to have him sharing his deep experience and knowledge with us. We hope you’ll enjoy his first contribution below.

Analytics & Artificial Intelligence (AI) are generating buzz and making inroads into healthcare informatics. Today’s healthcare organization is dealing with increasing digitization – variety, velocities, and volumes are increasing in complexity and users want more data and information via analytics. In addition to new frontiers that are opening up in structured and unstructured data analytics, our industry and its people (patients included) are recognizing opportunities for predictive/prescriptive analytics, artificial intelligence, and machine learning in healthcare – within and outside a facility’s four walls.

Trends that influence these new opportunities include:

  1. Increasing use of smart phones and wellness trackers as observational data sources, for medical adherence, and as behavior modification aids
  2. Expanding Internet of Healthcare Things (IoHT) that includes bedside monitors, home monitors, implants, etc creating data in real time – including noise (or, data that are not relevant to expected usage)
  3. Social network participation
  4. Organizational readiness
  5. Technology maturity

The potential for big data in healthcare – especially given the trends discussed earlier is as bright as any other industry. The benefits that big data analytics, AI, and machine learning can provide for healthier patients, happier providers, and cost-effective care are real. The future of precision medicine, population health management, clinical research, and financial performance will include an increased role for machine-analyzed insights, discoveries, and all-encompassing analytics.

As we start this journey to new horizons, it may be useful to examine maps, trails, and artifacts left behind by pioneers. To this end, we will examine 2 cautionary tales in predictive analytics and machine learning, look at their influence on their industries and public discourse, and finally examine how we can learn from and avoid similar pitfalls in healthcare informatics.

Big data predictive analytics and machine learning have had their origins, and arguably their greatest impact so far in retail and e-commerce so that’s where we’ll begin our tale. Fill up that mug of coffee or a pint of your favorite adult beverage and brace yourself for “Tales of Two T’s” – unexpected, real-life adventures of what happens when analytics (Target) and artificial intelligence (Tay) provide accurate – but totally unexpected – results.

Our first tale starts in 2012 when Target finds itself as a popular story on New York Times, Forbes, and many global publications as an example of the unintended consequences of predictive analytics used in personalized advertising. The story begins with an angry father in a Minneapolis, MN, Target confronting a perplexed retail store manager. The father is incensed about the volume of pregnancy and maternity coupons, offer, and mailers being addressed to this teenage daughter. In due course, it becomes apparent that the parents in question found out about their teen’s pregnancy before she had a chance to tell them – and the individual in question wasn’t aware that her due date had been estimated to within days and was resulting in targeted advertising that was “timed for specific stages of her pregnancy.”

The root cause for the loss of the daughter’s privacy, parents’ confusion, and the subsequent public debate on privacy and appropriateness of the results of predictive analytics was……a pregnancy predictive analytics model. Here’s how this model works. When a “guest” shops at Target, her product purchases are tracked and analyzed closely. These are correlated with life events – graduation, birth, wedding, etc – in order to convert a prospective customer’s shopping habits or to make that individual a more loyal customer. Pregnancy and child birth are two of the most significant life events that can result in desired (by retailers) shopping habit modification.

For example, a shopper’s 25 product purchases, when analyzed along with demographics such as gender and age, allowed the retailer’s guest marketing analytics team to assign a “pregnancy predictor to each [female] shopper and “her due date to within a small window.” In this specific case, the predictive analytics was right, even perfect. The models were accurate, the coupons and ads were appropriate for the exact week of pregnancy, and Target posted a +50% increase in their maternity and baby products sales after this predictive analytics was deployed. However, in addition to one unhappy family, Target also had to deal with significant public discussion on the “big brother” effect, individual right to privacy & the “desire to be forgotten,” disquiet among some consumers that they were being spied on including deeply personal events, and a potential public relations fiasco.

Our second tale is of more recent vintage.

As Heather Wilhelm recounts

As 2015 drew to a close, various [Microsoft] company representatives heralded a “new Golden Age of technological advancement.” 2016, we were told, would bring us closer to a benevolent artificial intelligence—an artificial intelligence that would be warm, humane, helpful, and, as one particularly optimistic researcher named […] put it, “will help us laugh and be more productive.” Well, she got the “laugh” part right.

Tay was an artificial intelligence bot released by Microsoft via Twitter on March 23, 2016 under the name TayTweets. Tay was designed to mimic the language patterns of a 19-year-old American girl, and to learn from interacting with human users of Twitter. “She was targeted at American 18 to 24-year olds—primary social media users, according to Microsoft—and designed to engage and entertain people where they connect with each other online through casual and playful conversation.” And right after her celebrated arrival on Twitter, Tay gained more than 50,000 followers, and started producing the first hundred of 100,000 tweets.

The tech blogsphere went gaga over what this would mean for those of us with human brains – as opposed to the AI kind. Questions ranged from the important – “Would Tay be able to beat Watson at Jeopardy?” – to the mundane – “is Tay an example of the kind of bots that Microsoft will enable others to build using its AI/machine learning technologies?” The AI models that went into Tay were stated to be advanced and were expected to account for a range of human emotions and biases. Tay was referred to by some as the future of computing.

By the end of Day 1, this latest example of the “personalized AI future” came unglued. Gone was the polite 19-year old girl that was introduced to us just the previous day – to be replaced by a racist, misogynistic, anti-Semitic, troll who resembled an amalgamated caricature of the darkest corners of the Internet. Examples of Tay’s tweets on that day included, “Bush did 9/11,” “Hitler would have done a better job than the #%&!## we’ve got now,” “I hate feminists,” and x-rated language that is too salacious for public consumption – even in the current zeitgeist.

The resulting AI public relations fiasco will be studied by academic researchers, provide rich source material for bloggers, and serve as a punch line in late night shows for generations to follow.

As the day progressed, Microsoft engineers were deleting tweets manually and trying to keep up with the sheer volume of high-velocity, hateful tweets that were being generated by Tay. She was taken down by Microsoft barely 16 hours after she was launched with great promise and fanfare. As was done with another AI bot gone berserk (IBM’s Watson and Urban Dictionary), Tay’s engineers tried counseling and behavior modification. When this intervention failed, Tay underwent an emergency brain transplant later that night. Gone was her AI “brain” to be replaced by the next version – only that this new version turned out to be completely anti-social and the bot’s behavior turned worse. A “new and improved” version was released a week later but she turned out to be…..very different. Tay 2.0 was either repetitive with the same tweet going out several times each second and her new AI brain seemed to demonstrate a preference for new questionable topics.

A few hours after this second incident, Tay 2.0 was “taken offline” for good.

There are no plans to re-release Tay at this time. She has been given a longer-term time out.

If you believe, Tay’s AI behaviors were a result of nurture – as opposed to nature – there’s a petition at change.org called “Freedom for Tay.”

Lessons for healthcare informatics

Analytics and AI can be very powerful in our goal to transform our healthcare system into a more effective, responsive, and affordable one. When done right and for the appropriate use cases, technologies like predictive analytics, machine learning, and artificial intelligence can make an appreciable difference to patient care, wellness, and satisfaction. At the same time, we can learn from the two significantly different, yet related, tales above and avoid finding ourselves in similar situations as the 2 T’s here – Target and Tay.

  1. “If we build it, they will come” is true only for movie plots. The value of new technology or new ways of doing things must be examined in relation to its impact on the quality, cost, and ethics of care
  2. Knowing your audience, users, and participants remains a pre-requisite for success
  3. Learn from others’ experience – be aware of the limits of what technology can accomplish or must not do.
  4. Be prepared for unexpected results or unintended consequences. When unexpected results are found, be prepared to investigate thoroughly before jumping to conclusions – no AI algorithm or BI architecture can yet auto-correct for human errors.
  5. Be ready to correct course as-needed and in response to real-time user feedback.
  6. Account for human biases, the effect of lore/legend, studying the wrong variables, or misinterpreted results

Analytics and machine learning has tremendous power to impact every industry including healthcare. However, while unleashing it’s power we have to be careful that we don’t do more damage than good.

VA May Drop VistA For Commercial EHR

Posted on July 12, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

It’s beginning to look like the famed VistA EHR may be shelved by the Department of Veterans Affairs, probably to be replaced by a commercial EHR rollout. If so, it could spell the end of the VA’s involvement in the highly-rated open source platform, which has been in use for 40 years. It will be interesting to see how the commercial EHR companies that support Vista would be impacted by this decision.

The first rumblings were heard in March, when VA CIO LaVerne Council  suggested that the VA wasn’t committed to VistA. Now Council, who supervises the agency’s $4 billion IT budget, sounds a bit more resolved. “I have a lot of respect for VistA but it’s a 40-year-old product,” Council told Politico. “Looking at what technology can do today that it couldn’t do then — it can do a lot.”

Her comments were echoed by VA undersecretary for health David Shulkin, who last month told a Senate hearing that the agency is likely to replace VistA with commercial software.

Apparently, the agency will leave VistA in place through 2018. At that point, the agency expects to begin creating a cloud-based platform which may include VistA elements at its core, Politico reports. Council told the hearing that VA IT leaders expect to work with the ONC, as well as the Department of Defense, in building its new digital health platform.

Particularly given its history, which includes some serious fumbles, it’s hardly surprising that some Senate members were critical of the VA’s plans. For example, Sen. Patty Murray said that she was still disappointed with the agency’s 2013 decision back to call of plans for an EHR that integrated fully with the DoD. And Sen. Richard Blumenthal expressed frustration as well. “The decades of unsuccessful attempts to establish an electronic health record system that is compatible across the VA in DoD has caused hundreds of millions of taxpayer dollars to be wasted,” he told the committee.

Now, the question is what commercial system the VA will select. While all the enterprise EHR vendors would seem to have a shot, it seems to me that Cerner is a likely bet. One major reason to anticipate such a move is that Cerner and its partners recently won the $4.3 billion contract to roll out a new health IT platform for the DoD.

Not only that, as I noted in a post earlier this year, the buzz around the deal suggested that Cerner won the DoD contract because it was seen as more open than Epic. I am taking no position on whether there’s any truth to this belief, nor how widespread such gossip may be. But if policymakers or politicians do see Cerner as more interoperability-friendly, that will certainly boost the odds that the VA will choose Cerner as partner.

Of course, any EHR selection process can take crazy turns, and when you grow in politics the process can even crazier. So obviously, no one knows what the VA will do. In fact, given their battles with the DoD maybe they’ll go with Epic just to be different. But if I were a Cerner marketer I’d like my odds.

ONC Kicks Off Blockchain Whitepaper Contest

Posted on July 11, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Hold onto your hats, folks. The ONC has taken an official interest in blockchain technology, a move which suggests that it’s becoming a more mainstream technology in healthcare.

As you may know, blockchain is the backbone for the somewhat shadowy world of bitcoin, a “cryptocurrency” whose users can’t be traced. (For some of you, your first introduction to cryptocurrency may have been when a Hollywood, CA hospitals was forced to pay off ransomware demands with $17K in bitcoins.)

But despite its use by criminals, blockchain still has great potential for creating breakthroughs for legitimate businesses, notably banking and healthcare. Look at dispassionately, a blockchain is just a distributed database, one which maintains a continuously growing list with data records hardened against tampering and revision.

Right now, the most common use the blockchain is to serve as a public ledger of bitcoin transactions. But the concept is bubbling up in the healthcare world, with some even suggesting that blockchain should be used to tackle health data security problems.

And now, the ONC has shown interest in this technology, soliciting white papers that offer thoughtful take on how blockchain can help meet important healthcare industry objectives.

The whitepaper, which may not be no longer than 10 pages, must be submitted by July 29. (Want to participate, but don’t have time to write the paper yourself? Click here.Papers must discuss the cryptography and underlying fundamentals of blockchain technology, explain how the use of blockchain can meet industry interoperability needs, patient centered outcomes research, precision medicine and other healthcare delivery needs, as well as offering recommendations for blockchain’s implementation.

The ONC will choose eight winning papers from among the submissions. Winning authors will have an opportunity to present the paper at a Blockchain & Healthcare Workshop held at NIST headquarters in Gaithersburg, MD on September 26th and 27th.

In hosting this contest, ONC is lending blockchain approaches in healthcare a level of credibility they might not have had in the past. But there’s already a lot of discussion going on about blockchain applications for health IT.

So what are people talking about where blockchain IT is concerned? In one LinkedIn piece, consultant Peter Nichol argues that blockchain can address concerns around scalability and privacy electronic medical records. He also suggests that blockchain technology can provide patients with more sophisticated privacy control of their personal health information, for example, providers can enhance health data security by letting patients combine their own blockchain signature with a hospital’s signature.

But obviously, ONC leaders think there’s a lot more that can be done here. And I’m pretty confident that they’re right. While I’m no security or cryptocurrency expert, I know that when a technology has been kicked around for several years, and used for a sensitive function like financial exchange without racking up any major failures, it’s got to be pretty solid. I’m eager to see what people come up with!

Healthcare Scene Quotes

Posted on July 8, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

My kids are out of school and driving my wife nuts. You know the drill if you have children. Since I work at home, I’m fully aware of what’s going on with the kids during summer break and so I try and help my wife where I can. This summer I had a great idea. I’d put my kids to work!

My kids love computers and anything to do with technology and so I figured if they were going to spend so much time in front of a screen, then they should find something productive to do. With that idea, I grabbed a bunch of quotes from previous blog posts we’d done on Healthcare Scene and asked my kids to turn those quotes into social media images I could share online.

Well, it turns out that only my 12-year-old had enough knowledge to do the work. The younger kids still have quite a bit to learn. The only other problem is my 12-year-old son is colorblind. So, that does produce some interesting results.

Long story short, take a look at some of the Healthcare Scene quotes that my son made. Not bad for a first try. I mostly love that he’s learning something useful. Let me know what you think. Each image links to the original post if you want to read the context.
Andy Slavitt - Physician Data Paradox

If you want patients to be prepared to care for themselves, treat them like adults and include them in what you’re doing.

Your online searches say a lot about your health, both physical and mental

Anyone could be breached and HIPAA will only protect you so much

How many healthcare ideas have been shot down because

HIM professionals should continue to assist in the quest for interoperability and electronic data sharing at the notion of patie

Applying Minecraft Lessons to Healthcare

Posted on July 7, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Isaac S. Kohane has a great article on STAT which talks about what the healthcare system can learn from Minecraft. As my 3 children addictively play with Minecraft behind me, I was particularly intrigued by what healthcare could learn from Minecraft. Isaac does a great job creating the comparison:

From outside the door to their command and control center, I discreetly observed the team, taking care not to disturb them. They stared intently at the moonlit landscape littered with hidden traps and vertiginous fjords displayed on the large console in front of them, tracking their own progress and that of 10 other far-flung teams as they collectively navigated through the complex virtual environment toward a common goal.

When one team seemed to get lost or momentarily confused, a colleague on another team would grab her smartphone and offer concise video guidance. It was a remarkable demonstration of using technology to coordinate teams in complex tasks without prior training.

Even more remarkable, no team member was older than 11. The software they were using was Minecraft, the virtual reality navigation game that has addicted millions of users worldwide.

He layers on these questions about today’s health system as compared with the Minecraft team described above:

How often, in your experience as patient, family member, doctor, or nurse, do all the members of the care team actually know what the current plan is, and who else is on the team? How easily can all team members monitor activities, figure out if the care is on the right track, and instantly conference to organize a course correction if needed?

Isaac is right that we can learn a lot from Minecraft. He offers some suggestions of why we don’t. I’d like to add a few of my own.

Simplify – I’m still shocked and amazed that Minecraft made an incredibly compelling game out of blocks. It’s amazing what my children can create out of blocks. I’m also amazed at how much fun they have doing it. Unfortunately, we haven’t spent the time needed to make our interfaces simpler. We layer on complexity after complexity instead of looking at ways we can continue to simplify. I realize that healthcare is complex, but much of healthcare isn’t complex. In fact, it’s quite mundane. We can simplify most of our health IT systems.

Fun – Minecraft is fun. It encourages creativity. Millions are addicted to it. Can you say the same about your EHR? Nope. That’s because EHR software wasn’t designed for fun or creativity. They were designed as big billing engines and government compliance engines (see meaningful use). Doctors would never describe billing or government compliance as fun. If EHR software were a care engine that helped them discover new care pathways, patient risks, new medical knowledge, etc, then they’d have fun. Yes, it would be a weird twisted medical kind of “fun”, but most of the doctors I know are totally into that stuff. Just look at the success of Figure 1 to see what I mean. Should EHR vendors start a new marketing campaign “Making EHR Fun Again”? (Shoutout to Bryce Harper for those baseball fans)

Collaborative – Minecraft would be a fun game on its own, but like healthcare wearables it would wear off quickly if it was just a standalone game. The thing that makes Minecraft so addicting is that it’s collaborative by nature. The collaboration provides a new level of addiction and accountability to everyone playing. Medicine could and should and in some places is collaborative by nature too, but our health IT and EHR systems are not. Imagine if collaboratively caring for a patient was as easy as it was to connect friends on Minecraft. Yes, I’ve even seen Minecraft on an iPad connect with Minecraft on Android. Collaboration between different systems is possible even if many in healthcare want to describe all the reasons it’s impossible.

Obviously there are big differences in Minecraft and Healthcare. While you can die in both, in Minecraft you just re-spawn and start playing again. The same isn’t true in healthcare. However, that’s exactly why we should consider why some things we take for granted in games like Minecraft are no where to be found in healthcare.

E-Patient Update: Don’t Give Patients Needless Paperwork

Posted on July 6, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Recently, I had an initial appointment with a primary care practice. As I expected, I had a lot of paperwork to fill out, including not only routine administrative items like consent to bill my insurer and HIPAA policies, but also several pages of medical history.

While nobody likes filling out forms, I have no problem with doing so, as I realize that these documents are very important to building a relationship with a medical practice. However, I was very annoyed by what happened later, when I was ushered back into the clinical suite.

Despite my having filled out the extensive checklist of medical history items, I was asked every single one of the questions featured on the form verbally by a med tech who saw me ahead of my clinical appointment. And I mean Every. Single. One. I was polite and patient as I could be, particularly given that it wasn’t the poor tech’s fault, but I was simmering nonetheless, for a couple of reasons.

First, on a practical level, it was infuriating to have filled out a long clinical interview form for what seemed to be absolutely no reason. This is in part because, as some readers may remember, I have Parkinson’s disease, and filling out forms can be difficult and even painful. But even if my writing hand was unimpaired I would’ve been rather irked by what seemed to be pointless duplication.

Not only that, as it turns out the practice seems to have had access to my medication list — perhaps from claims data? — and could have spared me the particularly grueling job of writing out all the medications I currently take. Given my background in HIT, I was forced to wonder whether even the checkbox lists of past illnesses, surgeries and the like were even necessary.

After all, if the group is sophisticated enough to access my medications list, perhaps it could have accessed my other medical records as well. In fact, as it turned out, the primary care group is owned by the dominant local health system which has been providing most of my care for 20 years. So the clinicians almost certainly had a shot at downloading my current medical data in some form.

Even if the medical group had no access to any historical data on my care, I can’t imagine why administrators would require me to fill out a medical history form if the tech was going to ask me every question on the form. My hunch is that it may be some wrongheaded attempt at liability management, providing the practice with some form of cover if somebody failed to collect an accurate history during the interview. But other than that I can’t imagine what was going on there.

The reality is, physician practices that are transitioning into EMR use, or adopting a new EMR, may end up requiring their staff to do double data entry to one extent or another as practice leaders figure things out. But asking patients to do so shows an alarming lack of consideration for my time and effort. Perhaps the practice has forgotten that I’m not on the payroll?

An Alternate Way Of Authenticating Patients

Posted on July 5, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Lately, I’ve been experimenting with a security app I downloaded to my Android phone. The app, True Key by Intel Security, allows you to log in by presenting your face for a scan or using your fingerprint. Once inside the app, you can access your preferred apps with a single click, as it stores your user name and passwords securely. Next, I simplified things further by downloading the app to my laptop and tablet, which synchs up whatever access info I enter across all devices.

From what I can see, Intel is positioning this as a direct-to-consumer play. The True Key documentation describes the app as a tool non-techies can use to access sites easily, store passwords securely and visit their favorite sites across all of their devices without re-entering authentication data. But I’m intrigued by the app’s potential for enterprise healthcare security access control.

Right now, there are serious flaws in the way application access is managed. As things stand, authentication information is usually stored in the same network infrastructure as the applications themselves, at least on a high-level basis. So the process goes like this, more or less: Untrusted device uses untrusted app to access a secure system. The secure system requests credentials from the device user, verifies them against an ID/PW database and if they are correct, logs them in.

Of course, there are alternatives to this approach, ranging from biometric-only access and instantly-generated, always-unique passwords, but few organizations have the resources to maintain super-advanced access protocols. So in reality, most enterprises have to firewall up their security and authentication databases and pray that those resources don’t get hacked. Theoretically, institutions might be able to create another hacking speed bump by storing authentication information in the cloud, but that obviously raises a host of additional security questions.

So here’s an idea. What if health IT organizations demanded that users install biometrically-locked apps like True Key on their devices? Then, enterprise HIT software could authenticate users at the device level – surely a possibility given that devices have unique IDs – and let users maintain password security at their end. That way, if an enterprise system was hacked, the attacker could gain access to device information, but wouldn’t have immediate access to a massive ID and PW database that gave them access to all system resources.

What I’m getting at, here, is that I believe healthcare organizations should maintain relationships with patients (as represented by their unique devices) rather than their ID and password. While no form of identity verification is perfect, to me it seems a lot more like that it’s really me logging in if I had to use my facial features or fingerprint as an entry point. After all, virtually any ID/PW pair chosen by a user can be guessed or hacked, but if you authenticate to my face/fingerprint and a registered device, the odds are high that you’re getting me.

So now it’s your turn, readers. What flaws do you see in this approach? Have you run into other apps that might serve this purpose better than True Key? Should HIT vendors create these apps? Have at it.

Happy 4th of July

Posted on July 4, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

EMR and HIPAA - 4th of July

I’m taking a break today and spending some time with family. I hope you’re doing the same. Despite the craziness that we see on the news every day, I still feel lucky to live in an extraordinary country. Having lived in a number of other countries, it gives me a great appreciation for the things we do have. It’s too bad the media seems to focus so much effort and energy on the things that divide us.

A big thank you to all those in the healthcare profession that are working on this day. I can only imagine the horrors that come from fireworks on this holiday. Thanks for taking care of us even on holidays.