Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Mobile Health Security Issues To Ponder In 2016

Posted on January 11, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

In some ways, mobile health security safeguards haven’t changed much for quite some time. Making sure that tablets and phones are protected against becoming easy network intrusion points is a given. Also seeing to it that such devices use strong passwords and encrypted data exchange whenever possible is a must.

But increasingly, as mobile apps become more tightly knit with enterprise infrastructure, there’s more security issues to consider. After all, we’re increasingly talking about mission-critical apps which rely on ongoing access to sensitive enterprise networks. Now more than ever, enterprises must come up with strategies which control how data flows into the enterprise network. In other words, we’re not just talking about locking down the end points, but also seeing to it that powerful edge devices are treated like the vulnerable hackable gateways they are.

To date, however, there’s still not a lot of well-accepted guidance out there spelling out what steps health organizations should take to ramp up their mobile security. For example, NIST has issued its “Securing Electronic Health Records On Mobile Devices” guideline, but it’s only a few months old and remains in draft form to date.

The truth is, the healthcare industry isn’t as aware of, or prepared for, the need for mobile healthcare data security as it should be. While healthcare organizations are gradually deploying, testing and rolling out new mobile platforms, securing them isn’t being given enough attention. What’s more, clinicians aren’t being given enough training to protect their mobile devices from hacks, which leaves some extremely valuable data open to the world.

Nonetheless, there are a few core approaches which can be torqued up help protect mobile health data this year:

  • Encryption: Encrypting data in transit wasn’t invented yesterday, but it’s still worth a check in to make sure your organization is doing so. Gregory Cave notes that data should be encrypted when communicated between the (mobile) application and the server. And he recommends that Web traffic be transmitted through a secure connection using only strong security protocols like Secure Sockets Layer or Transport Layer Security. This also should include encrypting data at rest.
  • Application hardening:  Before your organization rolls out mobile applications, it’s best to see to it that security defects are detected before and addressed before deployment. Application hardening tools — which protect code from hackers — can help protect mobile deployments, an especially important step for software placed on machines and locations your organization doesn’t control. They employ techniques such as obfuscation, which hides code structure and flow within an application, making it hard for intruders to reverse engineer or tamper with the source code.
  • Training staff: Regardless of how sophisticated your security systems are, they’re not going to do much good if your staff leaves the proverbial barn door open. As one security expert points out,  healthcare organizations need to make staffers responsible for understanding what activities lead to breaches, or security hackers will still find a toehold.”It’s like installing the most sophisticated security system in the world for your house, but not teaching the family how to use it,” said Grant Elliott, founder and CEO of risk management and compliance firm Ostendio.

In addition to these efforts, I’d argue that staffers need to really get it as to what happens when security goes awry. Knowing that mistakes will upset some IT guy they’ve never met is one thing; understanding that a breach could cost millions and expose the whole organization to disrepute is a bit more memorable. Don’t just teach the security protocols, teach the costs of violating them. A little drama — such as the little old lady who lost her home due to PHI theft — speaks far more powerfully than facts and figures, don’t you agree?

Healthcare IT Marketing

Posted on May 22, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’m often surprised by people’s reaction when I say that I’m a blogger. Most then believe that it must be a part time thing that I do for fun at nights. While it started that way, blogging is my full time job. If it weren’t for a large number of companies who’ve supported my work over the years, I’d probably have one blog that I’d post to a couple times a month. I can’t say how much these companies support means to me.

As my blogs have grown and the industry has changed (when I started people didn’t even know what a blog was), I’ve been working to evolve with the industry. While display advertising still does quite well for me and my advertisers, there are a number of shifts happening in healthcare marketing. That’s why I launched Influential Networks, an EHR Job board, EMR and EHR whitepapers, email blasts, and a number of other projects I’m still working to officially launch like my EHR and Health IT video series.

There’s a lot happening when it comes to healthcare marketing, and next week as part of my EHR and Health IT interview series, I’m going to be doing an interview with Don Seamons from Lumeno Marketing and Shahid Shah from Influential Networks. More details on that to come, but it should be a really interesting conversation on the changing healthcare marketing landscape.

With everything I do, my goal is to provide value to everyone involved. For example, those reading the site get value from the free content that’s available to them and also get introduced to companies they may not have known about otherwise. Those companies that advertise benefit from exposure to people reading the content we create. I don’t always nail this perfectly, but I’m sincere in my efforts to provide value all around. Plus, whenever there’s a financial interest involved in something I’m doing, I try to make that clear to the reader. That way everyone knows any bias I may have and can make their own judgement on the content I provide.

With all of this in mind, I want to take a second recognize the new and renewing EMR & HIPAA advertisers.

ZH Healthcare – As most of you know, my blog run on the backs of many open source software products. So, I’m really glad to have an open source EMR company supporting EMR and HIPAA. ZH Healthcare is built on the back of the most successful ambulatory EHR software to date, OpenEMR. If you want the flexibility of an open source EHR, check them out.

Caristix – I love the tagline from their ad, “HL7 interfacing 50% faster.” I think that pretty much describes what Caristix offers to those in healthcare IT. HL7 is going to be with us for a long time to come, so every institution and company should know a great HL7 company. Check out Caristix if you’re looking to do some HL7 integrations.

Chetu – Rather than me trying to describe Chetu, check out this interview I did with Craig Schmidt from Chetu. You can see the breadth of experience they have developing software for healthcare. If you’re looking to outsource some IT development work, check out Chetu.

Renewing Advertisers
The heart and soul of our support is in our renewing advertisers. So, a big thanks to all of the companies listed below for renewing their ads with us. It’s great to look over so many of these companies who have been supporting us for so many years. Here’s to many more years working together. If you enjoy what we do here at EMR and HIPAA, check out the advertisers below and see if they offer something you’re looking for.
Ambir – Advertising since 1/2010
Amazing Charts – Advertising since 5/2011
simplifyMD – Advertising since 9/2012
Canon – Advertising since 10/2012

A number of other exciting things coming in the future. Thanks to all the readers and supporters of EMR and HIPAA.

EMR and Health IT Development – Interview with Chetu

Posted on April 25, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Craig Schmidt - Chetu
Craig Schmidt is the Director of Global Sales for Healthcare & Pharmaceuticals at Chetu. Craig’s focus at Chetu is understanding the top healthcare industry challenges, creating relationships with HIT leaders and developing Information Technology solutions to address those challenges. Craig has, for over 15 years, held a variety of Sales and Sales Management positions with increasing responsibility in the Healthcare and Information Technology Industries.

Tell us more about Chetu and your work in the healthcare market.

It would not be an exaggeration to say that Chetu has experience in nearly every section of Healthcare IT. In our 13 years we have developed solutions for Providers, Payers, HIT Vendors and others. Just a few of the things with which we have helped customers include: complete EMR and Practice Management design and development, ePrescribing, Drug Database integration, Revenue Cycle Management (835/837 & 270/275 engines).

When does someone in healthcare look to Chetu versus doing the work in house?

The two main reasons are: they do not have the particular HIT experience in-house & they do not have enough “bandwidth” to develop in-house and do not want to hire and train permanent staff.

What’s the most challenging thing about developing applications in healthcare?

Healthcare in general and Healthcare IT are bound by many Federal, State and other rules and regulations, e.g., Meaningful Use, Affordable Care Act, HIPAA, etc. There are also a variety of standards for interoperability such as HL7, CCD/CCR.

Do you mostly do one off projects or long term contracts with your clients?

We strive to be the “Back End, Long-term” IT Partner for our clients. We offer complete solutions from application development and support to maintenance and management of applications and systems. In Healthcare we have many (over 60%) clients that have been working with Chetu for multiple years. Many of these have been with Chetu for over 5 years – which is very long-term in this market

What’s your view on SaaS vs. in house client server applications? Do you have a preferred technology stack? What do you see being used most in healthcare?

For the past several years organizations have been rapidly moving to the “Cloud.” And, there are obvious advantages for being cloud based. However, client server applications have advantages of speed and stability that can’t always be achieved with SaaS. We are now seeing a slight movement to applications that are hybrids – combining the best of both approaches.

In healthcare, there is no clear preferred technology stack. It is all over the place. We have worked in .NET, HTML5, Java, PHP, Native Mobile Apps (iOS, Android), Python, C++, Foxpro, VB, Mirth. Cobol, MUMPS and many more. Healthcare IT has traditionally seen a very fragmented approach. Chetu has the great advantage of being agnostic. We can and will work with nearly any platform or tool.

EMR usability (or lack thereof) has been a major topic of discussion. How do you manage this with your EHR clients?

We have had the opportunity to work with dozens of different EMRs; ambulatory and hospital based. Many of these EMRs are the product of individual physicians or physician groups that are unhappy with their current EMR and have not seen any existing EMRs that meet their usability needs. They have come to us with their ideas about developing an EMR from scratch. We have developed ENT, Ophthalmology, Plastic Surgery and other specialty focused EMRs stemming from this issue.

What are you seeing happening with mobile in healthcare?

There is a tremendous rush to mobile in Healthcare right now. Over the past several years our Healthcare mobile development has grown tenfold. There are many, many great mobile applications developed with patients, physicians, nurses, home health providers and others in mind. These apps have been and will continue to make providers, payers and patients lives easier and make delivering healthcare more efficient and productive.

You’ve worked with a lot of the various healthcare standards. How do they compare to the standards you work with in other industries?

There really is no parallel to the standards that guide healthcare in other industries. From my limited experience I would say that the Banking/Financial industry comes closest. But even then the amount and complexity of the standards are a fraction of what is found in Healthcare and Pharma.

Tell us about some of your work on the major hospital platforms like Siemens Soarian, Meditech and Epic. Is it a challenge working with these large companies?

These large companies have invested millions of dollars building and improving the very complex systems. So, they are rightfully concerned and selective about how and who is allowed to work in their systems. It can be a challenge, but not impossible to work with these companies. An added challenge comes from the hospitals themselves. There is the attitude that these systems are so unique that only company trained personnel have the capability to work in them.

Chetu, having worked in the Soarian, Meditech, Epic, Cerner, McKesson and other hospital platforms understands that the underlying technology in all of these systems are the same or very similar. Although each system may have unique capabilities – we recognize that the goal is the same for each. And, in getting past the UI or getting “under the hood” so to speak, we see mostly the same technologies at work.

What are the most innovative healthcare IT projects you see out there that you like working on?

Right now we are seeing a rush to capitalize on the tremendous amount of data that EMRs are generating. Data analytics using this great resource is helping pharmaceutical companies, scientists and researchers, Accountable Care Organizations – nearly everyone on the healthcare continuum provide better and less expensive patient care. This is an area that is in its infancy but we see growing rapidly.

What types of data analytics projects have you done in healthcare? Do you do just the programming component or can you do every part of a data analytics project?

Chetu has been involved in numerous healthcare analytics projects. We have helped our customers with data warehousing, data mining, OLAP, business analysis, automated report generation, multi-dimensional information “cubes”, custom reporting solutions using tools like Informatica, DTS / SSIS, Datastage and SSRS, SSAS, Cognos, Microstrategy, Crystal, OBIEE.

We have developed solutions across the complete data analytics process. From data mining and ETL to data cube and data modeling and report generation we have the experience and the people that can handle nearly any healthcare analytics project.

Full Disclosure: Chetu is an advertiser on EMR and HIPAA.