Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Are You A Sitting Duck for HIPAA Data Breaches? – Infographic

Posted on November 18, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The people at DataMotion, cloud based HISP providers, sent me the following infographic covering the HIPAA data breaches. It’s a good reminder of the potential for data breaches in healthcare. As Marc Probst recently suggested, we should be focusing as much attention on things like security as we are on meaningful use since the penalties for a HIPAA violation are more than the meaningful use penalties.

Are You A Sitting Duck for HIPAA Data Breaches Infographic

Most Promising Health Data Exchange Project: Direct Project

Posted on August 7, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The most promising healthcare data exchange I see coming is the Direct Project. Sure, it’s not the nirvana of health information exchange, but it’s a really reasonable step in the right direction. Plus, it’s something that’s feasible and achievable.

Aaron Stranahan wrote a great post on the ICA HITme blog which talks about a key characteristic of the Direct Project.

Earlier I mentioned that whitelists were only half the story. Rather than create a whitelist as a list of addresses, Direct focuses on which third parties (or CA’s) an organization trusts to vouch for addresses. In this way, a “circle of trust” can be created without the administrative overhead of listing out every address unless an organization really wants to. Instead, each organization exchanging Direct messages can decide for itself with which entities, and by extension the processes they represent, they’ll interact.

As you may have guessed, building a whitelist of CA’s involves key exchange. In this case, your Direct service provider, aka “HISP,” will collect the public key, for whichever third parties you trust, to sign off on messages you will receive. In the world of Direct, these public keys are called “Trust Anchors” as a nod to the idea of the circle of trust these third parties represent.

So, that’s it- Direct is about whitelists, but with a twist that simultaneously reduces administrative burden and ensures that messages are encrypted following best practices. It’s a whitelist on steroids! Next time someone asks why they can’t send a Direct “email” message to their gmail account you’ll know it’s because gmail isn’t in your organization’s circle of trust.

One of the biggest challenges to any HIE program is knowing who everyone is and in whom you trust. I love the way Direct Project is approaching this “Trust Circle.” It’s reasonable and is a major reason why I believe that Direct Project will be a major success. I’ll be glad once every EHR vendor supports the Direct Project.

Meaningful Use Stage 2 and HIE Transport – Meaningful Use Monday

Posted on March 19, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ll admit that I’m far from an expert on all the various HIE transport standards and movement happening in making health information exchange a reality in healthcare. However, meaningful use stage 2 is a big step towards getting doctors to exchange information. So, I’ll leverage some experts comments on HIE in meaningful use stage 2 to hopefully get the conversation started. Then, I’m sure some other HIE standards geeks will join in the comments to help us all further understand what’s happening.

John Moehrke has some of the best information I’ve seen for those interested in HIE and meaningful use stage 2. In one post he described his initial “fantastic” impressions of meaningful use stage 2 in regards to security privacy and HIE transport. Here’s the section on HIE transport:

HIE Transport:They have given us one or two Push style transports, and recognized that they interoperate by way of a proxy service that can convert forward and backward. There is no real surprises here as ONC has spent much time developing the Direct Project. Healthcare Providers and EHR developers should really be focusing beyond Direct, but supporting minimal Direct is a good thing to do. It allows us as an industry to move away from the FAX, and start universally communicating and manipulating Documents. I will note that these more Exchange like HIE models would still be considered compliant under the optional third transport.

I think he’s dead on that the majority of providers are going to get to know Direct really well in order to meet the meaningful use stage 2 requirements. In another more detailed post on the various HIE transport options including 3 options within the Direct Project: Full Service HISP, email integration, and integrated into the EHR.

John Moehrke has 3 great images I’ve embedded below which illustrate the above 3 models:

In the Full Service HISP, the user uploads the health information to a web portal or possibly emails the information to the HISP. This model reminds me of the various physician portals I’ve seen out there. They’ve worked really well for doctors who do a lot of referrals and need to exchange data. Although, logging into a portal isn’t the most seamless way of sharing data.

The email integration option requires you to have some good IT experience to be able to configure your email properly to support the identity and security configuration that will be required on your email system. Considering the number of doctors I know that still use aol.com, yahoo.com and gmail.com accounts, this won’t be a good solution for them. I bet even Google Apps accounts won’t support this, but it would be really cool if they did. Would be a really smart move by Google to have gmail support it if they could. The nice part is that once it’s configured you can sign and encrypt the email in a pretty seamless fashion.

Integrating the direct project specification directly into the EHR is the best option since it provides the user a seamless experience. The challenge will be on the EHR vendors to be able to integrate it into their EHR software, but I expect many will see this as the best way to service their customers. It will be harder on the EHR vendor, but the EHR vendors that do this extra effort will have much happier users.

Hopefully this gives a decent overview of the Direct Project options. John Moehrke has a lot more technical details on the subject if you want to read more about those. I know he’s pretty active on Twitter, so I’ll ping him now to have him take a look at this post so I can add any clarifications if needed as well.

I’m excited to see the Direct Project in widespread use. I think the Direct Project vision has best been described as replacing the fax machine. The move to exchanging documents using direct will be a good step forward. Sure, it’s just the first step, but it’s an important and useful one.