Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

An Alternate Way Of Authenticating Patients

Posted on July 5, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Lately, I’ve been experimenting with a security app I downloaded to my Android phone. The app, True Key by Intel Security, allows you to log in by presenting your face for a scan or using your fingerprint. Once inside the app, you can access your preferred apps with a single click, as it stores your user name and passwords securely. Next, I simplified things further by downloading the app to my laptop and tablet, which synchs up whatever access info I enter across all devices.

From what I can see, Intel is positioning this as a direct-to-consumer play. The True Key documentation describes the app as a tool non-techies can use to access sites easily, store passwords securely and visit their favorite sites across all of their devices without re-entering authentication data. But I’m intrigued by the app’s potential for enterprise healthcare security access control.

Right now, there are serious flaws in the way application access is managed. As things stand, authentication information is usually stored in the same network infrastructure as the applications themselves, at least on a high-level basis. So the process goes like this, more or less: Untrusted device uses untrusted app to access a secure system. The secure system requests credentials from the device user, verifies them against an ID/PW database and if they are correct, logs them in.

Of course, there are alternatives to this approach, ranging from biometric-only access and instantly-generated, always-unique passwords, but few organizations have the resources to maintain super-advanced access protocols. So in reality, most enterprises have to firewall up their security and authentication databases and pray that those resources don’t get hacked. Theoretically, institutions might be able to create another hacking speed bump by storing authentication information in the cloud, but that obviously raises a host of additional security questions.

So here’s an idea. What if health IT organizations demanded that users install biometrically-locked apps like True Key on their devices? Then, enterprise HIT software could authenticate users at the device level – surely a possibility given that devices have unique IDs – and let users maintain password security at their end. That way, if an enterprise system was hacked, the attacker could gain access to device information, but wouldn’t have immediate access to a massive ID and PW database that gave them access to all system resources.

What I’m getting at, here, is that I believe healthcare organizations should maintain relationships with patients (as represented by their unique devices) rather than their ID and password. While no form of identity verification is perfect, to me it seems a lot more like that it’s really me logging in if I had to use my facial features or fingerprint as an entry point. After all, virtually any ID/PW pair chosen by a user can be guessed or hacked, but if you authenticate to my face/fingerprint and a registered device, the odds are high that you’re getting me.

So now it’s your turn, readers. What flaws do you see in this approach? Have you run into other apps that might serve this purpose better than True Key? Should HIT vendors create these apps? Have at it.

Biometric Use Set To Grow In Healthcare

Posted on January 15, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

I don’t know about you, but until recently I thought of biometrics as almost a toy technology, something you’d imagine a fictional spy like James Bond circumvent (through pure manliness) when entering the archenemy’s hideout. Or perhaps retinal or fingerprint scans would protect Batman’s lair.

But today, in 2016, biometric apps are far from fodder for mythic spies. The price of fingerprint scan-based technology has fallen to nearly zero, with vendors like Apple offering fingerprint-based security options as a standard part of its iOS iPhone operating system. Another free biometric security option comes courtesy of Intel’s True Key app, which allows you to access encrypted app data by scanning and recognizing your facial features. And these are just trivial examples. Biometrics technologies, in short, have become powerful, usable and relatively affordable — elevating them well above other healthcare technologies for some security problems.

If none of this suggests to you that the healthcare industry needs to adopt biometrics, you may have a beef with Raymond Aller, MD, director of informatics at the University of Southern California. In an interview with Healthcare IT News, Dr. Aller argues that our current system of text-based patient identification is actually dangerous, and puts patients at risk of improper treatments and even death. He sees biometric technologies as a badly needed, precise means of patient identification.

What’s more, biometrics can be linked up with patients’ EMR data, making sure the right history is attached to the right person. One health system, Novant Health, uses technology registering a patient’s fingerprints, veins and face at enrollment. Another vendor is developing software that will notify the patient’s health insurer every time that patient arrives and leaves, steps which are intended to be sure providers can’t submit fradulent bills for care not delivered.

As intriguing as these possibilities are, there are certainly some issues holding back the use of biometric approaches in healthcare. And many are exposed, such as Apple’s Touch ID, which is vulnerable to spoofing. Not only that, storing and managing biometric templates securely is more challenging than it seems, researchers note. What’s more, hackers are beginning to target consumer-focused fingerprint sensors, and are likely to seek access to other forms of biometric data.

Fortunately, biometric security solutions like template protection and biocryptography are becoming more mature. As biometric technology grows more sophisticated, patients will be able to use bio-data to safely access their medical records and also pay their bills. For example, MasterCard is exploring biometric authentication for online payments, using biometric data as a password replacement. MasterCard Identity Check allows users to authenticate transactions via video selfie or via fingerprint scanning.

As readers might guess from skimming the surface of biometric security, it comes with its own unique security challenges. It could be years before biometric authentication is used widely in healthcare organizations. But biometric technology use is picking up speed, and this year may see some interesting developments. Stay tuned.

Can Cloud Computing Help Solve Healthcare’s Looming IT Crisis?

Posted on November 21, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The title of this post comes from a whitepaper called “How Cloud Computing Can Help Solve Healthcare’s Looming IT Crisis” that was done by Intel together with CareCloud and terremark (A Verizon Company). My initial reaction when reading this whitepaper was “what looming healthcare IT crisis are they talking about?”

The whitepaper makes the general case about the challenges of so much regulation, security, and privacy issues related to healthcare IT. I guess that’s the crisis that they talk about. Certainly I agree that many a healthcare CIO is overwhelmed by the rate of change that’s happened in healthcare IT to date. Is it a crisis? Maybe in some organizations.

However, more core to what they discuss in the paper is whether cloud computing can provide some benefits to healthcare that many organizations aren’t experiencing today. The whitepaper cites a CDW study that just 30 percent of medical practices have transitioned to cloud computing services. No doubt I’ve seen the reluctance of many organizations to go with cloud computing. Although, as one hospital CIO told me, we have to do it.

The whitepaper makes the case that cloud computing can help with:
-Security, compliance and privacy
-Cost efficiency and improved focus
-Flexibility and scalability

I’d love to hear your thoughts on the whitepaper and its comments on the value of cloud computing. Should healthcare be shifting everything to cloud computing? Is there a case to be made for in house over cloud computing? Will some sort of hybrid approach win out?

EHR Stimulus Alliance Sickens Me

Posted on May 18, 2009 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I previously posted about the EHR stimulus tour (no link since I don’t want to promote them). Today I saw what seems to amount to a press release that talks about the “EHR Stimulus Alliance” and their tour to “educate 500,000 U.S. physicians about opportunities aligned with the American Recovery and Reinvestment Act (ARRA) of 2009.”

This type of puffery just makes me sick. No. Not the educating 500,000 physicians. That’s a good thing and part of the motivation for this blog. The thing that makes me sick is this seems like just a big marketing campaign for Allscripts. Sure they have a list of other partners, but they’re basically partners of Allscripts. Check out the list: Allscripts, Cisco, Citrix, Dell, Intel, Intuit, Microsoft Corp., and Nuance. The press release calls it a “broad coalition of healthcare and technology companies.” Too bad Allscripts is the only true healthcare company in that list. All the others are technology companies that sell some healthcare products.

I just don’t like when an “education tool” is really just being used as a marketing tool for a certain EHR company. If they really wanted to help adoption, they’d sponsor a tour with a whole variety of EHR vendors where they can help doctors to be able to see the wide variety of EHR vendors that exist.

Someone recently emailed me about any conferences that exist for a doctor to be able to evaluate EHR companies all in one place. I know there have been a number of other ones in the past that no longer exist. The only one I know is still going is HIMSS. Does anyone else know of other places where doctors can see a bunch of great EHR? I ask this knowing that many really great EHR just haven’t seen the benefit of these types of shows.

Also, if anyone has a chance to go to one of these EHR Stimulus tour stops, I’d love to have you do a guest post on the experience. I sent them a tweet asking if they can stop in Las Vegas so I can check it out.

EHR Stimulus Tour

Posted on May 4, 2009 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Turns out the fish are starting to feed. Check out this website that talks about the “EHR Stimulus Tour: Educating the Nation.” Ok, I don’t really want you to check out the website, since I think it’s kind of sad. At the bottom it lists the “EHR Stimulus Alliance.” The following companies are listed in this EHR alliance:
Allscripts
Cisco
Citrix
Dell
intel
intuit
Microsoft
Nuance

What a group of large companies trying to sell a bunch of product. I guess we should have expected something like this, but maybe I’m just a little surprised that they made a website for an EHR stimulus tour and everything. Interestingly the twitter link on the site goes to an Allscripts twitter account. I think we can clearly see who’s behind this website.

Honestly, this reminds me of an Amway or other MLM convention. Is it any wonder the type of information that will be given at this type of tour? I guess $18 billion is a lot of motivation to market your EHR software. I just wish they were stopping in Las Vegas so that I could go and check them out.

The Medical Quack – Great Healthcare Blog

Posted on October 13, 2008 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Well, I’d been meaning to link to my friend Ducknet or as she calls her blog, The Medical Quack, for a while, but never got around to it. I figured it was about time since she’s been posting like crazy on that blog and deserved a little love.

I must admit that she posts a ton of medical related content. In fact, probably too much for me. I’m a little bit of a healthcare snob and have my preference for EMR and/or IT in healthcare. Ducknet has an incredible tech background with experience working at Intel and TabletKiosk. I’ve often turned to her on Skype to ask her details about the latest processors or the best tablet pc for my doctors to use with our EMR. She’s always been spot on.

Plus, she finds nice little nuggets of EMR industry knowledge that I hadn’t seen until now: Misys Purchases Allscripts. That’s a really interesting industry consolidation of what I would consider a very weak brand with a very strong brand. Kind of reminds me of when HP and Compaq came together (can’t remember who bought who in that one). The interesting question is which EMR software system will emerge from the Misys purchase of Allscripts.

Hopefully the Allscripts marketing team is kept in tact. I liked their use of social media to promote EMR.