Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

HL7 Backs Effort To Boost Patient Data Exchange

Posted on December 8, 2014 I Written By

Katherine Rourke is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Standards group Health Level Seven has kicked off a new project intended to increase the adoption of tech standards designed to improve electronic patient data exchange. The initiative, the Argonaut Project, includes just five EMR vendors and four provider organizations, but it seems to have some interesting and substantial goals.

Participating vendors include Athenahealth, Cerner, Epic, McKesson and MEDITECH, while providers include Beth Israel Deaconess Medical Center, Intermoutain  Healthcare, Mayo Clinic and Partners HealthCare. In an interesting twist, the group also includes SMART, Boston Children’s Hospital Informatics Program’s federally-funded mobile app development project. (How often does mobile get a seat at the table when interoperability is being discussed?) And consulting firm the Advisory Board Company is also involved.

Unlike the activity around the much-bruited CommonWell Alliance, which still feels like vaporware to industry watchers like myself, this project seems to have a solid technical footing. On the recommendation of a group of science advisors known as JASON, the group is working at creating a public API to advance EMR interoperability.

The springboard for its efforts is HL7’s Fast Healthcare Interoperability Resources. HL7’s FHir is a RESTful API, an approach which, the standards group notes, makes it easier to share data not only across traditional networks and EMR-sharing modular components, but also to mobile devices, web-based applications and cloud communications.

According to JASON’s David McCallie, Cerner’s president of medical informatics, the group has an intriguing goal. Members’ intent is to develop a health IT operating system such as those used by Apple and Android mobile devices. Once that was created, providers could then use both built-in apps resident in the OS and others created by independent developers. While the devices a “health IT OS” would have to embrace would be far more diverse than those run by Android or iOS, the concept is still a fascinating one.

It’s also neat to hear that the collective has committed itself to a fairly aggressive timeline, promising to accelerate current FHIT development to provide hands-on FHIR profiles and implementation guides to the healthcare world by spring of next year.

Lest I seem too critical of CommonWell, which has been soldiering along for quite some time now, it’s onlyt fair to note that its goals are, if anything, even more ambitious than the Argonauts’. CommonWell hopes to accomplish nothing less than managing a single identity for every person/patient, locating the person’s records in the network and managing consent. And CommonWell member Cerner recently announced that it would provide CommonWell services to its clients for free until Jan. 1, 2018.

But as things stand, I’d wager that the Argonauts (I love that name!) will get more done, more quickly. I’m truly eager to see what emerges from their efforts.

Is Healthcare Missing Out on 21st Century Technology?

Posted on July 31, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This tweet struck me as I consider some of the technologies at the core of healthcare. As a patient, many of the healthcare technologies in use are extremely disappointing. As an entrepreneur I’m excited by the possibilities that newer technologies can and will provide healthcare.

I understand the history of healthcare technology and so I understand much of why healthcare organizations are using some of the technologies they do. In many cases, there’s just too much embedded knowledge in the older technology. In other cases, many believe that the older technologies are “more reliable” and trusted than newer technologies. They argue that healthcare needs to have extremely reliable technologies. The reality of many of these old technologies is that they don’t stop someone from purchasing the software (yet?). So, why should these organizations change?

I’m excited to see how the next 5-10 years play out. I see an opportunity for a company to leverage newer technologies to disrupt some of the dominant companies we see today. I reminded of this post on my favorite VC blog. The reality is that software is a commodity and so it can be replaced by newer and better technology and displace the incumbent software.

I think we’ve seen this already. Think about MEDITECH’s dominance and how Epic is having its hey day now. It does feel like software displacement in healthcare is a little slower than other industries, but it still happens. I’m interested to see who replaces Epic on the top of the heap.

I do offer one word of caution. As Fred says in the blog post above, one way to create software lock in is to create a network of users that’s hard to replicate. Although, he also suggested that data could be another way to make your software defensible. I’d describe it as data lock-in and not just data. We see this happening all over the EHR industry. Many EHR vendors absolutely lock in the EHR data in a way that makes it really challenging to switch EHR software. If exchange of EHR data becomes wide spread, that’s a real business risk to these EHR software companies.

While it’s sometimes disappointing to look at the old technology that powers healthcare, it also presents a fantastic opportunity to improve our system. It is certainly not easy to sell a new piece of software to healthcare. In fact, you’ll likely see the next disruptive software come from someone with deep connections inside healthcare partnered with a progressive IT expert.

Resident EMR Training, FDA EMR Regulation, and MEDITECH Twitter

Posted on November 10, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.


I bet 5 hours is generous for resident EHR training. It’s amazing how training a resident on an EHR is almost an afterthought. I partially understand it since the residents have so many things to learn, but EHR will become a standard part of that training. I live right next to a medical school and it’s amazing to hear the stories of these residents doing rotations at clinics with EHR. Most prefer it, but they don’t get much training.


Is the FDA regulating EHRs? Other than the guidance they put out recently for health applications, I haven’t seen them do much more as far as regulating EHR software. Although, after seeing this and reading a tweet from Farzad suggesting that the FDA should leave EHR “regulation” to the ONC framework, I wonder if something else is brewing. What have you seen or heard?


I didn’t think this tweet was that significant, but it was the first time I remember seeing MEDITECH participating in social media. In fact, I’m trying to remember where I’ve seen MEDITECH participating in any of the national conversations. For such a large EHR vendor, they sure have kept a low profile. I feel like I get around, and I have yet to meet a MEDITECH person. I can’t say that for many EHR vendors. Of course, I look at their social media account and see they have 1,243 tweets. So, they’ve been doing something, but I’d never seen it until today. Just for reference, I have about 28,000 tweets between just my top 2 Twitter accounts.

Top 100 EHRs by Revenue – Who Cares?

Posted on November 8, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Medical Economics put out a list that it’s just irresistible to those of us in healthcare IT. It’s a list of the Top 100 EHR vendors by revenue. I know that this is irresistible, because I did a post on EMR Thoughts back in 2011 listing the Top 100 Healthcare IT Companies by Revenue and still today it’s the top visited post on that site. Plus, when I saw the headline I couldn’t resist checking out the list myself.

While we all have to look when we see something like it, I think we need to be careful looking at these lists. They are filled with errors since the sources for such information aren’t that reliable. Not to mention there are a lot of ways to count revenue when you’re as large as these organizations. So, they can mislead you as much as lead you.

In fact, I know of a number of errors myself in the list. Although, the one that made me laugh the most was when I saw Meditech listed at 55. I literally openly laughed out loud that whoever created the list didn’t have enough common sense to know that it couldn’t be the case. Then, I took a second look at Meditech at 55 and realized that even the data in the chart shows that it shouldn’t be 55th on the list, but should be 4th on the list. They have them ranked based on $4.9 million in revenue instead of the $490 million which is listed. Those pesky decimals. I’ll have to give them my son’s 4th grade homework on decimals.

Of course, any of us could make that type of mistake. Stuff happens when you’re compiling a lot of data. Considering the way the page seems to be coded (manually I believe), I feel bad for whoever will have to adjust the list.

Another change they need to make is the acquisition of Greenway by Vitera. It looks like the combined entities would move them to 6th on the list and possibly higher.

Of course, the real question is whether any of this really matters. It’s great fodder for discussion. I have made the argument in the past that it’s important to understand the long term financial viability of the EHR organization you choose. However, revenue is just one of the measures of a company’s long term viability. There have been plenty of hundred million dollar companies who have failed. It’s about costs and revenue, not just revenues. Not to mention as the EHR industry consolidates, many of these companies are going to sunset their EHR product after they merge. So, is buying from a large EHR vendor any less risky than buying from a smaller EHR vendor?

As someone who lives, eats, and breathes EHR every day, this is fun for me to look at, but I don’t think it has much impact.

An Example of EHR as Database of Healthcare

Posted on December 13, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

One of my favorite interviews at mHealth Summit was with Alan Portela, CEO of AirStrip Technologies. I’d definitely heard good things about AirStrip, but I must admit that before our meeting I didn’t have a very good understanding of what AirStrip was really all about. I was pleased to learn that they are well deserving of the hype. I believe AirStrip will do wonderful things to help make healthcare data mobile and AirStrip is lucky to have Alan Portela leading the company. Alan is unique when it comes to healthcare IT leaders in that he understands the healthcare culture, but also has a unique vision for how healthcare can embrace the future.

The core of what AirStrip has done to date has been in OB and Cardiology. In fact, each of those areas is worthy of their own post and look into how they’ve changed the game in both of those areas. The OB side speaks to me since we recently had our fourth child. I can imagine how much better the workflow would have been had my wife’s OB had access to the fetal waveforms (CTGs) on her mobile device. Instead, it was left to the nurse to interpret the recordings and communicate them to the OB. There’s real power for an OB to have the data in the palm of their hand.

Similar concepts can be applied to cardiology. Timing is so huge when it comes to the heart and there’s little doubt that mobile access to healthcare data for a cardiologists can save a lot of time from when the data is collected to when the cardiologist interprets the results.

The real question is why did it take so long for someone like AirStrip to make this data mobile. The answer has many complexities, but it turns out that ensuring that the data displays to clinical grade quality is not as easy as one might think. An ECG waveform needs to be much more precise than a graph of steps taken.

While both of these areas are quite interesting, since I’m so embedded in the EHR world I was particularly interested in AirStrip’s move into making EHR data mobile. They’ve started with Meaningful Use Tracker, but based on my conversation with Alan Portela this is just the beginning. AirStrip wants to make your important clinical information mobile.

I pushed Alan on how he’ll be able to do this since so many EHR companies have created big barriers to being able to access their data. Turns out that Alan seems to share my view that EHR is the Database of Healthcare. This idea means that instead of the EHR doing everything for everyone, a whole ecosystem of companies are going to build amazingly advanced functionality on the back of the EHR data and functions.

In AirStrip’s case, they want to take EHR data and make it mobile. They don’t want to store the data. They don’t want to do the advanced clinical decision support. Instead, they want to leverage the EHR data and EHR functionality on a mobile device.

One key to this approach is that AirStrip wants to be able to do this for an organization regardless of which EHR you use on the backend. In fact, Alan argues that most hospital organizations are going to have multiple EHR systems under their purview. As hospitals continue to consolidate you can easily see how one organization is going to have a couple hospitals on Epic, a couple on Cerner, a couple on Meditech, etc. If AirStrip can be the consistent mobile front end for all of the major EHR companies, that’s a powerful value proposition for any hospital organization.

Of course, we’ll see if AirStrip gets that far. Right now they’re taking a smart approach to mobilizing specific clinical data elements. Although, don’t be surprised when they work to mobilize all of an organization’s healthcare data.

AirStrip is just one example of a company that’s using EHR as their database of healthcare data. I’m sure we’re going to see hundreds and thousands of companies who build powerful applications on the back of EHR data.

Covering Your Practice When Using a Hosted EHR

Posted on June 12, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The following is a guest post by William O’Toole discussing a really misunderstood topic about clinic responsibility in a hosted EHR environment and how to protect your clinic. This ties in really well to Katherine’s previous post about Business Associates HIPAA Preparation.

Too many times people in EMR acquisition mode have made the assumption that hosted solutions automatically insulate the customer provider from liability for data breach or unauthorized disclosure of patient information, which is unsettling because it is simply not true. Health care providers are always responsible to patients for these unfortunate situations and nothing in HIPAA or the HITECH Act shifts that responsibility to the vendor of the hosted software solution. While HITECH does extend compliance requirements and potential penalties to vendors that provide services to providers involving patient information, this does not mean that the provider is not responsible to the patient.

All that gloom aside, it is completely possible to protect the provider organization through indemnification language in the software agreement with the vendor. In situations where the fault (violation of HIPAA) lies with the vendor that is hosting the software, and controlling and possessing patient data, if no indemnification provision exists, then any award for damages in a patient lawsuit would have to be paid by the provider without any contribution from the vendor. Think of the indemnification in that manner. It basically means that if there is a violation, and it is caused in part by the vendor, then the vendor will contribute to the payment of damages to the extent it was at fault.

An indemnification from a vendor Business Associate to a provider Covered Entity for any data breach or unauthorized disclosure of patients’ Protected Health Information (capitalized terms as defined under HIPAA) is critical in light of ARRA/HITECH and its impact on HIPAA. Briefly, ONC will be investigating, auditing, and penalizing both Covered Entities and Business Associates through powerful enforcement of HIPAA as mandated by the HITECH Act.

Providers should review all IT vendor contracts and Business Associate Agreements with those vendors. Ideally, for every vendor relationship with your hospital or practice, those two contracts should have matching language stating that the vendor will indemnify your organization for data breaches or unauthorized disclosures caused by the vendor. There are cases where the main customer/vendor agreement does not contain such language but the Business Associate Agreement does, which is still good. If absent from both, your organization is seriously exposed and you must consider the potential consequences and amend the agreements to include this type of protection whenever possible.

INDEMNIFICATION means a party to an agreement takes on financial responsibility for its actions and is legally obligated to pay damages to the other party. As you read a proposed contract, substitute “pay money to” in place of “indemnify”. It means the party will pay the damages resulting from its actions that would otherwise be paid by the other party if no indemnification existed. Look carefully at what indemnification(s) your organization is asked to provide, and what the other side is offering for indemnification. This comparison must be carefully considered before signing anything.

LIMITATION OF LIABILITY means the vendor is stating (often in ALL CAPS) what it is NOT responsible for. Typical exclusions are “special, incidental and consequential” damages. What this means is that while the vendor might take on responsibility for direct damages for something like product failure, which is often limited to the value of the contract, it purposely disclaims any responsibility for damages over and above the cost of the product. If consequential damages are disclaimed and excluded, the provider could only hope to receive a refund, which would exclude any additional costs like outside consulting trying to make the original product work for your organization, or the additional cost for a more expensive replacement product.

Important note: If you are able to obtain indemnification from a vendor as described above, you must also make sure that any limitation on consequential damages specifically and expressly excludes the indemnification provision. This means that the indemnification will cover both direct damages and then anything over and above that amount, which would be the consequential damages portion.

In summary, as a general statement, a hosting solution by itself does not provide legal protection for data breaches or unauthorized disclosures of patient information. That protection must be negotiated in your contract with the vendor in the form of an indemnification and it is very important.

This posting provides general contract information and is not intended as specific legal advice.

William O’Toole founded the O’Toole Law Group following twenty years as counsel for Medical Information Technology, Inc. (Meditech). His practice is concentrated in health care IT contract review and negotiation. He can be contacted directly at wfo@otoolelawgroup.com.

Top 5 EHR Contract Pitfalls Identified – Guest Post

Posted on July 22, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The decisions don’t end after deciding on an EHR system for your medical practice. An EHR contract is an important and legally binding document, and it’s absolutely essential to consider every line of fine print before accepting the terms. O’Toole Law Group founder William O’Toole strongly believes that contract terms should be one of the top criteria in the EHR selection process.

Consulting with a lawyer before you sign is the best way to avoid difficult and expensive problems in the future. The following five issues arise frequently in EMR/EHR contracts, which are being rushed to execution by many practices that are aiming to qualify for federal funding under ARRA/HITECH. This is by no means an exhaustive list, but it aims to shed light on a few of the most frequent contract issues.

1. The EHR may not have the required certification. In order to qualify for federal funding under the ARRA’s Meaningful Use requirements, your EHR must be certified. Certification isn’t a totally black-and-white label, however – an EHR could be certified for the present but that certification could be withheld later on in the reimbursement period. The vendor is responsible for maintaining certification, so it’s important to determine for exactly how long the certification is guaranteed.
2. Your EHR vendor cannot guarantee that you will qualify for Meaningful Use. Meaningful Use – that is to say, your meaningful use of the EHR – is determined by you and your practice. Simply buying and setting up the EHR does not mean that you will qualify for reimbursement unless you follow the legal requirements and use it appropriately.
3. Your contract should include training time and support. Your staff will not be able to use the EHR system effectively without proper training, and if your contract does not guarantee a certain amount of training time (as well as specify exactly how and where the training will take place), your practice could be in trouble. Similarly, you will undoubtedly run into problems and your contract should specify support options for both day-to-day problems and long-term EHR product development by the vendor.
4. The EHR may not be guaranteed to be up and running by your deadline. If the EHR system is not ready to use in time for your Meaningful Use deadlines, you will certainly run into problems and lose reimbursement. While the vendor can’t guarantee a timeline for the work required of your practice, they should be able to promise timely delivery of all materials and support necessary on their part.
5. You could be surprised with licensing fees if you don’t carefully consider what type of license you’re paying for. In general terms, the license agreement with your EHR vendor could be one of two types: a perpetual agreement under which license fees are paid once up front, or a temporary SAAS-type license that requires ongoing payments and expires once your contract ends. Though an SAAS license may be less expensive initially, your costs could increase if you choose to stay with that same EHR vendor after the contract ends. A good legal representative can help you negotiate escalation amounts for the end of your contract.

About O’Toole Law Group
William O’Toole founded the O’Toole Law Group, specializing exclusively in healthcare information technology, following his long tenure as Corporate Counsel at Medical Information Technology (MEDITECH). Known and respected by executives, attorneys and consultants throughout the healthcare industry, O’Toole now represents healthcare provider entities and technology companies in all aspects of technology acquisition, development and distribution and stands among the most experienced and successful negotiators in the HIT industry.

For further detailed information on these and other hot topics regarding EHR contracts, see the popular white paper offered by O’Toole Law Group, entitled Selection and Negotiation of EHR Contracts for Providers (pdf).