Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

EHR Adaptation, Film to Digital, and Box

Written by:


I agree completely that patient expectations are changing. I think we’re going to see a dramatic shift in the patient experience. What I’m not as sure about is whether the EHR will be the one to meet those changing expectations. EHR software is distracted with other things and they’re not well positioned to handle the change.


I’m not sure I’d really classify this as a pivot. I think Viztek is doing pretty well with their PACS. They’re not going to stop doing that anytime soon. It is an interesting diversification for the company. Although, I was more intrigued to think about what we could learn from the PACS experience going from film to digital. We need more people writing about those learnings.


Those are two big powerhouses that Box brought on board. I’d heard a lot about box and its efforts in healthcare. This illustrates how important healthcare is to Box’s future.

March 23, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Achieve Cybersecurity While Complying with HIPAA Standards

Written by:

Tony Jeffs, Cisco
The following is a guest post written by Tony Jeffs, Sr. Director, Product Management & Marketing, Global Government Solutions Group at Cisco.

Within the past 24 months, nine out of 10 hospitals in the U.S. have fallen victim to an attack or data breach, according to a recent report from the Ponemon Institute. The landscape of the healthcare IT industry is transforming rapidly due to significant changes in patient information management and today’s evolving threat landscape. Advancements in technology and government regulations have powered an explosive growth in the creation and storage of protected healthcare information (PHI). To prepare for new attacks targeting sensitive patient data, healthcare organizations need to recognize the risks of noncompliance and how the deployment of certified, secure, and trusted technologies will help ensure compliance with Health Insurance Portability and Accountability Act (HIPAA) standards.

According to the 2012 National Preparedness Report conducted by the Federal Emergency Management Agency, the healthcare industry is already prepared for many types of emergencies and contingencies. However, the same study showed that healthcare organizations are overall still unprepared for most cyber attacks.

The report highlighted that cybersecurity “was the single core capability where states had made the least amount of overall progress.” Of the state officials surveyed, merely 42 percent feel they are adequately prepared. The report also showed that in the last six years, less than two-thirds of all companies in the U.S. have sustained cyberattacks. From 2006 to 2010, the number of reported attacks in the U.S. rose by 650 percent. During the Aspen Security Forum last year, Keith B. Alexander, head of the National Security Agency and the new United States Cyber Command, indicated that the U.S. has seen a 17-fold rise in attacks against its infrastructure from 2009 through 2011.

In such an environment, it is a top priority for healthcare organizations to comply with HIPAA standards. Before the signing of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009, it was understood industry-wide that HIPAA was not strictly enforced. Under HITECH, healthcare providers could be penalized for “willful neglect” if they failed to demonstrate reasonable compliance with the Act. The penalties could be as high as $250,000 with fines for uncorrected violations costing up to $1.5 million.

In certain instances, HIPAA’s civil and criminal penalties now encompass business associates. While a citizen cannot directly sue their healthcare provider, the state attorney general could bring an action on behalf of state residents. In addition, the U.S. Department of Health and Human Services (HHS) is now required to periodically audit covered entities and business associates. This implies that healthcare providers are required to have systems in place to monitor relationships and business practices to guarantee consistent security for all medical data.

If information systems are left vulnerable to attack, providers face significant risks to their business. These targeted attacks in the healthcare industry can come in a variety of forms. In Bakerfield, CA, the Kern Medical Center was attacked by a virus that crippled its computer systems. The hospital took approximately 10 days to bring the doctors and nurses back online. A Chicago hospital was attacked by a piece of malware that forced the hospital’s computers into a botnet controlled by the hacker. A year later, the hospital was still dealing with the attack’s aftermath. Following the theft of a computer tape containing unencrypted personal health information from an employee’s automobile, the DoD faced a multi-billion-dollar lawsuit. The Veterans Administration (VA) fought a two-year battle against intrusions into wireless networks and medical devices, including picture archiving and communication systems (PACS), glucometers and pharmacy dispensing cabinets.

Patients are protected against identity theft if medical information is encrypted and secured. Simultaneously, information must be kept readily available when necessary, such as for emergency personnel. The subsequent benefits are important in order to keep businesses competitive, including better quality of patient care, improved patient outcomes, increased productivity and workflow efficiency, better information at the point of care and improved and integrated communications between doctors and patients.

The Key to HIPAA Compliance

In order to meet the HITECH Act requirements, encryption must be used on the main service provider network as well as its associated partner networks. Encryption uses an algorithm to convert data in a document or file into an indecipherable format prior to being delivered, and then decrypts the data once received to prevent unauthorized personnel from accessing it. Successful use of encryption depends on the strength of the algorithm and the security of the decryption “key” or process when data is in motion and moving through a network or data is at rest in databases, file systems, or other structured storage methods.

In order to achieve HIPAA compliance, healthcare providers should leverage verified, certified network security products and architectures. Recommended by the HHS and mandated by the U.S. Department of Defense (DoD) for encryption, Federal Information Process Standard (FIPS) 140-2 encryption certified products reliably safeguard healthcare data with reliable and proven security in order to diminish risks without increasing costs.

Technologies that are fully FIPS-140 certified provide organizations a level of security that will remain compliant through at least 2030, unlike legacy cryptographic systems.

A New Degree of Confidence

Today, closed networks are almost nonexistent as most offices have Internet access, at the minimum. With the use of electronic transactions increasing in healthcare, including e-prescriptions and electronic communication, many medical organizations use open systems that necessitate the use of encryption technologies.

Technology providers can easily assert that a system is secure by using the highest level of encryption technologies on the market. With the degree of public visibility of breaches of trust, organizations have no reason to risk exposure with technology systems that fail to meet the FIPS 140-2 standard for data encryption. Without this certification, the cryptography function on the network has demonstrated a less than 50 percent chance of being correctly implemented, which also implies there is a 50 percent chance that the cryptography can be cracked. By purchasing solutions with FIPS validation, healthcare organizations achieve a new degree of reassurance that their critical data is secure, allowing them to minimize risk without an increase in costs.

March 8, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Key Radiology Takeaways from RSNA

Written by:


This is a guest post by Janakan Rajendran, CIO, GNAX Health.

RSNA began their integration journey in 1998 with the initial launch of Integrating the Healthcare Enterprise (IHE), a multi-vendor technology project designed to connect radiologists with other clinical departments.  The project has grown by leaps and bounds. Now partnered with HIMSS, IHE is a well-respected, annually-demonstrated, healthcare connect-a-thon. At this year’s RSNA, the association took connecting one step further.

RSNA 2012 was all about connecting with the patient. From the opening keynote to exhibit hall signage and educational sessions, radiologists were encouraged to charge forward into a new frontier—patient relationships. This new drive towards end user connectivity was reflected in three key trends:

  • Radiologists are Members of Core Care Team
  • Vendor Neutrality is Essential
  • Images are Embedded into Health Information Exchange

Shared Ownership of Patients – Dosage Tracking

For professionals typically sequestered in dark rooms and technology silos, the concept of patient interaction is novel, timely and suddenly important.  RSNA 2012 even included a day-long workshop on the art of difficult conversations. Focused on front-line conversations with patients, peers and payers, the workshop set a new bar for radiologists’ ability to effectively communicate outside of the reading room.

The conference theme, “Patients First”, was reiterated by Dr. George Bissett, 2012 RSNA President, in his president’s address.

“After a year of reflection on our profession, I believe more than ever that our future depends on our capacity to develop a new kind of shared ownership, along with our primary care and specialty colleagues, of our patients’ needs and expectations.”

Just as the IHE integrated radiology technically, we expect medical imaging to take a stronger position within the core patient care team. One component of “patients first” is the regulatory need for providers to track radiology dosage over patient lifetime—certainly a huge technology challenge and patient safety concern for all.

Vendor Neutral Archives Go Second Generation

Vendor-neutral archives (VNAs) were showcased notably during the 2011 RSNA. This years’ RSNA uncovered the real, extensible benefits of VNAs. Now VNAs are considered a platform that enable providers to do much more than simply avoid future PACS and storage migrations. Cloud-based hosted VNAallows for:

  • Long-term archival of images from all departmental PACS without any additional hardware or software purchase.
  • Image storage is no longer on-site at the provider location, reducing the VNA’s physical footprint within the IT department and staff time to maintain and update the system.
  • Multiple PACS can be easily integrated into the VNA. Savings are substantial for organizations planning ahead for mergers, acquisitions or participation in an ACO or HIE.
  • The cost to migrate images from one PACS to another is eliminated through a VNA. Once moved into the VNA, images are not held hostage by the PACS. Organizations achieve greater flexibility for future PACS purchases and negotiate from a stronger position.
  • Image enabling of the EMR with a Universal Viewer through one, single integration.

Several second generation VNAs were demonstrated at RSNA. These VNAs focus on image exchange within health systems.  Next up: third generation VNAs to support image sharing between health systems. Initial strides toward third generation VNA are already underway.

Images Part of HIE

For decades, the only way to share medical images between radiologists and physicians was manual. Patient sneaker-net (patients hand-carrying CDs from radiology departments or imaging centers to specialists and primary care physicians) is common practice even today. Vendors at RSNA 2012 aim to take patients out of the equation and eliminate CDs.

Several companies demonstrated the ability to control image access, move images along the HIE or ACO continuum, and consolidate image access reporting. Key technology partnerships to support end-to-end image sharing were introduced. As an example, GNAX Health announced an agreement with ACUO Technologies and Client Outlook to integrate medical images into the Colorado Telehealth Network (CTN).

Hospitals, imaging centers, clinics and other health care providers in Colorado will safely store and share medical images through a private cloud hosted and managed by GNAX Health and using GNAX’s SDEXTM (Secure DICOM Exchange) platform. CTN and GNAX Health are working with the Colorado Regional Health Information Organization (CORHIO) and Quality Health Network (QHN)—the two Colorado Health Information Exchanges—to image-enable their physician portals so that images and diagnostic reports will be available through the HIEs. GNAX Health will also allow CTN to offer disaster recovery and business continuity solutions. Nine CHA member hospitals worked with CTN over the past eight months to develop the imaging program with input from hospitals across the state. For Colorado, the future is already here.

RSNA Conversation Changes

RSNA 2012 reflected a new conversation between radiology and their key stakeholders: patients and peers. Technology is supporting this dialogue in ways never thought possible. There seemed to be many more technologists and internal provider system integrators at this show. For once, PACs was not the buzz at RSNA. Information technology was.

December 6, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

Memorial Day

Written by:

I always love the Holidays and Memorial Day is no different. I love the idea of looking back at those people who have since passed on. I love repeating the memories and stories of these people and remembering the lessons they taught us. Plus, I love to honor the troops who make everything we have possible.

In a recent call with my mother we of coursed talked about the progress of my blogs and the Healthcare Scene blog network. My mother has very little technical prowess and is one of those people who feels a little bit scared and nervous to use technology. I think she still thinks she’s going to break something and so she sticks to her same routines every time she’s on the computer. So, needless to say, she doesn’t have a great understanding of what I really do. She understands that they’re websites and somehow I make money from advertisers on the site. That’s alright by me, her 5th grade students are lucky to have her as a teacher.

In my conversation with my mom wondered what type of conversation my grandfather and I would have if he was still around. My grandfather is someone that I knew very well, loved deeply, and I even lived and worked (in their massive yard) with him and my grandmother for a summer. Before he retired he worked with radiology equipment. I believe he’d go around to doctors offices, hospitals, etc and sale them radiology equipment.

I can imagine he’d be amazed at the advancements that have been made with digital imagining in radiology. I’m sure we could have some interesting conversations about the potential for transferring digital images electronically, storing those images in a PHR, and other related PACS technology. I imagine he’d be amazed at how far we’ve come since he was working in the field. Certainly we still have a long ways to go, but looking at it this way I have to appreciate the technological advancements we’ve made.

My brother David (who has been writing on EMR News, Smart Phone Healthcare, EMR Screenshots and EMR videos) is in the process of becoming a pilot in the Air Force. He’s always wanted to be a pilot and so I’m really happy that he’s getting the chance to live his dream.

I honor him and all of our military troops who allow us to have the freedoms we have. It’s sad to think that in some countries a blog like this (or at least other blogs) might not be possible or might be filtered. We’re lucky to live in a land where freedom of expression is not only accepted, but encouraged.

My brother, David, posted the following status on his Facebook page:
“Instead of focusing on having a long weekend or that SWEET deal at the store, try doing something that a Marine/Sailor/Soldier/Airmen who gave the ultimate sacrifice can no longer do – in THEIR memory. Go for a walk and enjoy your family because somebody has given their life so that YOU can still enjoy this precious luxury that we often take for granted. Thank you to those who have served or are currently serving.”

On that note, I’m going to go take my wife and kids out on a hike, or throw a dance party, or something fun in honor of all those troops who’ve sacrificed so that we could have that right. I hope you do the same this Memorial Day.

May 30, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.