Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Medical Schools Developing School-Specific Apps for Students

Posted on August 9, 2012 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

Since I recently suggested 5 Must-Have Apps for Medical Students, I found this article to be intriguing. Apparently, medical schools are starting to create their own apps for students in their programs. The articles lists five reasons why medical schools are starting to provide students with school-specific apps:

  1. There is no readily available means of knowing which apps are safe, reliable, and useful
  2. The apps are developed by clinicians and others out of real and specific needs
  3. A wide range of resources are readily available
  4. Reimbursement is not a prerequisite for development
  5. They are unique and complex healthcare institutions

Until certification programs, such as the one being developed by Happtique, are up and running, I would be wary of trusting just any medical app out there. For that reason alone, I think it is a good idea for med schools to create apps that they approve for students to use. That, or provide a list of apps that have been reviewed by professors and clinicians at the University. Because probably every student in medical school has a smart phone, this would be a great resource to have available for students.

Every school is different, even if the bulk of the material taught is the same. Having course-specific apps developed by clinicians and other educators at the school would be helpful for both students and teachers a like. The article mentioned that this could possibly encourage adoption success, which is a win-win all around. And going into number three, what better place to develop a medical app than a place that has just about every medical resource available? I would be way more likely to trust an app created using medical school resources than just some company that creates apps.

I feel like most of the reasons are similar and connected in some way, but they definitely make sense. While I’m not a med student, or anything close to it, I can definitely see the value in this. There are a lot of possibilities for great apps that could be created. It makes me wonder if possibly a new fee will be added to the already exorbitantly high tuition that comes with medical school: app creation fee. I don’t see this totally coming without a price!

Risk Assessment and HIPAA Security Compliance Starting Points

Posted on I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

If you look at the number one meaningful use audit risk for a healthcare organization, I’m certain you’ll find lack of a proper Risk Assessment at the top of the list. I found this video of Jack Kolk, President of ACR2, talking about the need to do a risk assessment as part of the HITECH EHR incentive money which I’ll embed below.

That’s right, there’s a whole company that’s main focus is doing healthcare risk assessments. I think this illustrates a number of things. First, there are a lot of healthcare organizations that are outsourcing their risk assessment. This is likely a good plan for most large organizations since they often don’t have the time or expertise to do it well in house. Second, I believe it also illustrates that doing the risk assessment is not a simple task. There’s a lot that goes in to doing a proper risk assessment.

I must admit that I was also intrigued by ACR2’s cloud based risk assessment platform. Far too often a risk assessment consists of huge stacks of paper that get shuffled around the office. There’s a certain irony that the audit of IT would happen on stacks of paper. It just makes sense to do the risk assessment in the cloud.

Regular readers will probably now realize that I think the risk assessment is important both because of the meaningful use audit risk, but also because keeping a patient’s health information secure is the right thing to do.

The reality is that half of you reading this have already done a proper risk assessment or are looking to do one now. The other half have already decided that it’s too much work and so you don’t care to go to the work of a full risk assessment. You’d prefer to risk not doing one. You won’t likely admit this in public, but I know this is what goes on in many healthcare organizations.

For this later group, let me see if I can at least offer a couple important suggestions on HIPAA security compliance and protecting your health information. If healthcare did only these two things, we’d see a decrease in HIPAA violations.

Disk Encryption – Hospitals have no excuse to not be doing disk encryption on all of their devices. The technology is there and every hospital IT staff should be able to easily implement disk encryption in their environment. I’m not going to give a pass to ambulatory environments either, but I won’t be surprised if many ambulatory clinics just never knew they should be doing it.

Disk encryption is a relatively simple technology to implement and should have very little effect on your workflow. Every hospital CIO should make this mandatory and implement it immediately if it’s not already implemented. Every ambulatory office even down to the solo practice should find some IT help to implement disk encryption in their environment as well. If your IT support doesn’t know how to do disk encryption (and possibly if they haven’t recommended it previously), then you might want to consider finding new IT support.

Strong Authentication – Generally organizations do a pretty good job when it comes to strong authentication. I know that this is the case because I hear so many people complaining about their hospitals authentication requirements. Most have some sort of two factor authentication in place and have implemented strong password policies.

One challenge for hospitals is that they have so many different applications that they manage. This makes it a real challenge to ensure that good password policies and other authentication requirements are met.

Luckily, the tools we have to centrally manage these and other computer security policies are so much better today than they were previously. Plus, most of them integrate with an array of biometric, single sign on (SSO), Digital Signatures, and more. I’ve been a big fan of the DigitalPersona biometric solution since I first wrote about it years ago. It is really amazing how far they’ve come with their integration in the enterprise healthcare environment and how they can solve many of these issues.

The Real Solution
The most important thing a healthcare organization can do is to integrate HIPAA security and risk assessment into everything they do. Securing health IT and assessing your risk shouldn’t just be a one time event. Instead, a quality healthcare organization will make an institutional decision to make HIPAA security a priority in everything they do. However, the realist in me hopes that every organization will at least start with disk encryption and strong authentication.

This post is sponsored by HP Healthcare, however opinions on products and services expressed here are my own. Disclosure per FTC’s 16 CFR, Part 255.