Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

The Biggest Challenge in Healthcare: Excuses

Posted on January 29, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In one of my many conversations, someone told me the following quote that really stuck with me. I can’t remember who told me it and they didn’t want to be named, but I thought the comment was incredibly insightful.

The problem with healthcare is that it’s all complex. If people want to find an excuse not to do something, they can find one.

I think this quote is spot on. Is there anything in healthcare that isn’t complex? At least in healthcare technology, everything is complex. It’s not enough to just create a solution and roll it out tomorrow. You have to consider HIPAA laws, FDA regulations, reimbursement regulations, Federal laws, state laws, medical licensures, medical liability, etc etc etc.

Doctors principle of “first do no harm” is very real in healthcare and a generally good principle, but it can also be invoked easily to say no to anything you don’t want to do. Even if the thing that could be done doesn’t actually do any harm and could actually be beneficial to patients.

My prediction is the next 10 years, organizations are going to be defined by how an organization approaches this challenge. On the one hand we’ll have organizations that choose to use complexity as an excuse to not innovate. On the other hand we’ll have organizations that embrace hard, challenging, complex problems with solutions instead of excuses. It won’t be easy for these organizations, but it will absolutely differentiate them from their competitors.

I’m not suggesting that we should lower the standards of what’s acceptable to implement in healthcare. Instead, I’m suggesting that we make the effort required to explore new innovations and collaboratively work on solutions that handle the complexity of healthcare while providing incredible value to your organization and patients. After all, the very best things in life are challenging and difficult. Let’s embrace the challenging and difficult instead of using it as an excuse for inaction.

Video Interview with Helen Waters, VP at MEDITECH

Posted on I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Healthcare Scene was lucky to sit down with Helen Waters, VP at MEDITECH, to talk about the EHR market and MEDITECH’s place in that market. Plus, we dive into the culture and history of MEDITECH and how it’s changed. We also explore MEDITECH’s plans around innovation, integration, and value along with MEDITECH’s efforts to deploy cloud and mobile solutions. Finally, we had to talk about healthcare interoperability. We hope you’ll enjoy this wide ranging interview with Helen Waters:

After the formal interview we did above, we allow people watching live to be able to ask questions and even hop on camera to offer their insights or ask questions of Helen in what we call the “after party.” In this “after party” discussion we talk to Helen about her thoughts on the changing healthcare reimbursement landscape and what MEDITECH is doing to prepare for it. We also talk about integrating telemedicine into MEDITECH. I also ask Helen about MEDITECH’s views on EHR APIs.

We hope you’ll enjoy this look into EHR vendor, MEDITECH.

NIST Goes After Infusion Pump Security Vulnerabilities

Posted on January 28, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As useful as networked medical devices are, it’s become increasingly apparent that they pose major security risks.  Not only could intruders manipulate networked devices in ways that could harm patients, they could use them as a gateway to sensitive patient health information and financial data.

To make a start at taming this issue, the National Institute of Standards and Technology has kicked off a project focused on boosting the security of wireless infusion pumps (Side Note: I wonder if this is in response to Blackberry’s live hack of an infusion pump). In an effort to be sure researchers understand the hospital environment and how the pumps are deployed, NIST’s National Cybersecurity Center of Excellence (NCCoE) plans to work with vendors in this space. The NCCoE will also collaborate on the effort with the Technological Leadership Institute at the University of Minnesota.

NCCoE researchers will examine the full lifecycle of wireless infusion pumps in hospitals, including purchase, onboarding of the asset, training for use, configuration, use, maintenance, decontamination and decommissioning of the pumps. This makes a great deal of sense. After all, points of network connection are becoming so decentralized that every touchpoint is suspect.

The team will also look at what types of infrastructure interconnect with the pumps, including the pump server, alarm manager, electronic medication administration record system, point of care medication, pharmacy system, CPOE system, drug library, wireless networks and even the hospital’s biomedical engineering department. (It’s sobering to consider the length of this list, but necessary. After all, more or less any of them could conceivably be vulnerable if a pump is compromised.)

Wisely, the researchers also plan to look at the way a wide range of people engage with the pumps, including patients, healthcare professionals, pharmacists, pump vendor engineers, biomedical engineers, IT network risk managers, IT security engineers, IT network engineers, central supply workers and patient visitors — as well as hackers. This data should provide useful workflow information that can be used even beyond cybersecurity fixes.

While the NCCoE and University of Minnesota teams may expand the list of security challenges as they go forward, they’re starting with looking at access codes, wireless access point/wireless network configuration, alarms, asset management and monitoring, authentication and credentialing, maintenance and updates, pump variability, use and emergency use.

Over time, NIST and the U of M will work with vendors to create a lab environment where collaborators can identify, evaluate and test security tools and controls for the pumps. Ultimately, the project’s goal is to create a multi-part practice guide which will help providers evaluate how secure their own wireless infusion pumps are. The guide should be available late this year.

In the mean time, if you want to take a broader look at how secure your facility’s networked medical devices are, you might want to take a look at the FDA’s guidance on the subject, “Cybersecurity for Networked Medical Devices Containing Off-the-Shelf Software.” The guidance doc, which was issued last summer, is aimed at device vendors, but the agency also offers a companion document offering information on the topic for healthcare organizations.

If this topic interests you, you may also want to watch this video interview talking about medical device security with Tony Giandomenico, a security expert at Fortinet.

Healthcare Data Breach Deja Vu…More Like Groundhog Day

Posted on January 27, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.


I was intrigued by Ryan Witt’s comment about it being Deja Vu when it came to more healthcare data breaches. In many ways he’s right. Although, I’d almost compare it more to the movie Groundhog Day than deja vu. If it feels like we’ve been through this before it’s because we have been through it before. The iHealthBeat article he links to outlines a wide variety of healthcare breaches and the pace at which breaches are occurring is accelerating.

I think we know the standard script for when a breach occurs:

  1. Company discovers a breach has occurred (or often someone else discovers it and lets them know)
  2. Company announces that a “very highly sophisticated” breach occurred to their system. (Note: It’s never admitted that they did a poor job protecting their systems. It was always a sophisticated attack)
  3. Details of the breach are outlined along with a notice that all of their other systems are secure (How they know this 2nd part is another question)
  4. They announce that there was no evidence that the data was used inappropriately (As if they really know what happens with the data after it’s breached)
  5. All parties that were impacted by the breach will be notified (Keeping the US postal service in business)
  6. Credit monitoring is offered to all individuals affected by the breach (Makes you want to be a credit monitoring company doesn’t it?)
  7. Everything possible is being done to ensure that a breach like this never happens again (They might need to look up the term “everything” in Webster’s dictionary)

It’s a pretty simple 7 step process, no? Have we seen this before? Absolutely! Will we see it again? Far too much.

Of course, the above just covers the public facing component of a breach. The experience is much more brutal if you’re an organization that experiences a breach of your data. What do they say? An ounce of prevention is worth a pound of cure. That’s never more appropriate than in healthcare security and privacy. Unfortunately, far too many are living in an “ignorance is bliss” state right now. What they don’t tell you is that ignorance is not bliss if you get caught in your ignorance.

The Fitness Wearable Nobody Knows About

Posted on I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I ran across a great article from Techcrunch that looked at the top 3 wearable vendors and they pointed out that most of us have probably never heard of the #3 wearable on that list. For those following along at home, the top 3 are Fitbit, Apple Watch, and Xiamoi Mi Band.

Everyone in the US has heard about Fitbit and the Apple Watch. However, my guess is that few in the US know about the Xiaomi Mi Band since 97% of its sales are in China. Here’s a look at the breakdown of wearable market share per the Techcrunch article linked above:

According to IDC, market leader Fitbit shipped 4.7 million wearable units in the third quarter, taking a 22.2 percent market share. Apple shipped 3.9 million units, for a 18.6 percent market share, while Xiaomi shipped 3.7 million units, or 17.4 percent of the market.

For all intents and purposes, the Xiaomi product line is very similar to the Fitbit product line. Some might even call it a knock off. The Mi Band originally started with steps, hours of sleep, and calories burned. Now the Mi Band Pulse also does heart rate. Have we heard this story before?

It’s really easy in our US centric minds to forget about what else is happening around the world. That’s particularly true of China which is one of the fastest growing wearable markets out there. I saw that first hand when I met all these Chinese digital health companies at CES. What will be interesting to watch is if and when some of these successful Chinese companies come to the US. We’ll see how they do.

Security Concerns Threaten Mobile Health App Deployment

Posted on January 26, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Healthcare organizations won’t get much out of deploying mobile apps if consumers won’t use them. And if consumers are afraid that their personal data will be stolen, they’ve got a reason not to use your apps. So the fact that both consumers and HIT execs are having what I’d deem a crisis of confidence over mHealth app security isn’t a good sign for the current crop of mobile health initiatives.

According to a new study by security vendor Arxan, which polled 815 consumers and 268 IT decision-makers, more than half of consumer respondents who use mobile health apps expect their health apps to be hacked in the next six months.

These concerns could have serious implications for healthcare organizations, as 76% of health app users surveyed said they would change providers if they became aware that the provider’s apps weren’t secure. And perhaps even more significantly, 80% of consumer health app users told Arxan that they’d switch to other providers if they found out that the apps that alternate provider offered were better secured. In other words, consumer perceptions of a provider’s health app security aren’t just abstract fears — they’re actually starting to impact patients’ health decision making.

Perhaps you’re telling yourself that your own apps aren’t terribly exposed. But don’t be so sure. When Arxan tested a batch of 71 popular mobile health apps for security vulnerabilities, 86% were shown to have a minimum of two OWASP Mobile Top 10 Risks. The researchers found that vulnerable apps could be tampered with and reverse-engineered, as well as compromised to provide sensitive health information. Easily-done hacks could also force critical health apps to malfunction, Arxan researchers concluded.

The following data also concerned me. Of the apps tested, 19 had been approved by the FDA and 15 by the UK National Health Service. And at least where the FDA is concerned, my assumption would be that FDA-tested apps were more secure than non-approved ones. But Arxan’s research team found that both FDA and National Health Service-blessed apps were among the most vulnerable of all the apps studied.

In truth, I’m not incredibly surprised that health IT leaders have some work to do in securing mobile health apps. After all, mobile health app security is evolving, as the form and function of mHealth apps evolve. In particular, as I’ve noted elsewhere, mobile health apps are becoming more tightly integrated with enterprise infrastructure, which takes the need for thoughtful security precautions to a new level.

But guidelines for mobile health security are emerging. For example, in the summer of last year, the National Institute of Standards and Technology released a draft of its mobile health cybersecurity guidance, “Securing Electronic Records on Mobile Devices” — complete with detailed architecture. Also, I’d wager that more mHealth standards should emerge this year too.

In the mean time, it’s worth remembering that patients are paying close attention to health apps security, and that they’re unlikely to give your organization a pass if they’re hacked. While security has always been a high-stakes issue, the stakes have gotten even higher.

What’s Happening at MEDITECH w/ Helen Waters, VP @MEDITECH

Posted on January 25, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

UPDATE: Here’s the video recording of my interview with Helen Waters from MEDITECH

MEDITECH - Helen Waters

Many in the large hospital EHR space have argued that it’s a two horse race between Cerner and Epic. However, many forget how many users MEDITEH still has using its healthcare IT products. Not to mention MEDITECH was originally founded in 1969 and has a rich history working in the space. On Friday, January 29, 2016 at 1 PM ET (10 AM PT), I’ll be sitting down with Helen Waters, VP at MEDITECH to talk about the what’s happening with MEDITECH and where MEDITECH fits into the healthcare IT ecosystem.

You can join my live conversation with Helen Waters and even add your own comments to the discussion or ask Helen questions. All you need to do to watch live is visit this blog post on Friday, January 29, 2016 at 1 PM ET (10 AM PT) and watch the video embed at the bottom of the post or you can subscribe to the blab directly. We’ll be doing a more formal interview for the first 30 minutes and then open up the Blab to others who want to add to the conversation or ask us questions. The conversation will be recorded as well and available on this post after the interview.

We’re interested to hear Helen’s comments about the culture and history of MEDITECH along with what MEDITECH’s doing with its products to change perceptions and misconceptions around the MEDITECH product. We’ll also be sure to ask Helen about important topics like interoperability and physician dissatisfaction (“Too Many Clicks!”). We hope you’ll join us to learn more about what’s happening with MEDITECH.

If you’d like to see the archives of Healthcare Scene’s past interviews, you can find and subscribe to all of Healthcare Scene’s interviews on YouTube.

Personalized Medicine Gone Wrong

Posted on January 22, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Personalized Care in a Digital World

Nothing like a cartoon to use humor to illustrate a really important point. We have to be careful that personalized medicine doesn’t make medicine less personal. Also, a great reminder that technology should assist the doctor and not replace it. Technology doesn’t have common sense.

7th Annual New Media Meetup at #HIMSS16 Sponsored by Stericycle Communication Solutions

Posted on January 21, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

UPDATE: Registration for this event is closed. If you’re registered for the event, we’ll send you an email with more details. Unfortunately, we’re at capacity, so if you’re not registered you won’t be able to attend.

7th Annual New Media Meetup - HIMSS16 in Chicago

For those of you planning to attend the HIMSS 2016 conference in Las Vegas, I’m excited to share the details of the 7th Annual New Media Meetup at HIMSS. For those who’ve missed the last 6 events, it’s a unique event that brings together healthcare IT bloggers, tweeters, and other social media influencers at the mecca of Healthcare IT conferences.

It’s incredible to think that this will be our 7th year hosting the New Media Meetup during HIMSS. Since HIMSS 2016 is returning to my hometown of Las Vegas, I knew we had to set a new bar for the event. Luckily our sponsor, Stericycle Communication Solutions, was on board with my ambitious plans. I hope everyone will spend some time checking out Stericycle Communication Solutions and thank them for sponsoring the event.

Here’s a quick summary of what we have planned for the event:
When: Wednesday 3/2 6:00-8:00 PM (Unofficial Karaoke after party starts at 8)
Where: Gilley’s at Treasure Island Casino – 3300 S Las Vegas Blvd, Las Vegas, NV 89109 MAP (Treasure Island is a short walk across the street from the Venetian/Sands)
Who: Anyone who uses or is interested in New Media (Blogs, Twitter, Social Media, Periscope, Blab, etc)
What: Food, Drinks, Mechanical Bull, Dance Floor, Giveaways, and Amazing People

Registration is Closed!

Note: If you’ve registered for the event, you’ll get an email with more details on the event. Since the event is at capacity, if you haven’t registered you’ll be unable to attend.

Sponsored by Stericycle Communication Solutions
SRCL Communication Solutions
Stericycle Communication Solutions helps bring patients and healthcare organizations closer together. We believe that the key to patient engagement and positive patient experiences is effective and timely communication.

Stericycle Communication Solutions offer a unique combination of Live Agent services and Technology products that allow patients and providers to interact through multiple communication channels: phone, email, voice, text and online. We provide scheduling (phone and online self-serve), physician referral, population health, payment, follow-up, after-hours answering, care coordination and appointment reminder solutions to over 27,000 organizations.

Learn more at www.stericyclecommunications.com

Those interested in the New Media Meetup at HIMSS will want to check out the full scale Healthcare IT Marketing and PR Conference that we’re hosting in Atlanta April 6-8, 2016. It’s a special 3 days devoted to health IT marketing and PR professionals.

A really big thank you also goes out to all the members of Influential Networks and Healthcare Scene that help promote the New Media Meetup. This event was originally brought together through social media and is still largely organized thanks to social media.

Let me know if you have any questions and I look forward to seeing many of you in Las Vegas very soon!

7th Annual New Media Meetup - HIMSS16 in Las Vegas

Consumer Health Devices versus Medical Devices

Posted on January 20, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I think there’s a major confusion in the current health app and device marketplace right now. The problem stems from consumers who draw conclusions even though claims aren’t really being made. I’ll use an example from my Healthcare Scene blog network.

I get asked all the time what I do for a job (like I’m sure most of you). I usually say that I’m a blogger and people then ask me what I blog about. I usually answer that I blog about healthcare IT. While people’s minds are blown by the fact that I’m a professional blogger, I can see in their eyes and often hear in their response that they didn’t really understand what it meant to blog about healthcare IT.

The most common interpretation is that I blog about health and wellness. I guess in some ways I tangentially blog about health and wellness, but no doubt in these people’s minds they’re picturing me writing about nutritional supplements, diet, fitness, and other health and wellness topics that they read in their magazines or favorite blogs online.

I never told them that I blogged about health and wellness, but they often interpret it that way since they don’t know the term healthcare IT to know what I really mean. When I try to clarify it for them, I often say that I write about how doctors use technology. That usually gets them closer.

I’ve found the same thing is happening with many consumer health devices. When you say that something is a consumer health devices they immediately draw their own conclusion that it must be a medical device that can be used by consumers. Unfortunately, the reality today is that consumer health devices are very different from medical devices.

As I’ve thought about the differences, I’ve come to realize that there’s one major difference that causes a lot of problems for those that misinterpret what they’re using. A medical device produces clinically relevant data that would be accepted and trusted by a medical professional. A consumer health device might or might not. We don’t know and therefore many medical professionals won’t use that data.

I don’t think it’s a problem that these consumer health devices don’t put out clinically relevant data. There seems to be a great business model for consumers to take a peak at their health data (regardless of how accurate it is). Plus, there are plenty of anecdotal stories about how this has helped individuals. That’s great.

The problem however comes in when we try to say that a consumer health device is something that it’s not. I think we’ll see this come into sharp focus over the next few years. Consumers will finally start to understand that not all devices are created equal. They’ll realize that some devices are clinically relevant (ie. their doctor will want and care about the data) and other devices are more for fun and intrigue than they are actually improving their health. Unfortunately, it’s just going to take us a while to get there.