Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

How Health IT Helps and Hurts Patients – #HITsm Chat Topic

Posted on May 23, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 5/25 at Noon ET (9 AM PT). This week’s chat will be hosted by Amanda (@LALupusLady) on the topic of “How Health IT Helps and Hurts Patients (Especially Those with Chronic Conditions).”

Health IT is a powerful tool. It has changed the way patients, especially people with chronic illnesses live with and manage their care. As a woman living with multiple autoimmune illnesses for over three decades, my perspective is unique as I have seen the shift and how providers have been eager to adopt technology into their practice and recently experienced a doctor’s office where the fax machine is still the primary means of communication.

In my patient experience, I have chosen to adopt and use Health IT to assist me in managing my chronic care. Whether I am tracking my symptoms, keeping a food diary, or putting on a VR headset to help me relieve my pain, Health IT has improved my patient experience. While at the same time, the fact that with all the advances in Health IT that not every advance is a step forward for healthcare. There is frustration by patients that (in 2018) EHR developers have not yet developed a way for various platforms and institutions to connect to create one complete healthcare record for one patient.

Next week, I am proud that I will be at #HITExpo to share my patient experience at Healthcare Scene’s inaugural event in New Orleans. Understanding the value and insight that patients have can build an empathy, which I feel will directly improve the way Health IT collaborations work together.

Join me for this week’s #HITsm chat. Let’s start the conversation.

T1: How is Health IT (Apps, Devices and New Technology) helping streamline the patient experience (especially for people living with chronic conditions)? #HITsm

T2: How is Health IT hindering (hurting) the patient experience (especially for people living with chronic conditions)? #HITsm

T3: What Health IT companies/developers have made a positive impact on your life? How? If you are a patient, what Health IT has directly improved your patient experience? #HITsm

T4: How can Health IT work together with patient communities to improve outcomes and engagement? #HITsm

T5: What can you do to support Health IT “collaborations that work” with patients, especially those living with chronic conditions? #HITsm

Bonus: What are you most looking forward to at #HITExpo? #HITsm

Wishing you a Healthy and Happy Lupus Awareness Month. Can’t wait to chat together.

Upcoming #HITsm Chat Schedule
6/1 – #HITExpo Hiatus
The #HITsm chat will be on hiatus this week with the Health IT Expo happening in New Orleans. Please join in on the conversation happening on the #HITExpo conference hashtag.

6/8 – TBD
Hosted by Jeanne Bliss (@jeannebliss)

6/15 – TBD
Hosted by Janice McCallum (@janicemccallum)

6/22 – IT and Affordability, Care for the Poor, Population Health in Low-income Areas
Hosted by Lenny Liebmann (@LennyLiebmann)

6/29 – TBD
Hosted by @MEDITECH

7/6 – TBD
Hosted by Lea Chatham (@LeaChatham)

We look forward to learning from the #HITsm community! As always, let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

The State Of Healthcare Cybersecurity (Part 2)

Posted on May 22, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

In Part 1 of this series, which drew data from a study by Black Book Market Research, I described how insecure healthcare leaders felt their cybersecurity protections to be. I also noted that a large number of providers are struggling to recruit senior health IT experts, and as a result are basically winging it when it comes to breach protection.

Healthcare organizations’ data security problems run deeper than that, however, the study suggests. Not only are C-level execs finding security investments to be troublesome, IT managers responding to the survey admit that they, too, feel that they are not fully prepared to defend their institution’s data.

To begin with, 74% of surveyed CIOs admitted that they failed to evaluate the total cost of ownership before signing a deal with a cybersecurity solution or service provider, and 89% said they bought their cybersecurity solution to be compliant with security regs, and often, not necessarily to reduce security risks.

And the failure to protect critical information doesn’t stop there.  For example, 57% of IT managers said that they hadn’t taken stock of the full variety of cybersecurity solutions that currently exist, notably mobile security environments, intrusion detection, attack prevention, forensics and testing.

Also, many healthcare institutions seem to react only after they’ve been invaded. According to Black Book, 58% of hospitals didn’t select their current security vendor until after a data security incident, and 32% of healthcare organizations hadn’t scanned for vulnerabilities before an attack.

What’s more, 83% of healthcare organizations haven’t staged a cybersecurity drill which included an incident response process, which arguably leaves them particularly unprepared. Not only that, when an attack comes, some won’t catch it right away, as 29% said they don’t have an adequate solution to instantly detect and respond to cyberattacks.

Meanwhile, 16% of respondents reported being uncomfortable working with vendors that do a hard sell when they find security flaws and vulnerabilities. These insecurities aren’t surprising given that 60% of healthcare enterprises haven’t formally identified specific security objectives and requirements and integrated them into a strategic and tactical plan for breach prevention.

Given how unfocused many security plans are, it’s not surprising that 22% of provider organizations believe their cybersecurity position will worsen between now and the second quarter of 2019. Only 12% of hospitals and 9% of physician organizations reported that they expected to see cybersecurity improvements.

The bottom line here is that if the Black Book research is correct, many healthcare organizations are frighteningly unprepared to protect their data, much less survive a serious attack relatively unscathed. For everyone’s sake, let’s hope that providers wise up to the need for strategic, substantial investments in security technology and staff.

The State Of Healthcare Cybersecurity (Part 1)

Posted on May 21, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Healthcare data has never been under more outside threats than it is today. For a number of reasons, this data has become more attractive to cybercriminals and can be sold on the dark web for a pretty penny. Not only that, emerging threats like ransomware attacks are hitting home and wreaking havoc with the institutions they target.

Unfortunately, according to a new study by Black Book Market Research, healthcare organizations don’t seem to be adequately prepared for this onslaught.

The survey, which collected responses from more than 2,464 security pros working at 680 provider organizations, found that health IT leaders aren’t confident they can defend themselves against cyberattacks. In fact, 96% of IT professionals who responded said that the attackers are significantly ahead of them and could probably cut through the protection their organizations have in place.

Given that stat, it’s not surprising that over 90% of healthcare organizations have seen a data breach since Q3 2016. Worse, almost 50% reported that they had more than five data breaches during this period. Not only that, more than 180 million records have been stolen since 2015, a staggering haul which affects roughly one in every 12 healthcare consumers.

On the surface, it might seem surprising that healthcare organizations haven’t toughened their defenses given the number of threats they face. Actually, they are, but they’re being outgunned. It’s not that they’re not making cybersecurity investments, but both the level of investment and their strategy for deployment may be inadequate.

In a surprisingly frank set of disclosures, one-third of hospital executives that bought cybersecurity solutions between 2016 and 2018 said they did so blindly without much vision or understanding of what they were getting for their money. Respondents said that 92% of data security product and services buying decisions were made at the C-level, and the process didn’t include any users or affected department managers.

One reason that C-level executives with little relevant knowledge are making security investment decisions because they don’t have anyone senior to consult – and the problem is extremely common.

The survey found that 84% of hospitals responding had no dedicated security executive in place. Most say that it’s difficult to recruit a qualified chief security officer, which is why they’re going bare on data security and stumbling through the buying process as best they can.

Some organizations are responding to the shortage of C-level tech talent by outsourcing the function. Twenty-one percent said they outsource security to partners, consultants or selected security-as-a-service options as a placeholder.

Given this interest in outsourcing, healthcare organizations are signing deals with security services and outsourcing companies five times more often than they’re buying cybersecurity products and software. Vendors, in turn, are responding by diversifying the portfolio of services they offer. Still, that’s unlikely to be enough over the long term.

All of this suggests that the healthcare industry is in a security crisis. I’ll offer more details on the situation in part two of this series.

Strong Statements from Vinod Khosla at HLTH

Posted on May 16, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Last week I had the opportunity to attend a small piece of the new HLTH conference in Las Vegas. My time at the event was cut extremely short as I had to head to Science Camp with 80 5th graders (including my daughter), but I was able to hear the opening keynotes on Sunday. I was most interested in hearing from Vinod Khosla who I don’t always agree with, but he often causes me to look at something a little different or to see the future in a new way. As usual, that’s what he delivered on stage (Between pitches for his companies of course). Here’s a look at some of the pictures and tweets I shared from Vinod’s talk at HLTH.


Needless to say, HLTH was a big event. When you pour $5 million into an event, it better be big. Not to mention the marketing they did for the event. I’m glad to not see HLTH ads on every website I visit now. The turnout for the event seemed good. I saw a lot of social media people there that I know. I was surprised by how many young people were at the conference. Maybe the CEOs they reference in their marketing were a lot of startup CEOs.


This was an extremely powerful and thought provoking statement for me. His assertion is that instead of treating people based on their symptoms, the devices and sensors we use to monitor and measure our health will be so good that these health measurements will drive medicine and not the symptoms we experience. Chew on that concept for a while and you’ll see how it’s not that far fetched even if it is still a ways away.


I’m no expert on medical education, but this does bring up some challenging questions for medical schools. In many ways, it’s similar to what I feel about elementary school for my kids. Sure, there’s a baseline of knowledge that is helpful to understand. However, when it comes to diagnosis, treatment, etc, we’re going to have to seriously consider how we train future doctors. New skills are going to be required to effectively treat a patient. I can’t imagine most medical schools are going to be ready to adapt to this change.


I tweeted this after Vinod talked about all the various tests, labs, etc he’s getting. He sees it as research and suggests that it’s not something that other people should be doing. Vinod seems to have a similar view of health testing as Mark Cuban. Mark Cuban controversial suggested that those who can afford it should do regular blood tests. Opponents argue that it drives unnecessary procedures, unnecessary health fears, and plenty of other issues from over testing. I’ve always felt like there was a balance and it was important for Vinod and Mark to understand these possibilities as they test regularly. However, having this baseline of information could be extremely valuable in discovering what really influences our health.

Some pretty interesting things to think about. Is it very practical for a health IT professional? Probably not and that’s probably why I didn’t see any health IT professionals, CIOs, or other people like that at the HLTH conference. That’s not the goal of the conference really. It seems like there will be another HLTH in 2019. Will be interesting to see what vendors return and who doesn’t.

Of course, some people got distracted at HLTH by the wedding chapel:


Then again, maybe a HLTH Wedding might be a great outcome for some people.

Practical Applications of EMR Optimization Through Clinical Decision Support – #HITsm Chat Topic

Posted on May 15, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 5/18 at Noon ET (9 AM PT). This week’s chat will be hosted by Justin Campbell (@tjustincampbell) from @GalenHealthcare on the topic of “Practical Applications of EMR Optimization Through Clinical Decision Support”


As a primer for the upcoming Health IT Expo, we will be discussing practical applications of EMR optimization through clinical decision support. Optimization dominates Health IT leaders’ list of priorities as they seek to rationalize EMR investment and harness its capabilities for improving efficiency, care and outcomes. However, boil-the-ocean approaches to EMR optimization can be counterproductive and stifle progress. Instead, Health IT leaders would be best served to focus on practical applications of optimization – specifically through clinical decision support, which serves as a lynchpin to clinical quality improvement initiatives.

Clinical decision support (CDS) provides clinicians, staff, patients or other individuals with knowledge and person-specific information, intelligently filtered or presented at appropriate times, to enhance health and health care.

CDS has a number of important benefits, including:

  • Increased quality of care and enhanced health outcomes
  • Avoidance of errors and adverse events
  • Improved efficiency, cost-benefit, and provider and patient satisfaction

CDS encompasses a variety of tools to enhance decision-making in the clinical workflow. These tools include:

  • Computerized alerts and reminders to care providers and patients
  • Clinical guidelines
  • Condition-specific order sets
  • Focused patient data reports and summaries
  • Documentation templates
  • Diagnostic support, and contextually relevant reference information

The majority of CDS applications operate as components of comprehensive EHR systems, although stand-alone CDS systems are also used. Many modern EMRs contain CDS capabilities such as rule engines, predictive modeling languages, and alert and order set authoring. However, the development and use of effective CDS within the EMR requires significant clinical, IT, and knowledge management resources that many organizations do not possess. This has led an increasing number of organizations to use compartmentalized decision support platforms other than EMR to drive portions of their CDS programs.

Ideally, CDS tools will be readily accessible to a wide array of caregivers where and when they need them, irrespective of what electronic health record they’re using. One such initiative emerging to share CDS resources is the AHRQ-funded CDS Consortium Project, which has demonstrated successfully that CDS from Partners Healthcare could be delivered to disparate EMRs across the country.

In an age of overwhelming data access and rapid technological development, ensuring clinicians have the clinical decision support tools to sift through a sea of information to find what is most relevant to their patient’s needs is vital to optimizing health outcomes.

In this tweetchat, we will discuss types of CDS (including sepsis surveillance, risk calculators, drug interaction, among others), mechanisms to deliver CDS to the point of care, workflow and alert fatigue implications, and methods for sharing proven CDS libraries.

Resources and Other EMR Optimization & CDS Reading:

  1. EMR Optimization Whitepaper
  2. EMR Optimization Infographic
  3. HealthIT.gov Clinical Decision Support
  4. CDS in the Cloud: Deploying a CDC Guideline for National Use
  5. Almost 20 Percent of CDS Alert Dismissals May Be Inappropriate
  6. EHR vendors, AHIMA push use of clinical decision support to prevent patient falls
  7. EMR Sepsis Surveillance – Achieving Optimal Sepsis Sensitivity & Specificity
  8. Integrated Health Calculators Whitepaper

Join us for this week’s #HITsm chat where we’ll discuss the following:

T1: What experiences do you have with CDS implementation? What impacts (positive and negative) did it have? #HITsm

T2: How can CDS best be deployed to the point of care without exacerbating alert fatigue? #HITsm

T3: How are different types of CDS initiatives (VTE, sepsis detection & prevention; clinical pathways implementation; risk calculation) prioritized? #HITsm

T4: Is CDS best suited to be managed by EMR vendors or can CDS be shared across vendors? How? #HITsm

T5: What are strategies to manage to CDS code and clinical peer review and rating? #HITsm

Bonus: What are mechanisms for making knowledge artifacts for CDS shareable? #HITsm

Upcoming #HITsm Chat Schedule
5/25 – TBD
Hosted by Amanda (@LALupusLady)

6/1 – #HITExpo Hiatus
The #HITsm chat will be on hiatus this week with the Health IT Expo happening in New Orleans. Please join in on the conversation happening on the #HITExpo conference hashtag.

6/8 – TBD
Hosted by Jeanne Bliss (@jeannebliss)

We look forward to learning from the #HITsm community! As always, let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

More Than 1.1 Million Patient Records Breached During Q1 of 2018

Posted on May 14, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Well, this isn’t a pretty picture. According to research by Protenus, roughly 1.3 million patient records were breached between January and March of this year. (The actual number is 1,129,744 records, for those who like to be precise.)

During that quarter, the healthcare industry saw an average of at least one data breach per day, racking up 110 health data breaches during this period, according to the Protenus Breach Barometer.

The researchers found that the single largest breach taking place during Q1 2018 was an intrusion involving an Oklahoma-based healthcare organization. The breach, which exposed patient billing information for 279,856 patients, resulted from an unauthorized third-party gaining access to the health system’s network.

If you assume that the other breaches were also executed by external cyberattackers, think again. According to the data, healthcare staffers represented a far bigger risk of being involved with security violations.

The data suggests that such insiders were most likely to illegally access data on the family members, a problem which accounted for 77.1% of privacy violations in the first quarter of this year. Accessing records on coworkers was the second most common insider-related violation, followed by accessing neighbor and VIP records.

Not only that, Protenus researchers found that if a healthcare employee breaches patient privacy once, there’s a greater than 20% chance they will breach privacy again in three months’ time. Worse, there’s a greater than 54% chance they will do so again in a years’ time. That’s a pretty nasty form of compounding risk.

Not only that, do healthcare institutions catch breaches right away? According to Protenus research, it takes healthcare organizations an average of 244 days to detect breaches once they take place. As readers know, some of these events involve information being exposed to the Internet, offering private information to the public via an unprotected interface. Also pretty ugly, and also a source of lousy PR for the organization.

This research is a sobering follow-up to the company’s year-end report for 2017. Last year, according to Protenus research, there was an average of one health data breach per year in 2017. The 407 incidents it identified affected 5,579,438 patient records.

The largest breach taking place in last year involved a rogue insider, a hospital employee, who inappropriately accessed billing information on 697,800 patients. The rest of the top 10 largest data breaches largely sprang from insider errors.

Wow. If it wasn’t evident already, it’s pretty clear now that healthcare organizations need to tighten up their internal data security measures and training substantially.

While there will always be some folks who want to snoop on celebrity records to find imaging medical information on their ex, and some who plan to sell the information outright, a greater number simply need to be reminded what the rules are. (Or so I assume and fervently hope.)

How Technology Helped My Family Receive a Better Healthcare Experience

Posted on May 10, 2018 I Written By

The following is a guest blog post by Brittany Quemby, Marketing Strategist for Stericycle Communication Solutions, as part of the Communication Solutions Series of blog posts. Follow and engage with them on Twitter: @StericycleComms

Brittany Quemby - Stericycle

When was the last time you had a truly outstanding patient experience? For my family, two healthcare facilities located hours apart recently teamed up to make our lives significantly more convenient. Without modern technology, however, our new reality may never have been possible. Let’s start from the beginning.

A few years ago, my family member suffered a heart attack that caused a traumatic brain injury. He was treated at a major facility about two hours away from his home for speech therapy, occupational therapy, neurological care, cardiologist support, and more. After a year of hard work, he was discharged from the hospital and was able to move back to his home town.

Unfortunately, his community hospital was not equipped to provide the specific care he required. So for the next two years, he and his wife, who is now his primary care giver, commuted to the city multiple times a week to ensure he received the care he needed.

Eventually, we all wondered the same thing: Isn’t there a better way?

After many meetings with the facility that treated my relative and our local hospital, we started discussing how digital health experiences and virtual care could augment my family’s patient and caregiver experience. We were determined to find a solution that provided care options and choice, and allowed them to continue receiving the necessary care without the exhaustion of “living on the road.”

A recent study by Accenture said it best: “Finding the best combination of traditional in-person services and making those same services available virtually can offer consumers the choice they want in deciding when and how they receive care and support.”

Fortunately, we learned that our local hospital was equipped to provide virtual care. However, many patients had not yet taken advantage of these technologies. After some coordinating between facilities, we were able to set up ongoing virtual appointments. These appointments enabled my family member to receive care in a much more convenient setting.

With virtual appointments, they can even:

  • Easily schedule virtual appointments
  • Participate in the appointments from the comfort of a boardroom at the hospital
  • Consult with the first hospital’s specialist and also an in-person care facilitator
  • Receive follow-up health reminders and education directly after the appointment

Now, almost half of his appointments have transitioned to virtual appointments. And my family is not the only one taking advantage of this care capability. Recent research explores the many reasons why healthcare consumers are making this virtual shift:

  • One of the top three reasons why consumers tried virtual health was convenience. 37% said it was more convenient than traditional, in-person health services
  • 76% of people would have a follow-up appointment (after seeing a doctor or healthcare professional)
  • 74% would get virtual follow-up care services in their home after being hospitalized
  • 73% would discuss a specific health concern virtually with a doctor or other healthcare people and
  • 72% would be open to getting virtual daily support to manage an ongoing health issue

Consumer willingness to demand choice and becoming more involved in their health is rising. Like my family, more patients are ready to collaborate with clinicians, embrace new technologies, and explore digital health experiences that can help manage our health and create more convenient and engaging patient experiences.

Learn more about how Stericycle Communication Solutions is helping create the optimal patient experience through a combination of human and tech-enabled communication services. Check out our service overview here!

The Communication Solutions Series of blog posts is sponsored by Stericycle Communication Solutions, a leading provider of high quality live agent services, scheduling solutions, and automated messaging solutions.  Stericycle Communication Solutions provides unified human & tech-enabled communication solutions for optimized patient experiences.  Connect with Stericycle Communication Solutions on social media: @StericycleComms

Why You Shouldn’t Take Calculated Risks with Security

Posted on May 9, 2018 I Written By

The following is a guest blog post by Erin Gilmer (@GilmerHealthLaw).

Calculated risks are often lauded in innovation.  However, with increasing security breaches in the tech industry, it is time to reassess the calculated risks companies take in healthcare.

Time and again, I have advised technology companies and medical practices to invest in security and yet I am often met with resistance, a culture of calculated risk prevails.  To these companies and practices, this risk may make sense to them in the short term. Resources are often limited and so they often believe that they needn’t spend the time and money in security.  However, the notion that a company or a practice can take this chance is ill advised.

As a recent study conducted by HIMSS (and reviewed by Ann Zieger here) warns, “significant security incidents are projected to continue to grow in number, complexity and impact.” Thus in taking the calculated risk not to invest in security, companies and practices are creating greater risk for in the long run, one that comes with severe consequences.

As we have seen outside of healthcare, even “simple” breaches of user names and passwords as happened to Under Armour’s MyFitnessPal app, become relatively important use cases as examples of the impact a security breach can have. While healthcare companies typically think of this in terms of HIPAA compliance and oversight by the Office for Civil Rights (OCR), the consequences reach far wider.  Beyond the fines or even jail time that the OCR can impose, what these current breaches show us is how easy it is for the public to lose trust in an entity.  For a technology company, this means losing valuation which could signal a death knell for a startup. For a practice, this may mean losing patients.  For any entity, it will likely result in substantial legal fees.

Why take the risk not to invest in security? A company may think they are saving time and money up front and the likelihood of a breach or security incident is low. But in the long run, the risk is too great – no company wants to end up with their name splashed across the headlines, spending more money on legal fees, scrambling to notify those whose information has been breached, and rebuilding lost trust.  The short term gain of saving resources is not worth this risk.

The best thing a company or practice can do to get started is to run a detailed risk assessment. This is already required under HIPAA but is not always made a priority.  As the HIMSS report also discussed, there is no one standard for risk assessment and often the OCR is flexible knowing entities may be different sizes and have different resource. While encryption standards and network security should remain a high priority with constant monitoring, there are a few standard aspects of risk assessment including:

  • Identifying information (in either physical or electronic format) that may be at risk including where it is and whether the entity created, received, and/or is storing it;
  • Categorizing the risk of each type of information in terms of high, medium, or low risk and the impact a breach would have on this information;
  • Identifying who has access to the information;
  • Developing backup systems in case information is lost, unavailable, or stolen; and
  • Assessing incidence response plans.

Additionally, it is important to ensure proper training of all staff members on HIPAA policies and procedures including roles and responsibilities, which should be detailed and kept up to date in the office.

This is merely a start and should not be the end of the security measures companies and practices take to ensure they do not become the next use case. When discussing a recent $3.5 million settlement, OCR Director Roger Severino recently emphasized that, “there is no substitute for an enterprise-wide risk analysis for a covered entity.” Further, he stressed that “Covered entities must take a thorough look at their internal policies and procedures to ensure they are protecting their patients’ health information in accordance with the law.”

Though this may seem rudimentary, healthcare companies and medical practices are still not following simple steps to address security and are taking the calculated risk not to – which will likely be at their own peril.

About Erin Gilmer
Erin Gilmer is a health law and policy attorney and patient advocate. She writes about a range of issues on different forums including technology, disability, social justice, law, and social determinants of health. She can be found on twitter @GilmerHealthLaw or on her blog at www.healthasahumanright.wordpress.com.

Using Technology to Coordinate Care and Improve Outcomes in Behavioral Health – #HITsm Chat Topic

Posted on May 8, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 5/11 at Noon ET (9 AM PT). This week’s chat will be hosted by Bryan Wempen (@bryanwempen) from Netsmart on the topic of “Using Technology to Coordinate Care and Improve Outcomes in Behavioral Health.”

Technology is advancing rapidly and access to individual health and mental health data is starting to become more readily accessible to care providers; reimagining how care will be delivered and supported is a priority.  Example: mobile crisis team on the move utilizing mobile technology as they are rolling down streets and neighborhoods to assist those who need services and care the most.  In order to keep the supply of care matched to demand, it’s critical that we consider how information technology can help to extend quality care outside the four-walls of physical service locations.

As a healthcare technology professional, I’m always excited and curious to jump into a conversation about behavioral health care technology and services – exploring where an industry, ‘solution’ or program has been, where it’s at today, and what its future may bring. I look forward to hosting the #HITsm chat.

Reference Materials

Please join us for this week’s #HITsm chat as we discuss the following questions:

T1: What are some of the ways technology can be used to reduce barriers to behavioral health care and why has technology not been more widely adopted in the mental and behavioral health space? #HITsm

T2: How can technology be used to identify at-risk individuals and provide appropriate behavioral health care before need escalates? #HITsm

T3: What are some ways technology can be used to coordinate primary care and behavioral health services? #HITsm

T4: How can technology improve engagement and collaboration between patients, behavioral health service providers, payers and 3rd parties? #HITsm

T5: What is the future of coordinating care across the whole person experience (mental health, substance recovery, corrections, primary care)? #HITsm

Bonus: What are some of the challenges and nuances of integrating tele behavioral health into the outpatient setting?  #HITsm

Upcoming #HITsm Chat Schedule
5/18 – Practical Applications of EMR Optimization Through Clinical Decision Support
Hosted by Justin Campbell (@tjustincampbell) from @GalenHealthcare

5/25 – TBD
Hosted by Amanda (@LALupusLady)

6/1 – TBD
Hosted by TBD

6/8 – TBD
Hosted by TBD

6/15 – TBD
Hosted by Janice McCallum (@janicemccallum)

6/22 – TBD
Hosted by Lenny Liebmann (@LennyLiebmann)

We look forward to learning from the #HITsm community! As always, let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

Google And Fitbit Partner On Wearables Data Options

Posted on May 7, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Fitbit and Google have announced plans to work together, in a deal intended to “transform the future of digital health and wearables.” While the notion of transforming digital health is hyperbole even for companies the size of Google and Fitbit, the pairing does have plenty of potential.

In a nutshell, Fitbit and Google expect to take on both consumer and enterprise health projects that integrate data from EMRs, wearables and other sources of patient information together. Given the players involved, it’s hard to doubt that at least something neat will emerge from their union.

Among the first things the pair plans to use Google’s new Cloud Healthcare API to connect Fitbit data with EMRs. Of course, readers will know that it’s one thing to say this and another to actually do it, but gross oversimplifications aside, the idea is worth pursuing.

Also, using services such as those offered by Twine Health– a recent Fitbit acquisition — the two companies will work to better manage chronic conditions such as diabetes and hypertension. Twine offers a connected health platform which leverages Fitbit data to offer customized health coaching.

Of course, as part of the deal Fitbit is moving to the Google Cloud Platform, which will supply the expected cloud services and engineering support.

The two say that moving to the Cloud Platform will offer Fitbit advanced security capabilities which will help speed up the growth of Fitbit Health Solutions business. They also expect to make inroads in population health analysis. For its part, Google also notes that it will bring its AI, machine learning capabilities and predictive analytics algorithms to the table.

It might be worth a small caution here. Google makes a point of saying it is “committed” to meeting HIPAA standards, and that most Google Cloud products do already. That “most” qualifier would make me a little bit nervous as a provider, but I know, why worry about these niceties when big deals are afoot. However, fair warning that when someone says general comments like this about meeting HIPAA standards, it probably means they already employ high security standards which are likely better than HIPAA. However, it also means that they probably don’t comply with HIPAA since HIPAA is about more than security and requires a contractual relationship between provider and business associate and the associated liability of being a business associate.

Anyway, to round out all of this good stuff, Fitbit and Google said they expect to “innovate and transform” the future of wearables, pairing Fitbit’s brand, community, data and high-profile devices with Google’s extreme data management and cloud capabilities.

You know folks, it’s not that I don’t think this is interesting. I wouldn’t be writing about if I didn’t. But I do think it’s worth pointing out how little this news announcement says, really.

Yes, I realize that when partnerships begin, they are by definition all big ideas and plans. But when giants like Google, much less Fitbit, have to fall back on words like innovate and transform (yawn!), the whole thing is still pretty speculative. Just sayin’.