Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

The State Of Healthcare Cybersecurity (Part 2)

Posted on May 22, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

In Part 1 of this series, which drew data from a study by Black Book Market Research, I described how insecure healthcare leaders felt their cybersecurity protections to be. I also noted that a large number of providers are struggling to recruit senior health IT experts, and as a result are basically winging it when it comes to breach protection.

Healthcare organizations’ data security problems run deeper than that, however, the study suggests. Not only are C-level execs finding security investments to be troublesome, IT managers responding to the survey admit that they, too, feel that they are not fully prepared to defend their institution’s data.

To begin with, 74% of surveyed CIOs admitted that they failed to evaluate the total cost of ownership before signing a deal with a cybersecurity solution or service provider, and 89% said they bought their cybersecurity solution to be compliant with security regs, and often, not necessarily to reduce security risks.

And the failure to protect critical information doesn’t stop there.  For example, 57% of IT managers said that they hadn’t taken stock of the full variety of cybersecurity solutions that currently exist, notably mobile security environments, intrusion detection, attack prevention, forensics and testing.

Also, many healthcare institutions seem to react only after they’ve been invaded. According to Black Book, 58% of hospitals didn’t select their current security vendor until after a data security incident, and 32% of healthcare organizations hadn’t scanned for vulnerabilities before an attack.

What’s more, 83% of healthcare organizations haven’t staged a cybersecurity drill which included an incident response process, which arguably leaves them particularly unprepared. Not only that, when an attack comes, some won’t catch it right away, as 29% said they don’t have an adequate solution to instantly detect and respond to cyberattacks.

Meanwhile, 16% of respondents reported being uncomfortable working with vendors that do a hard sell when they find security flaws and vulnerabilities. These insecurities aren’t surprising given that 60% of healthcare enterprises haven’t formally identified specific security objectives and requirements and integrated them into a strategic and tactical plan for breach prevention.

Given how unfocused many security plans are, it’s not surprising that 22% of provider organizations believe their cybersecurity position will worsen between now and the second quarter of 2019. Only 12% of hospitals and 9% of physician organizations reported that they expected to see cybersecurity improvements.

The bottom line here is that if the Black Book research is correct, many healthcare organizations are frighteningly unprepared to protect their data, much less survive a serious attack relatively unscathed. For everyone’s sake, let’s hope that providers wise up to the need for strategic, substantial investments in security technology and staff.

The State Of Healthcare Cybersecurity (Part 1)

Posted on May 21, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Healthcare data has never been under more outside threats than it is today. For a number of reasons, this data has become more attractive to cybercriminals and can be sold on the dark web for a pretty penny. Not only that, emerging threats like ransomware attacks are hitting home and wreaking havoc with the institutions they target.

Unfortunately, according to a new study by Black Book Market Research, healthcare organizations don’t seem to be adequately prepared for this onslaught.

The survey, which collected responses from more than 2,464 security pros working at 680 provider organizations, found that health IT leaders aren’t confident they can defend themselves against cyberattacks. In fact, 96% of IT professionals who responded said that the attackers are significantly ahead of them and could probably cut through the protection their organizations have in place.

Given that stat, it’s not surprising that over 90% of healthcare organizations have seen a data breach since Q3 2016. Worse, almost 50% reported that they had more than five data breaches during this period. Not only that, more than 180 million records have been stolen since 2015, a staggering haul which affects roughly one in every 12 healthcare consumers.

On the surface, it might seem surprising that healthcare organizations haven’t toughened their defenses given the number of threats they face. Actually, they are, but they’re being outgunned. It’s not that they’re not making cybersecurity investments, but both the level of investment and their strategy for deployment may be inadequate.

In a surprisingly frank set of disclosures, one-third of hospital executives that bought cybersecurity solutions between 2016 and 2018 said they did so blindly without much vision or understanding of what they were getting for their money. Respondents said that 92% of data security product and services buying decisions were made at the C-level, and the process didn’t include any users or affected department managers.

One reason that C-level executives with little relevant knowledge are making security investment decisions because they don’t have anyone senior to consult – and the problem is extremely common.

The survey found that 84% of hospitals responding had no dedicated security executive in place. Most say that it’s difficult to recruit a qualified chief security officer, which is why they’re going bare on data security and stumbling through the buying process as best they can.

Some organizations are responding to the shortage of C-level tech talent by outsourcing the function. Twenty-one percent said they outsource security to partners, consultants or selected security-as-a-service options as a placeholder.

Given this interest in outsourcing, healthcare organizations are signing deals with security services and outsourcing companies five times more often than they’re buying cybersecurity products and software. Vendors, in turn, are responding by diversifying the portfolio of services they offer. Still, that’s unlikely to be enough over the long term.

All of this suggests that the healthcare industry is in a security crisis. I’ll offer more details on the situation in part two of this series.

Study: Doctors Favor Integrated EMR, Practice Management System

Posted on September 13, 2013 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

While large institutions may not be jumping onto cloud-based technologies — or admitting it, in any event — the majority of doctors in a new Black Book survey are gung-ho on cloud solutions to their revenue cycle management dilemmas, according to a new piece in Healthcare IT News.

A new Black Book study, “Top Physician Practice Management & Revenue Cycle Management: Ambulatory EHR Vendors,” surveyed more than 8,000 CFOs, CIOs, administrators and support staff for hospitals and medical practices.

The research has concluded that 87 percent of all medical practices agree that their billing and collections systems need to be upgraded, HIN reports. And the majority of those physicians are in favor of moving to an integrated practice management, EMR and medical software product, Black Book concluded.

According to Black Book rankings, the revenue cycle management software and services industry just crossed the $12 billion mark, pushed up by reimbursement and payment reforms, accountable care trends, ICD-10 and declining revenues.

Forty-two percent of doctors surveyed said that they’re thinking about upgrading their RCM software within the next six to 12 months. And 92 percent of those seeking an RCM practice management upgrade are only planning to consider an app that includes an EMR, Healthcare IT News said.

It’s no coincidence that  doctors are trading up on financial tools. Doctors are playing catch-up financially in a big way, with 72 percent of  practices reporting that they anticipate declining to negative profitability in 2014 due to inefficient billing and records technology as well as diminishing reimbursements. (On the other hand, it’s not clear why doctors aren’t still seeking best-of-breed on both the EMR and PM side.)

While selecting an integrated PM/EMR system may work well for practices, it’s going to impose problems of its own, including but not limited to finding a system in which both sides are a tight fit with practice needs. It will be interesting to see whether doctors actually follow through with their PM/EMR buying plans once they dig in deep and really study their options.

EMR-Switching Physicians Demand Mobile EMR Apps

Posted on June 3, 2013 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

We already know that many physicians are considering dumping their current EMR, with up to one fifth telling research firm Black Book Rankings that they were considering a switch in 2013. Now,  Black Book says that it’s found a focus for the switch:  that physicians are looking for new EMRs to offer integrated mobile applications as front ends.

Seldom do you see as unanimous a decision as doctors seem to have made in this case. One hundred percent of practices responding to Black Book’s follow-up poll on EMR systems told the researchers that they expect vendors to allow access to patient data wherever physicians are providing or reviewing care, according to the firm’s managing partner Doug Brown.

Not surprisingly, vendors are responding to the upsurge in demand, which has certainly been building for a while. As part of the current survey, 122 vendors told Black Book that they plan to launch fully-functional mobile access and/or iPad-native versions of their EMR products by the end of this year, while another 135 say they have mobile apps on their near-term product roadmap.

Demand for core patient care functionality in mobile EMRs outpaces physicians’ interest in other types of mobile functionality by a considerable margin.

According to Black Book researchers, 8 percent of office-based physicians use a mobile device for electronic prescribing, accessing records, ordering tests or viewing result.  But 83 percent said they would jump on mobile EMR functions to update patient charts, check labs and order medications if their currrent EMR made them available.

When asked what  mobile EMR feature problems need to be addressed, current users of both virtualized and native iPad applications saw the same flaws as being the most important. Ninety-five percent of both groups said that the small screen of a smartphone was the biggest mobile EMR feature problem. Eighty-eight percent said difficulties with easy of movement within the chart was an issue, 83 percent said they wanted a simplified version of the EMR on their mobile screen and 71 percent wanted to see screens optimized for touch use.

For more info on EMR Switching check out this whitepaper called Making the Switch: Replacing Your EHR for More Money and More Control.

One-Fifth Of Physician Practices Might Switch EMRs

Posted on February 26, 2013 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Here’s yet more evidence that this is the year of the “big switch” in EMRs, at least among physicians. A new survey by Black Book Market Research has concluded that about 23 percent of practices with currently implemented EMRs are unhappy enough with their current system to consider switching to a different vendor.

According to a piece in Medical Economics, doctors’ concerns include a lack of interoperability, excessively complicated connectivity and networking and problems with mobile device integration.

The survey, which reached out to 17,000 doctors, found that internal medicine docs had the highest rates of satisfaction (89 percent), followed  by family practice (85 percent), general practice (82 percent) and pediatrics.

The unhappiest specialists were nephrologists (88 percent), followed closely by urologists (85 percent) and ophthalmologists (80 percent).

So if a practice is going to switch vendors, what are they looking for? The Medical Economics piece listed five “must-have” features doctors voted for in the Black Book survey:

* vendor viability

* data integration and network sharing

* adoption of mobile devices

* health information exchange support and connectivity

* perfected interfaces with lab, pharmacy, radiology, medical billing partners, and others

Unfortunately, they won’t find it easy to find all of these features in a single EMR.  Of course, you faithful editor isn’t the be-all and end-all when it comes to EMR products (who could be?) but it seems to me that if even pricier enterprise products seldom offer all of these options, it’s decidedly unlikely that ambulatory products will. (OK, vendor viability is a judgment call, but in a world where so many practices don’t like their EMR, it’s hard to imagine that vendors are at their strongest.)

Folks, the truth is that it looks like we’re coming to a market crash of some kind. Physicians aren’t getting what they need from EMRs, but vendors aren’t keeping up, especially in the realm of specialty EMRs.

As if that wasn’t enough, the threat of fines looms for practices that don’t get their Meaningful Use act together, something they may have trouble doing if they’re in the midst of EMR shopping, installation and adoption.

Time is getting tight, and customers aren’t happy. Ambulatory vendors, what’s your next move?