Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Key Articles in Health IT from 2017 (Part 2 of 2)

Posted on January 4, 2018 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The first part of this article set a general context for health IT in 2017 and started through the year with a review of interesting articles and studies. We’ll finish the review here.

A thoughtful article suggests a positive approach toward health care quality. The author stresses the value of organic change, although using data for accountability has value too.

An article extolling digital payments actually said more about the out-of-control complexity of the US reimbursement system. It may or not be coincidental that her article appeared one day after the CommonWell Health Alliance announced an API whose main purpose seems to be to facilitate payment and other data exchanges related to law and regulation.

A survey by KLAS asked health care providers what they want in connected apps. Most apps currently just display data from a health record.

A controlled study revived the concept of Health Information Exchanges as stand-alone institutions, examining the effects of emergency departments using one HIE in New York State.

In contrast to many leaders in the new Administration, Dr. Donald Rucker received positive comments upon acceding to the position of National Coordinator. More alarm was raised about the appointment of Scott Gottlieb as head of the FDA, but a later assessment gave him high marks for his first few months.

Before Dr. Gottlieb got there, the FDA was already loosening up. The 21st Century Cures Act instructed it to keep its hands off many health-related digital technologies. After kneecapping consumer access to genetic testing and then allowing it back into the ring in 2015, the FDA advanced consumer genetics another step this year with approval for 23andMe tests about risks for seven diseases. A close look at another DNA site’s privacy policy, meanwhile, warns that their use of data exploits loopholes in the laws and could end up hurting consumers. Another critique of the Genetic Information Nondiscrimination Act has been written by Dr. Deborah Peel of Patient Privacy Rights.

Little noticed was a bill authorizing the FDA to be more flexible in its regulation of digital apps. Shortly after, the FDA announced its principles for approving digital apps, stressing good software development practices over clinical trials.

No improvement has been seen in the regard clinicians have for electronic records. Subjective reports condemned the notorious number of clicks required. A study showed they spend as much time on computer work as they do seeing patients. Another study found the ratio to be even worse. Shoving the job onto scribes may introduce inaccuracies.

The time spent might actually pay off if the resulting data could generate new treatments, increase personalized care, and lower costs. But the analytics that are critical to these advances have stumbled in health care institutions, in large part because of the perennial barrier of interoperability. But analytics are showing scattered successes, being used to:

Deloitte published a guide to implementing health care analytics. And finally, a clarion signal that analytics in health care has arrived: WIRED covers it.

A government cybersecurity report warns that health technology will likely soon contribute to the stream of breaches in health care.

Dr. Joseph Kvedar identified fruitful areas for applying digital technology to clinical research.

The Government Accountability Office, terror of many US bureaucracies, cam out with a report criticizing the sloppiness of quality measures at the VA.

A report by leaders of the SMART platform listed barriers to interoperability and the use of analytics to change health care.

To improve the lower outcomes seen by marginalized communities, the NIH is recruiting people from those populations to trust the government with their health data. A policy analyst calls on digital health companies to diversify their staff as well. Google’s parent company, Alphabet, is also getting into the act.

Specific technologies

Digital apps are part of most modern health efforts, of course. A few articles focused on the apps themselves. One study found that digital apps can improve depression. Another found that an app can improve ADHD.

Lots of intriguing devices are being developed:

Remote monitoring and telehealth have also been in the news.

Natural language processing and voice interfaces are becoming a critical part of spreading health care:

Facial recognition is another potentially useful technology. It can replace passwords or devices to enable quick access to medical records.

Virtual reality and augmented reality seem to have some limited applications to health care. They are useful foremost in education, but also for pain management, physical therapy, and relaxation.

A number of articles hold out the tantalizing promise that interoperability headaches can be cured through blockchain, the newest hot application of cryptography. But one analysis warned that blockchain will be difficult and expensive to adopt.

3D printing can be used to produce models for training purposes as well as surgical tools and implants customized to the patient.

A number of other interesting companies in digital health can be found in a Fortune article.

We’ll end the year with a news item similar to one that began the article: serious good news about the ability of Accountable Care Organizations (ACOs) to save money. I would also like to mention three major articles of my own:

I hope this review of the year’s articles and studies in health IT has helped you recall key advances or challenges, and perhaps flagged some valuable topics for you to follow. 2018 will continue to be a year of adjustment to new reimbursement realities touched off by the tax bill, so health IT may once again languish somewhat.

An Alternate Way Of Authenticating Patients

Posted on July 5, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Lately, I’ve been experimenting with a security app I downloaded to my Android phone. The app, True Key by Intel Security, allows you to log in by presenting your face for a scan or using your fingerprint. Once inside the app, you can access your preferred apps with a single click, as it stores your user name and passwords securely. Next, I simplified things further by downloading the app to my laptop and tablet, which synchs up whatever access info I enter across all devices.

From what I can see, Intel is positioning this as a direct-to-consumer play. The True Key documentation describes the app as a tool non-techies can use to access sites easily, store passwords securely and visit their favorite sites across all of their devices without re-entering authentication data. But I’m intrigued by the app’s potential for enterprise healthcare security access control.

Right now, there are serious flaws in the way application access is managed. As things stand, authentication information is usually stored in the same network infrastructure as the applications themselves, at least on a high-level basis. So the process goes like this, more or less: Untrusted device uses untrusted app to access a secure system. The secure system requests credentials from the device user, verifies them against an ID/PW database and if they are correct, logs them in.

Of course, there are alternatives to this approach, ranging from biometric-only access and instantly-generated, always-unique passwords, but few organizations have the resources to maintain super-advanced access protocols. So in reality, most enterprises have to firewall up their security and authentication databases and pray that those resources don’t get hacked. Theoretically, institutions might be able to create another hacking speed bump by storing authentication information in the cloud, but that obviously raises a host of additional security questions.

So here’s an idea. What if health IT organizations demanded that users install biometrically-locked apps like True Key on their devices? Then, enterprise HIT software could authenticate users at the device level – surely a possibility given that devices have unique IDs – and let users maintain password security at their end. That way, if an enterprise system was hacked, the attacker could gain access to device information, but wouldn’t have immediate access to a massive ID and PW database that gave them access to all system resources.

What I’m getting at, here, is that I believe healthcare organizations should maintain relationships with patients (as represented by their unique devices) rather than their ID and password. While no form of identity verification is perfect, to me it seems a lot more like that it’s really me logging in if I had to use my facial features or fingerprint as an entry point. After all, virtually any ID/PW pair chosen by a user can be guessed or hacked, but if you authenticate to my face/fingerprint and a registered device, the odds are high that you’re getting me.

So now it’s your turn, readers. What flaws do you see in this approach? Have you run into other apps that might serve this purpose better than True Key? Should HIT vendors create these apps? Have at it.

A Biometrically Controlled Healthcare System

Posted on September 6, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I recently had a nice conversation with Brian Dubin, VP at CERTIFY, where we discussed biometrics in healthcare. Brian got me interested when he described CERTIFY as a biometrics based “big data” company. When I first started this blog, I fell completely in love with all the various biometric options. Check out one of my first posts on Facial Recognition back in April 2006. Shortly after that I even made this EMR and biometrics contribution to a healthcare IT wiki as part of a “blogposium”. [Excuse my moment of nostalgia]

While CERTIFY works with all of the major biometric fingerprints: Finger, Palm, Iris, Facial, Voice, and Signature, I was even more intrigued by a discussion we had around a healthcare system that was biometrically controlled (my word not CERTIFY’s). I realize that the word “controlled” might have negative connotations surrounding it, but I think it is fascinating to consider all of the ways that your biometric identity could be incorporated into healthcare.

Here are some examples I’m considering (some are a reality today and others will be in the future):
Arrive at the office – Imagine that when you arrive at the hospital or medical practice and a video camera grabs your image and the front desk already knows who you are and can say, “Hi John, glad to have you hear today.” Yes, this freaks out some people, but many of the front desk people remember the faces of the patients. Now they can know your name and check you in much quicker.

Positive patient identification – If you don’t like the video camera identification of a patient, you can also do positive identification of the patient using biometrics in a less big brother’s watching you way. When they sit down at the desk to check in, the patient can use a biometric device to identify themselves. Technology like the one I talk about in my post Retina Scanning vs. Iris Recongition are what can be used for this approach.

Voice recognition for a call center – Imagine when you call into a call center they used voice recognition to identify you. This could be used to access your information more quickly. Although, it could also be used to make sure that whoever the person in the call center pulled up matches the voice on the phone. This could solve them pulling up the wrong “John Smith.”

Single sign on – If your biometric identity is stored in the cloud, then that should make that identity available on any system. Plus, I’ve always been fond of single sign on with Facial recognition. The camera is always watching if you’re there or not and so if you open a new application it can immediately authenticate you since it’s constantly authenticating your biometric identity.

I’m really intrigued by the idea of using biometric identities across multiple systems. I’ve heard many hospital CIOs talk about the hundreds of IT systems they have to support. I’ve also heard doctors and nurses complain about the number of logins and passwords they have to remember. Could biometrics be the solution to this problem? Could a biometric identity be shared between systems or would each system need to do more of the traditional single sign on integration?

Unattended computer – Related to the single sign on, facial recognition can also identify when you’re no longer at a computer. If you leave the computer it can automatically lock the computer to ensure that the health data is kept private. You have to balance how quickly the device locks, but this can be great for security.

Location access – A lot of places already do this with fingerprint or palm scans to access private areas. Plus, this prevents the sharing of keys. You can’t really share your fingerprint very well.

Signatures – There’s certainly an art and identity in someone’s signature. However, why don’t we incorporate even more biometrics into someone’s signature? The combination of a signature plus some other biometric identity would be even more powerful. Plus, when I sign to pick up a prescription, if the pharmacy knew my fingerprint, they could indeed verify that I was the right patient.

HIE identification – I don’t know anyone that’s doing this, but I wonder if instead of trying to make a unique patient identifier, using social security numbers, or some other convoluted method of identity management, could we just use someone’s biometric identity? If we aren’t there today, I think we’ll get there eventually. I’m sure there could be mismatches when it comes to matching two biometric identities that were captured by two separate systems. However, we have plenty of mismatches using ssn, name, birthdate, etc. Maybe the real answer is a combination of biometrics and name, birthdate, etc.

A Biometric Healthcare Experience
Those are some general examples. Now let’s imagine a patient visit where they walk into the hospital and are immediately recognized as a patient seeing Dr. Jones for a surgery. The front desk knows who you and has you sign any forms using your biometrics and then directs you to room 315. When you arrive at room 315 you gain access to the room using your biometric identity. The nurse arrives to prep you for surgery and knows she’s working on the right patient because of your biometric identity.

The nurse signs into the EMR using facial recognition and that biometric identity is captured so the EMR knows exactly who is entering the data into the system. The lab arrives and attached your biometric identity to the blood draws and the results will automatically be sent to the EHR matching on your biometrics.

Your doctor writes a prescription for you which gets sent to the pharmacy. The pharmacy knows that he is indeed a doctor based on the biometric identity of the doctor. Once you go to pickup the prescription they verify your biometric identity to ensure you’re in fact the right patient for that prescription. You later go to your family doctor who’s received all of the information and reports from your surgery which were easily matched to you thanks to your biometric identity.

I could keep going, but I think you get the idea. I’m sure there are major holes in the above example, but I think it’s interesting to consider what a biometrically controlled healthcare experience would look like. Plus, to take a line from Google’s Founder, maybe I’m still thinking too small. It’s possible that biometrics will be able to do so much more. It’s not going to happen tomorrow or all at once, but I’m certain that biometrics will play a big part in the future of healthcare.

I’d love to hear your thoughts on this. Are we on the path to a biometric controlled healthcare system?

Catching up with Sensible Vision’s Facial Recognition Software

Posted on April 17, 2009 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

If you’ve been reading EMR and HIPAA for a while, back in 2006 I came across a really cool company called Sensible Vision that does facial recognition software. You can read about my first experience setting up the facial recognition software and my love affair with facial recognition as the best biometric solution.

I admit that I still have a love affair with my facial recognition software. I use it every day when I sit down at my computer. I can’t imagine not having it. In fact, it’s almost time to replace my computer and I’ll be very sad if I can’t find a way to transfer the software to my new computer. It has its quirks, but I just love the added security that it gives me. I’m far too lazy to lock my computer screen myself and then log back in, but the facial recognition software does that for me. Not to mention the single sign on capabilities.

I was on a support call yesterday with my EMR vendor and when I opened the application my facial recognition single sign on kicked in and took care of the username and password typing for me. The EMR vendor told me that he was amazed at how fast I typed. I do type fast, but not that fast.

I should mention that we haven’t been able to implement this in our clinical environment. A mix of process issues and budget issues has prevented us from doing so. However, I think there are a number of places where facial recognition software could be great for security of your desktops.

I decided to go check on what’s happening with Sensible Vision since I hadn’t spoken to them in a while. Looks like they have a million devices installed and a deal with Dell to offer facial recognition with their computers. Very cool stuff. However, what I found most interesting was Sensible Vision’s reply to the Black Hat presentation about hacking facial recognition. It’s an interesting read for those looking at biometric authentication in health care. Now I just need to find the black hat presentation they’re talking about.