Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

FDA Announces Precertification Program For Digital Health Tools

Posted on October 5, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The FDA has recruited some the world’s top technology and medical companies to help it pilot test a program under which digital health software could be marketed without going through the through the agency’s entire certification process.

The participants, which include Apple, Fitbit, Johnson & Johnson, Samsung and Roche, will give the agency access to the measures they’re using to develop, test and maintain their software, and also how they collect post-market data.

Once armed with this information, the FDA will leverage it to determine the key metrics and performance indicators it uses to see if digital health software meets its quality standards.

Companies that meet these new standards could become pre-certified, a status which grants them a far easier path to certification than in the past. This represents a broad shift in the FDA’s regulatory philosophy, “looking first at the software developer digital health technology developer, not the product,” according to a report previously released by the agency.

If the pilot works as planned, the FDA is considering making some significant changes to the certification process. If their processes pass muster, pre-certified companies may be allowed to submit less information to the FDA than they currently must before marketing a new digital health tool.  The agency is also considering the more radical step of allowing pre-certified companies to avoid submitting a product for premarket review in some cases. (It’s worth noting that these rules would apply to lower-risk settings.)

The prospect of pre-certifying companies does raise some concerns. In truth, the argument could be made that digital health software should be regulated more tightly, not less. In particular, the mobile healthcare world is still something of a lawless frontier, with very few apps facing privacy, security or accuracy oversight.

The fact is, it’s little wonder that physicians aren’t comfortable using mobile health app data given how loosely it can be constructed at times, not to mention the reality that it might not even measure basic vital signs reliably.

It’s not that the healthcare industry isn’t aware of these issues. about a year ago, a group of healthcare organizations including HIMSS, the American Medical Association and the American Heart Association came together to develop a framework of principles dressing app quality. Still, that’s far short of establishing a certification body.

On the other hand, the FDA does have a point when it notes that a pre-certification program could make it easier for useful digital health tools to reach the marketplace. Assuming the program is constructed well, it seems to me that this is a good idea.

True, it’s pretty unusual to see the FDA loosen up its certification process – a fairly progressive move for a stodgy agency – while the industry fails to self-regulate, but it’s a welcome change of style. I guess digital health really is changing things up.

 

Healthcare Orgs May Be Ramping Up Cybersecurity Efforts

Posted on August 18, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As I’ve noted (too) many times in the past, healthcare organizations don’t have a great track record when it comes to cybersecurity. Compared to other industries, healthcare organizations spend relatively little on IT security overall, and despite harangues from people like myself, this has remained the case for many years.

However, a small new survey by HIMSS suggests that the tide may be turning. It’s not incredibly surprising to hear, as health it leaders have been facing increasingly frequent cybersecurity attacks. A case in point: In a recent study by Netwrix Corp., more than half of healthcare organizations reported struggling with malware, and that’s just one of many ongoing cyber security threats.

The HIMSS cybersecurity survey, which tallies responses from 126 IT leaders, concluded that security professionals are focusing on medical device security, and that patient safety, data breaches and malware were their top three concerns.

In the survey, HIMSS found that 71% of respondents were allocating some of their budgets toward cybersecurity and that 80% said that their organization employed dedicated cybersecurity staff.

Meanwhile, 78% of respondents were able to identify a cybersecurity staffing ratio (i.e. the number of cybersecurity specialists versus other employees), and 53% said the ratio was 1:500 which, according to HIMSS is considered the right ratio for information-centric, risk-averse businesses with considerable Internet exposure.

Also of note, it seems that budgets for cybersecurity are getting more substantial. Of the 71% of respondents whose organizations are budgeting for cybersecurity efforts, 60% allocated 3% or more of their overall budget to the problem. And that’s not all. Eleven percent of respondents said that they were allocating more than 10% of the budget to cybersecurity, which is fairly impressive.

Other stats from the survey included that 60% of respondents said their organizations employed a senior information security leader such as a Chief Information Security Officer.  In its press release covering the survey, it noted that CISOs and other top security leaders are adopting cybersecurity programs that cut across several areas, including procurement and education/training. The security leaders are also adopting the NIST Cybersecurity Framework.

According to HIMSS, 85% of respondents said they conduct a risk assessment at least once a year, and that 75% of them regularly conduct penetration testing. Meanwhile, 75% said they had some type of insider threat management program in place within their healthcare organization.

One final note: In the report, HIMSS noted that acute care providers had more specific concerns was cybersecurity than non-acute care providers. Over the next few years, as individual practices merge with larger ones, and everyone gets swept up into ACOs, I wonder if that distinction will even matter anymore.

My take is that when smaller organizations work with big ones, everyone’s tech is set up reach the level better-capitalized players have achieved, and that will standardize everyone’s concerns. What do you think?

Where HIMSS Can Take Health 2.0

Posted on April 24, 2017 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

I was quite privileged to talk to the leaders of Health 2.0, Dr. Indu Subaiya and Matthew Holt, in the busy days after their announced merger with HIMSS. I was revving to talk to them because the Health 2.0 events I have attended have always been stimulating and challenging. I wanted to make sure that after their incorporation into the HIMSS empire they would continue to push clinicians as well as technologists to re-evaluate their workflows, goals, and philosophies.

I’m not sure there is such a thing as a typical Health 2.0 event, but I generally see in such events a twofold mission. Sometimes they orient technologists to consider the needs of doctors and patients (as at a developer challenge). Other times they orient clinicians and health care institutions to consider the changes in goals and means that technology requires, as well as the strains caused by its adoption (as in a HxRefactored conference). Both of these activities disturb the cozy status quo in health IT, prodding its practitioners to try out new forms of research, design, and interaction. Health 2.0 was also happy to publish my own articles trying to untangle the standard confusion around health care.

For HIMSS, absorbing Health 2.0 is about as consequential as an ocean liner picking up a band of performing musicians along its ports of call. For Health 2.0, the impact could be much larger. Certainly, they gain the stability, funding opportunities, and administrative support that typically come with incorporation into a large, established institution. But can they keep their edge?

Subaiya and Holt assured me that Health 2.0 maintains its independence as part of HIMSS. They will be responsible for some presentations at the mammoth annual HIMSS conferences. They also hope to bring more buyers and sellers together through the HIMSS connection. They see three functions they can provide HIMSS:

  • A scanner for what’s new. HIMSS tends to showcase valuable new technologies a couple years after Health 2.0 discovers them.

  • A magnet to attract and retain highly innovative people in health IT.

  • A mechanism for finding partners for early-stage companies.

Aside from that, they will continue and expand their international presence, which includes the US, Japan, South Korea, China, and India. Interestingly, Subaiya told me that the needs expressed in different countries are similar. There aren’t separate mHealth or IT revolutions for the US and India. Instead, both call for increased used of IT for patient education, for remote monitoring and care, and for point-of-care diagnostics. Whether talking about busy yuppies in the city or isolated rural areas lacking doctors, clinicians find that health care has to go to the patient because the patient can’t always come to a health care center. If somebody can run a test using a cheap strip of paper and send results to a doctor over a cell phone, health coverage becomes more universal. Many areas are also dealing with the strains of aging populations.

HIMSS leadership and Health 2.0 share the recognition that health happens outside the walls of hospitals: in relationships, communities, schools, and homes. Health 2.0 will push that philosophy strongly at HIMSS. They will also hammer on what Subaiya calls health care’s “unacceptables”: disparities across race, gender, and geographic region, continued growth in chronic disease, and resulting cost burdens.

Subaiya and Holt see the original mission of HIMSS as a beneficial one: to create technologies that enhance physician workflows. Old technologies turned out to be brittle and unable to evolve, though, as workflows radically changed. As patient engagement and collaboration became more important, EHRs and other systems fell behind.

Meanwhile, the mobile revolution brought new attention to apps that could empower patients, improve monitoring, and connect everybody in the health care system. But technologists and venture capitalists jumped into health care without adequate research into what the users needed. Health 2.0 was created several years ago to represent the users, particular patients and health care consumers.

Holt says that investment is still increasing, although it may go into services instead of pure tech companies. Some is money moving from life sciences to computer technologies such as digital therapeutics. Furthermore, there are fewer companies getting funded than a few years ago, but each company is getting more money than before and getting it faster.

Subaiya and Holt celebrate the continued pull of health care for technologists, citing not only start-ups but substantial investment by large tech corporations, such as the Alphabet company Verily Life Sciences, Samsung, and Apple. There’s a particularly big increase in the use of data science within health care.

Some companies are integrating with Alexa to make interactions with consumers more natural. Intelligent decision support (as seen for instance in IBM’s Watson) is taking some of the burden off the clinician. For mental health, behavioral health, and addiction, digital tech is reducing stigma and barriers to those who need help.

In short, Health 2.0 should not be constrained by its new-found partner. The environment and funding is here for a tech transformation of health care, and Health 2.0’s work is cut out for it.

Are Healthcare Integration Engines Needed?

Posted on March 13, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In a perfect world, we might ask why health systems need to purchase an integration engine. The standards used by integration engines are pretty widespread and every EHR and Healthcare IT vendor uses that standard. Why then do we need an integration engine in the middle?

I’m sure there are a lot of reasons, but two reasons stand out the most to me are: integration costs and flavors of standards.

Integration Costs
It’s amazing how expensive it is to build integrations with EHR and other healthcare IT software. I still look back on the first lab interface integration I did. I couldn’t believe how expensive it was to do the integration and how the vendors were happy to nickle and dime you all along the way. Many of them look at it as a secondary business model.

While an integration engine can’t solve all these costs, if you have a large number of integrations, the integration engine can save you a lot of money. This includes the integration engine’s experience integrating with multiple vendors, but it also means you can often only pay your EHR vendor one time instead of getting charged for every integration.

Flavors of Standards
If you’ve ever managed an integration, you know how miserable it can be. Each side of the integration implements their own “flavor” of the standard (which makes no sense, but is reality) and that flavor can often change as the various software gets updated. It’s no fun to manage and often leads to interface downtime. You know the impact interface downtime can have on your providers who don’t understand the intricacies of an interface. No one likes something that previously just worked to stop working.

This is where integrations engines definitely shine. Their whole job is to manage these types of changes and ensure that they’re prepared for the change. If they can’t do this right, then you should search for a new integration engine. Plus, integration engines usually have tools to help you manage this and to update this as vendors change (and they will change).

Will Integration Engines Survive?
In the perfect world, we wouldn’t need an integration engine. Healthcare is not a perfect world. In fact, it’s far from it, so I see integration engines sticking around for a long while to come. They’re quite entrenched in the business processes of most large healthcare organizations.

While at the HIMSS Conference, I was talking with Summit Healthcare and they noted that they have 1 client that’s sending 5 million messages per day (Yes, I said per day!). That’s a lot of messages and that’s only one client from one integration engine. Hearing that number illustrated how valuable these integration engines are to an organization. It also flew in the face of healthcare not being interoperable. However, it illustrates how much data needs to be shared if we had true interoperability since those 5 million messages only includes a small portion of health data that could be shared.

We’ll look at diving into integration engines in more detail in future posts. I think they’re an important backbone of what’s happening in healthcare IT and many don’t realize it.

Healthcare Scene Interview with Steve Lieber at the Close of #HIMSS17

Posted on March 2, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

As the HIMSS 2017 Annual conference came to a close, Healthcare Scene had the opportunity to sit down with Steve Lieber, President and CEO of HIMSS, who will be retiring at the end of the year. Being the last HIMSS conference with Steve Lieber at the helm, we wanted to get a feel for how Steve was feeling and take a look back at his 17 years at the helm of this organization.

In this interview, we talk with Steve about how HIMSS has changed over his 17 years running the organization and about some of the pivotal moments in that time. We also ask Steve about his replacement. While he didn’t give us any names he did give us some idea of the process for finding his replacement and what type or attributes the search committee will look at in selecting the new President and CEO of HIMSS. Finally, we wrap up with Steve giving some advice to healthcare IT professionals and even ask Steve if he takes pride in what he and HIMSS have accomplished.

Check out the full interview with Steve Lieber below:

Regardless of how you feel about HIMSS, it’s an impressive organization that puts on an impressive conference. It’s not easy to grow a conference to 40,000 attendees and 1200 vendors and Steve’s been at the helm of its growth. Thanks for sharing your insights with us Steve.

If you enjoyed this interview, subscribe to Healthcare Scene on YouTube and browse the full playlist of healthcare IT interviews we’ve done.

HIMSS17: Health IT Staff, Budgets Growing

Posted on March 1, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A new study announced last week at the HIMSS17 event concludes that demand for health IT staff continues to grow as employers expand their budgets. Not surprisingly, given this growth, the healthcare employers are having trouble recruiting enough IT staffers to meet their growing needs.

Results from the HIMSS Leadership and Workforce Survey reflect responses from 368 U.S. health IT leaders made between November 2016 and early January 2017. Fifty-six of respondents from vendors and consulting firms were in executive management, as compared with 41% of providers.

The survey concluded that the majority of health IT respondents have positions they’d like to fill, including 61% of health IT vendors/consultants and 43% of providers who responded. Only 32% of vendor/consultant organizations and 38% or providers said they were fully staffed, HIMSS said. We’ve seen this challenge from many of the healthcare IT companies which post their jobs on Healthcare IT Central.

Demand for IT recruits grew last year, as well. Researchers found that 61% of vendors/consultants responding and 42% of providers responding saw IT staffing increases over the past year, and that the majority of respondents in both groups expect to increase their IT staffing levels or at least hold them steady next year.

Of course, someone has to pay for these new team members. HIMSS researchers found that IT budgets were continuing to rise over time. Roughly nine out of ten vendors/consultants and 56% of providers said they expected to see increases in their IT budgets this year.

As often happens, however, vendors and consultants and providers seem to have different HIT priorities. While vendors seem to be addressing new technology issues, providers are still focused on how to manage their existing EMR infrastructure investments, HIMSS said.

That being said, the survey found, health IT stakeholders have many overlapping concerns, including privacy and security, population health, care coordination and improving the culture of care.

One of the key insights from this study – that vendors/consultants and providers have different views on the importance of enhancing existing EMRs – is borne out by another study released at the HIMSS event.

The study, which was backed by voice recognition software vendor Nuance Communications, found that providers are broadly interested in implementing new technologies that enhance their EMR, especially computer-assisted physician documentation, mobility and speech recognition tools.

However, when asked to be specific about which tools interested them, they were less enthusiastic, with 44% showing an interest in mobility tools, 38% computer-assisted physician documentation and 25% speech recognition. Documentation tools that enhanced existing functions were especially popular, with 54% of respondents expecting to see them support a reduction in denied claims, 52% improved performance under bundled payments, 38% reduced readmissions and 38% better physician time management which improves patient flow.

This survey also found that the most popular strategy for enhancing physician satisfaction with health IT tools was providing clinician training and education (chosen by 82%). Since their EMR is probably their biggest IT investment, my guess is that the training will focus there. And that suggests that EMRs are still the center of their universe, doesn’t it?

HIMSSanity Recovery Tweetstorm Chat and Health IT Insights – #HITsm Chat Topic

Posted on February 23, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re taking a little different approach for this week’s #HITsm chat happening Friday, 2/24 at Noon ET (9 AM PT). Since this week many of the #HITsm community were busy at the HIMSS Annual Conference in Orlando, we wanted to give people a bit of a break from the regular chat and test out a simple, new approach to the chat in what we’re calling the HIMSSanity Recovery chat.

Instead of sharing 5 topics to discuss, we’re asking everyone in the #HITsm community to share a “Tweetstorm” (check out this article that describes a Tweetstorm pretty well.) that offers some insights into the healthcare IT community. Maybe it’s a story from your experience at HIMSS17, insights into a certain topic, a message of gratitude, a rant on an important topic, a deep look into a subject that matters to you, etc. Of course, you’re welcome to join us even if you didn’t participate in HIMSS in any way shape or form. As long as you have a viewpoint and perspective, you’re welcome to join and share a tweetstorm.

All you have to do to participate is

1. Select a topic, subject, story, or rant you want to share.

2. Share a series of tweets that are numbered (ie. 1.) and end each tweet with the #HITsm hashtag.

3. Check out other people’s tweetstorms and reply to their perspectives.

4. Repeat if you have more than one tweetstorm to share.

Here’s a simple example of a tweetstorm you might share in 8 successive tweets:

1. We need to improve the patient experience in healthcare #HITsm
2. Healthcare organizations that choose not to improve the patient experience are going to be at an extreme disadvantage. #HITsm
3. As value based reimbursement efforts get rolled out, the right patient experience is going to be essential. #HITsm
4. First, it will attract the best patients to your organizations #HITsm
5. Second, it will provide you the opportunity to truly engage with your patients which is necessary in value based reimbursement. #HITsm
6. Third, if you don’t do it, your competitors across the street will and you’ll have a challenge being competitive. #HITsm
7. If you’re not working on the experience your patients have in your office, you should start now. #HITsm
8. Focusing on patient experience is the right thing to do for your patients and your business. #HITsm

That’s all. Easy enough right? I look forward to reading everyone’s #HITsm tweetstorms! Don’t worry if they don’t all go out at Noon ET (9 AM PT). Feel free to share them throughout the full #HITsm hour or even after. If you have any questions, let us know in the comments.

Upcoming #HITsm Chat Schedule
3/3 – “Is it ground hog day with population health?
Hosted by @dchou1107 and @cschealth

3/10 – TBD

3/17 – TBD

We look forward to learning from the #HITsm community! As always let us know if you have ideas for how to make #HITsm better.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

Pre-#HIMSS17 Fun Friday

Posted on February 17, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

It’s Friday and not just any normal Friday, the Friday before the 2017 HIMSS Annual Conference. So, this Fun Friday entry is especially appreciated. I’m pretty sure I’m going to have a conversation about this first cartoon many times next week.

Everyone travel safe to HIMSS if you’re going. If you’re grinding away at home, I’ll do my best to bring you some unique, interesting, and valuable perspectives from the conference across my network of Healthcare Scene sites.

#MakeHITCount

Posted on February 16, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ll admit I’m a bit of a sucker for a new hashtag. Especially one that points to moving healthcare IT forward. So, you can imagine I was interested when my friends at Iron Mountain let me know that they were working on a new hashtag called #MakeHITCount.

Throughout HIMSS 2017, Iron Mountain will be collecting any mentions of #MakeHITCount on Twitter, Instagram, Facebook, or LinkedIn and using those tweets to create a cool photomosaic like the one below (click on it to see it in action):

I love those photomosaics, but I love showing appreciation for people even more. I also love the idea of pointing out the parts of Healthcare IT that are making a difference in people’s lives. Here are a list of ways that you can participate in the #MakeHITCount hashtag:

  • Share your story of why it’s important to #makeHITcount now more than ever
  • Share your story of how you #makeHITcount in your job role
  • Share your story of how health IT can #makeHITcount for clinicians or patients
  • Share your Health IT Hero, the person who inspires you to #makeHITcount
  • Challenge others to tell you how they #makeHITcount

It’s too easy for us to complain about healthcare IT. We need to spend more time sharing about how IT makes our lives better and show gratitude to the people that are making it better. I’m not saying we should ignore the challenges of using healthcare IT appropriately, but we also shouldn’t take for granted all the benefits that IT can and should provide.

I look forward to what you all share on #MakeHITCount. Maybe a wave of good can open our eyes to new possibilities, inspire people who are working in healthcare IT, and make Health IT live up to its potential.

Full Disclosure: Healthcare Scene occasionally gets paid to write blog posts for Iron Mountain’s blogs.

Consumers Fear Theft Of Personal Health Information

Posted on February 15, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Probably fueled by constant news about breaches – duh! – consumers continue to worry that their personal health information isn’t safe, according to a new survey.

As the press release for the 2017 Xerox eHealth Survey notes, last year more than one data breach was reported each day. So it’s little wonder that the survey – which was conducted online by Harris poll in January 2017 among more than 3,000 U.S. adults – found that 44% of Americans are worried about having their PHI stolen.

According to the survey, 76% of respondents believe that it’s more secure to share PHI between providers through a secure electronic channel than to fax paper documents. This belief is certainly a plus for providers. After all, they’re already committed to sharing information as effectively as possible, and it doesn’t hurt to have consumers behind them.

Another positive finding from the study is that Americans also believe better information sharing across providers can help improve patient care. Xerox/Harris found that 87% of respondents believe that wait times to get test results and diagnoses would drop if providers securely shared and accessed patient information from varied providers. Not only that, 87% of consumers also said that they felt that quality of service would improve if information sharing and coordination among different providers was more common.

Looked at one way, these stats offer providers an opportunity. If you’re already spending tens or hundreds of millions of dollars on interoperability, it doesn’t hurt to let consumers know that you’re doing it. For example, hospitals and medical practices can put signs in their lobby spelling out what they’re doing by way of sharing data and coordinating care, have their doctors discuss what information they’re sharing and hand out sheets telling consumers how they can leverage interoperable data. (Some organizations have already taken some of these steps, but I’d argue that virtually any of them could do more.)

On the other hand, if nearly half of consumers afraid that their PHI is insecure, providers have to do more to reassure them. Though few would understand how your security program works, letting them know how seriously you take the matter is a step forward. Also, it’s good to educate them on what they can do to keep their health information secure, as people tend to be less fearful when they focus on what they can control.

That being said, the truth is that healthcare data security is a mixed bag. According to a study conducted last year by HIMSS, most organizations conduct IT security risk assessments, many IT execs have only occasional interactions with top-level leaders. Also, many are still planning out their medical device security strategy. Worse, provider security spending is often minimal. HIMSS notes that few organizations spend more than 6% of their IT budgets on data security, and 72% have five or fewer employees allocated to security.

Ultimately, it’s great to see that consumers are getting behind the idea of health data interoperability, and see how it will benefit them. But until health organizations do more to protect PHI, they’re at risk of losing that support overnight.