Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

E-Patient Update:  Changing The Patient Data Sharing Culture

Posted on May 19, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

I’ve been fighting for what I believe in for most of my life, and that includes getting access to my digital health information. I’ve pleaded with medical practice front-desk staff, gently threatened hospital HIT departments and gotten in the faces of doctors, none of whom ever seem to get why I need all of my data.

I guess you could say that I’m no shrinking violet, and that I don’t give up easily. But lately I’ve gotten a bit, let me say, discouraged when it comes to bringing together all of the data I generate. It doesn’t help that I have a few chronic illnesses, but it’s not easy even for patients with no major issues.

Some these health professionals know something about how EMRs work, how accurate, complete health records facilitate care and how big data analysis can improve population health. But when it comes to helping humble patients participate in this process, they seem to draw a blank.

The bias against sharing patient records with the patients seems to run deep. I once called the PR rep at a hospital EMR vendor and complained casually about my situation, in which a hospital told me that it would take three months to send me records printed from their EMR. (If I’d asked them to send me a CCD directly, the lady’s head might have exploded right there on the phone.)

Though I didn’t ask, the vendor rep got on the phone, reached a VP at the hospital and boom, I had my records. It took a week and a half, a vendor and hospital VP just to get one set of records to one patient. And for most of us it isn’t even that easy.

The methods providers have used to discourage my data requests have been varied. They include that I have to pay $X per page, when state law clearly states that (much lower) $Y is all they can charge. I’ve been told I just have to wait as long as it takes for the HIM department to get around to my request, no matter how time-sensitive the issue. I was even told once that Dr. X simply didn’t share patient records, and that’s that. (I didn’t bother to offer her a primer on state and federal medical records laws.) It gets to be kind of amusing over time, though irritating nonetheless.

Some of these skirmishes can be explained by training gaps or ignorance, certainly. What’s more, even if a provider encourages patient record requests there are still security and privacy issues to navigate. But I believe that what truly underlies provider resistance to giving patients their records is a mix of laziness and fear. In the past, few patients pushed the records issue, so hospitals and medical groups got lazy. Now, patients are getting assertive, and they fear what will happen.

Of course, we all have a right to our medical records, and if patients persist they will almost always get them. But if my experience is any guide, getting those records will remain difficult if attitudes don’t change. The default cultural setting among providers seems to be discomfort and even rebellion when they’re asked to give consumers their healthcare data. My protests won’t change a thing if people are tuning me out.

There’s many reasons for their reaction, including the rise of challenging, self-propelled patients who don’t assume the doctor knows best in all cases. Also, as in any other modern industry, data is power, and physicians in particular are already feeling almost powerless.

That being said, the healthcare industry isn’t going to meet its broad outcomes and efficiency goals unless patients are confident and comfortable with managing their health. Collecting, amassing and reviewing our health information greatly helps patients like me to stay on top of issues, so encumbering our efforts is counter-productive.

To counter such resistance, we need to transform the patient data sharing culture from resistant to supportive. Many health leaders seem to pine for the days when patients could have the data when and if they felt like it, but those days are past. Participating happily in a patient’s data collection efforts needs to become the norm.

If providers hope to meet the transformational goals they’ve set for themselves, they’ll have to help patients get their data as quickly, cheaply and easily as possible. Failing to do this will block or at least slow the progress of much-needed industry reforms, and they’re already a big stretch. Just give patients their data without a fuss – it’s the right thing to do!

E-Patient Update: Reducing Your Patients’ Security Anxiety

Posted on March 31, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Even if you’re not a computer-savvy person, these days you can hardly miss the fact that healthcare data is a desirable target for cyber-criminals. After all, over the past few years, healthcare data breaches have been in the news almost every day, with some affecting millions of consumers.

As a result, many patients have become at least a bit afraid of interacting with health data online. Some are afraid that data stored on their doctor or hospital’s server will be compromised, some are afraid to manage their data on their own, and others don’t even know what they’re worried about – but they’re scared to get involved with health data online.

As an e-patient who’s lived online in one form or another since the 80s (anyone remember GEnie or Compuserve?) I’ve probably grown a bit too blasé about security risks. While I guard my online banking password as carefully as anyone else, I don’t tend to worry too much about abstract threats posed by someone who might someday, somehow find my healthcare data among millions of other files.

But I realize that most patients – and providers – take these issues very seriously, and with good reason. Even if HIPAA weren’t the law of the land, providers couldn’t afford to have patients feel like their privacy wasn’t being respected. After all, patients can’t get the highest-quality treatment available if they aren’t comfortable being candid about their health behaviors.

What’s more, no provider wants to have their non-clinical data hacked either. Protecting Social Security numbers, credit card details and other financial data is a critical responsibility, and failing at it could cost patients more than their privacy.

Still, if we manage to intimidate the people we’re trying to help, that can’t be good either. Surely we can protect health data without alienating too many patients.

Striking a balance

I believe it’s important to strike a balance between being serious about security and making it difficult or frightening for patients to engage with their data. While I’m not a security expert, here’s some thoughts on how to strike that balance, from the standpoint of a computer-friendly patient.

  • Don’t overdo things: Following strong security practices is a good idea, but if they’re upsetting or cumbersome they may defeat your larger purposes. I’m reminded of the policy of one of my parents’ providers, who would only provide a new password for their Epic portal if my folks came to the office in person. Wouldn’t a snail mail letter serve, at least if they used registered mail?
  • Use common-sense procedures: By all means, see to it that your patients access their data securely, but work that into your standard registration process and workflow. By the time a patient leaves your office they should have access to everything they need for portal access.
  • Guide patients through changes: In some cases, providers will want to change their security approach, which may mean that patients have to choose a new ID and password or otherwise change their routine. If that’s necessary, send them an email or text message letting them know that these changes are expected. Otherwise they might be worried that the changes represent a threat.
  • Remember patient fears: While practice administrators and IT staff may understand security basics, and why such protections are necessary, patients may not. Bear in mind that if you take a grim tone when discussing security issues, they may be afraid to visit your portal. Keep security explanations professional but pleasant.

Remember your goals

Speaking as a consumer of patient health data, I have to say that many of the health data sites I’ve accessed are a bit tricky to use. (OK, to be honest, many seem to be designed by a committee of 40-something engineers that never saw a gimmicky interface they didn’t like.)

And that isn’t all. Unfortunately, even a highly usable patient data portal or app can become far more difficult to use if necessary security protections are added to the mix. And of course, sometimes that may be how things have to be.

I guess I’m just encouraging providers who read this to remember their long-term goals. Don’t forget that even security measures should be evaluated as part of a patient’s experience, and at least see that they do as little as possible to undercut that experience.

After all, if a girl-geek and e-patient like myself finds the security management aspect of accessing my data to be a bummer, I can only imagine other consumers will just walk away from the keyboard. With any luck, we can find ways to be security-conscious without imposing major barriers to patient engagement.

EMRs May Be The Next Hacker’s Prize

Posted on December 14, 2012 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Black-hat hackers are beginning, slowly but at an increasing pace, to lock down and encrypt medical data, then demand a ransom fee before they’ll turn over the data in usable form again.

While reports of such activity are scattered and few at the moment, my guess is that we’re at the beginning of a wave of such attacks, especially attacks targeting small medical practices with unsophisticated security set-ups.

Consider what happened recently to a clinic in Queensland, Australia.   Over one weekend, a server holding seven years of patient records was breached and the data encrypted with “military-grade” tools, according to blog Naked Security.

The attackers, who seem to be based in Eastern Europe or Russia, are demanding $4,000 AUD for the release of the records, the blog reports. The clinic is attempting to avoid paying by bringing in its own security experts, but the experts retained by the clinic are apparently fairly doubtful that they can break the encryption scheme.

Such attacks have begun to occur in the U.S. as well, all targeting smaller medical practices with minimal security support.  It’s little wonder that such practices are being targeted; even if they have decent, industry-standard firewalls, antivirus software and password-protected servers — as the Aussie clinic did — such protections are child’s play to defeat if you’re a professional cybercriminal who’s done this kind of thing many times before.

Even if the practice has tougher security in place than usual, how likely is it to have good security hygiene, such as frequently updated and patched firewalls and strong, regularly switched out passwords?  Without security staff on board, not too likely.

Given the devastating consequences that can occur if a medical practice is unable to regain its data, it seems to me that it’s time the entire healthcare industry take an interest in this problem. Smaller practices need help, and we’ve got to figure out how to make sure they get it.

Foursquare for Medical Practices

Posted on January 11, 2012 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

As most of you probably know, I’m a huge fan of technology and it’s also fair to say that I’m a pretty early adopter of social media. In fact, I’m sure that some of you think that I live on social media. I prefer to just say that I’m active in social media. Despite my love and participation in social media, I must admit that I’ve never really been able to get into the love of Foursquare.

For those that don’t know much about Foursquare, it’s an app on your phone where you can check in to specific locations and you can see which locations your friends, family and colleagues have checked into as well. As you check in, you get rewards for checking in and virtual awards such as badges. Plus, if you check in to a certain location enough times, then you become Mayor of that location. Foursquare is far from the only one in this space, but it is definitely the leader and the originator of the space. Although, don’t be surprised if Facebook Places doesn’t give them a good run for their money.

My personal problems with Foursquare is that at least on my cell phone it’s clunky to use, hard to understand and the data gets outdated so quickly that I don’t find it that useful. I’m sure that part of my problem with Foursquare is that I don’t have enough real friends and colleagues on there to really get the benefit of knowing what everyone’s doing and where they’re at. Yes, the idea of sharing and other people knowing this information is scary, but it turns out to be a really cool thing if done right. I know since I often learn where someone is at during a conference by seeing tweets from them.

Considering my lack of adoption of Foursquare, I was of course intrigued by this article talking about why medical practices should be on Foursquare. Here are the main reasons they offer:
1. It’s easy to use.
2. It’s big, and getting bigger.
3. It’s a search engine and a way of being found when people are looking for a doctor.
4. If you don’t claim your place, someone else is likely to do it for you.
5. It says your medical practice is social and tech savvy.

Obviously I disagree with the first one, but that might be my bias. Maybe it’s so easy to use that it’s useless to me. My bias aside, I actually agree with this article that a medical practice should take the 5 minutes it takes to get their practice listed on Foursquare. I’m not suggesting that a doctor or medical practice should become really active on Foursquare. Instead, I’m just saying they should sign up and claim their spot on Foursquare. Then, you get to control your listing as opposed to one of your patients which adds your office for you.

A comment in the above article makes a really good point too. If you want to be active in social media and reach the typical visitors to doctors offices that tend to skew female and older, you probably should be on Twitter and Facebook, not Foursquare. Yelp is another good recommendation for many cities. Lots more could be said about those three services. If people are interested, then we’ll cover those in future posts.