Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Another View of Privacy by Dr. Deborah C. Peel, MD

Posted on June 25, 2014 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I thought the following TEDx video from Deborah C. Peel, MD, Founder and Chair of Patient Privacy Rights, would be an interesting contrast with some of the things that Andy Oram wrote in yesterday’s post titled “Not So Open: Redefining Goals for Sharing Health Data in Research“. Dr. Peel is incredibly passionate about protecting patient’s privacy and is working hard on that goal.

Dr. Peel is also trying to kick off a hashtag called #MyHealthDataIsMine. What do you think of the “hidden privacy and data breaches” that Dr. Peel talks about in the video? I look forward to hearing your thoughts on it.

Doctors Increasingly Texting, But HIPAA Protection Lacking

Posted on November 2, 2012 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A new study of physicians working at pediatric hospitals has concluded what we might have assumed anyway — that they prefer the use of SMS texting via mobile phone to pagers. What’s worrisome, however, is that little if any of this communication seems to be going on in a HIPAA-secure manner.

The study, by the University of Kansas School of Medicine at Wichita, asked 106 doctors at pediatric hospitals what avenues they prefer for “brief communication” while at work. Of this group, 27 percent chose texting as their favorite method, 23 percent preferred hospital-issued pagers and 21 percent face to face conversation, according to a report in mHealthWatch.

What’s interesting is that text-friendly or not, 57 percent of doctors said they sent or got work-related text messages.  And 12 percent of pediatricians reported sending more than 10 messages per shift.

With all that texting going on,  you’d figure hospitals would have a policy in place to ensure HIPAA requirements were met. But in reality, few doctors said that their hospital had such a policy in place.

That’s particularly concerning considering that 41 percent of respondents said they received work-related text messages on a personal phone, and only 18 percent on a hospital-assigned phone. I think it’s fair to say that this arrangement is rife with opportunities for HIPAA no-nos.

It’s not that the health IT vendor world isn’t aware that this is a problem; I know my colleague John has covered technology for secure texting between medical professionals and he’s also an advisor to secure text messaging company docBeat. However, not much is going to happen until hospitals get worried enough to identify this as a serious issue and they realize that secure text message can be just as easy as regular text along with additional benefits.

In the mean time, doctors will continue texting away — some getting 50-100 messages a day, according to one researcher — in an uncertain environment.  Seems to me this is a recipe for HIPAA disaster.

Doctors Expected To Get “Meaningful Choices” From Patients On HIE Data Use

Posted on October 19, 2012 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Making sure the clinical data flowing through HIEs is seen only by those patients designate is a tricky problem.  But according to the ONC, it’s a problem doctors need to take on and manage, according to recent guidance from the organization.

ONC’s logic is as follows:

As key agents of trust for patients, providers are responsible for maintaining the privacy and security of their patients’ health information. In turn, patients should not be surprised about or harmed by their provider’s collections, uses, or disclosures of their health information. 

In other words, patients should be given a “meaningful choice” as to how information is shared, rather than simply signing broad treatment-related disclosures.

And as ONC sees it, the treating professional is responsible for educating patients enough to give them meaningful awareness of their options, including how information will be shared and with whom, as well as obtaining and tracking the patient’s choice.

This strikes me as a pretty ambitious expectation to have of doctors, who in most cases need to do little to explain information sharing to patients. Educating them on the broad range of places data could go, under which circumstances, and the extent to which patients can opt in or out of such sharing, strikes me as a very large task.

I’m not saying that I think ONC’s recommendation is an unwise one.  In most cases, the doctor — who’s most likely to be the treating professional — is really the only person who’s in a position to do this kind of education.  Not only is the doctor the person the patient trusts, they’re also in a position to review how well patients have understood on an ongoing basis.

All that being said, it’s still a pretty complex lesson to teach. I hope someone, perhaps ONC itself, develops online self-education for patients which a doctor can simply offer during the visit.  Otherwise, I think the “meaningful choice” concept will be hard to pull off.

A Smart Approach To Medicine And Social Media

Posted on August 29, 2012 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

It’s always a pleasure to touch base with the thoughtful blog  (33 Charts) written by pediatric gastroenterologist Dr. Bryan Vartabedian. This time, I caught a piece on how Dr. Vartabedian handles social media communication with patients, and I thought it was well worth a share.

While your mileage may vary, here’s some key ways Dr. Vartabedian handles medical contact online with consumers:

* He never answers patient-specific questions from strangers

As he notes, people generally ask two kinds of questions, patient-specific and non-patient specific. While he’s glad to answer general questions, he never answers patient-specific ones from strangers, as it could be construed that he’s created a professional relationship with the person asking the question.

* He guides patients he’s treating offline

If an existing patient messages Dr. Vartabedian, he messages back that he’d be happy to do a phone call. He then addresses their concern via phone, while explaining to patients how both he and they could face serious privacy issues if too much comes out online. Oh, and most importantly, he documents the phone encounter, noting that the patient who reached out in  public.

* He flatly turns down requests for info from people he loosely knows

The only exception he makes is for family and very close friends.  In those cases he arranges evening phone time and spends 45 minutes getting facts so he can offer high-quality direction.

I really like the way Dr. Vartabedian has outlined his options here — it’s clear, simple, and virtually impossible to misunderstand.  It’s hard to imagine anyone being offended by these policies, or more importantly, having their privacy violated.  Good to see!

If you’re a doctor how do you handle your social media interactions with patients?

Can Providers Cope With EMR Security Challenges?

Posted on June 15, 2011 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Boy, back in the good old days, protecting patient data was comparatively easy. All you had to do was make sure that nobody got their hands on a patient’s paper chart who shouldn’t be looking at it.

After all, simple stuff like locking file rooms and making sure charts never get left in a public place are pretty easy to understand. Sure, paper records get stolen or rifled through now and then — no system is perfect — but putting processes in place to prevent unauthorized chart access isn’t that complicated.

On the other hand, introducing electronic medical records  — plus e-prescribing, digital sharing of lab results and more — is a completely different kettle of fish.

For one thing, providers must control access to medical information stored in their EMR in a far more sophisticated way than they had with paper charts.  For example, while role-based access to data may not sound too threatening to your average IT boss, it’s not exactly intuitive if you’re not a geek. Figuring out just who should get access to what gets a lot more complicated than when you used to just have to pull and route a chart.

Another issue: few clinicians know much about data security, and it’s not likely that they’re going to suddenly get wildly excited about encryption or VPNs.  Sure, you can warn them that it comes down to whether some random stranger (or even a staff member) will steal their patients’ Social Security numbers or broadcast medical secrets. But it’s just about impossible to explain security issues without wandering into scary jargon that will alienate the heck out of many doctors.

Of course, healthcare organizations can make sure their clinicians are trained to understand the importance of  securing their EMR. And they can even explain why specific types of security measures will limit their HIPAA exposure, the best pitch you can make to non-techies.

Still, the bottom line is that moving from paper to EMRs isn’t just a change-management exercise. It forces clinicians to think about how they use, distribute and share data on a profound level. I hope it does, anyway…cause if providers aren’t ready to think about these issues, things aren’t going to be pretty.