Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

Large Health Facilities Have Major Patient Data Security Issues

Posted on July 2, 2014 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Many healthcare organizations have security holes that leave not only their systems, but their equipment susceptible to cyberattacks, according to two recent studies.

The researchers included Scott Erven, head of information security for multi-state hospital and clinic chain Essentia Health, and Shawn Merdinger, an independent consultant. According to iHealthBeat, the two presented their findings last week at the Shakacon conference.

Erven and his colleagues conducted a two-year study addressing the security of Essentia’s medical equipment. As part of their study they found that hackers could manipulate dosages of drugs provided by drug infusion pumps, deliver random defibrillator shock to patients or prevent medically needed shocks from taking place, and change the temperature settings in refrigerators holding blood and drugs.

The research team also looked for exposed equipment within other healthcare organizations, and the results were appalling. Within only 30 minutes, iHealthBeat notes, they found one healthcare organization which had 68,000 devices that exposed data.  Across all of the health systems they studied, they found 488 exposed cardiology systems, 323 PACS systems, 32 pacemaker systems, 21 anesthesiology systems and and several telemetry systems used to monitor elderly patients and prevent infant abductions.

Both Erven and Merdinger found that the organizations are leaking data because an Internet-connected computer had not been configured securely. Typically, data leaks occurred because sys admins had allowed Server Message Block –a protocol used to help admins find and communicate with computers internally — and allowed it to broadcast information turning private data into publicly-accessible data.

According to Erven, these issues are “global” and impact thousands of healthcare organizations. He suggests that too often, healthcare organizations focus on HIPAA compliance and don’t put enough effort into penetration testing and vulnerability protection.

This should come as no surprise. After all, Proficio’s Takeshi Suganuma notes, HIPAA was developed to protect PHI for a wide range of organizations, and as he puts it, “one size seldom fits all.”  While HIPAA compliance is important, collection, analysis and monitoring of security events are also critical activities for medium- to large-sized organizations, Suganuma suggests.

He also warns that healthcare organizations should be aware that cyberattackers are exploiting not only traditional network vulnerabilities, but also vulnerabilities in printers and medical devices. Networked medical devices are a particularly significant issue, since provider IT teams can’t upgrade the underlying operating system embedded in these devices — and too many of the devices are using older versions of Windows and Linux with known security holes.

The key point Suganuma, Erven and Merdinger are making is that while HIPAA compliance is good, healthcare organizations must pay greater attention to new attack vectors, or they face high odds of security compromise.  Seems like there’s a lot of work (and investment) afoot.

UPMC Kicks Off Mobility Program

Posted on July 1, 2014 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

If you’re going to look at how physicians use health IT in hospitals, it doesn’t hurt to go to doctors at the University of Pittsburgh Medical Center, a $10 billion collosus with a history of HIT innovation. UPMC spans 21 hospitals and employs more than 3,500 physicians, and it’s smack in the middle of a mobile rollout.

Recently, Intel Health & Life Sciences blogger Ben Wilson reached to three UPMC doctors responsible for substantial health IT work, including Dr. Rasu Shrestha, Vice President of Medical Information for all of UPMC, Dr. Oscar Marroquin, a cardiologist responsible for clinical analytics and new care model initiatives, and Dr. Shivdev Rao, an academic cardiologist.

We don’t have space to recap all of the stuff Wilson captured in his interview, but here’s a few ideas worth taking away from the doctors’ responses:

Healthcare organizations are “data rich and information poor”: UPMC, for its part, has 5.4 petabytes of data on hand, and that store of data is doubling every 18 months. According to Dr. Shrestha, hospitals must find ways to find patterns and condense data in a useful, intelligent, actionable manner, such as figuring out whether there are specific times you must alert clinicians, and determine whether there are specific sensors tracking to specific types of metrics that are important from a HIM perspective.

Mobility has had a positive impact on patient care:  These doctors are enthusiastic about the benefits of mobility.  Dr. Marroquin notes that not only do mobile devices put patient care information at his finger tips and allow for intelligent solutions, it also allows him to share information with patients, making it easier to explain why he’s doing a give test or treatment.

BYOD can work if sensitive information is protected:  UPMC has been supporting varied mobile devices that physicians bring into its facilities, but has struggled with security and access. Dr. Shrestha notes that he and his colleagues have been very careful to evaluate all of the devices and different operating systems, making sure data doesn’t reside on a mobile device without some form of security.

On the self-promotion front, Wilson asks the doctors about a pilot  project (an Intel and Microsoft effort dubbed Convergence) in which clinicians use Surface tablets powered by Windows 8. Given that this is an Intel blog, you won’t be surprised to read that Dr. Shrestha is quite happy with the Surface tablet, particularly the form factor which allows doctors to flip the screen over and actually show patients trends.

Regardless, it’s interesting to hear from doctors who are gradually changing how they practice due to mobile tech. Clearly, UPMC has solved neither its big data problems nor phone/tablet security issues completely, but it seems that its management is deeply engaged in addressing these issues.

Meanwhile, it will be interesting to see how far Convergence gets. Right now, Convergence just involves giving heart doctors at UPMC’s Presbyterian Hospital a couple dozen Microsoft Surface Pro 3 tablets, but HIT leaders plan to eventually roll out 2,000 of the tablets.

Sutter Health Ready To Deploy HIE, But Can It Succeed?

Posted on June 30, 2014 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Sutter Health doesn’t have a great reputation when it comes to EMR implementation. Late last year, when we reported that Sutter’s Epic EMR crashed for an entire day, comments came pouring in about the company’s questionable approach to training its staff on using the system.

According to Epic consultants who’d been involved in the project, Sutter leaders decided that Epic experts were there to “facilitate” training done by inexperienced in-house teams, rather than actually teach key users what they need to know. The result was strife, disorder and anxiety, according to several consultants who’d been involved. Since then, Sutter has connected its EMR to five medical foundations and 17 hospital campuses; by next year, it expects the EMR to connect to information on 3 million patients. But there’s no reason to think it’s changed its training strategy, which could cast a bit of a pall over the new project.

Now, Sutter Health is building out a health information exchange, working with Orion Health, which will tie together hospitals and doctors both inside and outside of its network across northern California. Sutter plans to begin deploying the HIE in phases this summer, starting with data integration with the Epic EMR and extending to testing exchange of inbound and outbound data. If the project works out, it seems likely that it will be a plus for every provider that does business with Sutter.

The question is, will Sutter do a better job of managing this process than it did in rolling out its EMR? While it’s easy to boast that your plans are going to be a “gamechanger” for the market, it’s hard to take that claim at face value when your EMR implementation hasn’t gone so splendidly.

Certainly, Orion is a reputable HIE vendor which has been praised for having strong products and service. And Sutter certainly has the financial wherewithal to see such an effort through. The thing is, if Sutter leaders (seemingly) took a wrongheaded approach to the all-important issue of EMR training, who knows what curveballs they might throw into the process of rolling out an HIE? Even if its EMR has stabilized and Sutter has somehow gotten past its training hurdles, its past missteps don’t inspire confidence.

If I were with Orion, I’d draw a firm line where training was concerned, as Sutter’s past strategy only seems to have cast its last major HIT vendor in a bad light. If not, I’d make sure the contract had a workable bailout clause…or be prepared for some serious headaches.

Georgia EMR Disaster: Was IT Department Responsible?

Posted on June 18, 2014 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

A few weeks ago, heads began to roll at Georgia’s Athens Regional Health System when its $31 million Cerner rollout began to fall apart. After clinicians complained that a rushed rollout process was generating a host of medication errors and other mistakes, President and CEO James Thaw resigned, and less than a week later, SVP and CIO Gretchen Tegethoff left as well.

Since then, however, the political landscape there has changed, with the facility’s chief medical officer, as well as Cerner executives, contending that the disaster was due to mistakes by the health systems IT team, according to HealthcareITNews. The Cerner execs, CMO and others are arguing that IT leaders made strategic decisions that should’ve been made by clinicians, the publication says.

A local paper, the Athens Banner Herald, notes that the Cerner rollout was done largely by the hospital’s IT team, and that few end-users were involved. That, at least, is what Cerner VP Michael Robin told the paper.  And a different Cerner VP, Ben Himes, took another shot at the IT department, arguing that this implementation seems to have come out on the IT side of things, rather than stressing clinical involvement.

The bottom line seems to be that regardless of what actually happened, the clinicians at the hospital seem to of felt left out of the process, never good thing when we’re dealing with a tool that they’ll need to use everyday.  Regardless of what actually happened, it seems the hospital’s IT department didn’t do a good job of engaging clinicians and getting their feedback; under those circumstances, the likelihood of kicked up a fuss even if implementation was otherwise smooth.

On the other hand, I’m always a little skeptical when vendors point fingers at their customers and say it was their fault when things go wrong. OK, I realize that there may be some truth to their accusations, and that Cerner has a right to defend itself, but it’s hardly a good PR move to dump problems with the implementation completely in the customer’s lap.

The truth is, will probably never know exactly what happened with this EMR implementation. Considering the scale of the project, and the number of people involved, it’s inevitable that this will go down in a blaze of finger-pointing. But it never hurts to be reminded that EMR implementations which leads physicians feeling as though they’re on the sidelines are politically risky at best, and potentially disastrous at worst.

 

EMRs Now A Patient Draw At Hospitals

Posted on November 5, 2013 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

In the past, the mere fact that a hospital had adopted an EMR wasn’t news in and of itself — at least not to a hospital’s current and potential patients. After all, hospitals didn’t let everyone know when they upgraded its network or added backup storage facilities, right?

These days, however, EMR adoption has become a consumer attraction, enough so that hospitals announce their go-live with press releases and public spectacle.

One example comes from Colorado Springs, CO-based Memorial Hospital, which is part of the University of Colorado Health system. Memorial, which launched its EMR this past weekend, spent $30 million on an Epic system.

The launch comes complete with a portal, My Health Connection, allowing  patients to access their medical records, request appointments online, communicate with doctors via secure e-mail and receive test results. The portal is also intended to make it easier for doctors throughout the UCHealth system to access patient records.

The Memorial press release announcing this milestone lumps the Epic implementation in with a laundry list of accomplishments aimed at selling consumers on the facility, including the hiring of 30 physicians, Chest Pain Center Accreditation with PCI and Primary Stroke Center Certification.

As this announcement points up, an EMR launch is seen as a consumer marketing win, not just another project completion by the IT department. Of course, that’s the case partly because the launch comes with the release of a portal offering convenient data access and appointment scheduling. But I’d argue that EMRs have grown sexy enough in consumers’ minds that the mere use of one has some cachet by itself.

Now, this marketing strategy can backfire if the EMR launch goes poorly. For example, I’m sure the C-suite execs at Sutter Health were dismayed when the nurses’ union there went public with safety concerns about the Epic EMR implemented across the system.

For the most part, though, I think we’ll see hospitals bragging about their new EMR if it offers any advantage to consumers. EMRs have become a prominent enough part of medical care that implementing one wins the institution some brownie points.

Hospital Partnerships May Help With EMR Costs

Posted on October 29, 2013 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Nearly three quarters of hospitals surveyed in a recent study by health IT vendor Anthelio plan to find partnerships while retaining ultimate ownership of their facility. And among the to-do list items more than half need to pull off is implementing their EMR.

The survey, which was conducted between August and September 2013, used an e-mail questionnaire which was sent out to community-based hospitals and health systems with up to 500 beds, according to a report in Health Data Management magazine. The researchers received responses from 135 community hospital executive representing 123 community-based hospitals.

Seventy-four percent of respondents were looking for partnerships that didn’t involve giving up their independence, while only 9 percent were considering consolidation with a hospital system. That’s a huge dip from last year, in which 41 percent were willing to consider consolidation.

Of the group, only 40 percent have completed and are operating EMRs. Most of the remaining 60 percent have bought an EMR, but have only partially implemented it. It seems very likely that those who haven’t finished their implementation are hoping to leverage their partners’ IT resources to get the job done more quickly and effectively.

Of course, there are other expensive items on hospital executives’ plates, including the transition to ICD-10. Researchers found that 39 percent of respondents have spent or anticipate spending less than $100,000 on the ICD-10 transition, 40 percent will spend $100,000 to $499,000, 13 percent will spend $500,000 to $999,000 and 9 percent will spend more than one million, Health Data Management said.

Take these two forces alone, and it’s clear why hospitals are willing to give up some of their independence in exchange for financial and operational support from a partner. Toss in the need to have a decent bargaining position in a post-ACO world, and the idea of partnering up looks even more attractive.

Still, it’s a risky strategy. To be honest, I’m skeptical that a partnership can deliver these benefits the way executives would hope. In fact, my guess is that a partnership or merger would make an EMR implementation more difficult to coordinate, not less. I suppose we’ll have to wait and see what actually happens.

Embattled Hospital Relies On Epic To Help Acquisition

Posted on October 28, 2013 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Here’s an interesting legal battle which puts a health system’s Epic EMR center stage.  Idaho-based St. Luke’s Health System, which is facing an antitrust challenge by a competing hospital, is responding to that challenge, in part, by citing the benefits of having an Epic system in place.

St. Luke’s was hit with an antitrust complaint lodged by Saint Alphonsus Medical Center, which claims that the system’s acquisition of Saltzer Medical Group of Nampa, Idaho will allow it to control nearly 80 percent of that market. The antitrust case, which involves both the FTC and the state of Idaho, is now before the U S District Court, reports EHR Intelligence.

During the proceedings last week, discussion focused on St. Luke’s decision to implement an Epic EMR, a move which reportedly cost $200 million. The install won’t be complete until 2017, according to the Idaho Statesman.

Though there’s a long road to walk before the Epic system will be complete, executives are already touting its benefits, with St. Luke’s CMIO testifying that Epic will allow patients to become engaged with their care, leading to better outcomes.

More importantly, for the purpose of the court  proceedings, adoption and implementation of the Epic system will eventually serve as the backbone of a St. Luke’s affiliate program under which independent doctors can use the system while paying only 15 percent of the costs, EHR Intelligence notes.

Saint Alphonsus Medical Center, for its part, argues that St. Luke’s reliance on the EMR is largely smoke and mirrors. In its joint pre-trial memorandum, the facility dismisses the claims regarding Epic’s benefits for Salzer as “speculative” and not a sufficient step to justify the acquisition. The memorandum also notes that Salzer already has its own EMR in place, making the purported benefits of substituting Epic even more tenuous.

So, what to make of this?  If nothing else, regardless of whether Epic contributes to the potential for this acquisition, the throwing down of the Epic gauntlet in court point to the prestige the vendor has achieved. Apparently, St. Luke’s feels that citing the availability of a system that won’t be fully implemented for five whole years is a workable defense given Epic’s high profile.

I find myself wondering whether a defense based on having another of the so-called “big 5″ EMRs would even be considered. Given Epic’s dominant position in the industry, it’s possible that it’s the only vendor whose name would do the trick.

Health Exchanges Pose Added Stress For Hospital IT Departments

Posted on September 30, 2013 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

There’s no doubt that hospital IT departments have their hands full already, what with Meaningful Use and ICD-10 hovering over them like a huge black cloud. But as one Information Week story reminds us, there’s another big project in the wings which could add even more to their plate.

The IW story, which offers intelligence from the American Hospital Association and several consultants, notes that the coming of health exchanges and the accompanying Medicaid expansion in some states will have a substantial effect on hospital IT departments.

For one thing, the story reports, with a flood of newly insured Americans arriving at the door, hospitals will need to enhance their revenue cycle management systems, as the number of health plans with which they do business should rise meaningfully.

Hospitals will need to deal with the fact that some patients who buy insurance on the exchanges will have high deductibles and copayments, in some cases as high as $5,000 or $6,000. Given these deductibles, it will be crucial for hospitals to determine what kind of coverage patients have. Many hospitals will end up upgrading their RCM systems to better interface with managed care plans.

Unfortunately, even that won’t assure payment. As the IW story points out, even a direct connection to the insurance company in question may not do the job, as eligibility information from health plans is often 30 – 90 days out of date. “So if patients miss two premium payments and are no longer covered — but the data says they are covered, and the hospital proceeds accordingly — the bill never gets paid,” according to Thad Glavin, senior director of the Advisory Board’s RCM division, who spoke with the magazine.

Still, hospitals will need more and better connections with health plans even if the information they get in return is questionable. Sure, despite the risks that come with the change in insurance under the Affordable Care Act, I wager that hospitals’ steely focus on Meaningful Use and ICD–10 will leave RCM projects shortchanged at first. But as the high-deductible bills keep building up, hospitals will squeeze in new RCM system development. I give it six months to twelve months, max.

EMRs Can Reduce ED Visits, Hospitalizations For Diabetics

Posted on September 16, 2013 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Using EMRs is associated with a drop in ED visits and hospitalizations among diabetics, according to a study covered in iHealthBeat.

The research, which appeared in the Journal of the American Medical Association, involved analyzing all of the 169,711 records for patients enrolled in Kaiser Permanente Northern California’s diabetes registry.

Researchers drew on data collected between 2004 and 2009. During this period, in 2005, KP began to stagger EMR implementations across the region’s 45 outpatient facilities, iHealthBeat reports.

The study found that EMR implementations were associated with the following results, according to iHealthBeat:

  • 10.50% decline in hospitalizations for preventable, ambulatory-care sensitive conditions, or about 7.08 fewer hospitalizations per 1,000 patients annually;
  • 6.14% decline in non-elective hospital admissions, or about 10.92 fewer admissions per 1,000 patients annually;
  • 5.54% decline in ED visits, from an expected 519.12 per 1,000 patients to 490.32 annually; and
  • 5.21% decline in hospital admissions, from an expected 251.6 per 1,000 patients to 238.5 annually

That being said, EMR implementation had no effect in certain areas. The number of physician office visits per year held steady at six; the frequency of times patients saw diabetic exacerbations remained level; and how often patients developed cardiovascular diseases remained the same, iHealthBeat noted.

The researchers concluded that these results represented not only an improvement in diabetes care, but also “the cumulative effect of EHRs across many different pathways and conditions.

This study is one of a growing body of evidence that effective EMR  use can reduce readmissions and improve outcomes.  For example, a recent study appearing in BMJ Quality & Safety recently concluded that EMRs can help reduce hospital readmissions of high-risk heart failure patients.

In that case, researchers used EMR-based software to sort high-risk from low-risk heart failure patients, using 29 clinical, social and behavioral factors within 24 hours of admission for heart failure. Using this tool, researchers were able to cut readmissions rates for the 1,700 adult inpatients study from 26.2 percent to 21.2 percent.

Ohio HIE Hits 101-Hospital Mark

Posted on September 12, 2013 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

This is a very busy time for HIE builders.  In recent months several states have either announced that they’d completed their preparations for a broad-based HIE or reached a new milestone in HIE participation.

For example, earlier this month the state of Wisconsin announced that it is gearing up to kick off a statewide HIE network that would embrace hospitals, clinics, nursing homes and other care facilities, powered by HIE technology vendor Medicity.

According to Health Affairs, this is part of a larger trend. A recent piece in the journal noted that health data exchanges between hospitals and other healthcare providers have climbed 41 percent between 2008 and 2012.

The latest in state HIE news comes from Ohio, where the state’s HIE has just announced that it had signed two hospitals, 25 bed Harrison Community Hospital in Cadiz as well as 91-bed Wilson Memorial Hospital in Sidney, reports Healthcare IT News.  With the new additions, Ohio’s CliniSync HIE now boasts 101 of the state’s hospitals.

CliniSync, which is run by the nonprofit Ohio Health Information Partnership, is based on Medicity technology as well.  With these new members, and the momentum it has underway, CliniSync might well be one of the largest public HIEs in the U.S. by 2014, Healthcare IT News reports.

According to Healthcare IT News, CliniSync makes it possible for physicians, hospitals, nurses and others who do patient care to share patient data electronically. What’s really neat, if true, is that CliniSync will allow doctors and hospitals with varied EMRs to share data. Previously, the HIE members could only share data regionally or within their own systems.