Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

Hospital EMR and EHR Milestone – 1 Million Pageviews

Posted on February 13, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.


I was just looking over the stats for Hospital EMR and EHR and noticed that were right at 1 million pageviews for this site. That’s a pretty amazing accomplishment for such a niche site. Especially since we’ve moved a lot of the traffic off of the site and onto our email list. Looks like this will make the 1111th blog post for Hospital EMR and EHR and it has 25,293 email subscribers (Subscribe Here) to the content we generate on this site. That’s a really amazing thing since we email those on the list 3-5 times per week. Hospital EMR and EHR has become a really important part of Healthcare Scene and we’re happy to contribute to the hospital healthcare IT industry at large.

On this milestone, we want to thank some of our recent sponsors that have made what we do possible. If you enjoy reading our content, please take a second to look through our sponsors to see if one of them can help make your life easier.

Stericycle Communication Solutions – Stericycle has been a long time sponsor of multiple Healthcare Scene blogs. Plus, they have written the Communication Solutions Series of blog posts which are an excellent read if you’re interested in strategies for healthcare engagement. They also have a free guide that addresses the question Patient or Consumer? This is a great company that’s really working to make the patient experience better.

Galen Healthcare Solutions – We’ve had the chance to work with Galen Healthcare Solutions across a number of different mediums including email, display ads, and sponsored content. You’ve probably read their Tackling EHR and EMR Transition series where they’ve shared a lot of great insights into how your organization should handle archiving old legacy data and also how you can migrate data from one EHR to a new EHR. Both of these topics are going to become increasingly important and Galen Healthcare Solutions have become real experts. Be sure to check out their Free Data Archive whitepaper and their Free EHR Migration whitepaper.

Medical Software Advice (A Gartner Company) – I’ve been working with Medical Software Advice for a very long time. They’ve provided a really great service to my readers around EHR selection. With 300+ EHR vendors out there, it can be hard to cut through the various options. Medical Software Advice has helped out hundreds of companies with their EHR selection including setting up EHR demos and getting EHR pricing. Check out their Top 5 EHR Software list.

4Med – 4Med is another partner that we’ve worked with for a very long time. They’ve consistently offered some great educational content (include CEUs) for the healthcare IT professional. Here are some of their upcoming courses that are great examples: HIPAA Compliance Officer, Patient Centered Medical Home Project Manager, and ACI MACRA-MIPA Project Manager. Each of those links gives you a discount off the regular registration price.

HIPAAOne – HIPAA compliance has always been essential to healthcare, but meaningful use and now MACRA have made the HIPAA Risk Assessment a priority for many organizations. What’s shocking to me is how many organizations haven’t done a proper HIPAA Risk assessment. HIPAA One has created a really great software solution to automate your HIPAA Risk Assessment. I like to call them the Tax Act or H&R Block software for HIPAA compliance. If you’ve got a stack of Excel spreadsheets managing your HIPAA Risk Assessment, take a second to look at how HIPAAOne can make your job easier. Also, they have a great 5 min HIPAA compliance quiz to assess some of key HIPAA compliance areas.

We’re also excited to announce our new Healthcare Scene media kit. It’s been amazing to see the evolution of what we’re able to offer healthcare IT vendors. We really want to develop deep relationships with our advertisers and not just take their money and run. We think that’s the best thing for both our readers and our advertisers. If you’re trying to get the word out to the hospital market, let us how we can help on our contact us page.

I couldn’t finish this post without saying a massive thank you to our readers. It’s hard to know exactly what kind of impact you’re having when you blog. However, every once in a while you get a glimpse into the benefit your blog posts are providing readers and that makes it all worthwhile. Thank you to each of you who read and support our work.

Now, on to the next million pageviews!

Rumor Control: These are the Facts

Posted on January 16, 2017 I Written By

For the past twenty years, I have been working with healthcare organizations to implement technologies and improve business processes. During that time, I have had the opportunity to lead major transformation initiatives including implementation of EHR and ERP systems as well as design and build of shared service centers. I have worked with many of the largest healthcare providers in the United States as well as many academic and children's hospitals. In this blog, I will be discussing my experiences and ideas and encourage everyone to share your own as well in the comments.

Why is it that one of the largest challenges on any project is miscommunication and out of control rumors? While many projects need and would benefit from more communication, even with the best of communication plans, project teams can spend more time dispelling false information than proactively communicating.

I believe in strong communication plans for EHR and ERP projects that include a wide range of communication including town halls, newsletters, emails, signage, internet sites, and other methods of sharing correct information. But on every project, no matter how much we communicate, certain hospital staff will find other sources of information.

I can see the rumor coming when an email or conversation starts with “I heard that…” or “Is it true that…”. These are telltale signs that I am about to hear a rumor. Rumors can range from minor details to far-reaching implications such as a perceived change in project scope or even the live date. While most rumors are just annoyances, responding to them and controlling them can be a significant strain on the project team’s time.

I believe that hospitals have a unique challenge in that proactive communication is more challenging than in many traditional businesses because it is common for a large portion of the staff, including nurses and physicians, to rarely check email. As a result, they are often in a position where “hallway conversation” is how they first hear information and are more likely to give it credibility.

While I admit that I have personally never been able to fully eliminate the rumor challenge, I’d like to share several ideas about what I have seen as an effective way to keep the rumor mill under control:

1) Establish a clear Source of Truth – From the very beginning of the project, communicate to every possible audience how decision and communications will be distributed and who they should contact with questions and information. If it doesn’t come from one of the accepted Sources of Truth, its not true. When I lead a project, I prefer to be the Source of Truth – if it doesn’t come from me verbally or in writing, it isn’t true.

2) Encourage questions and respond to all of them timely – When I am running a project, my motto is “Ask me anything, anytime”. At times, I will get dozens or even hundreds of questions a day through meetings, phone calls, texts, and emails. I respond to every question, providing the truth if I have it, or getting them to the person who can provide the truth. Rumors often start because staff members are not getting answers or don’t feel their questions are welcomed. How do I respond to so many requests? I do it immediately so they can’t accumulate – which also helps inspire confidence and a feeling that they can ask rather than assume.

3) Town Halls – I strongly believe that a change management and communication strategy must include town halls. During town halls, project teams should provide an overview of what is occurring that is relevant to the staff, do occasional software demonstrations, and most importantly – field questions. Creating those proactive communication channels is a powerful way to avoid people creating their own truths.

4) Provide the complete truth – Sometimes the answer to a question is not known because it has not been determined, or has not been considered. Sometimes it is not what the person wants to hear. Regardless, provide the truth – and the complete truth. There is nothing wrong with saying that you don’t know – but can find out. Or that a decision has not been made, but now that they have raised the concern we will make it and get back to them. Responding immediately doesn’t always mean providing an answer immediately, as long as the follow-up is done once the answer is available.

5) Communicate Everywhere – A communication plan must be extensive and include many different points of contact. Intranet sites can look impressive and have lots of great information on them – but usually only a small percentage of the staff will check them. Consideration must be given as to how to communicate with contracted employees, physicians, and traveling nurses. This is particularly challenging during an EHR roll-out when all of these parties must be enrolled in training classes and kept up-to-date on the go-live. Find and use every possible communication challenge. There are always questions about how much communication is too much – but they apply to the volume of communication you push through a particular communication channel – not the number of different communication channels you use.

Finally, accept that no matter what you do, rumors will form and will need to be dispelled. Its part of project management and change management that always had existed, and always will. Properly controlled, the rumors can be a minor distraction at worst – entertainment at best.

Please share any ideas you have found to be successful in keeping rumors under control.

If you’d like to receive future posts by Brian in your inbox, you can subscribe to future Healthcare Optimization Scene posts here. Be sure to also read the archive of previous Healthcare Optimization Scene posts.

The Millennial Paradox and My New Year’s Resolution

Posted on January 2, 2017 I Written By

For the past twenty years, I have been working with healthcare organizations to implement technologies and improve business processes. During that time, I have had the opportunity to lead major transformation initiatives including implementation of EHR and ERP systems as well as design and build of shared service centers. I have worked with many of the largest healthcare providers in the United States as well as many academic and children's hospitals. In this blog, I will be discussing my experiences and ideas and encourage everyone to share your own as well in the comments.

Simon Sinek always has some incredible insights. My wife pointed out this interview, the Millennial Paradox – it tackles the question of what Millennials are looking for in the workplace and also addresses issues with technology overload and our increased need for constant communication.

He speaks quite extensively about how technology is preventing us from establishing meaningful relationships. Its discussed in relationship to why Millennials have workplace challenges but while I am a generation removed from them I see that I share in these challenges and would likely find that many readers of this article do as well.

I suspect I’m not alone, but I have to admit that I’m allowing my phone to dominate my daily life and priorities. In the video, Simon describes how people take their phones to meetings and as a result, are not spending time building relationships with those they work with. I’ve been doing that lately – I put my phone on the table and feel the constant pull to check it. I need to check my email. I feel the siren call of the the vibrating phone and must see what it is.

I don’t generally do New Year’s resolutions. But this year, I’m making an exception. 2017 is the year I don’t carry my phone at every moment, the year that I might not respond to every text or email regardless of the hour, and overall the year that I reclaim control of my life from my iphone.

If you’d like to receive future posts by Brian in your inbox, you can subscribe to future Healthcare Optimization Scene posts here. Be sure to also read the archive of previous Healthcare Optimization Scene posts.

What’s the Role of a Hospital CIO in Business Model Transformation?

Posted on December 23, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I don’t think anyone would argue that the healthcare business model is changing. There are a number of dynamics at play that are requiring every healthcare organization to evaluate what their business will look like in the future. Some examples of these changes include:

  • Patients with High Deductible Plans
  • Accountable Care Organizations
  • Other Risk Based Care Models
  • Value Based Reimbursement
  • Telemedicine
  • Chatbots and AI Assistants
  • Health Sensors
  • Retail Clinics

I could go on and on, but I think that highlights some of the major ones. What’s interesting about these trends is that it requires a change in business model. However, pretty much every one of these changes in business models requires the use of technology to facilitate the change. Some of them are impossible to do without technology.

If technology is going to play an important role in healthcare’s business transformation, what role should the hospital CIO play in the organization?

What’s shocking to me is how many CIOs don’t want any part in the business transformation part of healthcare. At CHIME I heard one CIO say, “We don’t want anything to do with MACRA. We just want to supply them the systems and let them figure it out.” I’m not sure the “them” he was referring to, but I think this approach is a big mistake. We’re all in this together and have to act as a team to get it done in the most efficient and effective way possible.

I was impressed by another hospital CIO who said basically the opposite. She said, “Oh no, we’re going to be in charge of MACRA and MIPS. I don’t want them taking over MACRA and MIPS, because if they’re in charge of it they’ll select a bunch of items for which we’re not capable of doing.”

Once again, this points to the need for collaboration to occur. You need the clinical insight together with the technical and software based insight in order to make the best decisions possible.

More importantly is I think it’s a big mistake for the hospital CIO to not be part of the business transformation. If the hospital CIO doesn’t take part in business transformation, then IT essentially becomes a commodity. The worst thing you can be in an organization is a commodity. When you’re a commodity they squeeze the budget out of you and you’re seen as non-essential or non-critical to an organization. What CIO wants to be in that type of organization?

I do see most progressive healthcare IT leaders outsourcing much of the “commodity IT” to other third party providers so they can focus their efforts on becoming a more essential part of their organization’s business transformation. The problem is that this requires a different set of skills and interests than what was essentially an operational role managing servers, desktop, and the network.

What type of CIO are you? What type of CIO does your organization need or want?

We’re Great at Creating Policies and Procedures, but Awful At Removing Them

Posted on December 21, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Ever since I heard Tony Scott, the US CIO, talk about his goal of taking stuff off the federal books, I’ve been chewing on that concept. There’s little doubt that the federal government is really great at creating laws and regulations, but they’re really poor at getting rid of old laws and regulations. It’s hard to blame them. I don’t really know anyone that enjoys what amounts to “spring cleaning.” Needless to say, the US government could certainly be part of an episode (or even multiple seasons) of Hoarders the way they keep laws and regulations sitting around gathering dust.

While it’s easy to slam the government for their hoarding tendencies, I don’t think healthcare is immune to this problem either. Sometimes we’re required to “hoard” patient medical records by law. That’s not a bad thing since it’s good to comply with the law. However, it is a bad thing when we no longer are required to retain the data and the data in this old data has limited value.

In fact, much of that old outdated data could pose a risk to patients. We all know that many of our first IT systems were implemented quickly and therefore resulted in poorly collected data. Keeping around incorrect data can lead to disastrous consequences. It might be time for some spring cleaning (yes, it can be done in Winter too).

What’s more troublesome than this is many of the policies and procedures that exist in most hospital systems. Much like the government these policies and procedures get put in place, but we rarely go back and take them off the books. My least favorite thing to hear in a hospital when I ask why they do something a certain way is “We’ve always done it this way.”

If we don’t know why we’re doing something, that’s the perfect opportunity to ask the question and figure out the answer. Many times there is a good answer and a good reason for the policy and procedure. However, more often than most people realize, we’re just doing something because we’ve always done it that way and not because it’s the best way to do something.

I love Tony Scott’s effort to purge things from the books that are outdated, useless, or even harmful. Every hospital organization I’ve seen could benefit from this approach as well. Their organization would benefit, their employees would benefit, and ultimately patients would benefit as well.

When was the last time you got rid of a policy or procedure?

Easing The Transition To Big Data

Posted on December 16, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Tapping the capabilities of big data has become increasingly important for healthcare organizations in recent years. But as HIT expert Adheet Gogate notes, the transition is not an easy one, forcing these organizations to migrate from legacy data management systems to new systems designed specifically for use with new types of data.

Gogate, who serves as vice president of consulting at Citius Tech, rightly points out that even when hospitals and health systems spend big bucks on new technology, they may not see any concrete benefits. But if they move through the big data rollout process correctly, their efforts are more likely to bear fruit, he suggests. And he offers four steps organizations can take to ease this transition. They include:

  • Have the right mindset:  Historically, many healthcare leaders came up through the business in environments where retrieving patient data was difficult and prone to delays, so their expectations may be low. But if they hope to lead successful big data efforts, they need to embrace the new data-rich environment, understand big data’s potential and ask insightful questions. This will help to create a data-oriented culture in their organization, Gogate writes.
  • Learn from other industries: Bear in mind that other industries have already grappled with big data models, and that many have seen significant successes already. Healthcare leaders should learn from these industries, which include civil aviation, retail and logistics, and consider adopting their approaches. In some cases, they might want to consider bringing an executive from one of these industries on board at a leadership level, Gogate suggests.
  • Employ the skills of data scientists: To tame the floods of data coming into their organization, healthcare leaders should actively recruit data scientists, whose job it is to translate the requirements of the methods, approaches and processes for developing analytics which will answer their business questions.  Once they hire such scientists, leaders should be sure that they have the active support of frontline staffers and operations leaders to make sure the analyses they provide are useful to the team, Gogate recommends.
  • Think like a startup: It helps when leaders adopt an entrepreneurial mindset toward big data rollouts. These efforts should be led by senior leaders comfortable with this space, who let key players act as their own enterprise first and invest in building critical mass in data science. Then, assign a group of core team members and frontline managers to areas where analytics capabilities are most needed. Rotate these teams across the organization to wherever business problems reside, and let them generate valuable improvement insights. Over time, these insights will help the whole organization improve its big data capabilities, Gogash says.

Of course, taking an agile, entrepreneurial approach to big data will only work if it has widespread support, from the C-suite on down. Also, healthcare organizations will face some concrete barriers in building out big data capabilities, such as recruiting the right data scientists and identifying and paying for the right next-gen technology. Other issues include falling reimbursements and the need to personalize care, according to healthcare CIO David Chou.

But assuming these other challenges are met, embracing big data with a willing-to-learn attitude is more likely to work than treating it as just another development project. And the more you learn, the more successful you’ll be in the future.

Health System Sees Big Dividends From Sharing Data

Posted on November 21, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

For some health organizations, the biggest obstacle to data sharing isn’t technical. Many a health IT pundit has argued — I think convincingly — that while health organizations understand the benefits of data sharing, they still see it as against their financial interests, as patients with access to data everywhere aren’t bound to them.

But recently, I read an intriguing story by Healthcare IT News about a major exception to the rule. The story laid out how one healthcare system has been sharing its data with community researchers in an effort to promote innovation. According to writer Mike Miliard, the project was able to proceed because the institution was able to first eliminate many data silos, giving it a disciplined view of the data it shared.

At Sioux Falls, South Dakota-based Sanford Health, one health leader has departed from standard health system practices and shared a substantial amount of proprietary data with research organizations in his community, including certain clinical, claims, financial and operational data. Sanford is working with researchers at South Dakota State University on mathematics issues, University of South Dakota business researchers, Dakota State University on computer science/informatics and University of North Dakota on public health.

The effort is led by Benson Hsu, MD, vice president of enterprise data and analytics for the system. Hsu tells the magazine that the researchers have been developing analytical apps which are helping the health system with key issues like cost efficiencies, patient engagement and quality improvement. And more radically, Hsu plans to share what he discovers with competitors in the community.

Hsu laid the groundwork for the program, HIN reports, by integrating far-flung data across the sprawling health system, including multiple custom versions of the Epic EHR, multiple financial accounts and a variety of HR systems; analytics silos cutting across areas from clinical decision support and IT reports to HR/health plan analytics; and data barriers which included a lack of common data terms, benchmarking tools and common analytic calculator. But after spending a year pulling these areas into a functioning analytics foundation, Sanford was ready to share data with outside entities.

At first, Hsu’s managers weren’t fond of the idea of sharing masses of clinical data with anyone, but he sold them on the idea. “It’s the right thing to do. More importantly, it’s the right thing to do for the community — and the community is going to recognize that Sanford health is here for the community,” he argued. “Secondly, it’s innovation. Innovation in our backyard, based on our population, our social determinants, our disparities.”

According to HIN, this “crowdsourced” approach to analytics has helped Sanford make progress with predicting risk, chronic disease management, diagnostic testing and technology utilization, among other things. And there’s no reason to think that the effort won’t keep generating progress.

Many institutions would have shot down an effort like this immediately, before it could accomplish results. But it seems that Sanford’s creative approach to big data and analytics is paying off. While it might not work everywhere, I’m betting there are many other institutions that could benefit from tapping the intellect of researchers in their community. After all, no matter how smart people are, some answers always lie outside your walls.

Physician Transparency List

Posted on November 4, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

When social media initially started to become popular, a man named Ed Bennet did this amazing job creating a list of hospitals that were doing things on social media (ie. Facebook and Twitter). It was a really incredible look into how hospitals were approaching Twitter and Facebook. At the time, no one knew what they were doing. We were all trying to figure out. It was a dynamic and fun time, but also a bit scary since we were all shooting from the hip.

Over time, most hospitals have adopted a full social media strategy and have professionals that are quite familiar with the options available. Certainly, there are some that execute their hospital social media strategy better than others, but very few hospitals aren’t active in some way on social media.

In typical Ed fashion, he’s moved on from social media and has now created a Physician Transparency List which highlights the ways hospitals are displaying various physician ratings on their hospital website. I love that he calls it a transparency list since so many organizations are afraid of these physician ratings. So, it takes a bit of bravery to be willing to post the ratings on your hospital website.

So far Ed has 35 hospitals on that list, but I believe over the next 3-4 years we’ll see most hospitals doing some form of physician transparency on their hospital website. It very much feels like social media where it started with a few hospitals and then spread to many more.

The reality is that these physician ratings are going to be available to the public. So, why not put them on your hospital website? At least then you control the experience the user has and you can give them the opportunity to engage with you and your organization. In fact, I think that’s where so many hospitals have done a poor job. It’s one thing to display a rating. It’s a whole other thing to create easy opportunities for patients viewing your physicians’ ratings to engage with your organization. It’s such a missed opportunity for most hospitals.

I look forward to seeing Ed’s list continue to grow. Plus, it will be great to see how hospitals are taking advantage of this opportunity to be transparent and engage with patients.

Are CIOs Now Vendor Management Organizations?

Posted on October 21, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Over my past 11 years blogging on healthcare IT, I’ve seen a dramatic shift in the role a CIO plays in healthcare organizations. This was highlighted really well to me in a recent interview I did with Steve Prather, CEO of Dizzion. He commented that hospital CIOs are now mostly vendor management organizations.

I thought this was the perfect way to describe the shift. One challenge with this shift is that many hospital CEOs haven’t realized that this is what’s happening. In many hospital executives minds, the CIO is still generating code, implementing servers, network switches, rolling out desktops, and cabling. In most cases, this couldn’t be further from the truth. Yes, the CIO still has to make sure there’s a high quality network, servers, and desktops, but that does little to describe the work a CIO actually does.

Instead of getting into the nitty gritty, most CIOs have become professional vendor managers. This has become the reality as most of what people think of IT (servers, desktop, networks, email, etc) have become commodity services. There’s very little strategic advantage to do these things in-house. They’ve become such commodity services that it costs much less to outsource many of these services to an outside vendor.

What does this mean for the CIO? Instead of being Microsoft or Cisco certified, they need to be well versed in relationship management. That’s a big shift in philosophy and a very different skill set. In fact, most people who have those type of tech skills and certification are people that can struggle with relationships. There are exceptions, but that’s generally the case. CIOs that can’t handle relationships are going to suffer going forward.

Lest we think that this is a change that’s specific to healthcare, it’s not. This shifting CIO role is happening across every industry. In fact, it highlights why it’s not a bad idea to consider CIOs from outside of healthcare. If you can’t find a CIO who has healthcare experience, you could still find a great CIO from outside healthcare as long as they have the right relationship management skills.

More Ideas On Tightening Hospital IT Security

Posted on August 29, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Security deserves all of the attention you can spare, and it never hurts to revisit the fundamentals, in part because the cost of lagging security measures is so high. After all, it’s more than likely that your organization will face a breach, as almost 90% of healthcare organizations experienced at least one breach within the past two years, according to a Poneman Institute study done earlier this year.

Here’s some options to consider when tightening up your security operations, courtesy of Healthcare IT Leaders, whose suggestions include the following:

Hire white hat hackers: Mayo Clinic reportedly tried this a few years ago, and learned a great deal. While its security measures seem to have gotten something of a beatdown, the Clinic also found a bunch of security holes and got recommendations on how to close those holes.

Lock down employee mobile devices: As mobile technology increasingly becomes a key part of your infrastructure, it’s important to keep it secured – but that can be tough when employees own the phone. One question to ask is whether your IT could lock or wipe data from employee phones and tablets if need be. What are your legal options for securing critical data on employee-owned devices?

Review medical device security:  Networked medical devices – from respirators and infusion pumps to MRI scanners – increasingly pose security threats, as any device that receives and transmits data can be a target for attackers.  It’s critical to audit these devices, while setting careful security standards for device makers.

Train staff on security issues:  Often, breaches are due to human error, so it’s critical to educate non-IT employees on the basics of security hygiene. Offering basic security training should cover not only cover ways to avoid security breakdowns – such as avoiding generic or default passwords and phishing e-mails — but also explanations of how such breaches affect patients.

Encourage risk reporting:  According to Poneman, almost half of healthcare organizations discovered a breach through an employee within the past two years. What’s more, nearly one-third of data breaches came to light due to patient complaints. It’s smart to encourage these reports, as IT staff can’t have eyes everywhere.

Disable laptop cameras and microphones:  Laptops generally come with a webcam and microphone, but at least in an enterprise setting, it may be better to disable these functions. Why? For one thing, attackers may be able to listen to private conversations through the microphone.

As I see it, the bottom line on all of these activities is to infuse security thinking into as many IT interactions as possible.  It may be trite to talk about a culture of security (it’s easier said than done, and too many organizations make empty promises) but such a culture can actually make a big impact on your security status.

To have the biggest impact, though, that culture has to extend all the way to the C-suite, and unfortunately, that rarely seems to happen. When I read research on how often healthcare organizations underspend on security, it seems pretty clear that many senior execs don’t take this issue as seriously as that should. And if the staggering level of health data breaches happening lately isn’t enough to scare them straight, I don’t know what will.