Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

Security Issues of Paper Medical Records and Faxes

I loved this tweet. It’s a great reminder that far too often when we look at EHR Implementations we compare it against a world that is 100% and 100% efficient. This is an unfair comparison. Instead of comparing EHR against the perfect world, we need to compare EHR to the alternative. In most cases, we should be comparing the EHR world to the paper chart world. Doing so makes all the difference.

I’ve written previously about this concept when I wrote, It’s Not Like Paper Charts Were Fast. In that instance I was comparing the speed of EHR documentation with paper chart documentation. They’re much closer than we like to remember. In fact, in many cases EHR documentation is much faster than paper charts. Although, critics of EHR prefer to compare the speed of EHR to an automatic documentation world. Unfortunately, the automatic documentation world is still a fantasy. Hopefully that dream eventually comes true.

As the tweet above mentions, the same could be applied to security. No doubt there are security challenges in an EHR world. However, there were and are security challenges with paper charts and faxes as well. For example, there was no good way to audit who accessed a paper chart. That’s not an issue in an EHR world. I could go on and on, but you get the idea.

When evaluating EHR, let’s always remember to compare it to the alternative and not the perfect world that really doesn’t exist.

July 28, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

Reporting EHR Medical Errors

Tom Hubbard brings up some interesting points about EHR medical errors. He suggests that nobody routinely reports EHR medical errors. I would ask if anyone reports EHR medical errors. Where would they report the EHR medical errors? There’s no real governing body for EHR medical errors. Sure, we could make up some places.

A number of years ago I remember some organization stood itself up to be a place where doctors could report errors they found in an EHR software. Of course, this brings up an interesting question. When is the error a user error and when is the error an EHR system error? That gets pretty complex and I’m sure some expert witnesses are going to make a killing testifying for and against the EHR companies. Unfortunately (or fortunately depending on how you look at it), I’m not interested in that kind of work. I prefer building and supporting cool things as opposed to tearing things down.

What do you think of EHR medical errors? Who should have oversight of these problems? Where and how should something be reported? Is this much ado about nothing? Or should we be making a bigger deal out of this since it’s currently just being swept under the rug and ignored?

July 21, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

Point of Care Systems vs EMR

Bob Brown sent out this interesting tweet about point of care systems that create EMRs.

Obviously, there are a lot of different ways to put together an EMR system. One is to create the system and then push it out to the point of care. Another is to create the systems at the point of care that then push back to the EMR system.

I agree with Bob that EMR systems were created first and we’re now trying to push them to the point of care. Sadly, most of them have done a pretty poor job of pushing the documentation to the point of care. Although, we have made some significant progress on this and will make more in the future.

With that said, I personally don’t think the real problem with useful and usable EMR is how they were created. The real problem with them is that we created big billing engines and now we’ve created big government meaningful use reporting engines. If we’d created an EMR focused on improving efficiencies and providing better quality care, we’d have a very different result. We might even have something that doctors would call useful and usable.

July 15, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

Why Might Intermountain Have Chosen Cerner Over Epic?

An anonymous person on HIStalk gave some really interesting insights into Intermountain’s decision to go with Cerner instead of Epic.

Re: Intermountain. The short-term choice (three or so years) would have been Epic, but we went with Cerner because of Epic’s dated technology, Cerner’s openness, and the feeling that we would be more of a partner than a customer with Cerner. The partnership is more than words. We’re working closely with Cerner and their horde of sharp, dedicated people on the implementation. We have some pieces they don’t and those are being built into the Cerner system, while some of our own development efforts have been redirected since Cerner already has that functionality. The first rollout is scheduled for December and I think it will go well due to the way the teams are working together. Unverified.

This is the best analysis of Intermountain’s decision to go with Cerner that I’ve seen. As in every billion dollar procurement decision, it’s always got other nuances and pieces that go into the decision making process. However, the above analysis gives us a good place to start.

Let’s look at the main points that are made:

1. Is Epic technology more dated than Cerner?

2. Is Cerner more open than Epic?

3. Will Cerner be more of a partner than Epic would have been?

I’d love to see Judy’s (Epic CEO’s) comments on all of these. I’m sure she’d have a lot to say about each of them. For example, you may remember that Judy described Epic as the most open system she knows. Ask someone who wants to get Epic certified if they’re open. Ask a health IT vendor that wants to work together if Epic is open. Ask even some of their smaller customers who want to do things with Epic if Epic is open. They’d all likely disagree that Epic is the most open system.

I’d love to hear people’s thoughts on each of these three points. I think it will make for a really lively discussion that will help us get closer to understanding the reality of these assertions.

However, reality aside, I can tell you that the public image of Epic vs Cerner certainly confirms all three of these points. Whether Intermountain indeed used these points as part of their decision process or not, I don’t know. What I do know is that it wouldn’t surprise me at all if they did think this way since there are many in the market that believe and share all of the above three impressions.

July 14, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

More of the Siemens Healthcare Back Story

One of the things I love about blogging is the comments that I receive. Many of them come in the comments of the blog, but just as many get emailed to me privately in response to my posts being emailed to readers. Every once in a while I want to share the emails I receive with the readers (Note: You can now subscribe to all of the Healthcare Scene emails in one place). This is one such response that I got in response to my post about Siemens Selling its Health IT business.

I remember the good ol’ days of being a 25+ year SMS Unity customer. Siemens who had recently purchased SMS told us that Unity would be going away. They showed us Soarian (which at the time was not actually built) and said that they would move us there for free. Of course, since it didn’t yet exist we would have to transition to Invision first for about a year. That would also be free. However, they would have to expense us for professional fees which they estimated to be in excess of $1,000,000. This is how we became a Meditech customer.

This kind of back story is what makes healthcare IT so interesting and so challenging. Many who want to enter the healthcare space forget about all this history and they usually fail. The very best hospital health IT companies that I know usually do an amazing job pairing new innovations and technologies together with someone who understands and has been part of this history. Pairing the two together is a powerful combination.

July 10, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

Siemens to Sell Hospital IT Business?

This is some interesting news for the hospital health IT world:

Siemens (SIE) AG is exploring a sale of its hospital database and information-technology unit to focus on energy and industrial businesses, according to two people familiar with the plans.

The German engineering company is evaluating options for the business, and no final decision has yet been made, said the people, who asked not to be identified because the considerations are private. The unit could be valued at more than 1 billion euros ($1.4 billion), said one of the people.

Siemens Chief Executive Officer Joe Kaeser is seeking to focus Siemens around “electrification, automation and digitalization” and has already sold off $2.3 billion euros since late 2012. It seems like Siemens healthcare product line fits great with the digitalization focus, so there’s likely more to the story. My guess is the Siemens healthcare business hasn’t been doing well (Thank you Cerner and Epic) and so he’s looking to get out while there’s still some value in the business.

If you’re a Siemens healthcare customer, you probably welcome this change as well. Hopefully a sale will infuse the company and the product with a new energy that will produce some better results for their customers. Maybe I’m talking to the wrong people, but those I’ve met on Sorian are basically ho-hum about the product. No doubt it will be interesting to watch.

July 9, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

Large Health Facilities Have Major Patient Data Security Issues

Many healthcare organizations have security holes that leave not only their systems, but their equipment susceptible to cyberattacks, according to two recent studies.

The researchers included Scott Erven, head of information security for multi-state hospital and clinic chain Essentia Health, and Shawn Merdinger, an independent consultant. According to iHealthBeat, the two presented their findings last week at the Shakacon conference.

Erven and his colleagues conducted a two-year study addressing the security of Essentia’s medical equipment. As part of their study they found that hackers could manipulate dosages of drugs provided by drug infusion pumps, deliver random defibrillator shock to patients or prevent medically needed shocks from taking place, and change the temperature settings in refrigerators holding blood and drugs.

The research team also looked for exposed equipment within other healthcare organizations, and the results were appalling. Within only 30 minutes, iHealthBeat notes, they found one healthcare organization which had 68,000 devices that exposed data.  Across all of the health systems they studied, they found 488 exposed cardiology systems, 323 PACS systems, 32 pacemaker systems, 21 anesthesiology systems and and several telemetry systems used to monitor elderly patients and prevent infant abductions.

Both Erven and Merdinger found that the organizations are leaking data because an Internet-connected computer had not been configured securely. Typically, data leaks occurred because sys admins had allowed Server Message Block –a protocol used to help admins find and communicate with computers internally — and allowed it to broadcast information turning private data into publicly-accessible data.

According to Erven, these issues are “global” and impact thousands of healthcare organizations. He suggests that too often, healthcare organizations focus on HIPAA compliance and don’t put enough effort into penetration testing and vulnerability protection.

This should come as no surprise. After all, Proficio’s Takeshi Suganuma notes, HIPAA was developed to protect PHI for a wide range of organizations, and as he puts it, “one size seldom fits all.”  While HIPAA compliance is important, collection, analysis and monitoring of security events are also critical activities for medium- to large-sized organizations, Suganuma suggests.

He also warns that healthcare organizations should be aware that cyberattackers are exploiting not only traditional network vulnerabilities, but also vulnerabilities in printers and medical devices. Networked medical devices are a particularly significant issue, since provider IT teams can’t upgrade the underlying operating system embedded in these devices — and too many of the devices are using older versions of Windows and Linux with known security holes.

The key point Suganuma, Erven and Merdinger are making is that while HIPAA compliance is good, healthcare organizations must pay greater attention to new attack vectors, or they face high odds of security compromise.  Seems like there’s a lot of work (and investment) afoot.

July 2, 2014 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies.

UPMC Kicks Off Mobility Program

If you’re going to look at how physicians use health IT in hospitals, it doesn’t hurt to go to doctors at the University of Pittsburgh Medical Center, a $10 billion collosus with a history of HIT innovation. UPMC spans 21 hospitals and employs more than 3,500 physicians, and it’s smack in the middle of a mobile rollout.

Recently, Intel Health & Life Sciences blogger Ben Wilson reached to three UPMC doctors responsible for substantial health IT work, including Dr. Rasu Shrestha, Vice President of Medical Information for all of UPMC, Dr. Oscar Marroquin, a cardiologist responsible for clinical analytics and new care model initiatives, and Dr. Shivdev Rao, an academic cardiologist.

We don’t have space to recap all of the stuff Wilson captured in his interview, but here’s a few ideas worth taking away from the doctors’ responses:

Healthcare organizations are “data rich and information poor”: UPMC, for its part, has 5.4 petabytes of data on hand, and that store of data is doubling every 18 months. According to Dr. Shrestha, hospitals must find ways to find patterns and condense data in a useful, intelligent, actionable manner, such as figuring out whether there are specific times you must alert clinicians, and determine whether there are specific sensors tracking to specific types of metrics that are important from a HIM perspective.

Mobility has had a positive impact on patient care:  These doctors are enthusiastic about the benefits of mobility.  Dr. Marroquin notes that not only do mobile devices put patient care information at his finger tips and allow for intelligent solutions, it also allows him to share information with patients, making it easier to explain why he’s doing a give test or treatment.

BYOD can work if sensitive information is protected:  UPMC has been supporting varied mobile devices that physicians bring into its facilities, but has struggled with security and access. Dr. Shrestha notes that he and his colleagues have been very careful to evaluate all of the devices and different operating systems, making sure data doesn’t reside on a mobile device without some form of security.

On the self-promotion front, Wilson asks the doctors about a pilot  project (an Intel and Microsoft effort dubbed Convergence) in which clinicians use Surface tablets powered by Windows 8. Given that this is an Intel blog, you won’t be surprised to read that Dr. Shrestha is quite happy with the Surface tablet, particularly the form factor which allows doctors to flip the screen over and actually show patients trends.

Regardless, it’s interesting to hear from doctors who are gradually changing how they practice due to mobile tech. Clearly, UPMC has solved neither its big data problems nor phone/tablet security issues completely, but it seems that its management is deeply engaged in addressing these issues.

Meanwhile, it will be interesting to see how far Convergence gets. Right now, Convergence just involves giving heart doctors at UPMC’s Presbyterian Hospital a couple dozen Microsoft Surface Pro 3 tablets, but HIT leaders plan to eventually roll out 2,000 of the tablets.

July 1, 2014 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies.

Sutter Health Ready To Deploy HIE, But Can It Succeed?

Sutter Health doesn’t have a great reputation when it comes to EMR implementation. Late last year, when we reported that Sutter’s Epic EMR crashed for an entire day, comments came pouring in about the company’s questionable approach to training its staff on using the system.

According to Epic consultants who’d been involved in the project, Sutter leaders decided that Epic experts were there to “facilitate” training done by inexperienced in-house teams, rather than actually teach key users what they need to know. The result was strife, disorder and anxiety, according to several consultants who’d been involved. Since then, Sutter has connected its EMR to five medical foundations and 17 hospital campuses; by next year, it expects the EMR to connect to information on 3 million patients. But there’s no reason to think it’s changed its training strategy, which could cast a bit of a pall over the new project.

Now, Sutter Health is building out a health information exchange, working with Orion Health, which will tie together hospitals and doctors both inside and outside of its network across northern California. Sutter plans to begin deploying the HIE in phases this summer, starting with data integration with the Epic EMR and extending to testing exchange of inbound and outbound data. If the project works out, it seems likely that it will be a plus for every provider that does business with Sutter.

The question is, will Sutter do a better job of managing this process than it did in rolling out its EMR? While it’s easy to boast that your plans are going to be a “gamechanger” for the market, it’s hard to take that claim at face value when your EMR implementation hasn’t gone so splendidly.

Certainly, Orion is a reputable HIE vendor which has been praised for having strong products and service. And Sutter certainly has the financial wherewithal to see such an effort through. The thing is, if Sutter leaders (seemingly) took a wrongheaded approach to the all-important issue of EMR training, who knows what curveballs they might throw into the process of rolling out an HIE? Even if its EMR has stabilized and Sutter has somehow gotten past its training hurdles, its past missteps don’t inspire confidence.

If I were with Orion, I’d draw a firm line where training was concerned, as Sutter’s past strategy only seems to have cast its last major HIT vendor in a bad light. If not, I’d make sure the contract had a workable bailout clause…or be prepared for some serious headaches.

June 30, 2014 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies.

A Hospital CFO Perspective on EHR Expense

The past couple days I’ve been able to enjoy a couple days sitting down with hospital CFO’s at HFMA’s ANI conference in Las Vegas. I think this is the third time I’ve attended the event and it’s always a really interesting conference since hospital CFOs have a great financial perspective into the running of a hospital.

While at the big dinner celebration they had last night at the event, I asked a hospital CFO what she thought of the event and what she’d learned. She responded:

The sessions really helped me feel good about the small investments we’ve been making in population health and analytics. I think were going in the right direction.

Then she added this after thought that was telling:

Not to mention justifying the insane amount of money we’re spending on our EHR.

I think we’ve done a really poor job of explaining why the EHR is worth the investment. Let’s be honest though. Most of the EHR implementations haven’t been about leveraging the EHR to improve the organization. They’ve been focused on the meaningful use regulatory requirements, getting the EHR incentive money, and avoiding the EHR penalties.

Going forward we’re going to have to shift our thinking. We’re going to have to do a much better job justifying the EHR expense by showing the benefits an EHR provides a hospital organization.

June 25, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.