Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

Data Liberation Is The First Step Towards True Collaboration

I generally agree with this idea. It’s really hard to collaborate with someone if you’re not sharing the data about a patient. So, data liberation can be a true enabler for collaboration.

While I think most hospital CIOs will agree with this, I wonder how many act like data liberation is an important strategy for them. Is data liberation really a core value of their hospital organization? My guess is that for most of them it is not.

One major place they can start to make this part of the culture is in the procurement and contracting process. Software vendors are going to happily keep the data as closed as possible unless you require it of them in the contract stage. Once hospital systems make data liberation part of the IT systems procurement process, then we’ll finally be able to see the benefits of data liberation.

The problem we have today is that data liberation and sharing wasn’t part of the previous procurement and contracting process. My guess is that most assumed that being able to share data would be allowed, but few people looked at the fine print and realized what it would mean to them when it came to data sharing. Thus, we’re in a situation where many organizations have contractual issues which make data sharing expensive.

It will take a cycle of new contracts for this to be fixed, but even then it won’t be fixed if you’re organization doesn’t add this to their agenda. Software vendors happily provide the customer what they demand. We need more hospital organizations demanding data liberation.

April 15, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

HIPAA Breach at Kaiser

Healthcare IT News reported that Kaiser had it’s Fourth HIPAA breach. Here’s a part of their description of the breach:

Some 5,100 patients treated at Kaiser Permanente were sent HIPAA breach notification letters Friday after a KP research computer was found to have been infected with malicious software. Officials say the computer was infected with the malware for more than two and a half years before being discovered Feb. 12.

We have confirmed that the infection was limited to this one compromised server, and that all other DOR servers were and are appropriately protected with anti-virus security measures,” said Tracy Lieu, MD, director of the division of research at Kaiser Permanente, in an emailed statement to Healthcare IT News. “It is important to note that the compromised server is used specifically for research purposes at the DOR and is not connected to Kaiser Permanente’s electronic health records system.

It’s quite interesting that in one part they say that the computer was infected with malware and that caused the breach. Then, they note that the antivirus software wasn’t being updated properly because of a “human error related to configuration of the software.”

This is a little disturbing to a tech person like me, because the person doesn’t know the difference between anti-virus software which works to stop and prevent viruses from infecting your computer and malware which usually isn’t covered by anti-virus software. They do have malware software to prevent malware, but it’s only so so in my opinion. It’s fighting a losing battle, but an important battle nonetheless.

I bet if we went into any hospital today, we’d find dozens of their computers infected with malware. Would be an interesting study for someone to do. I know many hospitals lock their computers down and block them from surfing many internet sites to try and deal with this problem. That can be pretty effective, but you do make many of your users angry in the process. The IT security people don’t mind that at all. Luckily, with phones people can still get their Facebook IV drip without having to infect the hospital computer. That is until the personal mobile phone gets compromised and infects the hospital network. That’s coming down the road as well.

April 14, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

Outsourcing Your Disaster Recovery Team

I imagine most hospital CIOs are overwhelmed by the total number of systems and applications that they have to support. Hospital systems can have hundreds of applications that they’re required to support. Along with having to support the day to day operations of these systems, you also have to plan for business continuity and disaster recovery as well.

Every 6 months to a year, it seems we get a stark reminder of the need for good disaster recovery thanks to some devastating hurricane, earthquake, or other natural disaster. Plus, the stories of Hurricane Katrina and Super Storm Sandy and their impact at hospitals still ring in my ears and likely many other hospital CIOs.

Considering this background, I was intrigued by this Florida Hospital Case Study on Disaster Recovery. Obviously, Florida sits out there in a position that’s just waiting to be hit by a hurricane. So, good disaster recovery is a necessity for them.

What was most intriguing to me was that this hospital chose to use a managed recovery program from SunGard to make this a reality. While I don’t suggest outsourcing all of your disaster recovery (you need in house expertise deeply involved), I think it’s a great idea to work with a third party provider for your disaster recovery.

First, there are so many systems that it’s great to have a third party hold you accountable for all of your systems. Second, a third party can ensure that you do proper and regular disaster recovery testing of your systems. Third, they can provide an outside perspective that can improve your internal approach to disaster recovery.

Many of the above items can be done in house as well, but we all know that there’s a certain level of accountability that comes from having paid someone to hold you accountable. Otherwise, it’s really easy for one of your staff who’s being pulled in a hundred different directions to let your disaster recovery program slip through the cracks.

April 10, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

What About Data Beyond the EMR?

I saw this tweet from the famous @HealthcareWen which asks a really good question:

While I enjoy the humor of the tweet as much as the next person (everyone who knows me knows I’m all about the humor), this conversation reminds me a lot of what was done with ICD-10. The “funny ICD-10 codes” got all the attention and made ICD-10 a joke in the minds of so many people. This was highlighted by this guest post on EMR and HIPAA called “Why Do People Find ICD-10 So Amusing?” Those who support the shift to ICD-10 did a poor job explaining why ICD-10 was valuable to the quality of care a patient gets. Talking about all the funny ICD-10 codes (and they are funny) goes against the goals of those who see value in the move to ICD-10.

I bring this up because the same thing could easily happen with big data in healthcare. While it’s funny to think about how a doctor might treat us if they know we had a donut for breakfast, there are really meaningful data sources beyond the EMR. If we focus too much on the periphery of the data, then we’re going to miss out on a lot of the value that comes from the not so funny parts of big data.

Right now our EMR systems can’t support most of the data that could come from outside the EMR. However, that shift is going to happen and it’s going to happen quickly. My gut tells me that it will start with the wave of consumer centric medical sensors. Then, I see genomic and social data getting integrated next (both really large projects). These three areas will set the baseline for how outside data is integrated with the EMR data.

Let me offer the key points to consider in these data integrations:
-Automated: The data must pass seamlessly without the need for user interaction
-Smart Data: The user of the system needs the system to be smart. The user should only be notified with what’s actionable, but with the ability to drill into the data as needed.
-Bi Directional: The data needs to be seen and updated by both provider and patient. The system will need to have a great way to track who updated which data. However, we need both the patient and providers eyes on the data with the ability to update incorrect data.

These points should illustrate why integrating outside data is going to be such a challenge. However, it’s also why it holds such promise.

April 4, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

The Forgotten Argument For ICD-10

The following is a guest post by Eric Hodge, Service Line Executive for Revenue Cycle and ICD-10 at Encore Health Resources.

Yesterday evening, the United States Senate joined the House of Representatives in Washington D.C., voting to delay ICD-10 adoption until October 2015.  That’s no surprise.  Truth be told, the vast majority of discussion related to ICD-10 has been all about how difficult it will make our lives.

Providers are asking, “Why is HHS forcing this down our throats when it obviously won’t help me do my job any better?” The AMA is throwing out headlines like, “ICD-10 Compliance Costs Are Triple What Was Expected,” while reminding us that they warned us all along. Now, many commentators are declaring the whole shmeer a disaster before it even goes live.

This attitude has skewed the thinking on ICD-10. Few providers are asking how they will benefit from the new information; the vast majority are simply asking how they will survive getting ready to meet the requirement. And that’s too bad, because what we as providers, as an industry, and even as an economy will find that ICD-10 is a key step toward gigantic improvement in how healthcare works in the U.S.

I am not going to argue that the transition is coming without cost or discomfort. But I am saying that this is how large-scale improvement of a system (a broken system, don’t forget) works, and that the benefits are clear and significant, at least for those who get past our first reaction (“Change frightens me!”) and take the time to understand what kind of system this whole healthcare reform effort is trying to build.

Benefits that I have seen with my own two eyes include:

  • Dramatic improvement in the assignment of costs to procedures performed. Most industry observers agree that we ought to move toward rewarding activities that keep a population healthy instead of getting paid for how many times we can treat a patient. Most would also agree that identifying the costs associated with certain disease states or treatments is the key to figuring out economical ways to promote healthy populations. ICD-10 will allow us to develop meaningful estimates about what a disease state or a procedure costs us, while ICD-9 is limited in what it can do in this regard.

    For example, I was working with a well-regarded regional hospital in the Mid-Atlantic on an effort to improve their charge capture. They knew they were losing money in their obstetrics operating room, but they were having a hard time figuring out exactly what was going on. Using ICD-9 information, all we could tell was that there were wildly variable times that a patient would spend in the OR for a cesarean procedure, but we could not gather any more detail. ICD-9 diagnosis codes do not have very specific information about the severity of the condition or comorbidities. Fortunately, this hospital was dual-coding at the time, and we were able to take advantage of the severity information included in the ICD-10 codes to identify the fact that they had a relatively high percentage of moderate and severe diagnoses — complications that were likely to lead to longer OR times and higher resource consumption (costs) to the hospital.

    This information allowed them to build a business case for establish pricing tiers for their OB OR services and gave them the information they needed to turn obstetrics surgery into both a profitable activity center and one that could revise treatment protocols for high-resource-consumption patients (costs).

    Could this have been done without ICD-10 data? Probably. But it would have taken many hours of chart review and qualitative analysis instead of the several dozen key strokes of a database query.

  • Identify opportunities to avoid cost and improve lives. The additional information inherent in an ICD-10 diagnosis code includes severity and specific comorbidity, as illustrated in the OB OR example, but it can also include information about demographics and some of the underlying reasons for the diagnosis. All of this information can easily be combined to make decisions that will save lives while cutting costs for a provider.

    I was working with a multi-facility provider in New England on vendor selection for revenue cycle technology, and I visited the cancer clinic. In talking with the nurses there about the kind of data that would help them care for their patients, they let me know that they would like to be able to flag patients with a high chance of readmission. One of the nurses told me that after 22 years of experience, she knew that a patient who was over 80 with moderate or severe lung cancer and a history of mental illness was going to be readmitted within three weeks. “And wouldn’t it be nice,” she said, “if my new system could flag those patients when they came in for an appointment?”

    Well, only ICD-10 codes include severity of illness, age, and the latitude to include reasons for a diagnosis. In this case, included in the diagnosis code was the fact that the patient was non-compliant in taking his/her medication. We were able to model this scenario for ICD-10 and identify these patients with a simple data query – in minutes. This allowed the clinic to first confirm the nurse’s intuition about those high-risk patients, and second to identify those patients who could use a case manager’s involvement to ensure that they are compliant with their regimen, saving the costly readmission and improving the quality of the patient’s remaining life.

    Again, this sort of effort is possible with ICD-9, but it would take chart reviews, extensive manual analysis, and aggregation of data from several sources to model this type of patient for predictive purposes. This organization did not have the extra resources or the budget to undertake such an effort.

  • Share higher-quality data with other providers and partners. When I meet with providers who are trying to figure out whether to start or join an Accountable Care Organization (ACO), the first question is generally, “What is this big pile of aggregated data going to do for us?” Actually, that’s the second question after, “What incentive dollars am I going to get for doing this whole ACO thing?” But it should be the first question.

    As the data sets grow larger, the ability to parse information into meaningful subsets will become more important. ICD-10 increases the amount of specific information in every diagnosis code and actually makes these large, aggregated pools of data from many providers useful. For example, ICD-9 has a code for laceration of an artery. ICD-10 lets you know if that artery was in someone’s finger or in their heart. If I want to be able to pull meaningful information out of my ACO data sets, I need to have the information that is included in ICD-10.

    I have helped organizations use aggregated diagnosis data like this to decide whether pursuing certain services in certain markets will pay off for them. We helped a provider in Washington State decide to extend its diabetes education services into rural Oregon and Idaho by demonstrating that there were enough diagnosed patients to support that business. This type of analysis becomes much faster and easier with ICD-10 data.

There are dozens of other tangible benefits to ICD-10 analytics, but this is a blog entry, not a thesis. Briefly, some of the biggies:

  • Being able to aggregate our diagnosis and procedure information with the rest of the industrialized world, which has already demonstrated that the benefits of ICD-10 will significantly advance healthcare service in the US. There are lots of sick people outside America, too, so being able to combine our coding data with theirs for analysis would be most helpful.  For example, the US has benefited from the increased data collected about the Avian Flu and how to best treat the disease based on ICD-10-collected information.
  • Reimbursements will better align with activity and cost. Payers will reimburse severe and complex cases better and simple cases at lower rates – because now they will be able to identify them as simple or complex from the codes. Those providers whose costs are higher will get paid more. Those whose resource costs are lower based on actual services rendered will get paid less. This principle is how the rest of the free market works; it should also work well in healthcare.
  • Outcome analytics will become more accurate and more efficient. I can quickly determine what happened to my severe CHF cases without having to go back through every single one of their charts or pull in data from multiple sources to figure out which CHF patients were only moderate or mild.
  • Population-based projections will become much more possible. If you want to look at the incidence of advanced diabetes in the aged population in southeast Missouri so you know how to negotiate your value-based reimbursement contracts, you can use ICD-10 data or you can go do a lot of legwork.

The point here is that ICD-10 makes coding information detailed enough so that American providers and payers can make healthcare work in ways that it doesn’t work now: like a free market, with costing and pricing that accurately reflects the effort and the expense. Like a continuously improving system where better courses of treatment are developed for more specific populations. And like a system where we try to prevent high cost and lousy outcomes before they happen.

Looks like we’re going to have to wait until 2015 before we see many of these benefits.

April 1, 2014 I Written By

SGR Fix and ICD-10 Delay

I’ve been captivated by the discussion of the bill that patches the SGR and would delay ICD-10 from being implemented until 2015. It’s amazing to see the congressional theatrics that occurs. Unfortunately, I’m a little disheartened by the discussion. You can see how much of it is politics and it’s sad. If you aren’t seeing it live, I think the link above will have a video recording of it.

I think we’re about a half hour from the actual vote on the SGR fix and delay of ICD-10. I’ll be surprised if it doesn’t pass. Although, it also is really clear that those who vote are voting on SGR and aren’t even thinking about the line that delays ICD-10 a year.

The overriding message I’ve heard is that we’re still kicking the can down the road. None of them want to make the tough decisions to fix SGR or any other part of healthcare. I don’t pretend to know much about politics in Washington or how to solve it. However, I don’t see us getting any dramatic solutions to our healthcare problems coming out of this group.

I’ll update the post once the vote is done. My prediction is that they’ll pass the bandaid SGR Fix and ICD-10 Delay.

March 31, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

Google Glass’ Impact on Healthcare

In today’s #HITsm chat one of the topics brought up the impact of Google Glass on healthcare. I provided a few insights into Google Glass (Yes, I own a Google Glass and so I can speak first hand on it) that I thought would be beneficial to others.


I believe Google Glass will have a powerful role in the hospital. However, it won’t be ubiquitous. It’s not like you’ll get hired at a hospital and be issued your access card and a pair of Google Glass (Yes, Glass could be your access card, but that’s an expensive access card). With that said, Google Glass will find some incredibly powerful uses and become an indispensable part of many hospital workflows.


While this post has been about Google Glass. I think Google Glass represents a whole class of eyeware technologies which are coming to market. I’m not sure that Google Glass will win that market, but they’re definitely the ones that defined the market and so that’s why we talk about them. Watch for other competitors that do something similar, but might actually be the dominate leader in eyeware technology.


I agree that Google Glass and other related technologies have their own HIPAA privacy and security issues. However, they can be made to be as HIPAA compliant and secure as any other device. The form factor doesn’t really change the privacy and security. It’s what you do with the device and how you implement the software on the device which determines the HIPAA compliance of the product.

March 28, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

A Culture of Patient Safety

One of the challenges with some health IT organizations is that they weren’t built from the ground up with a culture of patient safety in mind. There are certain aspects of an organization that need to become embedded in their culture for them to be a reality. Patient Safety is one of them. Privacy and security are another example.

The beautiful part is that once patient safety, privacy, security, etc become an embedded part of your culture, then amazing results happen.

Today I came across this incredibly compelling blog post on the Virginia Mason blog titled, “Terrible tragedy – and powerful legacy – of preventable death.” I love when hospitals are open and transparent like Virginia Mason is in that blog post. Ironically, their blog post is about transparency at an organization and the benefit to the organization. However, this line from the blog post struck me:

“Our board said that if we cannot ensure safety of our patients we shouldn’t be in business.”

-Cathie Furman, RN

This is a powerful question that makes me wonder how many companies shouldn’t be in business.

March 27, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

A HIPAA Compliance Dashboard

One of the interesting announcements coming out of HIMSS was a HIPAA Compliance Dashboard that was announced by INetU. The concept of a dashboard that shows you your HIPAA compliance is fascinating for me. The key question I’ve asked myself is can HIPAA compliance be automated into a dashboard?

Here’s a look at the HIPAA Compliance Dashboard they’ve created:

This slideshow requires JavaScript.

INetU claims that the dashboard will keep track of both the business associate’s (in this case INetU’s) HIPAA compliance and the covered entities compliance with HIPAA. I need to dig into it some more, but I’d love to hear from some other HIPAA experts out there. Aren’t there pieces of HIPAA compliance that can’t be automated to a dashboard? I’d love to be proven wrong.

I also think the Dashboard is a nice building block to doing security beyond just HIPAA. It reminds me of this post titled, “Why HIPAA isn’t Enough to Keep Patient Data Secure.” This dashboard could provide a deeper look into security beyond just HIPAA. Although, it makes sense why they’re leading with HIPAA since organizations don’t mind coughing up money to ensure their HIPAA compliant.

What do you think of this idea? Can HIPAA Compliance benefit from a dashboard like this? Of course, this can be taken too far as well. We don’t need CIO’s that become complacent, because the dashboard says “HIPAA Compliant.”

March 26, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

Interview with Shahid Shah About HealthIMPACT Conference

The following is an interview with Shahid Shah about the upcoming HealthIMPACTconferences he’s helping to organize. The next one is in Houston on April 3rd and a few discount seats for HealthcareScene readers remain open. Register here using IMPACT10 as the code.

It seems like there is a health IT conference every day.  What will make this conference unique?

The first thing unique about HealthIMPACT is the length and locations – we’re choosing single day and “local” to many areas of the country (southeast, southwest, etc.) because busy people can’t take more than 1 day and probably can’t afford to travel. The second unique aspect is that we’re focused on “actionable intelligence” coming not from pontificators but those “in the trenches” doing the grunt work of health IT every day. The third, and perhaps the most unique, is that we teach audiences what kinds of tech to buy, what not buy, how to spot real trends from hype, and how not to fall prey to prevailing myths. This is going to be a no-nonsense, no fluff, no hype, “just answers” event. It’s not so much a “conference” but an educational event – audience members can even earn CME credits if they’d like. The fourth, and something useful for software and technology vendors and buyers alike, is a customized meeting with one or more CIOs or other tech-focused buyers that developers can use as a mini “focus group” to test ideas and ask buyers questions that will help improve products and sales.

What’s special about the format of the conferences?

The format is “no long speeches, no PowerPoint-centric presentations, all panels and interviews with high interactivity”. By making sure that there are no speeches we don’t have to worry about “death by PowerPoint” or folks presenting a viewpoint that audiences can’t easily interact with. The panels topics are focused on problems that audience members are regularly facing in their daily work environments. The panel members are all working “in the trenches” and coming prepared to interact with the audience. That’s why we say “no fluff, just answers”.

What kind of audience attends your conferences?

We have a list of attending organizations and their titles available here. We get CIOs, CFOs, CTOs, HIM, architects, engineers, consultants, and product vendors from both hospital / health system and ambulatory physician practices. It’s a mixed audience but I think what’s in common is that they’re all “in the trenches” folks solving hard technical problems every day.

What are some of the main topics that will be discussed at these conferences?

  • How IT can support the overarching financial, operational, and clinical goals of your organization
  • HIEs in your region and provider participation in them
  • Technologies that support value driven care and population health management
  • Cloud based systems in healthcare
  • Programs that drive patient engagement
  • Leadership strategies that drive innovation
  • Predictive analytics that improve care delivery
  • EHR implementation and meaningful use
  • ICD10 compliance, readiness and physician training

Where can people go to learn more about the conferences?
You can find more information on the HealthIMPACT website and if you use the discount code IMPACT10, you’ll receive a 10% discount for being a Healthcare Scene reader.

March 25, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.