Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

Hospital Program Uses Connected Health Monitoring To Admit Patients “To Home”

Posted on November 28, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

A Boston-based hospital has kicked off a program in which it will evaluate whether a mix of continuous connected patient monitoring and clinicians is able to reduce hospitalizations for common medical admissions.

The Home Hospital pilot, which will take place at Partners HealthCare Brigham and Women’s Hospital, is being led by David Levine, MD, MA, a physician who practices at the hospital. The hospital team is working with two vendors to implement the program, Vital Connect and physIQ. Vital Connect is supplying a biosensor that will continuously stream patient vital signs; those vital signs, in turn, will be analyzed and viewable through physIQ’s physiology analytics platform.

The Home Hospital pilot is one of two efforts planned by the team to analyze how technology in home-based care can treat patients who might otherwise have been admitted to the hospital. For this initiative, a randomized controlled trial, patients diagnosed at the BWH Emergency Department with exacerbation of heart failure, pneumonia, COPD, cellulitis or complicated urinary tract infection are being placed at home with the Vital Connect/physIQ solution and receive daily clinician visits.

The primary aim of this program, according to participants, is to demonstrate that the in-home model they’ve proposed can provide appropriate care at a lower cost at home, as well as improving outcomes measures such as health related quality of life, patient safety and quality and overall patient experience.

According to a written statement, the first phase of the initiative began in September of this year involves roughly 60 patients, half of whom are receiving traditional in-hospital care, while the other half are being treated at home. With the early phase looking at the success, the hospital will probably scale up to including 500 patients in the pilot in early 2017.

Expect to see more hospital-based connected care options like these emerge over the next year or two, as they’re just too promising to ignore at this point.

Perhaps the most advanced I’ve written about to date must be the Chesterfield, Mo-based Mercy Virtual Care Center, which describes itself as a “hospital without beds.” The $54M Virtual Care Center, which launched in October 2015, employs 330 staffers providing a variety of telehealth services, including virtual hospitalists, telestroke and perhaps most relevant to this story, the “home monitoring” service, which provides continuous monitoring for more than 3,800 patients.

My general impression is that few hospitals are ready to make the kind of commitment Mercy did, but that most are curious and some quite interested in actively implementing connected care and monitoring as a significant part of their service line. It’s my guess that it won’t take many more successful tests to convince wide swath of hospitals to get off the fence and join them.

Hospital CIOs Say Better Data Security Is Key Goal

Posted on November 9, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

A new study has concluded that while they obviously have other goals, an overwhelming majority of healthcare CIOs see data protection as their key objective for the near future. The study, which was sponsored by Spok and administered by CHIME, more than 100 IT leaders were polled on their perspective on communications and healthcare.

In addition to underscoring the importance of data security efforts, the study also highlighted the extent to which CIOs are being asked to add new functions and wear new hats (notably patient satisfaction management).

Goals and investments
When asked what business goals they expected to be focused on for the next 18 months, the top goal of 12 possible options was “strengthening data security,” which was chosen by 81%. “Increasing patient satisfaction” followed relatively closely at 70%, and “improving physician satisfaction” was selected by 65% of respondents.

When asked which factors were most important in making investments in communications-related technologies for their hospital, the top factor of 11 possible options was “best meets clinician/organizational needs” with 82% selecting that choice, followed by “ease of use for end users (e.g. physician/nurse) at 80% and “ability to integrate with current systems (e.g. EHR) at 75%.

When it came to worfklows they hoped to support with better tools, “care coordination for treatment planning” was the clear leader, chosen by 67% of respondents, followed by patient discharge (48%), “patient handoffs within hospital” (46%) and “patient handoffs between health services and facilities” chosen by 40% of respondents selected.

Mobile developments
Turning to mobile, Spok asked healthcare CIOs which of nine technology use cases were driving the selection and deployment of mobile apps. The top choices, by far, were “secure messaging in communications among care team” at 84% and “EHR access/integrations” with 83%.

A significant number of respondents (68%) said they were currently in the process of rolling out a secure texting solution. Respondents said their biggest challenges in doing so were “physician adoption/stakeholder buy-in” at 60% and “technical setup and provisioning” at 40%. A substantial majority (78%) said they’d judge the success of their rollout by the rate the solution was adopted by by physicians.

Finally, when Spok asked the CIOs to take a look at the future and predict which issues will be most important to them three years from now, the top-rated choice was “patient centered care,” which was chosen by 29% of respondents,” “EHR integrations” and “business intelligence.”

A couple of surprises
While much of this is predictable, I was surprised by a couple things.

First, the study doesn’t seem to have been designed for statistical significance, it’s still worth noting that so many CIOs said improving patient satisfaction was one of their top three goals for the next 18 months. I’m not sure what they can do to achieve this end, but clearly they’re trying. (Exactly what steps they should take is a subject for another article.)

Also, I didn’t expect to see so many CIOs engaged in rolling out secure texting, partly because I would’ve expected such rollouts to already have been in place at this point, and partly because I assume that more CIOs would be more focused on higher-level mobile apps (such as EHR interfaces). I guess that while mobile clinical integration efforts are maturing, many healthcare facilities aren’t ready to take them on yet.

Access To Electronic Health Data Saves Money In Emergency Department

Posted on October 24, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

A new research study has found that emergency department patients benefit from having their electronic health records available when they’re being treated. Researchers found that when health information was available electronically, the patient’s care was speeded up, and that it also generated substantial cost savings.

Researchers with the University of Michigan School of Public Health reviewed the emergency department summaries from 4,451 adult and pediatric ED visits for about one year, examining how different forms of health data accessibility affected patients.

In 80% of the cases, the emergency department had to have all or part of the patient’s medical records faxed to the hospital where they were being treated. In the other 20% of the cases, however, where the ED staff had access to a patient’s complete electronic health record, they were seen much more quickly and treatment was often more efficient.

Specifically, the researchers found that when information requests from outside organizations were returned electronically instead of by fax, doctors saw that information an hour faster, which cut a patient’s time in the ED by almost 53 minutes.

This, in turn, seems to have reduced physicians’ use of MRIs, x-rays and CT scans by 1.6% to 2.5%, as well as lowering the likelihood of hospital admission by 2.4%. The researchers also found that average cost for care were $1,187 lower when information was delivered electronically.

An interesting side note to the study is that when information was made available electronically on patients, it was supplied through Epic’s Care Everywhere platform, which is reportedly used in about 20% of healthcare systems nationwide. Apparently, the University of Michigan Health System (which hosted the study) doesn’t belong to an HIE.

While I’m not saying that there’s anything untoward about this, I wasn’t surprised to find principal author Jordan Everson, a doctoral candidate in health services at the school, is a former Epic employee. He would know better than most how Epic’s health data sharing technology works.

From direct experience, I can state that Care Everywhere isn’t necessarily used or even understood by employees of some major health systems in my geographic location, and perhaps not configured right even when health systems attempt to use it. This continues to frustrate leaders at Epic, who emphasize time and again that this platform exists, and that is used quite actively by many of its customers.

But the implications of the study go well beyond the information sharing tools U-M Health System uses. The more important takeaway from the study is that this is quantitative evidence that having electronic data immediately available makes clinical and financial sense (at least from the patient perspective). If that premise was ever in question, this study does a lot to support it. Clearly, making it quick and easy for ED doctors to get up to speed makes a concrete difference in patient care.

Should You Buy Pop Health Tools And EMRs From One Vendor?

Posted on October 17, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

According to a new story appearing in HealthITAnalytics, EMR vendors are increasingly moving into the population health management space. In fact, according to an IDC Research market report featured in the story, the lines between the EMR and population health management marketplaces are beginning to blur, with vendors offering products tackling both documentation and patient management.

While this is not news to anyone who’s attended a major industry tradeshow in the last few years, the extent of the transition might be. Apparently, half of the top population health management vendors featured by IDC – including athenahealth, eClinicalWorks and Allscripts — also offer EMR platforms. (According to HealthITAnalytics, other pop health vendors identified as leaders by IDC include Wellcentive, Medecision, Optum and IBM Phytel.)

Cynthia Burghard, Research Director with IDC Health Insights, says that providers want to integrate patient management and big data analytics to support their ACO deals and meet tregulatory requirements. In an IDC press release, she notes that providers need to manage both clinical and financial outcomes to survive under value-based reimbursement.

While all of this makes sense to me on paper, I’d like to raise a question here. Does buying both your EMR and your pop health tool from the same vendor have a meaningful downside? I’d argue that it might.

Yes, from a high level, buying an EMR and population health management engine from the same vendor is a good idea. In theory, the two are likely to work together more effectively than two platforms from two separate vendors, as there’s unlikely to be any conflict between the purposes of the EMR and the purposes of the population health tool.

But in practice, it’s worth bearing in mind that we haven’t yet evolved a standard feature set or business model for managing patients at the population level (though you might be interested in some of these emerging best practices). So this is a far bigger risk than buying, for example, a practice management tool and an EMR from the same vendor — after all, practice management software has been around long enough that it’s fairly standardized.

On the other hand, if you buy a population health tool and an EMR from, say, Allscripts, you’re buying not only technology but their view of how population health management should be done. And the two platforms are somewhat, for lack of a better word, inbred if they try to cover your entire scope of patient management. Whatever blind spots the EMR may have, the pop health management platform may have as well.

I guess what I’m trying to say here is that while it makes great business sense for the vendors to offer both EMR and pop health products, it’s not necessarily in the provider’s interests to pile both of those products onto their infrastructure. At this stage, I’d argue, it’s worth preserving your flexibility, even if you spend more or have to work harder to develop the business logic you need on the population health side.

But I’m willing to change my mind. Readers, what do you think?

Mobility Strategy Becoming More Important To Hospitals

Posted on October 7, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

An annual study of healthcare mobility has found that hospitals may be at a tipping point when it comes to mobile strategy. The study also suggests that hospitals are struggling with Wi-Fi coverage and BYOD issues, but when you add on the fact that mobile EHR access is maturing, you still have a picture in which mobile is playing a rapidly-expanding role.

Spok’s fifth-annual Mobility in Healthcare Survey, which gathered 550 responses in July of this year, found that the number of hospitals reporting having a documented mobility strategy has almost doubled since year one. Specifically, 63% of respondents said that they had a documented strategy in place, a huge shift from 2012, when only 34% of respondents had such a strategy.

Another interesting piece of data derived from the study is that the roles of those involved in forming mobile strategy have shifted meaningfully between 2014 and 2016.

For example, the number of respondents saying IT helped or would help drive mobile strategy changes fell 12 points, while those who said nurses were involved climbed 12 points. The number of respondents said doctors and consultants were involved climbed 9 points, and clinical leadership eight points. The greatest change was the role of nurses, whose current or planned involvement climbed 69% in absolute terms.

Mobile strategies emerging
When respondents that did not have a documented mobile strategy in place were asked why, 31% told Spok that they were in the process of developing such a strategy, 30% didn’t know, 17% said they had a verbal strategy in place which had not been written down or documented and 15% said budget constraints were holding them back.

Another notable set of data collected by Spok focused on which devices the respondent’s hospital was supporting. The fact that 78% percent supported smartphones was no big surprise, but it was a bit unexpected to find that 71% of hospital respondents support in-house pages. (I guess they’re like faxes — some technologies just won’t die!) Wi-Fi phones were supported by 69% of respondents, wide area pagers 57%, tablets 52%, voice badges 20% and smart watches/wearables 8%.

Meanwhile, among the key shifts in support for devices is that Wi-Fi phone and voice badge support were up 24% and 18% respectively in absolute terms. It’s also worth noting that support for smart watches/wearables has climbed to 8% near zero just last year. Clearly these are categories to watch.

Wi-Fi, BYOD challenges
As part of the support discussion, respondents also answered questions about Wi-Fi coverage, and the results highlighted some serious issues. In particular, while 83% of respondents said that their Wi-Fi connection is business-critical, they didn’t seem to feel in complete control of it.

More than half (54%) of respondents said they saw Wi-Fi coverage as a challenge, and 65% said they believed that there were some areas of poor coverage within their hospital. Other mobile device support challenges cited by respondents include data security (43%), user compliance with mobility, BYOD and EMM policies and procedures (39%) and IT support for users (37%).

Meanwhile, BYOD support and policies continue to be a contentious issue for hospitals. Nineteen percent of survey respondents said that their organizations hadn’t created any sort of BYOD program, an 8-point drop from 2015. The proportion of facilities with some type of a BYOD program also fell, from 73% to 58%, though – exercising survey options available for the first time – 5% said they were planning for BYOD and 18% said they didn’t know what was up on this front.

When asked why they chose to allow BYOD programs to exist, 60% of respondents said cost savings was a factor, 50% care team communication, and 46% said both physician demand and workflow time savings for users were important reasons. On the flip side, eighty-one percent of respondents said security issues were the primary reason they didn’t allow BYOD.

Study: Hospital EMR Rollouts Didn’t Cause Patient Harm

Posted on September 14, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Rolling out a hospital EMR can be very disruptive. The predictable problems that can arise – from the need to cut back on ambulatory patient visits to the staff learning curve to unplanned outages – are bad enough. And of course, when the implementation hits a major snag, things can get much worse.

Just to pull one name out of a hat, consider the experience of the Vancouver Island Health Authority in British Columbia, Canada. One of the hospitals managed by the Authority, which is embroiled in a $174 million Cerner implementation, had to move physicians in its emergency department back to pen and paper in July. Physicians had complained that the system was changing medication orders and physician instructions.

But fortunately, this experience is definitely the exception rather than the rule, according to a study appearing in The BMJ. In fact, such rollouts typically don’t cause adverse events or needless deaths, nor do they seem to boost hospital readmissions, according to the journal.

The study, which was led by a research team from Harvard, Brigham and Women’s Hospital, Beth Israel Deaconess Medical Center and Massachusetts General Hospital, looked at the association between EHR implementation and short-term inpatient mortality, adverse safety events or readmissions among Medicare enrollees getting care at 17 U.S. hospitals. The hospitals selected for the study had rolled out or replaced their EHRs in a “big bang”-style, single-day go-live in 2011 and 2012.

To get a sense of how selected hospitals performed, the team studied patients admitted to the studied facilities 90 days before and 90 days after EHR implementation. The researchers also gathered similar data from a control group of all admissions during the same period by hospitals in the same referral region. For selected hospitals, they analyzed data on 28,235 patients admitted 90 days before the implementation, and 26,453 admitted 90 days after the EHR cutover. (The control size was 284,632 admissions before and 276,513 after.)

Apparently, researchers were expecting to see patient care problems arise. Their assumption was that in the wake of the go-live, the hospitals would see a short increase in mortality, readmissions and adverse safety events. One of the reasons they expected to see this bump in problems is that some negative problems related to time and season, such as the “weekend effect” and the “July effect,” are well documented in existing research. Surely the big changes engendered by an EHR cutover would have an impact as well, they reasoned.

But that’s not what they found. In fact, the researchers wrote, “there was no evidence of a significant or consistent negative association between EHR implementation and short-term mortality, readmissions, or adverse events.”

I was as surprised as the researchers to learn that EHR rollouts studied didn’t cause patient harm or health instability. Considering the immense impact an EHR can have on clinical workflow, it seems strange to read that no new problems arose. That being said, hospitals in this group may have been doing upgrades – which have to be less challenging than going digital for the first time – and were adopting at a time when some best practices had emerged.

Regardless, given the immense challenges posed by hospital EHR rollouts, it’s good to read about a few that went well.  We all need some good news!

Hospitals Can Learn From Low Outpatient EHR Turnover Rates

Posted on September 2, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

According to new data from HIMSS, almost 80% of freestanding outpatient facilities have an EHR in place, a figure which has shot up 30% over the past five years. This is no big surprise, given that the growth tracks neatly with the Meaningful Use program run. What seems to take HIMSS analysts aback, on the other hand, is that only a scant 15% of outpatient facilities surveyed seem ready to replace or purchase an EHR,

Why are learned minds at HIMSS taken aback by this data? Well, for one thing, hospitals have set their expectations. And over the last couple of years, hospitals have been dumping their existing EHRs at a rapid pace, with many large hospitals switching to newer systems with population health capabilities.

A recent Black Book study suggests that many hospitals weren’t thrilled with the results of even their lastest EHR investment, with some even considering yet another switch. In other words, 2,300 hospital executives and IT staff interviewed weren’t seeing much benefit from their ongoing, massive investment of time and money.

What’s more, HIMSS analysts don’t seem to have taken a close look at how EHR purchasing patterns vary between the inpatient and outpatient setting. And that’s worth doing. After all, if outpatient buyers and inpatient buyers are making strikingly different decisions about how to spend on IT, the reasons for this disparity probably matter.

Important lessons

I don’t have any statistical data to back this up, but I do have a fairly straightforward theory on why hospitals seemingly do worse at investing in EHRs than outpatient facilities. I believe that EHRs are collapsing under the weight of trying to manage entire enterprises.

My sense is that outpatient EHR buyers aren’t just clinging to their existing systems due to inertia or lack of capital (though these factors doubtless come into play). Rather, they’re in a better position to take advantage of the systems they acquire than hospital IT departments.

For most medical groups, their mission is more straightforward and their management structure flatter than that of hospitals, which are having to be all things to all people of late. And this allows them to leverage an EHR more effectively.

To me, this suggests the following takeaways:

  • Hospitals might benefit from an EHR that’s focused more on supporting individual departments/service lines (including outpatient services) than a master enterprise system
  • If EHRs supported individual departments in a modular fashion, and the modules could be switched out between vendors, hospitals could update only the modules they needed to update
  • Hospitals could learn something from how their independent practice partners choose and integrate EHRs

Industry activity clearly suggests that CIOs back a more modular approach to solving clinical problems, and this could help them build a more flexible infrastructure that doesn’t get outmoded as quickly. And if outpatient buying patterns offer additional insights into decentralizing EHRs, it’d be smart to leverage them.

Thoughts On Hospital Telecommunications Infrastructure

Posted on August 31, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Given the prevalence of broadband telecom networks in place today, hospital IT leaders may feel secure – that their networks can handle whatever demands are thrown at them. But given the progress of new health IT initiatives and data use, they still might face bandwidth problems. And as healthcare technical architect Lanny Hart notes in a piece for SearchHealthIT, the networks need to accommodate new security demands as well.

These days, he notes healthcare networks must carry not only more-established data and voice data, but also growing volumes of EMR traffic. Not only that, hospital IT execs need to plan for connected device traffic and patient/visitor access to Wi-Fi, along with protecting the network from increasingly sophisticated data thieves hungry for health data.

So what’s a healthcare CIO to do when thinking about building out hospital telecommunications infrastructure?  Here’s some of Hart’s suggestions:

  • When building your network, keep cybersecurity at the top of your priorities, whether you handle it at the network layer or on applications layered over the network.
  • Use an efficient network topology. At most, create a hub-and-spoke design rather than a daisy chain of linked sub-networks and switches.
  • Avoid establishing a single point of failure for networks. Use two separate runs of fiber or cable from the network’s edge switches to ensure redundancy and increase uptime.
  • Use virtual local area networks for PACS and for separate hospital departments.
  • Segment access to your virtual networks – including your guest Wi-Fi service – allowing only authorized users to access individual networks.
  • Build as much wireless network connectivity into new hospital construction, and blend wireless and wired networks when you upgrade networks in older buildings.
  • When planning network infrastructure, bear in mind that hospital networks can’t be completely wireless yet, because big hardware devices like CT scans and MRIs can’t run off of wireless connections.
  • Bigger hospitals that use real-time location services should factor that traffic in when planning network capacity.

In addition to all of these considerations, I’d argue that hospital network planners need to keep a close eye on changes in network usage that affect where demand is going. For example, consider the ongoing shift from desktop computers to mobile devices use of cellular networks have on network bandwidth requirements.

If physicians and other clinical staffers are using cell connections to roam, they’re probably transferring large files and perhaps using video as well. (Of course, their video use is likely to increase as telemedicine rollouts move ahead.)

If you’re paying for those connections, why not evaluate whether there’s ways you could save by extending Internet connectivity? After all, closing gaps in your wireless network could both improve your clinicians’ mobile experience and help you understand how they work. It never hurts to know where the data is headed!

More Ideas On Tightening Hospital IT Security

Posted on August 29, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Security deserves all of the attention you can spare, and it never hurts to revisit the fundamentals, in part because the cost of lagging security measures is so high. After all, it’s more than likely that your organization will face a breach, as almost 90% of healthcare organizations experienced at least one breach within the past two years, according to a Poneman Institute study done earlier this year.

Here’s some options to consider when tightening up your security operations, courtesy of Healthcare IT Leaders, whose suggestions include the following:

Hire white hat hackers: Mayo Clinic reportedly tried this a few years ago, and learned a great deal. While its security measures seem to have gotten something of a beatdown, the Clinic also found a bunch of security holes and got recommendations on how to close those holes.

Lock down employee mobile devices: As mobile technology increasingly becomes a key part of your infrastructure, it’s important to keep it secured – but that can be tough when employees own the phone. One question to ask is whether your IT could lock or wipe data from employee phones and tablets if need be. What are your legal options for securing critical data on employee-owned devices?

Review medical device security:  Networked medical devices – from respirators and infusion pumps to MRI scanners – increasingly pose security threats, as any device that receives and transmits data can be a target for attackers.  It’s critical to audit these devices, while setting careful security standards for device makers.

Train staff on security issues:  Often, breaches are due to human error, so it’s critical to educate non-IT employees on the basics of security hygiene. Offering basic security training should cover not only cover ways to avoid security breakdowns – such as avoiding generic or default passwords and phishing e-mails — but also explanations of how such breaches affect patients.

Encourage risk reporting:  According to Poneman, almost half of healthcare organizations discovered a breach through an employee within the past two years. What’s more, nearly one-third of data breaches came to light due to patient complaints. It’s smart to encourage these reports, as IT staff can’t have eyes everywhere.

Disable laptop cameras and microphones:  Laptops generally come with a webcam and microphone, but at least in an enterprise setting, it may be better to disable these functions. Why? For one thing, attackers may be able to listen to private conversations through the microphone.

As I see it, the bottom line on all of these activities is to infuse security thinking into as many IT interactions as possible.  It may be trite to talk about a culture of security (it’s easier said than done, and too many organizations make empty promises) but such a culture can actually make a big impact on your security status.

To have the biggest impact, though, that culture has to extend all the way to the C-suite, and unfortunately, that rarely seems to happen. When I read research on how often healthcare organizations underspend on security, it seems pretty clear that many senior execs don’t take this issue as seriously as that should. And if the staggering level of health data breaches happening lately isn’t enough to scare them straight, I don’t know what will.

HHS OIG Says Unplanned Hospital EMR Outages Are Fairly Common

Posted on August 24, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

More than half of U.S. hospitals responding to a new survey reported having unplanned EMR outages, according to a new report issued by the HHS Office of the Inspector General, due to a variety of common but difficult-to-predict technical problems. Some of these outages have merely been inconveniences, but some resulted in patient care problems, the OIG report said.

The agency said that it conducted this study as a follow up to its prior research, which found that both natural disasters and cyberattacks were having a major impact on EMR availability. For example, it noted, hospitals faced substantial health IT availability challenges in the wake of Superstorm Sandy, include damage to HIT systems and problems with access to patient records.

According to the survey, 59% of the hospitals reported having unplanned EMR outages. One-quarter said that the outages created delays in patient care and 15% said that the outage lead to rerouted patient care. Only 1 percent of outages were caused by hacking or breaches.

The most common causes, in order, were topped by hardware malfunctions, followed by Internet connectivity problems, power failures and natural disasters. (For more detail on the root causes of outages, see this great post by my colleague John Lynn.)

It’s worth noting that these hospitals were selected for having their act together to some degree. To conduct the study, researchers spoke with 400 hospitals which were getting Meaningful Use incentive payments for using a certified EMR system in place as of September 2014.

Nearly all of these hospitals reported having a HIPAA-required EMR contingency plan in place. Also, two thirds of the hospitals addressed the four HIPAA requirements reviewed by OIG researchers. Eighty-three percent of surveyed hospitals reported having a data backup plan, 95% had an emergency mode operations mode plan, 95% said they had a disaster recovery plan and 73% said they had testing and revision procedures in place.

Not only that, most of the hospitals contacted by the study were implementing many ONC and NIST-recommended practices for creating EMR contingency plans. Nearly all had implemented practices such as using paper records for backup and putting alternative power sources like generators in place.

Also, most hospitals said that they reviewed their EMR contingency plans regularly to stay current with system or organizational changes, and 88% said they’d reviewed such plans within the previous two years. Most responding hospitals said they regularly trained their staff on EMR outage contingency plans, though just 45% reported training staff through recommended drills on how to address EMR system downtime. And 40% of hospitals that activated contingency plans in the wake of an outage reported that they saw no disruption to patient care or adverse events.

Still, the OIG’s take on this data is that it’s time to better monitor hospitals’ ability to address EMR outages. Now more than ever, the agency would like to see the HHS Office for Civil Rights fully implement a permanent HIPAA compliance program, particularly given the mounting level of cyberattacks endured by the industry. The OIG admitted that HIPAA standards aren’t crafted specifically to address these types of outages, so it’s not clear such monitoring can solve the problem, but the agency would prefer to forge ahead with existing standards given the risks that are emerging.