Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

HealthIT Trends from Healthcare Marketing Leaders

Posted on April 15, 2016 I Written By

Colin Hung is the co-founder of the #hcldr (healthcare leadership) tweetchat one of the most popular and active healthcare social media communities on Twitter. Colin is a true believer in #HealthIT, social media and empowered patients. Colin speaks, tweets and blogs regularly about healthcare, technology, marketing and leadership. He currently leads the marketing efforts for @PatientPrompt, a Stericycle product. Colin’s Twitter handle is: @Colin_Hung

Last week 180+ HealthIT Marketers gathered in Atlanta for the #HITMC conference hosted by John Lynn and Shahid Shah. This annual event brings together content creators, editors, graphics artists, strategists, analysts and managers from across the healthcare industry. It is a truly unique opportunity to learn from those that work at marketing agencies, publications, provider organizations, HealthIT companies and marketing vendors.

One of the things I love to do at #HITMC is ask fellow marketers what topics they are being asked to write about and create content for. This informal poll is a fantastic way to gain insight into what will be trending over the next few months in healthcare. Why? Because if someone in the #HITMC audience is writing about it, you can rest assured it’ll be something you will soon see in your Twitter, LinkedIn, RSS or Facebook feed.

Here is a sampling of the responses I gathered at #HITMC:

Chris Slocumb @CSlocumb – CQ Marketing

“We’re doing a lot of work on security. From the provider side we’re talking about whether the right safeguards are in place and from the vendor side we’re writing about how their tools can help with securing an organization. Analytics, HIEs and interoperability are also topics we are creating content for. Conversely we’re not seeing much in the area of patient engagement right now.”

Shereese Maynard MS @ShereesePubHlth – Envisioncare

“I find that I’m doing work in the area of Home Health right now. It’s something that providers are waking up to – the potential for care at home to help patients stay healthier at lower cost. Providers and patients alike are looking to read more on that topic. Personally I’m very interested in Direct Primary Care. I think it’s a topic that will bubble to the top soon.”

Scott CollinsAria Marketing

“Thought leadership is hot right now. It’s not exactly a specific topic, but I’m seeing a lot of companies hop onto the thought leadership bandwagon. It’s like vendors have suddenly woken up to the fact that getting ‘out there’ and demonstrating your expertise on a subject is going to lead to more business. It’s exciting. In terms of a topic, population health is something I’m seeing a lot of, but one level deeper than before. Instead of just defining it we’re going to be talking about how it will help specific communities. Oh and security is BIG.”

Beth Friedman @HealthITPR – Agency Ten22

“I’m seeing a lot of requests for content around bundled payments, revenue cycle and the new self-pay patient. The financial side of healthcare is changing.”

From the conversations at #HITMC, I would definitely say security and payment are the two hottest topics right now. Security isn’t really all that surprising given the number of recent ransomware attacks. The topic of payment and revenue cycle, however, caught me a little by surprise. I thought (hoped) interoperability or patient data access would have been a trending topic. Given the changes to reimbursement models, the movement to value-based care and the popularity of high-deductible health plans, it’s no wonder this is garnering a lot of readership/interest.

Shameless Plug: If you work in HealthIT marketing or for a HealthIT publication, I would strongly encourage you to attend #HITMC next year. Not only are the sessions educational, but by listening to the attendees you’ll get a pulse of what is trending in healthcare. Hopefully we’ll see you next year!

Making the Case for a Unique Patient Identifier – #MyHealthID

Posted on April 13, 2016 I Written By

Erin Head is the Director of Health Information Management (HIM) and Quality for an acute care hospital in Titusville, FL. She is a renowned speaker on a variety of healthcare and social media topics and currently serves as CCHIIM Commissioner for AHIMA. She is heavily involved in many HIM and HIT initiatives such as information governance, health data analytics, and ICD-10 advocacy. She is active on social media on Twitter @ErinHead_HIM and LinkedIn. Subscribe to Erin's latest HIM Scene posts here.

Healthcare is a high priority for the US Government and as HIM professionals, we know the importance of keeping our fingers on the pulse of issues facing our nation. We must stay current with proposed regulatory changes and those that address the needs of the US healthcare system as they relate to HIM, privacy and security, and Health IT. One issue our nation has struggled with is secure universal identification for citizens. Social security numbers were not originally meant to be secure identifiers yet they have controversially been used as unique identifiers by Centers for Medicare and Medicaid Services (CMS) for many years.

In our line of work, we see all of the potential negative implications and the important role that patient identification plays in patient safety, HIPAA compliance, and health record accuracy. When patients are not appropriately identified throughout the continuum of care, many issues arise that can lead to misdiagnosing, incomplete information, unnecessary testing, and fraud to name a few. Duplicates and overlays are far too common due to issues matching patient names and dates of birth versus using a universal secure identifier. Sharing information through health information exchange is nearly impossible when patients are registered in multiple systems with different spellings or misidentification.

The HITECH act of 2009 laid the ground work for the Department of Health and Human Services (HHS) to standardize unique health identifiers among other tasks but we have yet to see any real progress on this subject due to federal budget barriers. In response to this, AHIMA sees this as a critical need and has started a petition to the White House to:

“Remove the federal budget ban that prohibits the U.S. Department of Health and Human Services (HHS) from participating in efforts to find a patient identification solution. We support a voluntary patient safety identifier. Accurate patient identification is critical in providing safe care, but the sharing of electronic health information is being compromised because of patient identification issues. Let’s start the conversation and find a solution.”

The campaign is called MyHealthID and looks to have 100,000 signatures on the petition to garner the attention of the US Government. HIM professionals recently took to Washington, DC to visit with Congressmen and Senators from each state to advocate for MyHealthID. The message that “there’s only one you,” hopes to resonate with politicians and make the case that a unique patient identifier is necessary and important to healthcare.

I encourage all healthcare professionals to sign this petition and assist the advocacy efforts toward a unique patient identifier. MyHealthID will not only help with HIM and Health IT initiatives; it will be in the best interest of healthcare consumers nationwide.

If you’d like to receive future HIM posts by Erin in your inbox, you can subscribe to future HIM Scene posts here.

Another Day…Another Healthcare Breach

Posted on March 19, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We all know about the Anthem Healthcare breach of millions of patient records. That’s been followed by an announcement by Premera Blue Cross that they’ve had 11 million records breached as well. Plus, I’m sure we’re just at the start of healthcare data breaches that are going to occur.

What’s astonishing to me is that many seem to be playing this up as a new thing. I remember about 15 years ago when I was in college and a guy I knew told stories about hacking through an entire hospital system. In fact, he casually made the comment, “You don’t want to hack the government cause they’ll come after you, but hospitals and universities you can easily hack and nothing will happen.”

This story illustrates two points. First, breaches of healthcare organizations have been happening for a long time. This isn’t something new. Second, we’re just now starting to put in place the technology that will detect breaches. That’s a good thing. In fact, in some ways we should applaud the fact that we actually know these breaches are happening now. I’m certain that many of these breaches happened before and we just never knew about it because you don’t have to report a breach you don’t know about.

Now that we know about these breaches, will that spur action? I think it will in some organizations. It certainly won’t be a bad thing for security and privacy. Unless we’ve become so callous to the breaches (like the title of this post suggests) that we stop caring about breaches because “they’re bound to happen.”

I hope that this post doesn’t encourage apathy on the part of healthcare organizations security and privacy. I assure you that no hospital wants to go through a breach of healthcare data. While impossible to guarantee it won’t happen, a sincere effort to create a culture of compliance in your hospital can go a long way to preventing many breaches.

As my college hacker friend told me many years ago, “You can never make something 100% secure, but you can make it hard enough for someone to hack that it’s not worth their time.” If it’s not worth their time, they’ll usually move on to someone easier.

Living on the Cutting Edge, Security, and Engineer User Interfaces

Posted on October 1, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I thought it would be fun today to mix it up a little bit and highlight a few of the interesting tweets that I’d seen recently. Plus, I’ll add a few comments after each tweet.


This is a great quote. Of course, we should add that being misunderstood might mean you’re insane. So, I’d suggest, “There’s a fine line between being misunderstood and being crazy.”


Very interesting. I think we’re starting to see this approach in healthcare, but it certainly hasn’t been the norm.


This isn’t a health IT user interface, but I’ve seen EHR software that’s just as complex.

HIPAA Compliant Texting

Posted on July 23, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re quickly seeing HIPAA compliant texting as a standard in healthcare. Certainly there are some organizations that are resisting, but I fear for those healthcare organizations that are letting SMS run rampant in their organization. SMS is not HIPAA compliant and so that’s a real risk for an organization that allows it to go on. However, I’m seeing organizations across the country adopting a secure text messaging solution.

I’ve often said that the best way to solve a problem is to make doing the right thing easy or better than doing the wrong thing. This can easily be applied to HIPAA compliant texting. I outlined 11 reasons why a secure text message solution was better than SMS before and one of those reasons wasn’t the fear of HIPAA. Can someone really argue that SMS is better or acceptable?

Besides the argument that secure text messaging is dramatically better than SMS, the great part is that a plethora of secure text messaging solutions are available that are just as easy as SMS. I’m personally bias to docBeat since I’m an advisor to them and they’ve created a really great product. However, there are lots of other dedicated secure messaging companies including TigerText, docHalo, qliqSoft, and many more. Plus, that doesn’t even include large companies like Imprivata who offer Cortext and even athenahealth’s Epocrates has secure text messaging built into their product.

The day will soon come when a hospital gets hit with a HIPAA violation (possibly during a HIPAA audit) and insecure SMS will be the culprit. Considering the advancements in secure text messaging options, hospitals won’t have anywhere to hide. It’s very clear that there are HIPAA compliant options available and so I can’t imagine they’ll be lenient with organizations that aren’t doing something about it.

I’d love to hear your experience with HIPAA compliant text messaging. Do you use it in your hospital? What do you love or hate about it? Are you still using SMS?

Large Health Facilities Have Major Patient Data Security Issues

Posted on July 2, 2014 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Many healthcare organizations have security holes that leave not only their systems, but their equipment susceptible to cyberattacks, according to two recent studies.

The researchers included Scott Erven, head of information security for multi-state hospital and clinic chain Essentia Health, and Shawn Merdinger, an independent consultant. According to iHealthBeat, the two presented their findings last week at the Shakacon conference.

Erven and his colleagues conducted a two-year study addressing the security of Essentia’s medical equipment. As part of their study they found that hackers could manipulate dosages of drugs provided by drug infusion pumps, deliver random defibrillator shock to patients or prevent medically needed shocks from taking place, and change the temperature settings in refrigerators holding blood and drugs.

The research team also looked for exposed equipment within other healthcare organizations, and the results were appalling. Within only 30 minutes, iHealthBeat notes, they found one healthcare organization which had 68,000 devices that exposed data.  Across all of the health systems they studied, they found 488 exposed cardiology systems, 323 PACS systems, 32 pacemaker systems, 21 anesthesiology systems and and several telemetry systems used to monitor elderly patients and prevent infant abductions.

Both Erven and Merdinger found that the organizations are leaking data because an Internet-connected computer had not been configured securely. Typically, data leaks occurred because sys admins had allowed Server Message Block –a protocol used to help admins find and communicate with computers internally — and allowed it to broadcast information turning private data into publicly-accessible data.

According to Erven, these issues are “global” and impact thousands of healthcare organizations. He suggests that too often, healthcare organizations focus on HIPAA compliance and don’t put enough effort into penetration testing and vulnerability protection.

This should come as no surprise. After all, Proficio’s Takeshi Suganuma notes, HIPAA was developed to protect PHI for a wide range of organizations, and as he puts it, “one size seldom fits all.”  While HIPAA compliance is important, collection, analysis and monitoring of security events are also critical activities for medium- to large-sized organizations, Suganuma suggests.

He also warns that healthcare organizations should be aware that cyberattackers are exploiting not only traditional network vulnerabilities, but also vulnerabilities in printers and medical devices. Networked medical devices are a particularly significant issue, since provider IT teams can’t upgrade the underlying operating system embedded in these devices — and too many of the devices are using older versions of Windows and Linux with known security holes.

The key point Suganuma, Erven and Merdinger are making is that while HIPAA compliance is good, healthcare organizations must pay greater attention to new attack vectors, or they face high odds of security compromise.  Seems like there’s a lot of work (and investment) afoot.

HIPAA Privacy and Security with Mac McMillan

Posted on June 9, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve been doing a whole series of Google plus hangout video interviews with people across the spectrum of Healthcare IT. I recently did one with Mac McMillan, CEO of Cynergistek that I thought might be of real interest to many people working with hospital EHRs. If you’re concerned about your HIPAA compliance or worried about potential HIPAA audits, take the time and listen to this interview with Mac McMillan. He provides a number of interesting insights including some reasons beyond HIPAA that we should be sure to make sure our security and privacy ducks are in a row.

The CIO’s Guide to HIPAA Compliant Text Messaging

Posted on January 15, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Yesterday I wrote a piece on EMR and EHR where I talk about why Secure Text Messaging is Better Than SMS. I think it makes a solid case for why every organization should be using some sort of secure text messaging solution. Plus, I do so without trying to use fear of HIPAA violations to make the case.

However, you can certainly make the case for a secure text messaging solution in healthcare based on HIPAA compliance. In fact, the people at Imprivata have essentially made that case really well in their CIO Guide to HIPAA Compliant Text Messaging. This is well worth a read if you’re in a healthcare organization that could be at risk for insecure texting (yes, that’s every organization).

They break down the path to compliance into 3 steps:

  1. Policy – Establish an organizational policy
  2. Product – Identify and appropriate text messaging solution
  3. Practice – Implement and actively managing the text messaging solution.

Texting is a reality in hospitals today and the best solution isn’t suppression, but enabling users with a secure solution. The checklists in the CIO Guide to HIPAA Compliant Text Messaging provide a great foundation for making sure your organization is enabling your users in a HIPAA compliant manner.

AHA Asks NIST To Make Cybersecurity Rules Flexible and Voluntary

Posted on December 19, 2013 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

The American Hospital Association has sent a letter to the National Institute of Standards and Technology asking the organization to make sure that its cybersecurity framework remains flexible and “strictly” voluntary for private sector organizations, according to iHealthBeat.

In late October, NIST opened a comment period  on the proposed cybersecurity framework. It followed on former NSA employee Edward Snowden leaking private government documents stating that NIST’s encryption standards contain a “back door,” allowing NSA to decipher encrypted messages.

NIST’s data encryption standards, which are used in electronic health care data security and exchange, are now undergoing internal and independent formal reviews.

In its letter, the AHA says that it agrees with the five core functions of the proposed framework:

* Identify
* Protect
* Detect
* Respond
* Recover

That being said, the AHA also wants to see the framework look at ways to reconcile various cybersecurity implementation standards, provide plenty of time for implementing changes, and include existing data security roles used in healthcare such as HIPAA and the HITECH Act, iHealthBeat reports.

Also, the AHA advises that several entities that interact with hospitals should be involved in cybersecurity risk assessment and reduction, including medical device companies, physician offices, insurers and individual patients.

And the AHA strongly urges NIST to encourage, not bludgeon, when it comes to bringing these standards to healthcare: “We encourage the federal government to ensure a thorough dialogue with the health sector before any specific incentives are adopted…Further, we recommend that only positive incentives be contemplated, such as reduced premiums for cybersecurity insurance among those who have adopted the framework.”

Regardless of what NIST does with its cybersecurity framework, healthcare leaders have plenty of security issues of their own to handle. As an investigative report published by last year by The Washington Post pointed out, healthcare organizations have their work cut out for them when it come to fixing security holes.

Single Sign-On and Strong Authentication in Hospitals

Posted on December 13, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’ve often talked about the hundreds of systems that a hospital organization must support. Yes, we often forget about 99 of them because we’re so focused on the enormous EHR software. However, the end users of those systems don’t forget about those other systems. This is particularly true when an organization hasn’t implemented a well done single sign-on solution with strong authentication. Considering the multiple login complaints I still hear from so many people, I think that includes a lot of you.

The authentication and single sign-on experts at Imprivata have put together this pretty comprehensive whitepaper on Single Sign-On and Strong Authentication. As is usually the case, there’s so much more to it than most people think about on face.

Take for example just the list of leading authentication methods:

  • Passwords
  • Strong Passwords
  • ID Tokens
  • Smart Cards
  • Passive Proximity Cards
  • Active Proximity Cards
  • Biometrics

Of course, with all of this I’m still waiting for the day when we have a biometrically controlled experience at a hospital. We’re getting there. Hopefully before that organizations will have figured out all the single sign-on issues we’re still dealing with today.

The best reason to invest in a single sign-on solution is security. Sure, there are some arguments that a single sign on option is less secure because one login can get you into everything. This is mitigated to some degree with two factor authentication. However, even if it is the case, it’s still more secure than a nurse having 20 logins which leads to them writing their usernames and passwords on a sticky note next to their computer. Single sign-on almost completely solves this security problem.

How is your organization approaching single sign-on?