Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

Mobility Strategy Becoming More Important To Hospitals

Posted on October 7, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or

An annual study of healthcare mobility has found that hospitals may be at a tipping point when it comes to mobile strategy. The study also suggests that hospitals are struggling with Wi-Fi coverage and BYOD issues, but when you add on the fact that mobile EHR access is maturing, you still have a picture in which mobile is playing a rapidly-expanding role.

Spok’s fifth-annual Mobility in Healthcare Survey, which gathered 550 responses in July of this year, found that the number of hospitals reporting having a documented mobility strategy has almost doubled since year one. Specifically, 63% of respondents said that they had a documented strategy in place, a huge shift from 2012, when only 34% of respondents had such a strategy.

Another interesting piece of data derived from the study is that the roles of those involved in forming mobile strategy have shifted meaningfully between 2014 and 2016.

For example, the number of respondents saying IT helped or would help drive mobile strategy changes fell 12 points, while those who said nurses were involved climbed 12 points. The number of respondents said doctors and consultants were involved climbed 9 points, and clinical leadership eight points. The greatest change was the role of nurses, whose current or planned involvement climbed 69% in absolute terms.

Mobile strategies emerging
When respondents that did not have a documented mobile strategy in place were asked why, 31% told Spok that they were in the process of developing such a strategy, 30% didn’t know, 17% said they had a verbal strategy in place which had not been written down or documented and 15% said budget constraints were holding them back.

Another notable set of data collected by Spok focused on which devices the respondent’s hospital was supporting. The fact that 78% percent supported smartphones was no big surprise, but it was a bit unexpected to find that 71% of hospital respondents support in-house pages. (I guess they’re like faxes — some technologies just won’t die!) Wi-Fi phones were supported by 69% of respondents, wide area pagers 57%, tablets 52%, voice badges 20% and smart watches/wearables 8%.

Meanwhile, among the key shifts in support for devices is that Wi-Fi phone and voice badge support were up 24% and 18% respectively in absolute terms. It’s also worth noting that support for smart watches/wearables has climbed to 8% near zero just last year. Clearly these are categories to watch.

Wi-Fi, BYOD challenges
As part of the support discussion, respondents also answered questions about Wi-Fi coverage, and the results highlighted some serious issues. In particular, while 83% of respondents said that their Wi-Fi connection is business-critical, they didn’t seem to feel in complete control of it.

More than half (54%) of respondents said they saw Wi-Fi coverage as a challenge, and 65% said they believed that there were some areas of poor coverage within their hospital. Other mobile device support challenges cited by respondents include data security (43%), user compliance with mobility, BYOD and EMM policies and procedures (39%) and IT support for users (37%).

Meanwhile, BYOD support and policies continue to be a contentious issue for hospitals. Nineteen percent of survey respondents said that their organizations hadn’t created any sort of BYOD program, an 8-point drop from 2015. The proportion of facilities with some type of a BYOD program also fell, from 73% to 58%, though – exercising survey options available for the first time – 5% said they were planning for BYOD and 18% said they didn’t know what was up on this front.

When asked why they chose to allow BYOD programs to exist, 60% of respondents said cost savings was a factor, 50% care team communication, and 46% said both physician demand and workflow time savings for users were important reasons. On the flip side, eighty-one percent of respondents said security issues were the primary reason they didn’t allow BYOD.

Hospitals Face Security Risks In Expanding Mobile Footprint

Posted on October 3, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or

A new study suggests that hospitals are deeply concerned about their ability to protect patient data and their technology infrastructure from the growing threat of mobile cyberattacks.

The study, by Spyglass Consulting Group, found that 71% of hospitals consider mobile communications to be an increasingly important investment, in part due to the growth of value-based reimbursement and emerging patient- centered care models.

Thirty-eight percent of hospitals surveyed by Spyglass reported having invested in a smartphone-based platform to support these communications, with the deployments averaging 624 devices. Meanwhile, 52% have expanded their deployments beyond clinical messaging support other mobile hospital workers, researchers found.

That being said, 82% of hospitals weren’t sure they could protect these assets, particularly against mobile-focused attacks. Respondents worry that both smartphones and tablets could introduce vulnerabilities into the hospitals network infrastructure through malware, blastware and ransomware attacks. (These concerns are backed up by other Spyglass research, which concludes that 25% of data breaches originate from mobile devices.)

The surveyed hospitals said they were especially concerned about personally-owned mobile devices used by advanced practice nurses and physicians, noting that such devices may lack adequate password protection and may not have security software in place to block attacks.

Also, respondents said, APNs and doctors typically rely on unsecured SMS messaging for clinical communications, which may include protected patient health information. What’s more, respondents noted that these clinicians make heavy use of public Wi-Fi and cellular networks which can be compromised easily, exposing not only their device but also their data and communications to view.

But the hospitals’ fears aren’t limited to clinicians’ personal devices, Spyglass noted. Despite making increased investments in mobile security, hospital respondents said they were also concerned about hospital-owned and managed mobile devices, including those used by nurses, ancillary professionals and nonclinical mobile hospital workers.

“Cybercriminals have become more sophisticated and knowledgeable about the capabilities and vulnerabilities of existing security products, and the strategies and tools used by hospital IT detect potential intrusion,” said Gregg Malkary of Spyglass in a prepared statement.

Still, hospitals have a number of reasons to soldier on and solve these problems. For example, a HIMSS study released in March notes that hospitals feel mobile implementations positively impact their ability to communicate with patients and their ability to deliver a higher standard of care. Not only that, 69% of respondents whose hospitals use mobile-optimized patient portals said that this expanded their capability to send and receive data securely.

The HIMSS study found that 52% of survey respondents used three or more mobile and/or connected health technologies, with 58% mobile-optimized patient portals, 48% apps for patient education and engagement, 37% remote patient monitoring, 34% telehealth, 33% SMS texting, 32% patient-generated health data and 26% concierge telehealth.

In addition, 47% of HIMSS respondents said that their hospitals were looking to expand the number of connected health technologies they used, with another 5% of respondents expecting to become first-time users of at least one of these technologies.

Telemedicine Center Is “Hospital Without Beds”

Posted on September 30, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or

You don’t usually read cutting-edge healthcare stories on the CNN Money site, but the following blew me away.  Chesterfield, MO-based Mercy Virtual Care Center is a first, a four-story facility focused entirely on virtual care.

As I’ve noted previously, hospitals seem quite interested in rolling out telehealth services — and virtually all seem to be experimenting with them to some extent — but technology concerns seem to be holding them back. This is happening, in part, because EMR vendors have been slow to integrate telehealth functions.

But this doesn’t seem to have been a problem in this case. The $54 million Mercy Virtual Care Center, which describes itself as a “hospital without beds,” launched in October 2015. It employs 330 staffers focused on a variety of telehealth services, according to CNN Money.

The Center, which calls itself the world’s first facility dedicated to telehealth, offers four programs:

  • Mercy SafeWatch, which the Center says is the largest single hub electronic intensive care unit in the nation
  • Telestroke, which offers neurology services to emergency departments across the country which don’t have a neurologist on site
  • Virtual Hospitalists, a team of doctors seeing patients within the hospital around the clock using virtual care technology, and
  • Home Monitoring, a service which provides continuous monitoring more than 3,800 patients

Center medical director Gavin Helton told CNN Money that the programs it runs are focused on cutting down the cost of care reducing the admissions. “The sickest 5% of patients are typically responsible for about half of the healthcare spend and many end up, unnecessarily, back in the hospital,” he told the site. “We need an answer for those patients.”

One activity run by the Center is a pilot program focused on remote care for patients in their homes. The initial phase includes 250 patients with complex chronic illnesses for whom care is not readily accessible.

For example, one patient enrolled in the program is Leroy Strubberg, who is recovering from three mini strokes and also has heart problems, CNN Money reports. Strubberg, who lives more than an hour away from parent hospital Mercy St. Louis, participates in the Center’s in-home care program, speaking with Virtual Care staff members twice a week.

The staffers, dubbed “navigators,” call him on his hospital-provided iPad and ask him about his status. They also encourage his wife to use a blood pressure cuff and other devices connected to the iPad to check his health.

Since Strubberg enrolled in the program, Mercy Virtual Care clinicians were able to help him avoid hospitalization twice while providing him with appropriate care, the article says.

All of this would be exciting regardless of how it played out, but the fact that seems to be successful at managing care effectively is an added bonus. Mercy told the site that the Virtual Care program has cut emergency department visits and hospitalizations by 33% since the program opened just under a year ago. They attribute their success, in part to seeing that the patients usually see the same navigator, as well as working closely with the patient’s primary care physician.

Thoughts On Hospital Telecommunications Infrastructure

Posted on August 31, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or

Given the prevalence of broadband telecom networks in place today, hospital IT leaders may feel secure – that their networks can handle whatever demands are thrown at them. But given the progress of new health IT initiatives and data use, they still might face bandwidth problems. And as healthcare technical architect Lanny Hart notes in a piece for SearchHealthIT, the networks need to accommodate new security demands as well.

These days, he notes healthcare networks must carry not only more-established data and voice data, but also growing volumes of EMR traffic. Not only that, hospital IT execs need to plan for connected device traffic and patient/visitor access to Wi-Fi, along with protecting the network from increasingly sophisticated data thieves hungry for health data.

So what’s a healthcare CIO to do when thinking about building out hospital telecommunications infrastructure?  Here’s some of Hart’s suggestions:

  • When building your network, keep cybersecurity at the top of your priorities, whether you handle it at the network layer or on applications layered over the network.
  • Use an efficient network topology. At most, create a hub-and-spoke design rather than a daisy chain of linked sub-networks and switches.
  • Avoid establishing a single point of failure for networks. Use two separate runs of fiber or cable from the network’s edge switches to ensure redundancy and increase uptime.
  • Use virtual local area networks for PACS and for separate hospital departments.
  • Segment access to your virtual networks – including your guest Wi-Fi service – allowing only authorized users to access individual networks.
  • Build as much wireless network connectivity into new hospital construction, and blend wireless and wired networks when you upgrade networks in older buildings.
  • When planning network infrastructure, bear in mind that hospital networks can’t be completely wireless yet, because big hardware devices like CT scans and MRIs can’t run off of wireless connections.
  • Bigger hospitals that use real-time location services should factor that traffic in when planning network capacity.

In addition to all of these considerations, I’d argue that hospital network planners need to keep a close eye on changes in network usage that affect where demand is going. For example, consider the ongoing shift from desktop computers to mobile devices use of cellular networks have on network bandwidth requirements.

If physicians and other clinical staffers are using cell connections to roam, they’re probably transferring large files and perhaps using video as well. (Of course, their video use is likely to increase as telemedicine rollouts move ahead.)

If you’re paying for those connections, why not evaluate whether there’s ways you could save by extending Internet connectivity? After all, closing gaps in your wireless network could both improve your clinicians’ mobile experience and help you understand how they work. It never hurts to know where the data is headed!

More Ideas On Tightening Hospital IT Security

Posted on August 29, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or

Security deserves all of the attention you can spare, and it never hurts to revisit the fundamentals, in part because the cost of lagging security measures is so high. After all, it’s more than likely that your organization will face a breach, as almost 90% of healthcare organizations experienced at least one breach within the past two years, according to a Poneman Institute study done earlier this year.

Here’s some options to consider when tightening up your security operations, courtesy of Healthcare IT Leaders, whose suggestions include the following:

Hire white hat hackers: Mayo Clinic reportedly tried this a few years ago, and learned a great deal. While its security measures seem to have gotten something of a beatdown, the Clinic also found a bunch of security holes and got recommendations on how to close those holes.

Lock down employee mobile devices: As mobile technology increasingly becomes a key part of your infrastructure, it’s important to keep it secured – but that can be tough when employees own the phone. One question to ask is whether your IT could lock or wipe data from employee phones and tablets if need be. What are your legal options for securing critical data on employee-owned devices?

Review medical device security:  Networked medical devices – from respirators and infusion pumps to MRI scanners – increasingly pose security threats, as any device that receives and transmits data can be a target for attackers.  It’s critical to audit these devices, while setting careful security standards for device makers.

Train staff on security issues:  Often, breaches are due to human error, so it’s critical to educate non-IT employees on the basics of security hygiene. Offering basic security training should cover not only cover ways to avoid security breakdowns – such as avoiding generic or default passwords and phishing e-mails — but also explanations of how such breaches affect patients.

Encourage risk reporting:  According to Poneman, almost half of healthcare organizations discovered a breach through an employee within the past two years. What’s more, nearly one-third of data breaches came to light due to patient complaints. It’s smart to encourage these reports, as IT staff can’t have eyes everywhere.

Disable laptop cameras and microphones:  Laptops generally come with a webcam and microphone, but at least in an enterprise setting, it may be better to disable these functions. Why? For one thing, attackers may be able to listen to private conversations through the microphone.

As I see it, the bottom line on all of these activities is to infuse security thinking into as many IT interactions as possible.  It may be trite to talk about a culture of security (it’s easier said than done, and too many organizations make empty promises) but such a culture can actually make a big impact on your security status.

To have the biggest impact, though, that culture has to extend all the way to the C-suite, and unfortunately, that rarely seems to happen. When I read research on how often healthcare organizations underspend on security, it seems pretty clear that many senior execs don’t take this issue as seriously as that should. And if the staggering level of health data breaches happening lately isn’t enough to scare them straight, I don’t know what will.

3 EHR Gaps That Hinder Systematic Chronic Disease Management

Posted on May 2, 2016 I Written By

3 EHR Gaps That Hinder Systematic Chronic Disease Management

The following is a guest blog post by Andrei Khomushka.

An EHR typically contains multiple highlights of patients’ health, including observations, lab results, diagnoses and treatment plans. However, this data might be insufficient for systematic chronic care management, and there are 3 key reasons for that.

1. Interrupted care setting

Most EHRs are built around the idea that patients control their conditions to the extent that they can arrange timely appointments with their doctors should disturbing symptoms arise. However, the no-shows rate is still high (up to 55%, according to Family Medicine, 2013), and chronic patients often tend to overlook and mistreat symptoms. Leading to occasional appointments in acute situations. This breaks patient data and thus care delivery. So, EHRs can’t show the real picture of a disease progression.

Only continuous care and health tracking can help prevent, or at least detect early complications and exacerbations. As EHRs simply don’t have the tracking functionality, providers need additional solutions bound to their EHRs. For example, mobile patient apps connect individuals and caregivers, allowing the former to sync medical devices and continuously share their health data with doctors, thus ensuring remote monitoring of health status. Then, this information is automatically analyzed and aligned with the EHR so it’s always up-to-date.

2. Lack of patient engagement

As individuals can’t access EHRs directly, they don’t provide any patient engagement elements. Patients can only interact with the EHR data (to some extent) by visiting the patient portal. Here is your chance to engage them. With the standard functionality, such as appointment scheduling, e-billing, lab results checking, portals allow setting goals, sharing achievements across social media, exploring interactive learning materials and more.

However, systematic chronic care is more effective when a technology is proactive and connected to a patient’s daily life (patient portals can’t beat mobile patient apps here). This way, when multiple personal encouragements, guidelines and notifications are already in your pocket, it’s easier to control a chronic condition.

3. Patient-generated data missing

Most EHRs can’t collect and store patient-generated information such as physical activity, nutrition, daily subjective and objective. To benefit from daily updates of patients’ health statuses, we suggest implementing a separate solution integrated with the EHR. This will automatically process and analyze data to identify condition changes that require a physician’s attention. Then, the solution will notify both the patient and the health specialist about the disturbing patterns and suggest scheduling an appointment or test.

Afterword: Reducing the gaps

Overcoming these limitations is essential for a systematic care of chronic patients in the comfort of their homes. However, a thorough rebuild of an EHR is not realistic. Instead of investing substantial time and budget in making the EHR something it is not supposed to be, we recommend creating a holistic solution based on a chronic disease management system (CDMS), which will be connected to the mobile patient application and the EHR. You can find more about CDMS and its benefits in our recent chronic disease management entry.

It’s Time For A New HIE Model

Posted on April 25, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or

Over the decade or so I’ve been writing about HIEs, critics have predicted their death countless times – and with good reason. Though their supporters have never backed down, it’s increasingly clear that the model has many flaws, some of them quite possibly fatal.

One is the lack of a sustainable business model. Countless publicly-funded HIEs, jumpstarted by state or federal grants, have stumbled badly and closed their doors when the funding dried up. As it turns out, it’s quite difficult to get hospitals to pay for such services. Whether this is due to fears of sharing data with the competition or a simple reluctance to pay for something new, hospitals haven’t moved much on this issue.

Another reason HIEs aren’t likely to stay alive is that none can offer true interoperability, which diminishes the benefits they offer. Admittedly, some groups won’t concede this issue. For example, I was intrigued to see that DirectTrust, a collaborative embracing 145 health IT and provider organizations, is working to provide interoperability via Direct message protocols. But Direct messaging and true bilateral health information exchange are two different things. (I know, I’m a spoilsport.)

Yet another reason why HIEs have continued to struggle is due to variations in state privacy rules, which add another layer of complexity to managing HIEs. Simply complying with HIPAA can be challenging; adding state requirements to the mix can be a big headache. State laws vary as to when providers can disclose PHI, to whom it can be disclosed and for what purpose, and building an HIE that meets these requirements is a big deal.

Still, given that MACRA demands the industry achieve “widespread interoperability” by 2018, we have to have something in place that might work. One model, proposed by Dr. Donald Voltz, is to turn to a middleware solution. This approach, Voltz notes, has worked in industries like banking and retail, which have solved their data interoperability problems (at least to a greater degree than healthcare).

Voltz isn’t proposing that healthcare organizations rely on building middleware that connects directly to their proprietary EMR, but rather, that they build an independent solution. The idea isn’t incredibly popular yet — just 16% of hospital systems reported that they were considering middleware, according to Black Book – but the idea is gaining popularity, Voltz suggests. And given that hospitals face continued challenges in integrating new inputs, like mobile app and medical device data, next-generation middleware may be a good solution.

Other possible HIE alternatives include health record banks and clearinghouses. These have the advantage of being centralized, connected to yet independent of providers and relatively flexible. There are some substantial obstacles to substituting either for an HIE, such as getting consumers to consistently upload their records to the record banks. Still, it’s likely that neither would be as costly nor as resource-intensive as building EMR-specific interoperability.

That being said, none of these approaches are a pushbutton solution to data exchange problems. To foster health data sharing will take significant time and effort, and the transition to implementing any of these models won’t be easy. But if the existing HIE model is collapsing (and I contend this is the case) hospitals will need to do something. If you think the models I’ve listed don’t work, what do you suggest?

Tablets Star In My Fantasy ED Visit

Posted on April 1, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or

As some readers may know, in addition to being your HIT hostess, I cope with some unruly chronic conditions which have landed me in the ED several times of late.

During the hours I recently spent being examined and treated at these hospitals, I found myself fantasizing about how the process of my care would change for the better if the right technologies were involved. Specifically, these technologies would give me a voice, better information and a higher comfort level.

So here, below, is my step-by-step vision of how I would like to have participated in my care, using a tablet as a fulcrum. These steps assume the patient is ambulatory and fundamentally functional; I realize that things would need to be much different if the person comes in by ambulance or isn’t capable of participating in their care.

My Dream (Tablet-Enabled) ED Care Process

  1. I walk through the front door of the hospital and approach the registration desk. Near the desk, there’s a smaller tablet station where I enter my basic identity data, and verify that identity with a fingerprint scan. The fingerprint scan verification also connects me to my health insurance data, assuming it’s on file. (If not I can scan my insurance card and ID, and create a system-wide identity status by logging a corresponding fingerprint record.)
  2. The same terminal poses a series of screening questions about my reasons for walking into the ED, and the responses are routed to the hospital EMR. It also asks me to verify and update my current medications. The data is made available not only to the triage nurse but also to whatever physician and nurse attend me in my ED bed.
  3. When I approach the main registration desk, all the clerks have to do is put the hospital bracelet on my wrist to do a human verification that the bracelet a) contains the right patient identity and b) includes the correct date of birth for the person to which it is attached. If the clerks have any additional questions to pose — such as queries related to the patient’s need for disability accommodations  — these are addressed by another integrated app the clerk has on their desk.
  4. At that point, rather than walking back to an uncomfortable waiting room, I’m “on deck” in a comfortable triage area where every patient sits in a custom chair that automatically takes vital signs, be it by sensor, cuff or other means. In some cases, the patient’s specific malady can be addressed, by technologies such as AliveCor’s mobile cardiac monitoring tool.
  5. When the triage nurses interview me, they already have my vitals and answers to a bunch of routine clinical questions via my original tablet interaction, allowing them to focus on other issues specific to my case. In some instances this may allow the staff to move me straight to the bed and ask questions there, saving initial triage time for more complex and confusing cases.
  6. As I leave the triage area I am handed a patient tablet which I will have throughout my visit. As part of assigning me to this tablet my fingerprint will again be scanned, assuring that the information I get is intended for me.
  7. When I am settled in a patient bed in the ED, I’m given the option of either holding the tablet or placing on a swing-over bed desk which can include a Bluetooth keyboard and mouse for those that find touchscreen typing to be awkward.
  8. Not long after I am placed in the bed, the hospital system pushes a browser to the tablet screen. In the browser window are the names of the doctor assigned by case, the nurse and tech who will assist, and whenever possible, photos of the staff involved. In the case of the doctor or NP, the presentation will include a link to their professional bio. This display will also offer a summary of what the staff considers to be my problem. (The system will allow me to add to this summary if I feel the triage team has missed something important.)
  9. As the doctor, nurse and tech enter the room, an RFID chip in their badges will alert the hospital system that they have done so. Then, a related alert will be pushed to the patient tablet – and maybe to the family members’ tablet which might be part of this process — giving everyone a heads up as to how they’re going to interact with me. For example, if a tech has entered to draw blood, the system will not only identify the staff member but also the fact that they plan a blood draw, as well as what tests are being performed.
  10. If I have had in interaction with any of the staff members before, the system will note the condition the patient was diagnosed with previously when working with the clinician or tech. (For example, beside Doctor Smith’s profile I’d see that she had previously treated me for stroke-like symptoms one time, and a cardiac arrhythmia before that.)
  11. As the doctor or NP orders laboratory tests or imaging, those orders would appear on a patient progress area on the main patient ED encounter page. Patients could then click on the order for say, an MRI, and find out what the term means and how the test will work. (If a hospital wanted to be really clever, they could customize further. For example, given that many patients are frightened of MRIs, the encounter page would offer the patient a chance to click a button allowing them to request a modest dose of anti-anxiety medication.)
  12. As results from the tests roll in, the news is pushed to the patient encounter home page, scrolling links to results down like a Twitter feed. As with Twitter, all readers — including patients, clinicians and staff — should have the ability to comment on the material.
  13. When the staff is ready to discharge the patient — or the doctor has made a firm decision to admit — this news, too, will be pushed to the patient encounter homepage. This announcement will come with a button patients can click to produce a text box, in which I can type out or dictate any concerns I have about this decision.
  14. When I am discharged from the hospital, the patient encounter homepage will offer me the choice of emailing myself the discharge summary or being texted a link to the summary. (Meanwhile, if I’m being admitted, the tablet stays with me, but that’s a whole other discussion.)

OK, I’ll admit that this rather long description caters to my prejudices and personal needs, and also, that I’ve left some ideas out (especially some thoughts related to improving my interaction with on-call specialists). So tell me – does this vision make sense to you? What would you add, and what would you subtract?

P.S.  Some high-profile hospitals have put a lot of work into integrating EMRs with tablets, at least, but not in the manner I’ve described, to my knowledge.

P.S.S. No this is not an April Fool’s joke. I’d really like for someone to implement these workflows.

Are You Prepared For Healthcare Ransomware?

Posted on February 3, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or

Earlier this month, a Texas hospital was hit with a particularly loathsome virus.  Leaders at Mount Pleasant, Tx.-based Titus Regional Medical Center found out on January 15 that a “ransomware” virus had encrypted files on several of the medical center’s database servers, blocking access to EMR data as well as the ability to enter data into the system.

In this kind of attack, the malware author demands a financial ransom to be paid for freeing up the data. TRMC didn’t disclose how much money the attacker(s) demanded, but it may have been an immense sum, because the hospital apparently thought that bringing in pricey security consultants and enduring several days of downtime was preferable to paying up. Although, they also probably realized the slippery slope of paying the ransom and also there’s no guarantee those receiving the ransom money will actually permanently fix the problem.

It would be nice to think that this was just a passing fad, but researchers suggest that it’s not. In fact, US victims of ransomware reported losses of more than $18 million in 14 months, according to an FBI report issued in June.

According to one news report, the average ransomware demand is about $300 per consumer. The amount demanded goes up, however, when business or government organizations are involved. For example, when a series of small police departments in Massachusetts, New Hampshire and Tennessee were hit with a ransomware attack tying up their key databases, they ended up paying between $500 to $750 to get back access to their data. One can only imagine what a savvy intruder familiar with the life-and-death demand for health information would charge to free up an EMR database or laboratory information system data store.

But the threat isn’t just to enterprise assets. Not only are hospital enterprise network attacks via ransomware likely to increase, these exploits could take place via wearables or medical devices in 2016, according to technology analyst firm Forrester Research. Such attacks don’t just use medical devices to reach databases; Forrester predicts that some ransomware attacks will disable the medical devices themselves.

Given how important mobile technology has become to healthcare, it’s worth noting that ransomware is increasingly targeting mobile devices as well. For example, a recent strain of Android virus known as Lockdroid ransomware is now afoot. While it has no direct healthcare implications, one of the things it does is threaten to send a user’s browsing history to friends and family unless they pay the ransom. The victim, who may get tricked into allowing malicious code to gain admin privileges on their device, could end up having their personal data — and perhaps data from an EMR app — sent wherever the attacker chooses.

It seems to me that the ransomware threat will push healthcare organizations to mirror their core data assets in new and heretofore unheard of ways. HIT departments will have to bring disaster recovery methods and network intrusion defenses to prevent the worst possible outcome — a hack that kills one or more patients — and quickly. Meanwhile, if a company specializing in protecting healthcare firms from ransomware doesn’t exist yet, I suspect one will exist by the end of 2016.

mHealth Apps May Create Next-Gen Interoperability Problems

Posted on November 20, 2015 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or

According to a recent study by IMS Health, there were 165,000 mHealth apps available on the Google Play and iTunes app stores as of September. Of course, not all of these apps are equally popular — in fact, 40% had been downloaded less than 5,000 times — but that still leaves almost 100,000 apps attracting at least some consumer attention.

On the whole, I’m excited by these statistics. While there’s way too many health apps to consider at present, the spike in apps is a necessary part of the mobile healthcare market’s evolution. Over the next few years, clear leaders will emerge to address key mHealth functions, such as chronic care and medication management, diet and lifestyle support and health data tracking. Apps offering limited interactivity will fall off the map, those connected to biosensors will rise, IMS Health predicts.

That being said, I am concerned about how data is being managed within these apps. With providers already facing huge interoperability issues, the last thing the industry needs is the emergence of a new set of data silos. But unless something happens to guide mHealth app developers, that may be just what happens.

To be fair, health IT leaders aren’t exactly sitting around waiting for commercial app developers to share their data. While products like HealthKit exist to integrate such data, and some institutions are giving it a try, my sense is that mHealth data management isn’t a top priority for healthcare leaders just yet.

No, the talk I’ve overheard in the hallways is more geared to supporting internally-developed apps. For example, seeing to it that a diabetes management app integrates not only a patient’s self-reported blood sugar levels, but also related labs and recommended self-care appointments is enough of a challenge on its own. What’s more, with few doctors actually “prescribing” outside apps as part of their clinical routine, providers have little reason to worry about what commercial app developers do with their data.

But eventually, as top commercial health apps become more robust, the picture will change. Healthcare organizations will have compelling reasons to integrate data from outside apps, particularly if doctors begin viewing them as useful. But if providers and outside app developers aren’t adhering to shared data standards, that may not be possible.

Now, I’m not here to suggest that commercial mHealth developers are ignoring the problem of interoperability with providers. (Besides, with 165,000 apps on the market, I couldn’t say so with any authority, anyway.) I am arguing, however, that it’s already well past time for health IT leaders to begin scoping out the mobile health marketplace, and figuring out what can be done to help with data interoperability. Some sit-downs with top app developers would definitely make sense.

What I do know — as do those reading this blog — is that creating a fresh set of health data silos would be destructive. Creating and managing useful mobile health apps, as well as the data they generate, is likely to be important to next-generation health IT leaders. And avoiding the creation of a fresh set of silos may still be possible. It’s time to tackle this issue before it’s too late.