Tag: data security

Health IT Pain Points Defined

Health IT pain points seem to be lingering long despite the never ending promises and hope eternal new technology innovation seems to offer. Every sector has its prickles, no doubt, and much is left to overcome in healthcare, but given the complexity and the copious amount of change and development here, it’s of little surprise that pain is being felt.

What may be surprising, though, is that like patient engagement, there seems to be a different type of pain, and severity of pain, depending on who you ask.

With that, for greater clarity, I decided to ask some of health IT industry insiders what they’re pain points were and why. Their responses follow:

Dr. Trishan Panch
Dr. Trishan Panch

Dr. Trishan Panch, chief medical officer, Wellframe

One of the biggest pain points for hospitals is that we’ve come across a health system’s inability to scale care management resources. They are effective in improving outcomes when patients are engaged, but because of limitations around existing models (i.e. human interaction via phone or in-person) only a small proportion of the patient population can be engaged. That’s why organizations are turning to technology solutions to scale care management resources to reach more people.

Dr. Mark Kaplan, vice president, medical affairs, DaVita Kidney Care

One of the biggest pain points for physicians today is the lack of interconnectivity between different IT systems. Participation in the meaningful use program has helped create some common standards for communication but, for a variety of reasons, these have not yet lead to widespread, effective clinical data sharing. Few physicians can operate in the ecosystem of a single electronic medical record, since they often work in systems that are different, from practice, various hospitals and other places of care.

Dave Wessinger, Co-founder and CTO, PointClickCare

Dave Wessinger
Dave Wessinger

Interoperability is a pain point in healthcare IT, particularly when it comes to transitions in senior care. Connecting the care delivery ecosystem to provide safer transitions of care is critical to long-term care. While some individuals may require short-term rehabilitative care, others may need home-based care, assisted living or long-term and hospice care. As seniors move through these different stages or between acute care and post-acute care, these transitions pose challenges for healthcare providers. Ideally, all the information that clinicians need to treat the individual will be available when he arrives at his new destination. However, this is not always the case. Healthcare providers, both long-term and acute, must invest in an infrastructure that supports seamless transitions of care; interoperability plays a vital role. Connecting healthcare providers across the care continuum will allow for better health outcomes, help reduce unnecessary hospital re-admissions, as well as keep healthcare costs down.

Rachel Jia, marketing manager, Dynamsoft

There are various statistics about the negative impact paperwork has upon providing healthcare. The AHA has estimated it adds at least 30 minutes to every hour of patient care provided. A main pain point continues to be the ability for IT to implement efficient EHR systems. At the core of any EHR system are its image capture capabilities. It must be simple to use throughout the workflow process. This includes image capture, editing, saving and sharing. The capture, or scanning, must be speedy. Editing features must be clear in how to use. This minimizes learning curves at the start. It also optimizes the speed of processing documents during the life of its use. Easy saving to local or network locations should also enable simple and secure sharing too. When one, some or all of these areas stall, it can cripple the realization of benefits from digital document management.

Continue Reading

Data Security: Securing Community Healthcare Data and Devices

David Reynolds
David Reynolds

Guest post by David Reynolds, IT systems manager, Rhode Island Blood Center.

Maintaining blood supplies to meet the needs of the hospitals in the region is a key mandate for the Rhode Island Blood Center. The Center collects 250 pints of blood from donors to meet this commitment. To make it easy for donors, more than 3,000 mobile blood drives are held annually throughout the community.

While we have nurses and lab technicians to take care of the donors’ physical needs, it is my job as the IT Systems Manager at Rhode Island Blood Center to take care of their personal information. We gather this information from each donor at the mobile clinics and store it on laptops, so it is essential that we have safeguards in place to ensure the data is properly secured.

Data security is a key concern for the majority of healthcare organizations in the US.  And like most organizations, Rhode Island Blood Center must follow regulatory guidelines and protect patient data.

My department is responsible for the IT and telecommunications equipment used at the remote blood drives and the six Center locations. The typical set-up includes a large number of Center-owned laptops where donor information is stored.

While most people arrive at a clinic and see the positive results of a community coming together and helping each other – all I see are laptops loaded with confidential information for which Rhode Island Blood Center is ultimately responsible. I know if even one laptop is lost or stolen, confidential donor information could be at risk.

Data at Risk

Reviewing daily healthcare news, it is clear that data breaches are a huge issue for healthcare organizations across the US, but bad press isn’t the only issue – many organizations face large non-compliance fines and damage to their reputation that can never be restored.

Continue Reading

HIMSS Security Survey: Breaches Remain Primary Concern Despite Increased Use of Security Technologies and Analytics

Results of the 2013 HIMSS Security Survey show that, despite progress toward hardened security and use of analytics, more work must be done to mitigate insider threat, such as the inappropriate access of data by employees. Although federal initiatives such as OCR audits, meaningful use and the HIPAA Omnibus Rule continue to encourage healthcare organizations to increase the budgets and resources dedicated to securing patient health data, in the previous 12 months, 19 percent of respondents reported a security breach and 12 percent of organizations have had at least one known case of medical identity theft reported by a patient.

The 2013 HIMSS Security Survey, supported by the Medical Group Management Association and underwritten by Experian Data Breach Resolution, profiles the data security experiences of 283 information technology (IT) and security professionals employed by U.S. hospitals and physician practices. The data from respondents suggests that the greatest perceived “threat motivator” is that of healthcare workers potentially snooping into the electronic health information of friends, neighbors, spouses or co-workers (i.e., inappropriate data access).

Recognizing inappropriate data access by insiders as an area for which organizations are at risk of a security breach, there has been increased use of several key technologies related to employee access to patient data, including user access control and audit logs of each access to patient health records. On a related note, although more than half of the survey’s respondents (51 percent) have increased their security budgets in the past year, 49 percent of these organizations are still spending 3 percent or less of their overall IT budget on security initiatives that will secure patient data. Continue Reading

A 12-step Program to Ensuring the Secure Data in Your EHR Stays That Way

This line pretty much sums it up: Improve quality of care through electronic health records.

Apparently, it’s a motto of sorts for the New York City Department of Health and Mental Hygiene. Not bad when you think about it. Sort of has a “I-love-health-IT” ring to it.

As cool as the organization’s unofficial motto, it features a wealth of great information about the benefits of EHRs, how they can improve healthcare and patient outcomes and steps practice leaders need to take when working to protect the data contained in the records.

As such, NYC’s health department site is filled with great advice for practice administrators to take to create proper procedures and practices to maintain data security.

Here’s a nice, 12-step program for you, courtesy of the NYC:

1. Continue following the rules and regulations set forth by HIPAA. Do not leave printed patient health information where others have access to it. When scanning information into a patient’s EHR, destroy the paper copy when it is no longer needed. Unlike paper charts, it is easy to see a computer screen from across the room. Computer screens should not be visible from the waiting room, check-in area or any place an unauthorized person may be able to see a patient’s EHR. Install privacy filters on monitors to block anyone from viewing the computer from a side view.

2. Install antivirus, intrusion detection and firewall software.

3. Do not use social security numbers as a unique patient identifier. This is something I’d like to see adopted universally in healthcare. There’s no need for my SSN to be sitting on the top of my new patient forms for all the world to see.

4. Patients have the right to control who sees their information. Whether or not an EHR system is in place, do not share patients’ health information with anyone unless the patient has personally authorized it or such disclosure is authorized by law (e.g., mandated disease reporting). Ensure that employers,marketers and law enforcement or immigration officers do not have access to patient records. If your practice is part of a Health Information Exchange network, patients have the right to choose whether or not they will participate. Patients have the right to revoke their consent for sharing information.

5. Patients should understand their rights to consent, as listed in #4 above.

6. Always log out of the EHR system when leaving the computer. If EHRs are left open on the screen, other people can access and/or modify patient information. This activity will be logged as the user’s and he/she may be held accountable for any privacy violations.

For more about this subject, take a look at this insightful article by Dean Wiech of Tools4ever.

7. Keep all passwords safe and secret. Create a password carefully. Passwords should not be obvious, such as birthdays, pets’ names or favorite sports teams. Think of something that is easy for you to remember, but impossible for anyone else to guess. Never share passwords. If anyone asks a staff member for his/her password, the staff member should report that person immediately to the practice administrator. Passwords should not be posted or written down near the staff members’ desks. Change passwords every three months.

8. Ensure hardware is safe and secure. Portable computers are easy to steal. Computers, servers and other equipment that contain data should be locked in a secure place when not being used.

9. Be careful when accessing EHRs from outside of the office. When opening a patient’s EHR in public, make sure no one can see the computer screen. Only access EHRs from a secure Internet connection.

10. Train all staff members on data security policies and procedures. Make sure everyone in the practice understands and observes the policies and procedures for protecting patient health information.

11. Keep up with staffing changes. If an employee leaves the practice, change the user’s status to inactive. This means they can no longer sign in with their old password.

12. Review audit trails periodically. Reviewing audit trails can alert practices to potential system abuse or misuse. Some staff members forget to log out of their system, as well as access parts of the EHRs that are beyond their practice function. Audit trails can let practice administrators know when this occurs and take appropriate action.

So, as the old saying goes, “The more you know,  the further you’ll go.”