EHR and Health IT Consulting
37.9K views | +1 today
EHR and Health IT Consulting
Technical Doctor's insights and information collated from various sources on EHR selection, EHR implementation, EMR relevance for providers and decision makers
Your new post is loading...
Your new post is loading...!

Healthcare Marketing 2014: 10 Reasons to Demand Digital

Healthcare Marketing 2014: 10 Reasons to Demand Digital | EHR and Health IT Consulting |

If you are responsible for leading the development and execution of a healthcare marketing strategy for 2014, you should know how to allocate resources to the channels that will provide the most ROI.


Sure, you could just focus your resources on the same channels as last year, but looking backwards can be a trap. Your boss isn’t looking for you to make an exact copy of last year’s strategy, even if it worked. As the leader of your company’s marketing initiatives, you’re expected to do more than keep the status quo; you’re expected to implement strategies so the company can do better. You need to understand current market dynamics and see around the corner so that the strategies you implement will be effective for the entirety of the next year.


In the past year we have seen an increasing dependence on digital platforms for health information, decision-making, and collaboration. Digital is the way we connect and learn today.  If you want to have an influence on the consumer’s decision-making process, you have to be where decisions are being made. If digital is big now, it’s only going to become a more important channel throughout the next year. This means you need to plan to have even more of a focus on digital for your healthcare marketing strategy if you want to keep up. You need to be forward thinking. You simply can’t afford to miss out on the opportunity digital provides when time and money are scarce.


With big changes to the healthcare ecosystem coming up, companies will be pressed to find the most economical ways to connect with patients. The industry is changing fast, so don’t get stuck being complacent. If you don’t have a strong digital strategy, where do you think you will be in six months when your boss asks why marketing isn’t driving more sales?


1. Americans are using the internet when they have health concerns.

1 in 3 American adults have gone online to figure out a medical condition72% of internet users say they looked online for health information within the past year

(Source: Pew Internet)

2. Healthcare marketing today needs both offline and online strategies.

84% of patients use both online and offline sources for research77% of patients use search engines76% of patients use hospital sites52% of patients health information sites

(Source: Google Think)

3. Offline shouldn’t be ignored, but it’s far less important than digital mediums. This should be factored in when budgeting and planning healthcare marketing strategies. Resist the temptation to rely on old, traditional tactics that are less effective just because “that’s the way we’ve always done it.”

32% of patients use TV for research20% of patients use magazines for research18% of patients use newspapers for research

(Source: Google Think)

4. Search will continue to play an important role in the decision-making process. Healthcare marketing execs need to develop a strategy so the company and its products and services can be found using search. This means you need a strong website, a social and content strategy, and SEO.

77% of online health seekers say they began their last session at a search engine such as Google, Bing, or YahooAnother 13% say they began at a site that specializes in health information, like WebMDThe most commonly-researched topics are specific diseases or conditions; treatments or procedures; and doctors or other health professionals

(Source: Pew Internet)

5. Consumers are becoming more involved in managing their own health, especially using health tracking. Healthcare marketing needs to address proactive patients who are engaged in actively monitoring and promoting their health.

7 in 10 U.S. adults have tracked a health indicator for themselves or for someone elseOf those, 34% share their health tracking records or notes with another person or group

(Source: Pew Internet)

6. Consumers are increasingly using mobile to access information. Websites absolutely must be mobile friendly and able to be viewed well in multiple kinds of devices.

Of patients who found hospitals on their mobile devices, 44% scheduled an appointmentRoughly 1/3 of patients used tablets or mobile devices on a daily basis for research and/or to book appointments

(Source: Google Think)

7. Mobile is used everywhere. Healthcare marketers need to take this into consideration when creating websites and digital content. Pay careful attention to where the patient is in the decision-making process, and serve the appropriate content that serves that need.

61% while at home27% at work23% while visiting friends or family at home20% while out of town16% while in a doctor’s office

(Source: Google Think)

8. Brand is important to prospective patients.

Reputation of facility 94%Accepts healthcare plan 90%Recommended by physician 86%Uses latest technology 85%Recommended by friends and family 51%

(Source: Google Think)

9. For patients who booked appointments, digital content is key to decision-making.

77% of patients used search prior to booking an appointment83% used hospital sites54% used health insurance company sites50% used health information sites26% used consumer generated reviews

(Source: Google Think)

10. Online video is important.

1 in 8 patients watched an online video on:

Hospital sites 42%Health insurance information sites 31%Health information sites 30%YouTube 29%Health insurance company sites 20%

53% of patients who didn’t watch hospital videos were unaware they existed.

Via Plus91

How mobile tech can transform health care

How mobile tech can transform health care | EHR and Health IT Consulting |

Health care providers should be making use of new mobile technologies that can facilitate higher quality of care in every patient interaction. A look at what's available now.

A doctor's time is increasingly scarce and expensive. The only scalable, near-term solution is to enable physicians to be more efficient and manage more patients, while empowering them to improve the quality of care they can provide.

What if doctors used powerful mobile applications to remotely track their patients' treatment compliance and progress? What if they could provide patients with remote access to their expertise, or to other medical knowledge they trust? What if they kept in- person office visits to the time they're really required for longer, in-depth consultations?

There are already some incredible startups developing mobile products that facilitate more efficient (and more economical) delivery of care. While these products, some of which are still in the early stages of development, won't replace or automate a doctor's job, they are great precursors for fostering a more transparent doctor-patient relationship.

For example, through patient monitoring and self-tracking, smartphones may help doctors catch early signs of disease. has developed a mobile platform that collects active data (patient-reported) and passive data (who you interact with through your phone and how far you travel during the day), right from a smartphone. This data is available via a web dashboard to authorized doctors and other health care providers who can use it to efficiently manage hundreds of patients. By tracking personal behavioral data, doctors can better understand the health of their patients, provide improved diagnoses and care recommendations, and be alerted quickly to signs of pending health issues.

Via nrip
Virtual Project Management, Inc.'s curator insight, September 26, 2013 5:13 PM

A nice commentary on how mobile technology may help improve patient outcomes.!

The HIPAA Final Rule and Staying Compliant in the Cloud

The HIPAA Final Rule and Staying Compliant in the Cloud | EHR and Health IT Consulting |
On March 26, 2013, the HIPAA Omnibus Final Rule went into effect. The date for fulfilling the new rules to stay compliant is September 23, 2013, except for companies operating under existing “business associate agreements” (BAAs)—their deadline is September 23, 2014.

As health-care and patient data moves to the cloud, HIPAA compliance follows along with it. With many vendors, consultants, and internal and external IT departments at work, the question of who is responsible for compliance comes up quite often. Not all organizations are equipped or experienced to meet the HIPAA compliance rules by themselves. Owing to the nature of the data and the privacy rules of patients, it is important to secure the data correctly the first time.

HIPAA and the Cloud

Do you have to build your own cloud HIPAA-compliance solutions from scratch? The short answer is no; solutions and consulting companies are available to help move patient data to the cloud as well as to secure it following HIPAA compliance rules and best practices.

The following checklist provides a guide to help plan for meeting the new HIPAA compliance rules.

A Cloud HIPAA Compliance Checklist

1. Ensure “business associates” are HIPAA compliant

Data centers and cloud providers that service the health-care industry are in the category of “business associates.” A business associate can also be an entity that “creates, receives, maintains, or transmits protected health information (PHI) on behalf of a covered entity.” This means document-storage companies and cloud providers now officially must follow HIPAA rules as well. Subcontractors are also considered business associates if they are creating, receiving, transmitting or maintaining PHI on behalf of a business associate agreement.

Business associates must meet the compliance rules for all privacy and security requirements.

What can you do?

Ensure business associates and subcontractors sign a business associate agreement and follow the HIPAA compliance rules for themselves and any of their subcontractors. A sample business associate agreement is available on the website.

What happens if you are in violation?

The Office of Civil Rights (OCR) investigates HIPAA violations and can charge from $100 to $50,000 per violation. That amount is capped at $1.5 million for multiple violations. The charges are harsh to help ensure that data is safe and companies are following the HIPAA rules.

2. Data Backup

Health-care providers, business associates and subcontractors must have a backup contingency plan. Requirements state that it has to include a backup plan for data, disaster recovery plan and an emergency-mode operations plan. The backup vendor needs to encrypt backup images during transit to their off-site data centers so that data cannot be read without an encryption key

The end user/partner is required to encrypt the source data to meet HIPAA compliance.

What can you do?

If you handle the data backup internally, set a plan to meet HIPAA compliance and execute it. If you have external backup solution providers, ensure they have a working plan in place.

3. Security Rules

Physical safeguards, like access controls, must be implemented to secure the facility.

Develop procedures to address and respond to security breaches. An additional 18 technical security standards and 36 implementation specifications also apply.

What can you do?

Put a plan in place to protect data from internal and external threats, and limit access to only those that require it.

4. Technical Safeguards

Health-care providers, business associates and subcontractors must implement technical safeguards. Although many technical safeguards are not required, they do mitigate your risk in case of a breach. In particular, encryption of sensitive data allows you to claim “safe harbor” in the case of a breach.

Study Encryption and decryption of electronically protected health information.

Use AES encryption for data “at rest” in the cloud. Use strong—and highly protected—encryption-key management. This is the most sensitive and difficult item on this list; consider using split-key cloud encryption or homomorphic key management. Transmission of data must be secured: use SSL/TLS or IPSec. When any data is deleted from the cloud, any mirrored version of the data must be deleted as well.

Ensure limit access to electronic protected health information (ePHI).

Apply audit controls and procedures that record and analyze activity in information systems containing electronic protected health information.

Implement technical security measures such as strong authentication and authorization to guard against unauthorized access to ePHI transmitted over electronic communication networks.

What can you do?

Adopt strong encryption technology and develop a plan to ensure data is transmitted, stored and deleted securely. Develop a plan to monitor and control data access.

5. Administrative Safeguards

For organizations to meet HIPAA compliance, they must have HIPAA administrative safeguards in place to “prevent, detect, contain and correct security violations.” Policies and procedures are required to deal with risk analysis, risk management, workforce sanctions for non-compliance and a review of records.

Assign a privacy officer for developing and implementing HIPAA policies and procedures.

Ensure that business associates also have a privacy officer, since they are also liable for complying with the security rule. Implement a set of privacy procedures to meet compliance in four areas: Risk Analysis “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.”

Risk Management “Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with §164.306(a).”

Workforce Sanctions for Non-Compliance “Apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures of the covered entity.”

Review of Records “Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.”

Provide ongoing administrative employee training on protected health information (PHI). Implement a procedure and plan for internal HIPAA compliance audits.

What can you do?

Develop an internal plan to meet HIPAA compliance demands and have a privacy officer to implement requirements. Ensure that policies and procedures deal with analysis of risk, management of risk, policy violations, and sanctions for staff or contractors that violate the policy. Develop and maintain documentation for internal policies to meet HIPAA compliance demands, as it will help define those policies for your organization and could assist during a HIPAA audit.
No comment yet.!

24 Outstanding Statistics on How Social Media has Impacted Health Care

24 Outstanding Statistics on How Social Media has Impacted Health Care | EHR and Health IT Consulting |
Social media is one of the most talked about disruptions to marketing in decades, but how is it impactful for the health care industry? In a generation that is more likely to go online to answer general health questions then ask a doctor, what role does social media play in this process? Let’s dive into some meaningful statistics and figures to clearly illustrate how social media has impacted health care in the last few years. Healthcare

1. More than 40% of consumers say that information found via social media affects the way they deal with their health. (source: Mediabistro) Why this matters: Health care professionals have an obligation to create educational content to be shared across social media that will help accurately inform consumers about health related issues and out shine misleading information. The opinions of others on social media are often trusted but aren’t always accurate sources of insights, especially when it comes to a subject as sensitive as health.

2. 18 to 24 year olds are more than 2x as likely than 45 to 54 year olds to use social media for health-related discussions. (source: Mediabistro) Why this matters: 18 to 24 year olds are early adopters of social media and new forms of communication which makes it important for health care professionals to join in on these conversations where and when they are happening. Don’t move too slow or you risk losing the attention of this generation overtime.

3. 90% of respondents from 18 to 24 years of age said they would trust medical information shared by others on their social media networks. (source: Search Engine Watch) Why this matters: A millennial’s network on social media is a group of people that is well trusted online, which again, presents an opportunity to connect with them as health care professional in a new and authentic way.

4. 31% of health care organizations have specific social media guidelines in writing. (source: Institute for Health) Why this matters: It is crucial to have social media guidelines in place for your health care facility to ensure everyone is on the same page, your staff is aware of limitations to their actions on social media and that a systematic strategy is in place for how social media should be run across your organization.

- See more at:
No comment yet.!

HIPAA Compliant Email: some proactive strategies

HIPAA Compliant Email: some proactive strategies | EHR and Health IT Consulting |
Like so many other things with HIPAA compliance, there’s not one, singular answer that addresses the question of what constitutes HIPAA compliant email. However, the options addressed below represent a collection of first-line strategies that go a long way toward addressing HIPAA email regulations.

Be the expert on the topic of HIPAA compliant email on behalf of your patients. This means making sure you have appropriate notices visible, both on-line and in the real world, warning patients about the potential security risks of transmitting protected health information (PHI) using email over the non-secure portion of the Internet. For instance, many practices include a page for submitting questions to the office via email. Consider posting a statement that warns about security prominently on that page, such as:

“Please keep in mind that communications via email over the internet are not secure. Although it is unlikely, there is a possibility that information you include in an email can be intercepted and read by other parties besides the person to whom it is addressed.

Please do not include personal identifying information such as your birth date, or personal medical information in any emails you send to us. No one can diagnose your condition from email or other written communications, and communication via our website cannot replace the relationship you have with a physician or another healthcare practitioner.” Document the patient’s consent to receive communication by email. Don’t assume that because your patient sent an email requesting PHI or sharing PHI, that he or she understands the risks of sending or receiving such emails. Consider using a form like this “Emergency Contact Sheet” ...
No comment yet.!

Getting Your Practice Ahead | Medical Website Essentials

Getting Your Practice Ahead | Medical Website Essentials | EHR and Health IT Consulting |
Medical Website Essentials is Volume 1 of the Ebook Series "Getting Your Practice Ahead" by Technical Dr Inc. to help Physicians and Practice
No comment yet.!

HIPAA fines put pressure on health care to better secure patient data

Big fines send clear message
Technical Dr. Inc.'s insight:
For a long time many, in the security industry felt that HIPAA had no bite. That until there were a few examples of healthcare companies made to pay the piper for HIPAA violations, the entire industry would not toe the line. Well, if that were the case at one point, it is not anymore. Over the last year or so, there has been a pretty steady stream of fines levied for violations of HIPAA regulations resulting in patients' electronic confidential data being breached.
No comment yet.!

Medical Data Backup Essentials For Physicians Ebook

Medical Data Backup Essentials For Physicians Ebook | EHR and Health IT Consulting |
Getting your practice head, Volume 4: Medical Data Backup Essentials for Physicians. Know more about Data Backup and HIPAA Compliant Data Backup here
No comment yet.!

Best Practices For Selecting An EHR

Rebecca Armato doesn't mince words. "Just as the right medical treatment is critical to a patient's survival, the right approach to EHR selection and adoption is critical to the health/survival of a physician's practice," she said.

Via Presinet Healthcare
No comment yet.!

10 Tips for Selecting the Right EHR | EMR and EHR

10 Tips for Selecting the Right EHR | EMR and EHR | EHR and Health IT Consulting |
I recently stumbled upon the Insight Data Group website. I don't know much about the organization, but they had an interesting page on their site listing 10 (This is helpful!
No comment yet.!

Column: The doctor will see you now — on the Internet

Column: The doctor will see you now — on the Internet | EHR and Health IT Consulting |
Patients like the convenience, and insurers save money. But diagnoses can go awry.


Like many primary-care doctors, I'm seeing many patients this winter who are suffering from colds and/or the flu. Some patients think such ailments are so commonplace that a doctor should be able to prescribe an antibiotic after a conversation with them over the phone or Internet.


If health insurers had their way, more doctors would be performing online video chats with patients. However, I would be wary of this growing trend.

Companies and insurers seem willing to change the physician/patient relationship to cut costs. More are offering services where patients can consult doctors through a webcam-enabled laptop, or smartphone or tablet. According to a survey by Mercer, a human resource consulting firm, 15% of very large employers use some form of telemedicine, and 39% are considering it.


These so-called virtual office visits cost about $40, and patients with minor illnesses can quickly access a physician or nurse practitioner and be prescribed medication online. Patients rave about the convenience, but something is lost through these virtual connections.


Dangers of errors

Accurate diagnoses can be missed without the face-to-face interaction. For example, I've seen a patient convinced he had a sinus infection only to find that he had a tumor inside his nose. Another complained of minor ear pain, but after examining her, I saw that an infection had spread to the point she needed to be hospitalized for intravenous antibiotics.


Without the ability to examine patients, many doctors play it safe and prescribe drugs. A recent study from the Journal of the American Medical Association found that patients who were treated through virtual visits had higher antibiotic prescription rates for their sinus infections than patients who were seen in the office.


Antibiotics overuse

Most sinus infections actually clear up themselves without antibiotics. A study published last year found that patients who had sinus infections felt the same after a few days, whether they received antibiotics or not. Worse, unnecessary drugs contribute to the growing problem of antibiotics resistance. Guidelines from the Infectious Diseases Society of America and Choosing Wisely, a consortium of medical societies that provide evidence-based guidelines, also recommend against knee-jerk antibiotic prescriptions for sinus infections.


More important, consider what would happen if something went wrong after the online-only consultation. For example, what if the patient had an allergic reaction to an antibiotic, or symptoms that got worse? And would a doctor face liability for missing something he or she could not see in a video visit?

There is some room for virtual visits, with stricter conditions. For longtime patients, managing their hypertension and diabetes through a video chat is helpful. But I would not feel comfortable treating new patients on the Web.

Currently, only 13 states allow doctors to prescribe drugs and treat patients online without actually meeting in person first. With the zeal to cut costs and maximize convenience to patients, there will be tremendous pressure to expand that number. Please remember, though, that what is cheapest for insurers, and easiest for patients, isn't necessarily what is best.


No comment yet.!

The Social Business of Fighting Disease

The Social Business of Fighting Disease | EHR and Health IT Consulting |

Whilst social media tools have primarily been used for commercial ends, there is a growing stream of evidence showing that it has scientific and social benefits as well. Nowhere is this more so than in the tracking and prevention of diseases.


For instance Google Flu Trends tracks search queries and applies its trending algorithm to gain an understanding of where flu outbreaks are occuring. A 21 month study by John Hopkins University found that the app was exceptionally good at predicting when hospitals would start to see people coming in with flu symptoms.


Primary investigator of the study, Dr. Richard Rothman, said that the results were promising for “eventually developing a standard regional or national early warning system for frontline health care workers.”


Social media context


It could be argued however that social media is a better method of tracking the spread of infection because it provides you with better context. Back in January the American Journal of Tropical Medicine and Hygiene reported that tweets and other public ‘status updates’ were a better way of determining the spread of cholera in post-earthquake Haiti than official channels. The research was conducted by scientists at Children’s Hospital Boston and Harvard Medical School and with over 6,000 people having died from the disease in Haiti, it has serious implications in terms of disaster prevention.


“When we analyzed news and Twitter feeds from the early days of the epidemic in 2010, we found they could be mined for valuable information on the cholera outbreak that was available up to two weeks ahead of surveillance reports issued by the government health ministry,” said Rumi Chunara, PhD, of the Informatics Program at Children’s Hospital Boston, Research Fellow at Harvard Medical School, and the lead author of the study. “The techniques we employed eventually could be used around the world as an affordable and efficient way to quickly detect the onset of an epidemic and then intervene with such things as vaccines and antibiotics.”

Via nrip
Luca M. Sergio's curator insight, December 20, 2012 10:26 AM
so much potential from the social space to identify disease trends and act at an early stage ....!

Patient data revealed in medical device hack

Patient data revealed in medical device hack | EHR and Health IT Consulting |

Researchers have exploited critical vulnerabilities in two popular medical management platforms used in a host of services, including assisting surgeries and generating patient reports.

The dangerous, unpatched flaws within the Philips Xper systems allowed researchers, within two hours, to develop an exploit capable of gaining remote root access.


From there, attackers gain administrative access to patient data stored in connected databases.

The affected machine can operate any medical device which uses the ubiquitous HL7 standard.

"We have a remote unauthenticated exploit for Xper, so if you same see an Xper machine on a network, then you can own it," Billy Rios, a researcher at security start-up Cylance, told SC Magazine Australia.

The holes were so severe that the U.S. Department of Homeland Security (DHS) and Food and Drug Administration (FDA) stepped in to pressure Philips to fix the system.


"We've dropped exploits before on medical systems like Honeywell and Artridum, but we've never seen the FDA move like that," he said. "It was quicker than anything else I've seen before."

After initial bids to contact Philips failed, Rios and colleague Terry McCorkle sought assistance from DHS, the FDA and the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). 

Two days later, Marty Edwards, director of the control systems security program at DHS, told the researchers the agency would from then on handle all information security vulnerabilities found in medical devices and software.

The announcement comes five months after the U.S Government Accountability Office said in a report (PDF) that action was required to address medical device flaws, adding that the FDA did not consider such security risks "a realistic possibility until recently".


How they did it

Once an extensive 200Gb forensic imaging process of the Windows-based platform had completed and the system was booted into a virtual machine, it took the researchers "two minutes" to find the first vulnerability.

"We noticed there was a port open, and we started basic fuzzing and found a heap overflow and wrote up a quick exploit for it," Rios said. "The exploit runs as a privileged service, so we owned the entire box - we owned everything that it could do."

The researchers suspect the authentication logins for the system, one with a username Philips and password Service01, are hardcoded and unchangeable by users, but when they warned Philips, the company refuted the claim.

The Xper Physio monitoring 5 platform was formerly used by a Utah hospital and purchased from an unnamed reseller, which sold the Dell Blade-like machine for a cut-rate of $200, delivered to Rios' home address.

That move broke the resellers' contractual obligations with Philips, which requires the return of unwanted devices ostensibly to safeguard against such security gaffes.

"That you need to jump through some hoops to get the hardware is not some sort of defense," Rios said. "That's security through obscurity."

The dealer was reported to the DHS, and the equipment was returned to Philips.

No comment yet.!

Social Media Implementation Checklist

Social Media Implementation Checklist | EHR and Health IT Consulting |

Set goals first. If traffic, leads and sales are part of the goal, then gotta have the next focus be on content creation. Then, using social to share. Can't get much value out of social unless you're actively creating, publishing and sharing content. 

Via nrip
rob halkes's curator insight, September 15, 2017 6:04 AM

You might think that after 10+ years, social media for healthcare is a self evident activity,! Nothing is less true, however ;-) But here's a checklist you need if you still need to sign up ;-) 


Formdox's comment, April 20, 5:34 AM
Nice post
Formdox's comment, April 20, 5:34 AM
#Formdox integrates perfectly with several #functionalities for the monitoring!

HIPAA Omnibus, Data Backups, and Your Shared Liability as a ‘Business Associate’

HIPAA Omnibus, Data Backups, and Your Shared Liability as a ‘Business Associate’ | EHR and Health IT Consulting |

If you are an IT service provider with clients in the healthcare vertical, your status as a “Business Associate” is a requirement you need to understand, and quickly. Whether you describe yourself as an MSP, VAR or CSP, the upcoming sweeping changes to the HIPAA Privacy and Security Rules are important to you and your healthcare SMB clients.


On September 23, 2013, the Omnibus Rule goes into effect and will require IT solutions and services providers to sign Business Associate Agreements with their healthcare clients. These agreements acknowledge resellers’ roles in keeping their clients’ PHI (personal healthcare information) safe as well as their shared liability in the event of a breach.


Whether you’ve been selling IT solutions and services to healthcare practices for a long time or are considering healthcare as a new market, the rules of the game are about to change. Before you sign on the dotted line, here are three guidelines that will help minimize your risk:


1. Don’t go it alone:  Select a partner that shares in your liability. As a reseller, you depend on all your vendor partners. But, when it comes to copying your customers’ PHI to your cloud provider’s data center, your dependence on your cloud provider also includes shared liability. Even though some cloud providers may try to convince you they fall into the same “conduit exception” category as mail carriers, a recent article from theBakerHostetler law firm titled, “HIPAA, Business Associates and the Cloud” makes it clear that cloud providers do not meet the exception requirements, and they therefore must sign HIPAA Business Associate Agreements describing how they will protect PHI before storing it in their data centers.


Before choosing a data backup and recovery vendor, or any vendor for that matter, make sure their products and services are appropriate for healthcare. If you can check that box, then be sure to review their Business Associate Agreement to find out exactly what theirrole is in protecting your customers’ data. The agreement should spell out several “What if?” scenarios, ranging from data breaches to the provider going out of business. Take the time to read the agreement. Ask questions. Push back if you need to and consider alternative options if it looks like the agreement places too much responsibility on your company and not enough on the IT vendor.


2. Know the concerns and lead with backup and security. Today’s technology-driven healthcare industry faces pressing data availability challenges and strict regulatory requirements on data security and integrity. Despite pressure on medical organizations to safeguard critical data, some 19 million patients, hospitals and practices have been affected by major information loss and data breaches in the last two years. Of all the business processes and challenges you could discuss with a new prospect, data backup and security are two good places to start. Here are some suggested questions to ask a prospect:


How are you currently backing up your data? The answers given to this first question will give you an immediate sense of how close or far the prospect is to meeting HIPAA/HITECH requirements. For example, perhaps they’re using tape media to back up their data. Even if they’re encrypting the data, there’s a good chance their backups are being performed manually, which almost always leads to backup inconsistency.What is your disaster recovery plan? Some prospects may already be using on-site NAS (network attached storage) devices to back up their data. If that’s the case, ask about their disaster recovery plan. Are they automatically backing up their data to an off-site/cloud data center?How is your off-site data protected? For healthcare customers, there are two critical components to keep in mind with regard to off-site data protection: data encryption and data center security. The data should be encrypted at a high level such as 256-key AES, which is used by the government to protect top secret documents. The data center should be SSAE (Statement on Standards for Attestation Engagements) 16 compliant.


3. Remember — recovery time is the key. No matter what type of backup system a prospect uses,  the big question comes down to this: If the business server crashed or something or someone took your company offline, how long would it take to get up and running? This is where the conversation gets real.

In some cases, youmay need to walk the prospect or customer through a few steps to get them to understand that restoring data is rarely a push of a button (unless of course you’re using our QuickSpin product). But for most, there’s time, resources, and investments to be made to get the business back online.  Some will be surprised to learn that even though their data may be safely stored on a tape or in the cloud, it could take several days for them to recover from a server failure after adding up all the time necessary to order a new appliance, convert the data, load drivers, an operating system, and other files onto the new appliance.


The topic of recoverability isn’t just useful for helping clients understand the business cost of downtime. It’s also useful in helping them understand the negative effects on customer service and compliance.


Forays into Health IT aren’t for everyone. The need for specialized industry insight and knowledge of specific regulations and purpose-built technologies offers a great divide. But, the broad market opportunity and demonstrated need for partner help makes healthcare IT a promising opportunity. VARs and MSPs with solid backup and data recovery solutions that fit the bill for healthcare organizations are well positioned to take advantage of this lucrative market and build a firm foundation for a healthcare IT practice that will grow and thrive.

Interested in learning more about healthcare IT? See the Intronis e-book, “Backup & Recovery in Health Care IT” for the in-depth information you need on everything from analysis of the healthcare market to suggestions on how to sell IT in the healthcare vertical.


No comment yet.!

Why Content Curation Matters To Healthcare Professionals

Why Content Curation Matters To Healthcare Professionals | EHR and Health IT Consulting |

Do you twitter? Do you Facebook? Do you blog? As the world becomes more connected through social media, healthcare professionals are finding a huge gateway to reaching more potential patients and interested readers.Content curation is at the forefront of the movement to get more ideas and information out to the computer screens of more people.


What is content curation?

Content curation is the art and business of collecting relevant content and displaying it in one convenient place, allowing easy and timely access for readers and patients. This content can include new research, studies, fresh findings, updates on healthcare innovations, opinion pieces on the state of healthcare, examples of new procedures, treatment options, interesting notes on diagnosing patients, and so much more. All of this content is then gathered into a format that is easy to read and engaging to those who seek out the information.


Content curation can be done in many different ways. There are several platforms that offer the service, such as and These curation programs offer suggestions for relevant content, then help you display it on a blog, social media platform or your personal or company website. Some platforms offer free services, but “pay to play” services are also taking hold, with promises of expert content that can’t be found anywhere else.

Content curation versus content creation


Why curate content instead of creating your own? There are pros and cons to both.


Though content creation can be a good way to get your fresh ideas and opinions out there, it is rather time consuming. If you create multimedia content such as videos and audio, you might be looking at an expensive proposition. In addition, you can soon feel significant pressure to create regular content. This can be especially bothersome for those who are extremely busy.


But most importantly, content creation provides your patients and readers with only one perspective on a certain subject. In the world of healthcare, second opinions and even third opinions are highly valued by patients, and so it is the same with the content they find online. Readers who want to learn more about a particular health issue, for instance, are likely to seek out several sources for their peace of mind.


Content curation allows you to gather together many pertinent materials, viewpoints, studies and resources in one place without spending too much time or money in doing so. Today’s tools for content curation provide a very efficient way to present all that information in one place. You can also post with much more regularity, making your social media efforts truly social by connecting more often with those who value the information you bring them.


An approach that combines both created and curated content might allow for the best of both worlds. Not only are several perspectives represented and a wide variety of media offered to readers, you are also given the opportunity to present your point of view through regularly created content. This mixture gives readers what they are hoping to see on a regular basis, but also gives you a way to connect with them in a more personal way.


Why it matters to healthcare professionals

A 2013 report by Pew Internet and American Life Project found that 59 percent of U.S. adults had turned to the Internet to find health information in the past year. Thirty-five percent of those specifically searched for conditions that they or a loved one might have. The most common topics? Diseases and conditions made the top of the list, followed by treatment options or procedures. Healthcare professionals were also a common topic of Internet interest.


By offering a website filled with useful, informative content, you can tap into that vast number of health-conscious readers. Content curation allows you to gather the information your patients want in order to give them a sense of community, peace of mind and the answers they seek. This in turn boosts your own brand and business, attaching your name to the things that matter most to readers. By having your name associated with high-quality, relevant and desirable content, social media can help drive your business and reputation to an even higher plane. (Read about how hospitals are usingsocial media to reach their patients, healthcare professionals and the public.)


In the digital world, content is king. In the healthcare world, accurate and timely information is king. Blend them together with content curation, and you will provide a service that benefits everyone — you, your company, and the many readers and potential patients who need informative, reassuring answers.


No comment yet.!

HIPAA Compliant E-mail - Myths and Facts

HIPAA Compliant E-mail - Myths and Facts | EHR and Health IT Consulting |
Every day I get questions about HIPAA compliant e-mail, and many days I see or hear something that leads healthcare organizations and their business associates in the wrong direction.

These Myths and Facts can help you make the right e-mail decisions. I have included links to give you more details and so you can see the official information yourself.

MYTH – All e-mail systems are HIPAA compliant.

FACT— FALSE. Free web mail services like Gmail, Yahoo! Mail, Hotmail, and those provided by an Internet Service Provider are not secure and no electronic Protected Health Information (ePHI) should be sent through these systems, either in messages or attachments. In 2012, an Arizona medical practice paid a $ 100,000 penalty for sending mail from an Internet-based e-mail account. They also used a publicly-accessible online calendar for patient scheduling.
No comment yet.!

Hospital websites now under the microscope - Washington Business Journal

Hospital websites now under the microscope - Washington Business Journal | EHR and Health IT Consulting |

Just about everything that happens inside of a hospital is up for public ranking and review these days, from how many heart-attack victims receive an aspirin to how often staff washes their hands to — gasp — the cost of services.

Now, a quality-control group is targeting health systems websites, a medium notorious for meaningless marketing bromides and vague promises of "cutting edge" health care with little actionable information.

Last week, the Leapfrog Group and the accreditation program URAC announced their 2013 "Hospital Website Transparency Awards," meant to publicize the hospitals that use their online presence for education and real quality information instead of marketing.

Here's the problem, which I touched on last month when the U.S. News and World Report rankings came out. Health care consumers and the government are compiling detailed performance, quality and financial data about hospitals at an unprecedented rate, as society tries to get more for less out of its family inefficient medical system.

But those terabytes of data — whether it be from Medicare, Leapfrog, your own insurer,business groups — are extraordinarily rare on most actual hospital websites. Instead, you're greeted with promotions of fancy equipment or prominent doctors, or glossy annual reports with virtually no real business information.

Do you think a hospital website you're familiar with is better than most? Nominate them for an award.

But in reality, the real issue is the hospitals that won't win an award. Erica Mobley, Leapfrog's senior manager of communications, told HealthLeaders Media, "We recognized the vast majority of hospitals really weren't doing anything on their websites to promote transparency…"

Ben Fischer covers health care and law.


No comment yet.!

Telemedicine & eHealth 2013: Ageing Well - how can technology help? | November 25th | - Conferences and Exhibitions

Telemedicine & eHealth 2013: Ageing Well - how can technology help? | November 25th | - Conferences and Exhibitions | EHR and Health IT Consulting |
Telemedicine & eHealth 2013: Ageing Well - how can technology help? will be held in London, United Kingdom on November 25th.
No comment yet.!

HIPAA and PCI Compliance | SmartData Collective

HIPAA and PCI Compliance | SmartData Collective | EHR and Health IT Consulting |
Stored data is a top target by hackers, especially the type of data that can be used for fraud and medical identity theft – within the healthcare industry in particular, encrypting stored data to meet HIPAA compliance is one way to avoid the HIPAA...
No comment yet.!

Busy physicians want to leverage power of dictation | EHR Watch

Busy physicians want to leverage power of dictation | EHR Watch | EHR and Health IT Consulting |
As a resident in obstetrics and gynecology I am exposed to a number of different clinical situations.
No comment yet.!

The Art of EHR Implementation

While each EHR is different in terms of workflow, training, and usage, there are certain steps one can take in order to ensure a successful and smooth transition from paper charts to digital. From my experience working in HealthIT, here are 7 steps I recommend taking when selecting AND implementing an EHR into your practice.


The first major step in the EHR adoption pathway is forming an EHR Selection Committee. I can assure you that forming a committee is NOT a waste of time and resources. Who takes part of your selection committee is a matter of personal preference and staff abilities, however, you should consider including a technology consultant (“the IT guy”), members of your nursing staff, as well as other providers within the practice. Think of adopting an EHR as marriage. Through thick and thin, for better or for worse. You want to make sure you get it right the first time as divorcing your EHR and finding someone else could be a painstaking process.

The selection committee should focus on two key aspects: a) what are the characteristics of a suitable EHR for your practice?; b) what is an acceptable, achievable timeline for implementation? You must be specific in the types of functions your EHR will have. You must also make sure that the new piece of software will have as little impact in your day-day workflow as possible (keep in mind that NO EHR will be able to leave your workflow unchanged….it’s just the nature of software).

Once your selection committee is set, it’s important to begin talking about an implementation roadmap. By when should the team identify a suitable EHR for your practice? Who are the key players that will first learn the system? How will you go about data transfer or conversion? Will there be a consultant involved or is it done in-house?

The Keystone User(s) - once you’ve selected your EHR, it will be important to designate at least one keystone user that will be the “subject matter expert” in your office. While you can always get get on the phone to call support, having someone knowledgeable in the office will always serve you best. The keystone user will be the “go-to person” when new features are released and people need updates.

Test Groups - depending on the size of your practice, it may be a good idea to first do a trial run with just one doctor. This will help you learn the system better, tweak your implementation process and have a clean transition for the other doctors in the practice. Someone has to be the guinea pig right?

Training Staff - when the dotted line is signed, you need to make sure that everyone on your team is trained in using the system. One loose cog in the wheel and your progress toward Meaningful Use can be seriously impaired. Getting your staff trained in a timely fashion will not only ensure accurate chart completion, but will also promote a steadfast movement toward successful MU attestation.

GoLive - once your staff is trained, its time to hit the stage! All of your keystone users should be present during your golive period to ensure a smooth transition from the old fashioned paper charts to your brand new EHR system.

Via nrip
No comment yet.!

Selecting an EHR System

Selecting an EHR System | EHR and Health IT Consulting |

How do I select an EHR system for my practice? Here’s a list of things healthcare professionals should consider before selecting an EHR system or upgrading your EHR system.


Selecting an EHR system is a critical decision and a significant planning task. There are different opinions regarding when the selection of an EHR system should be made in the planning phase.


Some practices go through the planning process and develop the selection criteria they wish to use. Other practices begin by selecting an EHR system and then conduct planning to support the selected EHR system.


Most practices develop an initial plan to identify their key goals, select an EHR system that supports these goals, and then finalize their plan after the selection.After establishing the practice’s objective(s) and planning how EHRs will affect workflows, the leadership team and staff can determine what to look for when considering and selecting an EHR system.


The following are several considerations for EHR software comparison that the Regional Extension Centers (RECs) have found useful over the past several months:


Understand if and how a vendor's product will accomplish the key goals of the practice. Essentially, a test drive of your specific needs with the vendor’s product. Provide the vendor with patient and office scenarios that they may use to customize their product demonstration, Clarify start-up pricing before selecting an EHR system (hardware, software, maintenance and upgrade costs, option of phased payments, interfaces for labs and pharmacies, cost to connect to health information exchange (HIE), customized quality reports), Define implementation support (amount, schedule, information on trainer(s) such as their communication efficiency and experience with product and company), Clarify roles, responsibilities, and costs for data migration strategy if desired. Sometimes, being selective with which data or how much data to migrate can influence the ease of transition, Server options (e.g., client server, application service provider (ASP), software as a service (SAS)), Ability to integrate with other products (e.g., practice management software, billing systems, and public health interfaces), Privacy and security capabilities and back-up planning, Linking payments and EHR incentive rewards to implementation milestones and performance goals, Vendor's stability and/or market presence in region, Cost to connect to HIE, Consider costs of using legal counsel for contract review verses open sources through medical associations.


No comment yet.!

Medical boards keep wary eye on doctors' social media posts -

Medical boards keep wary eye on doctors' social media posts - | EHR and Health IT Consulting |
A survey of board executives finds that inappropriate communication with patients is among online behavior by physicians that could lead to an investigation.


When doctors go to social media websites, they may want to think twice about posting patients’ photos without permission.

Using the images could be considered unprofessional conduct by a state medical board, according to a new study.


Other online physician behavior viewed as troublesome by boards: citing misleading information about clinical outcomes; misrepresenting credentials; and inappropriately contacting patients.

The survey of 48 state medical board executives, published in the Jan. 15 Annals of Internal Medicine, found that these social media activities likely would prompt a board investigation of a doctor. The study concluded that physicians should never engage in such behaviors.

“When you post something publicly online, it’s something that could be online in perpetuity,” said study co-author Humayun Chaudhry, DO, president and CEO of the Federation of State Medical Boards, which represents 70 boards that oversee MDs and DOs.

What triggers an investigation?

One of the survey’s 10 hypothetical vignettes of social media posed to medical board executives shows a photo of three doctors, drinks in hand, at a hospital holiday party. Forty percent of executives said a complaint to the board about the posting would trigger an investigation — a “low consensus” among survey respondents.

But 73% took issue with a vignette of a doctor who posted photos of himself intoxicated.

71% of state medical boards have investigated doctors for violating professionalism online.

Getting a “moderate consensus” among respondents of posts that would prompt an investigation were a scenario of a physician’s blog that used potential patient identifiers and a vignette about discriminatory language on a doctor’s Facebook page. The least troublesome of the 10 vignettes was a doctor’s blog describing a clinical encounter with no patient identifiers (only 16% of executives said it would lead to an investigation).

“People can really do a lot to stay out of trouble by applying common sense and avoiding the trap that you can do something online you wouldn’t do in real life,” said study lead author Ryan Greysen, MD, MHS. He is an assistant professor in the Division of Hospital Medicine at the University of California, San Francisco, School of Medicine.

Previous research has shown that doctors and medical students can get in trouble online. An article co-written by Dr. Greysen in the March 21, 2012, issue of The Journal of the American Medical Association found that 71% of state medical boards had investigated doctors for violating professionalism online. A study, also co-written by Dr. Greysen, in the Sept. 23, 2009, issue of JAMA said 60% of medical schools had incidents of students posting unprofessional content online.

Guidance for doctors

In 2012, the federation issued guidelines to help doctors maintain professionalism when using social media. That guidance discourages physicians from interacting with patients on social networking sites such as Facebook and says doctors should adhere to the same principles of professionalism online and offline.

Delegates to the American Medical Association Interim Meeting in November 2010 adopted policy on social media use that advises medical students and physicians to be professional online. They should keep appropriate boundaries when communicating with patients online and respect patient confidentiality, the policy says.

The Annals study notes that improper behavior online can do more than spark a board investigation; it can lead to loss of employment or lawsuits by patients over privacy violations. The study said greater awareness of potential pitfalls is needed among doctors to avoid unprofessional behavior online.

To avoid problems, Dr. Greysen said, physicians should apply the same ethical and professional conduct online that they do in their daily actions offline.

“This may be a wake-up call to some doctors, not only to the value of Internet communication, but also to the dangers,” Dr. Chaudhry said.

No comment yet.!

Social Media milestone to improve ehealth

Social Media milestone to improve ehealth | EHR and Health IT Consulting |
Social Media milestone to improve ehealth

New technologies are about to transform healthcare all over the world thanks to the interesting opportunities that content sharing and a wider people communication offer. For instance, personal health record (PHRs) development lead by multiple public organizations and private companies worldwide (such as uPatient by Medtep) will make personal health management easier while this tool takes the most of technological opportunities on communication.

Getting an open and uninterrupted patient-physician communication through PHR use is the best way to digitalize healthcare and improve its quality and value but, along that, Social Media creates a very comfortable and easy to use place to share and create content. In medical context, this content is developed mainly to make personal health management easier or softer and in most cases it is published by old patients related with different kind of diseases or medical issues. 



The point of sharing experiences and knowledge among people is a way of expressing empathy and offer some kind of “psychological” help to those who are living health worries but this relationship should never be used to make self-decisions to treat these difficulties without professional consultation.

Even if shared social experience can be useful to treat minor diseases, in front of serious maladies a patient must always access toprofessional assistance. Ehealth introduction does not replace the need of doctors or physicians in all the cases. Social Media contents and technological tools such as health apps (in which mhealth is based) are attractive and valuable resources to be used in healthcare but human resources are the more reliable and most experienced or educated ones who can treat people professionally.


Precisely, this point makes these resources taking part in Social Media an important way to improve healthcare quality and reliability. Healthcare related content in Social Media should be validated by professional institutions and controlled afterwards. Many technology or social based organizations or businesses are currently creating digital places and resources where to help on personal health management. But, since most of these agents do not have consistent medical support, content validation policies would be required if risky medical self-making decisions turn a real danger for human healthcare.


Social Media is a great tool for improving healthcare quality but professional assistance is essential to secure this positive development. Until this reality comes true, all Social Media consumer need to be careful and objective when consuming these contents.

This is the recommendation Medtep community would like to express.

No comment yet.