EHR and Health IT Consulting
40.4K views | +7 today
Follow
EHR and Health IT Consulting
Technical Doctor's insights and information collated from various sources on EHR selection, EHR implementation, EMR relevance for providers and decision makers
Your new post is loading...
Your new post is loading...
Scoop.it!

New Privacy Threats in Healthcare?

New Privacy Threats in Healthcare? | EHR and Health IT Consulting | Scoop.it

Privacy advocate Deborah Peel, M.D., is worried that several ongoing healthcare sector initiatives, including the emphasis on nationwide, interoperable health information exchange, provisions of the21st Century Cures bill, and a push for a national unique patient identifier, could erode patient privacy and individuals' control over their records.


Electronic health records systems, and databases that store massive amounts of data on millions of patients, have "created a situation where our absolutely most sensitive information is at the greatest risk of all personal information," says Peel, founder and chair of advocacy group, Patient Privacy Rights, in an interview with Information Security Media Group.


"And on top of that, as Congress has woken up and found out, your doctors are not getting the information they need [for treatment]. That was the whole purpose of having an electronic health record system, and it's failed miserably. ..."


Peel's concerned that the intensifying focus on improving electronic health records interoperability and nationwide data sharing, in an effort to ease access to treatment information, could lead to more hacker attacks as well as insider breaches.


Plus, she opposes proposed changes to the HIPAA Privacy Rule included in the 21 Century Cures bill, which the House recently passed and sent to the Senate. Those changes would allow healthcare entities to disclose patient data to other healthcare entities or business associates for research purposes without patient authorization.


"The point of the medical record is to help the physician take better care of you," She says. "Who goes to the doctor to join endless numbers of hidden 'research projects'? I don't know anyone who does."


Patients need to have more control over collection and storage of their own health information, she says, and they should be given the opportunity to approve the use of their records in research projects.

Unique Patient IDs

Peel also is concerned about renewed calls by some healthcare industry associations, including the College of Healthcare Information Management Executives, for Congress to re-examine its long ban on the creation of a national unique patient identifier


When Congress passed HIPAA in 1996, the law called for the creation of a unique health identifier for individuals. But in response to privacy concerns, Congress in 1999 passed a law prohibiting federal funding for the identifier. However, some healthcare IT leaders say some sort of ID is more critical than ever in facilitating secure national health information exchange and ensuring patient record accuracy in the wake of mass adoption of electronic health record systems.


But Peel fears a national patient identifier would open the door for more invasions of privacy. "The rationale for a unique patient ID is exactly the same as the rationale of a Social Security number. It was supposed to be used for one purpose. And what happened to the Social Security number? It's used as a national ID for everywhere, and it allows all kinds of people to collect information about you from everywhere."


Peel, a practicing psychiatrist and psychoanalyst, is founder and chair of the advocacy group Patient Privacy Rights. Peel became active in privacy rights at the federal level in 1993. She advocated first as an individual and later on behalf of state and national medical specialty organizations for patient control of access to medical records. She has made multiple presentations at national panels and Congressional briefings.

more...
No comment yet.
Scoop.it!

Medical Data Exchange, Cloud Solutions Impact EHR Design

Medical Data Exchange, Cloud Solutions Impact EHR Design | EHR and Health IT Consulting | Scoop.it

Over the last two decades, the medical industry has changed drastically in terms of patient care and access to medical records. It was nearly impossible to obtain one’s own health record 20 years ago. Forbes reports that patients had little choice but to press legal action if they wished to access their own medical data.


In 1996, however, the Health Insurance Portability and Accountability Act (HIPAA) was passed, which did offer legal protections to patients who needed to see their health records. Nonetheless, there was still significant difficulty in accessing this information and most people never went through the challenging process.


Today, these problems are slowly disappearing, as patients have more ability to readily view their medical history and test results via patient portals and through other electronic means.


A study published earlier this year shows that after three hospital systems in separate states offered their patients the ability to view their health records and physician notes, nearly 70 percent of patients reported understanding their conditions better and taking better care of themselves including remaining vigilant about taking their medications on time. The results from the study also showed that providing patients with this ability did not majorly impact the physician workflow.


The design and evolution of certified EHR technology and health IT systems that held medical data are now changing toward a more cloud-based and mobile platform. This leads to more digitizing of medical records and providing more flexible solutions for healthcare professionals within the clinical setting.


Both mobile health and wearables are also impacting the design of certified EHR technology. The Apple watch, for instance, could potentially hold relevant medical data for physicians to view and patients to access. Additionally, mobile apps on smartphones or tablets could be used by patients to request drug refills and securely message doctors or nurse practitioners.


In a new report from market research firm IDC, Judy Hanover, Research Director at IDC, explains, “The new concept of flexible, mobile, cloud-based acute care EHR supports digitizing paper workflow and reengineering processes … There’s a huge appetite for getting better workflows into healthcare, looking at department specific and mobile apps. I would see an environment where hospitals and health systems would perhaps rip out and replace in some cases.”


According to the report, it is expected that over the next few years, providers will begin to replace their current certified EHR technology with cloud-based solutions instead. Greater investment will continue to be poured into the health IT industry as providers move onto meeting Stage 3 Meaningful Use requirements under the Medicare and Medicaid EHR Incentive Programs.


Additionally, the future of EHRs will continue to depend on EHR interoperability and the ready access of medical data across the healthcare industry. Forbes states that many within the medical sector believe EHR interoperability will be the “biggest game changer.” However, it may take longer than expected for interoperability and medical data exchange to expand across multiple healthcare settings, as this industry “moves slowly.”


more...
No comment yet.
Scoop.it!

EHR Interoperability Plan Raises Concerns

EHR Interoperability Plan Raises Concerns | EHR and Health IT Consulting | Scoop.it

Several healthcare associations have raised concerns about some of the privacy and security components of the Office of the National Coordinator for Health IT's proposed 10-year electronic health record interoperability roadmap.


For example, they expressed concern about proposals related to obtaining patient consent for sharing health information, cybersecurity activities and governance "rules of the road" for national data exchange.


ONC, the unit of the Department of Health and Human Services responsible for standards and policies of the HITECH Act EHR incentive program, in January released a draft roadmap for achieving nationwide secure health data exchange built on interoperable EHR systems.

While the ONC draft is a 10-year vision, it contains critical actions that can be taken by regulators and healthcare stakeholders in increments over the next three, six and 10 years, to help remove technical, policy and regulatory barriers that are hindering information exchange. The idea behind the plan is to make it possible for clinicians to securely access and share timely, potentially life-saving data about a patient, no matter where that patient is treated.


Over the next several months, ONC will review the comments it received and consider how they might be reflected in the final version of its interoperability roadmap expected to be released later this year.

Patient Consent

ONC in its roadmap introduced the concepts of "basic choice" patient consent related mostly to information that's allowed to be disclosed by covered entities under HIPAA for treatment, payment and operations, versus "granular choice" consent that patients would provide to allow sharing of specific data, such as sensitive information related to substance abuse or mental health treatment.


Under the HIPAA Privacy Rule, an individual's written authorization is not required for the sharing of health information for treatment, payment or operations. But many covered entities choose to obtain an individual's consent anyways, ONC notes. And that's what ONC describes as "basic choice" consent.


ONC says "granular choice" consent refers "not only to granular choice among clinical conditions that are protected by laws in addition to HIPAA, but eventually, granular choice, should a patient wish to express it, regarding other data distinctions to be determined ... such as research ... in which an individual has chosen to participate."

Some organizations in their comments say they are opposed to federal regulators introducing the concept of granular choice consent. That's because they say it could potentially fuel more confusion among healthcare entities about the patient data that can or cannot be exchanged under HIPAA versus other government regulations, including state privacy laws.


For instance, the Healthcare Information and Management Systems Society says it "does not see the benefit of, nor is in favor of, the introduction of the concepts of 'basic' and 'granular' choice, particularly in view of these concepts being contradictory and inconsistent with applicable law, for example, HIPAA and state law."


HIMSS says it "supports the idea that interoperability efforts should focus on facilitating exchange of data when the law expressly authorizes use or disclosure of protected health information. ... HIPAA should not be essentially rewritten, through a reinterpretation, with respect to erroneously stating that individuals have the right to individual access and individual choice under the Nationwide Privacy and Security Framework, based on the Federal Trade Commission's Fair Information Practice Principles."


Similarly, as it relates to information sharing and consent, the American Hospital Association says that it opposes potential changes to current government privacy and security policies in the effort to drive healthcare providers to share electronic health information. "With regard to privacy and security issues, the AHA strongly believes that improving the infrastructure to support secure data sharing in support of clinical care can be accomplished within the existing HIPAA requirements."

Cybersecurity Activities

When it comes to issues related to cybersecurity, the AHA urges ONC to leverage existing guidance, including the National Institute for Standards and Technology's framework, rather than start from scratch.

"The roadmap includes proposed activities for ONC or HHS, but activities in this area must align with the ongoing collaboration of the Departments of Homeland Security and HHS with public-private collaborations, including the Healthcare and Public Health Sector Coordinating Council, to work through health sector-specific issues," AHA says.


"Further, any detailed standards should be aligned with the NIST Cybersecurity Framework, which is the overarching federal approach to cybersecurity, and the existing HIPAA security rules."

Rules of the Road

ONC's draft interoperability roadmap also included "a call to action" for healthcare IT stakeholders to come together to establish a coordinated governance process for nationwide interoperability. Those proposals also included the possibility that ONC would consider regulatory options to ensure compliance to so-called governance "rules of the road."


But some organizations, including the College of Healthcare Information Management Executives and the Association of Medical Directors of Information Systems, oppose too much government intervention in governance issues.


"We caution against being overly ambitious with the development of a nationwide governance mechanism and encourage focused prioritization through ingrained collaboration among private and public sector stakeholders," CHIME and AMDIS say in its joint comments to ONC. "In our view, interoperability in the service of high quality, safe patient care should remain the principal focus of the near-term."

Other Recommendations

As part of its comments on the interoperability roadmap, HIMSS also made several privacy and security recommendations. Those include suggestions that ONC, federal partners and industry stakeholder groups collaborate on developing:


  • A central portal that aggregates cyberthreat indicators and vulnerability information, across critical infrastructure sectors;
  • Guidance for what a thorough, holistic risk management program looks like - including plans, policies, procedures, application security testing, penetration testing, networking monitoring and detection, incident response, continuity, disaster recovery and resilience; and
  • Guidance on issues related to encryption, including practical guidelines on encryption requirements for protected health information stored or accessed via devices and software.


"Encryption is not a silver bullet, but it can be a useful safeguard when the right technology and know-how are used appropriately to keep information both private and secure," HIMSS notes.


more...
No comment yet.
Scoop.it!

The Fastest Path to a Secure Cloud

The Fastest Path to a Secure Cloud | EHR and Health IT Consulting | Scoop.it

Personal Health Information (PHI) records and electronic PHIs (ePHIs) comprise our most confidential data, including demographic information, medical history, test and laboratory results and insurance information. Health care professionals utilize the PHI to identify the patient and determine appropriate care and treatment; insurers input financial data, and patients can access this information by request. Due to this highly sensitive combination of medical and financial data, these records have become a favorite target for hackers, as shown by the recent Premera and Anthem breaches.


As hackers become more sophisticated in their attacks, organizations must become increasingly vigilant in implementing HIPAA compliant standards to secure their data. Healthcare organizations currently use both on premise and cloud deployments to house their information. In fact, a recent survey of healthcare provider organizations indicates that 83% of IT executives report that they are currently using cloud services. The areas with the most uptake include lab systems and email services; electronic health record and information exchanges (CHIs, EMRs, Telehealth, etc.), and Shadow IT – which is enlisting cloud-based services, but not via their IT departments.


While the advantages in moving to the cloud include improved access, powerful processing capabilities, higher availability and significant savings with on-demand hosting, healthcare organizations are still wary that the cloud may deliver a less secure option. They are reluctant to transfer mission-critical and sensitive information to a seemingly anonymous IT admin in an unidentified location. Other organizations may be concerned that their IT teams may not have the requisite skills and processes to manage the migration and maintenance of the cloud deployment.


In the Public Cloud environment, responsibility for IT security is shared between the health care organization and the Cloud Service Provider (CSP), with a clearly defined demarcation. The CSP is in charge of securing access to the physical servers and the virtualization layer, while the health care organization is responsible for securing the hosted Operating Systems, the applications and the data itself. CSPs differ in the ‘native’ security features they offer, but those always fall short of best-practice security requirements. Therefore, organizations using public clouds are required to supplement the CSP offering to ensure a HIPAA compliant cloud deployment.


As part of a cloud migration process, ePHIs may be ‘exported’ to the cloud, to share with other healthcare organizations, clinicians and insurers, or for cloud-based storage and processing.  In such cases encryption of the data in transit and at rest is critical. Firewall policies to control data transfer and access are also required. Since many healthcare organizations have only migrated a portion of their resources to the cloud, the encryption and firewall policies must encompass the hybrid, private and enterprise cloud environments.

When ePHI or other clinical or sensitive data is stored in the cloud, the issue of remote access must also be addressed. Health care professionals and IT staff as well as others need to access cloud resources from remote offices and via mobile devices. Although remote access provides flexibility it is also a significant security caveat. Almost half of the healthcare security incidents last year were the result of loss or theft of devices such as laptops, phones or portable drives. Internal threats are especially worrisome, as 15% of the security incidents in healthcare in 2014 have been attributed to unapproved or malicious use of organizational resources.


The answer to these threats are strong integration with identity controls as well as access management. To protect their resources, organizations must implement a strong two factor or multi-factor authentication systems. Identity-based access management policies assure that employees are not able to access unauthorized data, and multi-factor authentication ensures that those who steal or find lost devices will not be able to reach internal resources.


Another important step in securing healthcare information involves implementing monitoring and logging capabilities. This is emphasized in a cloud environment where the infrastructure is owned by a third party and is shared among several organizations (i.e. multi-tenant). Although logs are important, unless they are regularly monitored in an accurate manner, important or suspicious events will not be noted. Therefore, visibility and automated alerts are critical in early detection of security incidents.


The cloud is becoming the default choice for healthcare CIOs. The fastest path to a secure, compliant healthcare deployment in the cloud requires careful planning and implementation. Key to a viable security solution are encryption, access management and firewall policies, combined with event monitoring capabilities and alerts. Solutions that provide this set of security elements for the public and hybrid cloud are now becoming available in the marketplace, evidence that cloud technologies for healthcare are coming of age.


more...
No comment yet.
Scoop.it!

Calif. Hospital Challenges Nurses Union's Claims About EHR Outage

Calif. Hospital Challenges Nurses Union's Claims About EHR Outage | EHR and Health IT Consulting | Scoop.it

Officials from Antelope Valley Hospital in Lancaster, Calif., are disputing recent allegations from a nurses union that an electronic health record outage caused the hospital's emergency department to close, Becker's Health IT & CIO Review reports.

Background

Last week, representatives of the California Nurses Association/National Nurses United asked the Los Angeles County Department of Public Health to investigate the Feb. 27 outage, contending that the incident put patients at risk.

According to the nurses, the outage caused myriad issues at the hospital, including difficulty:

  • Dispensing medication;
  • Verifying physician orders;
  • Reviewing patient labs and other diagnostic procedures; and
  • Reviewing patient records.

The nurses union also asserted that the outage forced the hospital to shut down its ED. Further, they claimed that the hospital did not have a backup plan in place for such outages.

Hospital Statement

In an emailed statement, hospital officials said, "The emergency department continued to treat patients, logging more than 900 patients over the weekend." The statement noted, "At times during the outage, certain patients were diverted to other nearby facilities based on their treatment needs."

The hospital said it activated its "downtime procedures" while working to fix the EHR errors. Officials say patient safety was not affected by the issues, and the pharmacy continued to fill prescriptions using a management system that was not connected to the network outage. Meanwhile, patient records and medication requests were filled by hand.

Antelope Valley CEO Dennis Knox said, "Our team of professionals worked tirelessly throughout the weekend to process lab orders and results, review radiology exams, carry out treatment plans and deliver overall patient care as promptly as possible".


more...
No comment yet.
Scoop.it!

Health and Electronic Security

Health and Electronic Security | EHR and Health IT Consulting | Scoop.it

The rapid adoption of electronic health records (“EHR”) and other new technology in healthcare has resulted in the introduction of serious security threats. Numerous stories and reports have made it clear that hackers, criminals and others view the healthcare industry as a ripe target due to security vulnerabilities. This issue is exacerbated by the high value placed upon medical records in the black market.


The question that many are asking is was all of the money spent on acquiring EHRs misspent now that security flaws or issues are popping up with such frequency. Namely is healthcare throwing good money after bad. To some degree it may be a misplaced accusation. Any adoption of newer technologies will lead to issues, including exploitation of flaws that may not be expected. Unfortunately, it is also likely that bad actors will be ahead of the field when it comes to finding weaknesses or ways to get at data. Such a scenario should be viewed as an inherent risk in implementing technology. That being said, it is likely an unavoidable risk in this day and age. It is simply too difficult and against expectations to remain on the digital sidelines.


The increase in attacks against healthcare entities should appropriately raise alarm bells and spur action. Medical information is very sensitive on many levels and needs to be protected. One place to look for a solution is HIPAA. As is well-known, the HIPAA Security Rule sets standards for protecting health information. The technical, physical, and administrative safeguards define certain minimum standards to follow. In the current day and age though, the HIPAA standards by themselves are probably not enough. From this perspective, it is important to remember that HIPAA only sets a floor, not a ceiling. Best practices may well require actions beyond those proscribed by HIPAA. The healthcare industry needs to evolve and adapt to new realities.


The speed with which adaptation can occur will dictate how secure medical information remains. While much money was and is being spent in connection with new digital and technological solutions, the expense is not going to end as long as threats remain. Technology takes investment, time and attention, all of which are ongoing and recurring obligations.

more...
No comment yet.
Scoop.it!

The Blocking of Health Information Undermines Interoperability and Delivery Reform

The Blocking of Health Information Undermines Interoperability and Delivery Reform | EHR and Health IT Consulting | Scoop.it

The secure, appropriate, and efficient sharing of electronic health information is the foundation of an interoperable learning health system—one that uses information and technology to deliver better care, spend health dollars more wisely, and advance the health of everyone.


Today we delivered a new Report to Congress on Health Information Blocking that examines allegations that some health care providers and health IT developers are engaging in “information blocking”—a practice that frustrates this national information sharing goal.


Health information blocking occurs when persons or entities knowingly and unreasonably interfere with the exchange or use of electronic health information. Our report examines the known extent of information blocking, provides criteria for identifying and distinguishing it from other barriers to interoperability, and describes steps the federal government and the private sector can take to deter this conduct.

This report is important and comes at a crucial time in the evolution of our nation’s health IT infrastructure. We recently released the Federal Health IT Strategic Plan 2015 – 2020 and the Draft Shared Nationwide Interoperability Roadmap. These documents describe challenges to achieving an interoperable learning health system and chart a course towards unlocking electronic health information so that it flows where and when it matters most for individual consumers, health care providers, and the public health community.


While most people support these goals, some individual participants in the health care and health IT industries have strong incentives to exercise control over electronic health information in ways that unreasonably interfere with its exchange and use, including for patient care.


Over the last year, ONC has received many complaints of information blocking. We are becoming increasingly concerned about these practices, which devalue taxpayer investments in health IT and are fundamentally incompatible with efforts to transform the nation’s health system.


The full extent of the information blocking problem is difficult to assess, primarily because health IT developers impose contractual restrictions that prohibit customers from reporting or even discussing costs, restrictions, and other relevant details. Still, from the evidence available, it is readily apparent that some providers and developers are engaging in information blocking. And for reasons discussed in our report, this behavior may become more prevalent as technology and the need to exchange electronic health information continue to evolve and mature.


There are several actions ONC and other federal agencies can take to address certain aspects of the information blocking problem. These actions are outlined in our report and include:

  • Proposing new certification requirements that strengthen surveillance of certified health IT capabilities “in the field.”
  • Proposing new transparency obligations for certified health IT developers that require disclosure of restrictions, limitations, and additional types of costs associated with certified health IT capabilities.
  • Specifying a nationwide governance framework for health information exchange that establishes clear principles about business, technical, and organizational practices related to interoperability and information sharing.
  • Working with the Centers for Medicare & Medicaid Services to coordinate health care payment incentives and leverage other market drivers to reward interoperability and exchange and discourage information blocking.
  • Helping federal and state law enforcement agencies identify and effectively investigate information blocking in cases where such conduct may violate existing federal or state laws.
  • Working in concert with the HHS Office for Civil Rights to improve stakeholder understanding of the HIPAA Privacy and Security standards related to information sharing.


While these actions are important, they do not provide a comprehensive solution to the information blocking problem. Indeed, the most definitive finding of our report is that most information blocking is beyond the current reach of ONC or any other federal agency to effectively detect, investigate, and address. Moreover, the ability of innovators and the private sector to overcome this problem is limited by a lack of transparency and other distortions in current health IT markets.


For these and other reasons discussed in our report, addressing information blocking in a comprehensive manner will require overcoming significant gaps in current knowledge, programs, and authorities. We believe that in addition to the actions above, there are several avenues open to Congress to address information blocking and ensure continued progress towards the nation’s health IT and health care goals.


Information blocking is certainly not the only impediment to an interoperable learning health system. But based on the findings in our report, it is a serious problem—and one that is not being effectively addressed. ONC looks forward to working with Congress, industry, and the health IT community to properly address this problem and ensure continued progress towards achieving the goals of an interoperable learning health system.


more...
ProModel Analytics Solutions's curator insight, April 17, 2015 11:37 AM

Karen DeSalvo-Leads the Office of the National Coordinator for HIT

Scoop.it!

How cloud computing enables interoperability

How cloud computing enables interoperability | EHR and Health IT Consulting | Scoop.it

CMS has signaled a renewed focus on interoperability, a welcome development for healthcare professionals anxious to more easily exchange insightful data. But there’s still the matter of how well the people involved in various collaborative “Big Data in Healthcare” initiatives operate together.

At some point for most of us in our careers – usually early on – we’ve encountered a project that was initially heralded with a great deal of fanfare, only to ultimately fizzle out after failing to gain enough buy-in. For all the excitement surrounding Big Data projects, many are at similar risk of a premature end if stakeholder concerns aren’t addressed at the outset:

  • Who will host the data?
  • How will data privacy concerns be handled?
  • How have restrictions on data use been addressed?
  • Do existing consents allow for data sharing?
  • Will the data need to be de-identified? If so, using which methodology?
  • Who will be responsible for acquiring, maintaining and distributing it?
  • How will the data be protected as it’s routed to its new home?
  • How well will it be protected in its new home? Who will have access to it?

For this to work, a neutral ground is usually needed, offered by a trusted third party.

The cloud: breaking down barriers to data exchange
In healthcare, massive amounts of data are not stored in pre-defined, structured tables. Instead, they are often composed of text, notes, numbers, images, formulas, dates, and other facts that are inherently unstructured. In fact, certain kinds of data sources are being created so quickly that there is no time to store it before the need to analyze it.

Savvy healthcare executives see Big Data as an opportunity to break down the paradigm of siloed data. They know that isolated data can be inefficient. Yet even while supporting the vision of Big Data, many healthcare leaders are traditionally reluctant to share data outside their own firewalls. Due to competitive considerations and confidentiality risks, there must be a level of trust in the quality and security of the receiving organization’s health data management systems for the data owner to be willing to share it. No one wants to risk a HIPAA privacy or security violation at the hands of another entity.

'Dirty' data can yield hidden treasures
To make an effective Big Data play, data sharing arrangements must be made, data flows defined, data analytics engines and the underlying infrastructure created, and the proper data governance must be agreed upon by all relevant stakeholders. It is at this stage that a trusted third party data warehouse environment is critical for success.

Conventional wisdom leads many to believe that data must be scrubbed, normalized and aggregated into a standard format in order to gain key insights. In fact, for Big Data in Healthcare, the time-tested principle of “garbage in, garbage out” actually may not apply.

Using the right data analytics tools can reveal unexpected insights from unstructured or “dirty” data as some call it.

In addition to enabling insights from disparate data sources, storing and protecting data, data management services are now available that alleviate the need for healthcare organizations to hire additional experts in meaningful use or cloud technology, including:

  • Pulling data from different sources into a single cloud-based repository for collaborative use
  • De-identifying the data and stripping it of identifiable information
  • Data visualization with dashboards and reports
  • Audit trails of who accessed what, when and from where
  • Dynamically scaling the infrastructure as the data volume increases

Cloud for collaborative care
Entities that are members of an accountable care organization or other coordinated care programs also benefit from the neutrality of the cloud for a variety of functions, from the day-to-day, such as claims and billing, to more analytic reporting and collaboration. The cloud provider can host the data along with any other number of data management services that the healthcare organization can’t, or just doesn’t want to take on.

Can you blame them? Healthcare organizations need all of their IT staff on deck for analytics and other data projects. And as we move to a more coordinated and shared model for healthcare, all stakeholders need a neutral and trusted environment that fosters collaboration. And based on the potential for infinite computing power and storage on the cloud, the sky’s the limit for interoperability.


more...
No comment yet.
Scoop.it!

Securely Disposing Medical Practice Equipment

Securely Disposing Medical Practice Equipment | EHR and Health IT Consulting | Scoop.it

It goes without saying that computers are expensive. Medical practices will often gift used office equipment to employees or family members; or donate them to vocational programs. Risk management attorney Ike Devji says that donating old equipment like scanners, fax machines, and computers at the end of the year is very common. "At the end of the year practices will rush to spend money so that it is not taxable. They buy [new] equipment … and computers are replaced."

There's just one small problem. Deleting sensitive patient data will not permanently eliminate it from the hard drive of the device. And if you've donated your practice's scanner to the local thrift store, it still contains sensitive patient data that "a well-trained 12-year-old kid with access to YouTube can get … off the hard drive," says Devji.

Devji points out that a high-end digital scanner can store up to 10,000 pages of patient data. And equipment that is synched to your EHR, even smartphones and tablets, needs to be destroyed or disposed of in a secure manner.

If you have old equipment that you'd like to get rid of, contact your IT consultant. He should be able to point you in the right direction. Or you could follow Devji's approach: He uses his old equipment for target practice in the Arizona desert.


more...
No comment yet.