Recent Articles:

HIStalk Practice Advisory Panel: Social Media, Security Practices

January 25, 2013 Advisory Panel, News Comments Off on HIStalk Practice Advisory Panel: Social Media, Security Practices

The HIStalk Practice Advisory Panel is a group of physicians, ambulatory care professionals, and a few vendor executives who have volunteered to provide their thoughts on topical issues relevant to physician practices. I seek their input every month or so on an important news development and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a practice, you are welcome to join the panel. Many thanks to the HIStalk Practice Advisory Panel members for willingness to participate.

For this report, I asked panel members about social media in their practice and privacy and security measures.


What social media tools are being used in your practice?


We’ve had to tighten things up due to fear of lawsuits or other problems. We encourage our providers to only use the official practice website or official practice-based Facebook and Twitter accounts. There are a couple of physicians who use personal Facebook accounts and have patients who have friended them, but that’s discouraged.


Website with vetted patient education content, Twitter, e-mail – with marked restrictions (until we engage our portal) and patient communications portal (pending).


We have a very basic Facebook presence and starting to do some rare tweets. But right now we believe our patients really want connectivity rather than content,  so our focus is on making sure it is very easy to send in messages via our secure portal.


Employed clinics have a Facebook presence to make general announcements about clinic-sponsored community events, new services, and physicians joining the group. Periodic reminders about seasonal flu shots are also posted. There is very little social media usage among the private practice clinics within our market.


Patient portal is in place and gaining adoption. We also use YouTube to distribute videos of clinic providers, the clinics news, and leadership messages. Some use of LinkedIn and other social media for recruiting. Still discovering ways to leverage the social media. This is an example of a YouTube video we use to promote our medical group in the community:


What security and privacy measures are in place in your practice? For example, encryption, passwords, remote access, antivirus, backup/recovery processes, etc.


All of the above including mandatory machine encryption and mandatory antivirus measures etc.


Passwords with complexity requirements, fingerprint scanners, Norton 360, Avast Antivirus, Malwarebytes Anti-Malware, LogMeIn Pro, daily incremental local backups to external hard drive, weekly full backups to external hard drive, off-site storage of redundant external backups, pen tablets not allowed to be taken off-site.


Employed clinics follow the enterprise-wide policies and procedures for security and privacy. Those policies address encryption for all devices, minimum password complexity standards, frequency of password changes, non-reusable passwords, antivirus protection active and definitions up to date, OS and application security patches applied, redundancy/backup protection, business continuity and disaster recovery, and employee required annual training on HIPAA security, social engineering, phishing, etc. These policies align and in some case are even more stringent than the regulatory requirements to protect the information and system assets of our enterprise and patients. Daily automated audit systems are in place to notify the appropriate personnel of devices that do not comply with policy.

Unfortunately, for most of the private practices that I have visit, they do not fully comply with the basics of existing regulations regarding security and privacy of electronic patient information, systems, and access. Private practice clinics (especially the small to medium sized clinics) do not have the internal expertise nor resources to accomplish what a larger organization can do with pooled resources. Some clinics are relying on the HITECH REC services or third-party providers to monitor and accomplish some or all the tasks necessary to be compliant with regulations.


We use passwords and antivirus. Remote access is allowed only from home. Not sure if we encrypt. We did not have a backup system initially. We did discuss that once in a staff meeting at which it was decided that another database would be added at another site for backup, but I’m not sure if that ever materialized.


VPN, encryption, daily back-up, antivirus.


We are part of a larger AMC, so lots of the regular network stuff – passwords, virus protection, backups. For remote access, we use dual authentication with a token. In our exam rooms, we set up a system that automatically secures the exam room computers when the door is opened, thus ensuring security when the doctor or nurse leaves the room. Has worked out great!


On the encryption front, we have a disk encryption product on our laptop machines called Credant. The software is a hybrid encryption product that only encrypts some of the files on the laptop, leaving others — like the OS — unencrypted. They say that this is better when compared to full disk encryption because only the user who is logged into the machine has files that are decrypted, whereas full disk encryption products decrypt all of the files for all of the users on successful login.

I think there may be a weakness in it because the whole drive is not encrypted. Given time, I’d try to hack it to see if it fails to encrypt files that it should. So hopefully it is doing a good job. I’m aware of a few cases where users have lost data because the keys were corrupted or something else went wrong with the encryption product.


We use whole-disk encryption for all portable devices and only allow PCs on the network (no BYOD, unfortunately) for making the security easier. Passwords must change every 45 days and cannot repeat for 24 months. Remote access is available with either hard or soft tokens. Antivirus is in place. We do allow users to be administrators on their own devices, but if we suspect trouble, we will then remove those rights. We assume you’re innocent until you mess up. We back up the EHR database nightly and every two weeks a backup is sent to some kind of secure bunker, I think in Nebraska. We randomly test the backups to make sure they are actually usable.


News 1/24/13

January 23, 2013 News Comments Off on News 1/24/13

1-23-2013 12-55-20 PM

Medical billing software provider Kareo raises $20.5 million in new funding to launch Kareo Billing Services and expand its sales and marketing efforts. Kareo, which serves over 6,000 customers, doubled its employee base and its revenue in 2012.

1-23-2013 3-45-47 PM

Greenway Medical Technologies unveils an interactive developer portal and extended PrimeSUITE API to facilitate the creation of apps that interoperate with the PrimeSUITE EHR/PM solution.

Grace and Mercy Health Clinic (TX) chooses iPatientCare EHR.

SRS reports a 94 percent increase in revenues from 2011 to 2012 and the addition of 56 new employees, plus an 8,000 square foot expansion to its office space.

1-23-2013 3-35-25 PM

Prince George’s County Health Department (MD)  implements WebChart EHR from Medical Informatics Engineering and NoMoreClipboard PHR across 25 clinics.

1-23-2013 3-29-33 PM

Epocrates says the use of its application has helped clinicians avoid more than 27 million adverse drug events, which represents over 25 percent of all Epocrates drug lookups. Sixty percent of physicians using Epocrates report avoiding at least one adverse drug error every week.

1-23-2013 3-24-56 PM

National HIT Coordinator Farzad Mostashari, MD highlights some of ONC’s 2012 achievements, including:

  • 64 percent of EPs registered for the MU program
  • 33 percent of EPs received MU payments
  • 132,842 primary care providers in over 31,000 practices received EHR assistance from RECs
  • Over 100,000 of the REC-assisted EPs are now live on an EHR and nearly 40,000 have achieved MU
  • Over 80 percent of all FQHCs were assisted by RECs.

Inga large

E-mail Inga.

News 1/22/13

January 21, 2013 News 1 Comment

1-21-2013 1-47-13 PM

A growing number of pharmaceutical companies and other businesses are taking advantage of advertising opportunities within cloud-based EMRs. EMRs such as Practice Fusion generate ads based on keywords and allow advertisers to message directly to doctors at the point of care. More than 85 percent of the major pharmaceutical companies currently run ads within Practice Fusion.

athenahealth announces it will offer an anesthesia-specific billing solution for hospitals and independent practices.  MedOasis will provide the capabilities for anesthesia coding, charge-entry, contract management, and compliance.

1-21-2013 2-41-02 PM

1-21-2013 2-40-00 PM

EMR/PM provider iSALUS Healthcare and RCM firm CIPROMS partner to integrate and co-promote their services to physicians.

A study published in JAMA Internal Medicine suggests e-visits may be just as effective as in-person office visits for uncomplicated ailments such as sinus infections and UTIs. Researchers also found patients receiving online care were prescribed more antibiotics, perhaps because providers used more conservative treatments when unable to see patients in person. Even with additional prescriptions, e-visit care costs for UTI patients were less than in-person visits ($74 versus $93 a visit.)

Neighborhood Health Plan and Partners Health (MA) will provide $4.25 million in grants to 49 community health centers to expand HIT systems, train on Meaningful Use and medical coding, and train and build capacity for performance improvement.

Last week HHS Secretary Kathleen Sebelius announced the final omnibus privacy and security rule that expands HIPAA’s reach to business associates, increases penalties to $1.5 million per violation, and clarifies breach notification requirements. One provision that particularly impacts practices is the requirement for providers to give patients their medical information in electronic form if requested, assuming the data is stored electronically. Another provision that could require vendors to modify their software and practices to change workflows allows cash-paying patients to instruct providers not to share treatment information with their insurance company.

AMA News reviews the new CPT codes for transitional care management and complex chronic care coordination, including advice on when to use which code. The new codes went into effect January 1 and allows practices to bill for coordinating the care of patients when discharged from a hospital or with multiple chronic conditions.

Last week the HIStalk Practice Advisory Panel provided some good insight into the resources their practices use when comparing HIT vendor and products. A few of my favorite comments:

Lately we’ve awarded three contracts without a formal RFP or competitive vendor selection process. Unfortunately, that approach has been both expensive and has resulted in us owning products or buying consulting services that have failed to meet the functionality or quality our users desire. Hopefully we’ll learn a lesson soon.

When our administrators looked for an EHR, they simply looked at the market leader in our niche market, got a one-hour demo, and chose it. Turns out that’s not a good method.

Google and Web research. EMRConsultant.com. Personal recommendations from colleagues. Demos, demos, demos.  Getting access to a test site for extended, unrestricted hands-on experience seems to be the most helpful.

1-21-2013 4-31-12 PM

Greenway Medical Technologies, Inc., announces that Greenway PrimeSUITE 2014 (17.0) is compliant with the ONC 2014 Edition criteria and was CCHIT-certified as an EHR Module.

Inga large

E-mail Inga.

 

 

 

.

DOCtalk by Dr. Gregg 1/18/13

January 18, 2013 News 1 Comment

Another Hectic Day in Healthcare, 2063

Health Affairs’ January 2013 issue has an article entitled “Primary Care Physician Shortages Could Be Eliminated Through Use Of Teams, Nonphysicians, And Electronic Communication.” Using simulation analyses, the authors argue that the looming primary care physician shortage predicted by the Association of American Medical Colleges is inaccurate, or at least avoidable. (Shortages of 45,000 to as high as 200,000 PCPs have been projected.)

Their new assumptions on changing demographics and alternative methods of care may make sense, but I wanted to sidestep suppositions. Thus, I went straight to the most reliable source I know: my dear old spirit guide, Madame Blavatsky. She immediately channeled one of the finest techno-futurists to ever pass over, Arthur C. Clarke! Though the spirit ethers wouldn’t allow a direct connection – something to do with a recent “Clarke-Asimov Spirit Treaty” – she was allowed to pass along a typed transcript of a short story written by Clarke about a day in the life of a primary care doc in the year 2063.

If “Ego” has nailed yet another future science prediction, it may bode well for the attractiveness of primary care to the next generation!

I relay the tale to you exactly as I received it:

—————————————————————————

I step from the autoshower, clean and fresh. It never ceases to amaze me just how perfectly the sensors know what water temperature I prefer each day. It’s never exactly the same day to day, according to the home central water readouts, but it always feels just perfect.

 

After daily ablutions are complete, I step into my cozy office just off the master bedroom to begin patient care. Today it’ll all be from my home, which I enjoy, though I admit that the live visits with patients in their homes are my favorite. Still, much of the work is so integrated and the reality of the virtual is so nearly real, it’s sometimes hard to know where live care and care-at-a-distance diverge. (The old term “telehealth” isn’t really used much anymore because it’s all so integrated.) Still, there’s something that’s just more deeply satisfying with live, in-person visits.

 

As I begin another day of virtual office work, I think of the old days when I used to actually have to log in using passwords and iris scans. The DNA sensors (which have since made those old, cumbersome, and not infallible security measures obsolete) are so seamless that I often forget that there ever was a security issue. Not that DNA sensors didn’t have their own security flaws in the early days, with hackers replicating DNA sequences as easily as they used to hack Java. But since the upgrade to DNA/RNA cross matching and the SensoCheck verification response system, there hasn’t been one successful breach in over a decade.

 

Before I set to business, I think of my own daily health SensoScan and, almost immediately, it completes before I finish settling into my chair. (I’ve always loved how SensoTools can activate with just a thought.) No major disruptions in vitals, heartscan, brainscan, organ function, or antibodies. Circulatory status fine, chemistries stable, and respiratory function remarkably unremarkable. Nucleic sequence mutations remain within acceptable limits. I do note one slight variation: some notable decrease in pigment in new hair growth. But, when you’re 79 – and since I opted out of the regeneration recoding – you gotta expect a little of that. I actually prefer the little bit of gray that now highlights my head and mutton chops. [A nod to his friend, Asimov? – Dr. Gregg]

As I turn my eyes toward the SensoScreen zone, the space above my desk becomes awash with 3D imagery of patients and their data updates. All is “green-and-go” on my patient panel except for the always curious Mrs. Sturnburner. She questions whether her SensoReads are accurate – again – because they don’t show any notable problems –again – despite her ongoing assertion that her bowels aren’t working as they should – again. I direct a personal note to her that these slight variations in intestinal consistency are a normal fluctuation and remind her – yet again – that dietary fluctuations cause routine changes in bowel output and peristaltic activity. At 124, she has had a hard time believing anything the SensoReads tell her. (Understandable, since she spent so much of life distrusting the frequently flawed data from the pre-SensoTools days.)

 

After scanning, I verify that all of the patient data, reports, notifications, and current SensoFeeds have been successfully transmitted via the SensoHIE. (How we ever survived in the days before health data was auto-transmitted and collated is beyond me.) The SensoHIESync shows full and intact data integrity with all communication lines green. Consultant feeds are clean and SensoPharm shows no outstanding needs or conflicts.

 

Speaking of SensoPharm conflicts, it seems sort of antiquated that there’s even a “Conflicts” alert anymore since all pharmaceuticals are either autoinduced, genomic redactions, or constructed on demand via in-home Senso3DPrinters. None of these can ever be initiated with any possible therapeutic conflict potential. Still, the “Conflicts” alert lingers as a holdover from the days before full Senso-integration. Sorta quaint, really.

 

All of a sudden, up pops a request from Jemma Thompson. It seems her five year old has swallowed one of the pieces from his recent Christmas present, the new “Al-Zirc Legos Master Planet Builder” set. The new alumina-zirconia nanocomposite-stabilized pieces don’t pick up well on SensoScan, so she’s a little freaked out even though the child seems fine. I dispatch one of the new VirtGo Hoverbots to her home; it arrives within minutes. Its robotic 3D ultrasound arm quickly locates the small round toy floating safely within the child’s gastric juices. I reassure Jemma that all will be fine and instruct her on how to adjust the SensoStool settings on her toilet to make certain that the toy’s passage is autorecorded. She smiles warmly, though I’m not sure if it’s for me or for the SensoStool scanner that keeps her at a comfortable distance from any manual fecal examination.

 

With the Hoverbot floating its way out of Ms. Thompson’s door, I relax in my chair and notice the time. I can barely believe that it’s nearly noon! The hour has just whizzed by. I think to myself that I’ll probably need to schedule an old-fashioned, real person, hands-on massage after such a hectic day.

 

Hopefully tomorrow will be less stressful.

—————————————————————————

From the trenches…

“All that we are is the result of what we have thought. The mind is everything. What we think, we become.” – Gautama Siddharta

gregg alexander

Dr. Gregg Alexander, a grunt in the trenches pediatrician at Madison Pediatrics, is Chief Medical Officer for Health Nuts Media, an HIT and marketing consultant, and sits on the board of directors of the Ohio Health Information Partnership (OHIP).

 

HIStalk Practice Advisory Panel 1/17/13

January 17, 2013 Advisory Panel Comments Off on HIStalk Practice Advisory Panel 1/17/13

The HIStalk Practice Advisory Panel is a group of physicians, ambulatory care professionals, and a few vendor executives who have volunteered to provide their thoughts on topical issues relevant to physician practices. I seek their input every month or so on an important news development and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a practice, you are welcome to join the panel. Many thanks to the HIStalk Practice Advisory Panel members for willingness to participate.

For this report, I asked panel members: When purchasing HIT systems, what resources do you use to compare vendors and products?


I don’t put a lot of stock in KLAS. What I do put stock in is actually talking to users of the products, and not necessarily those given on vendor-supplied reference lists. Our organization participates in various external quality organizations, specialty organizations, and advocacy groups. All of them have listservs where you can ping the rest of the members to find out what products they are using for a particular business need, or how they like a particular product. It’s a good real-world resource.

I also ping CMIOs that share the same primary vendor as we have. They’re well positioned to tell what products they use to fill functionality gaps or that compliment our EHR.


Lately we’ve awarded three contracts without a formal RFP or competitive vendor selection process. Unfortunately, that approach has been both expensive and has resulted in us owning products or buying consulting services that have failed to meet the functionality or quality our users desire. Hopefully we’ll learn a lesson soon.


Combination of talking to peers (e.g. people I know, AMDIS listservs), reading about them, doing demos. We’ll see if KLAS has info on them as well.


Industry groups (AMGA, Premier, SG2, HIStalk, etc) along with consultants in certain cases to identify potential options and then detail comparisons of the vendors in an RFP type process.


When our administrators looked for an EHR, they simply looked at the market leader in our niche market, got a one-hour demo, and chose it. Turns out that’s not a good method.


If we were to choose today, I would look at user comments on KLAS and see what is being mentioned on blogs like HIStalk.


We haven’t purchased any new HIT systems for the employed physicians in several years. For private practice physicians, I provide them with the latest reports from KLAS, AARP, AMA, etc. I also share with them the top five market share EMR vendors in the region. Additionally, I provide them with two or three names of the clinics using each EMR system in the region so that they are aware of the colleague / competitor decisions in the market they serve. I also provide user group information for each EMR vendor if there is a local presence.


KLAS, hospital offering, advice from colleagues.


Google and Web research. EMRConsultant.com. Personal recommendations from colleagues. Demos, demos, demos.  Getting access to a test site for extended, unrestricted hands-on experience seems to be the most helpful.


Platinum Sponsors


  

  

  


  

Gold Sponsors


 

Subscribe to Updates




Search All HIStalk Sites



Recent Comments

  1. The article about Pediatric Associates in CA has a nugget with a potentially outsized impact: the implication that VFC vaccines…

  2. Re: Walmart Health: Just had a great dental visit this morning, which was preceded by helpful reminders from Epic, and…

  3. NextGen announcement on Rusty makes me wonder why he was asked to leave abruptly. Knowing him, I can think of…

  4. "New Haven, CT-based medical billing and patient communications startup Inbox Health..." What you're literally saying here is that the firm…

  5. RE: Josephine County Public Health department in Oregon administer COVID-19 vaccines to fellow stranded motorists. "Hey, you guys over there…

RSS Industry Events

  • An error has occurred, which probably means the feed is down. Try again later.