EMR and HIPAA

July-31-2014

10:02

This tweet struck me as I consider some of the technologies at the core of healthcare. As a patient, many of the healthcare technologies in use are extremely disappointing. As an entrepreneur I’m excited by the possibilities that newer technologies can and will provide healthcare.

I understand the history of healthcare technology and so I understand much of why healthcare organizations are using some of the technologies they do. In many cases, there’s just too much embedded knowledge in the older technology. In other cases, many believe that the older technologies are “more reliable” and trusted than newer technologies. They argue that healthcare needs to have extremely reliable technologies. The reality of many of these old technologies is that they don’t stop someone from purchasing the software (yet?). So, why should these organizations change?

I’m excited to see how the next 5-10 years play out. I see an opportunity for a company to leverage newer technologies to disrupt some of the dominant companies we see today. I reminded of this post on my favorite VC blog. The reality is that software is a commodity and so it can be replaced by newer and better technology and displace the incumbent software.

I think we’ve seen this already. Think about MEDITECH’s dominance and how Epic is having its hey day now. It does feel like software displacement in healthcare is a little slower than other industries, but it still happens. I’m interested to see who replaces Epic on the top of the heap.

I do offer one word of caution. As Fred says in the blog post above, one way to create software lock in is to create a network of users that’s hard to replicate. Although, he also suggested that data could be another way to make your software defensible. I’d describe it as data lock-in and not just data. We see this happening all over the EHR industry. Many EHR vendors absolutely lock in the EHR data in a way that makes it really challenging to switch EHR software. If exchange of EHR data becomes wide spread, that’s a real business risk to these EHR software companies.

While it’s sometimes disappointing to look at the old technology that powers healthcare, it also presents a fantastic opportunity to improve our system. It is certainly not easy to sell a new piece of software to healthcare. In fact, you’ll likely see the next disruptive software come from someone with deep connections inside healthcare partnered with a progressive IT expert.

July-30-2014

10:42

When I was speaking at the gMed user conference, I learned about many of the users who participated on a GI focused online forum for gMed users. Essentially it’s an independent user group for gMed EHR users. Although, with so many GI doctors in one place, you can be sure there are all sorts of focused discussions that would be of interest to gastroenterology doctors.

Of course, there are a lot of other online forums that are similar to the GI forum. For example, Amazing Charts has a really active user forum. The open source EHR, OpenEMR also has a forum. I’m sure there are a lot more. I’d love to hear about other EHR forums you know about in the comments.

Many people probably don’t know that I built up much of my EMR knowledge participating in the now defunct EMR Update. It was a fantastic way for me to learn and share my knowledge. I’m sure that those who participate in the various EMR forums above get the same benefit. Although, it’s probably even more valuable since the forums above are all on the same EHR software.

I can’t tell you how valuable it is for a clinic to be able to turn to other users when they run into trouble. One of the best ways to optimize your EHR is to interact and exchange ideas with other end users. That’s why I’ve started creating a list of EHR user conferences as well. However, for those who can’t take the time off to go to a user conference, an online discussion forum is a great alternative. I’m surprised that more EHR vendors don’t create these types of forums.

July-29-2014

9:56

We’re just now starting down the road of the EHR replacement cycle. Meaningful use has driven many to adopt an EHR too quickly and now the buyer’s remorse is setting in and we’re going to see a wave of EHR replacements. Some organizations are going to wait until meaningful use runs it course, but many won’t even be able to wait.

With this prediction in mind, I was interested by this Allscripts whitepaper: Key Hidden Reasons Your EHR Is Not Sustainable and What To Do About It. I always learn a lot about a company when I read whitepapers like this one. It says a lot about the way the company thinks and where they’re taking their company.

For example, in the whitepaper, Allscripts provides a list of questions to consider when looking to replace your EHR:

  • How do you DEPLOY the right core IT systems to succeed with value-based care?
  • How do you CONNECT to coordinate care with key stakeholders and manage your population?
  • How do you better ENGAGE patients in their own health?
  • How do you analyze mountains of raw data to ADVANCE patient and financial outcomes?
  • How do you get everyone within your own organization to FOLLOW THE ROADMAP to EHR success?

You can see that these questions share a certain view of where healthcare IT and EHR is headed. Imagine how this criteria would compare with the criteria for EHR selection even five years ago. Although, I wonder how many doctors really share this type of approach to EHR selection. Do doctors really want their EHR to handle the above list? Should they be worrying about the above items?

I don’t doubt that doctors are going to be more involved in population health and they’re going to need to engage patients more. However, this list does seem to lack some of the practical realities that doctors still need from their EHR. In fact, as I write this, I wonder if it’s still too early to know what a next generation EHR will need to include. Of course, that won’t stop frustrated EHR users from replacing their EHR just the same.

July-28-2014

10:08

The following is a guest blog post by Trevor James.

If you work in the health/dental/medical space, you already know that HIPAA violations are a serious matter. Fines today for not complying with HIPAA laws and regulations are a minimum of $100-$50,000 per violation or record and a maximum of $1.5 million per year for violations of the same provision. Some violations also carry criminal charges with them, resulting in jail time for the violators.

Many dental offices are breaching HIPAA laws without realizing it or have employees doing so without their knowledge.

If you’re a dentist, office manager, or someone who’s been tasked with ensuring HIPAA security within your group, here are the 10 most common ways dental offices are breaching HIPAA regulations so your practice doesn’t make the same mistakes as others.

1. Devices with patient information being stolen

This is a common HIPAA violation for dental offices. It’s important to ensure the devices your dental office uses, like USB flash drives, mobile devices and laptops, are carefully handled and securely stored to prevent them and the patient information on them from being stolen.

2. Losing a device with patient information

Along the same lines as above, it’s also easy (and common) for an employee to lose those kinds of devices. USB flash drives and mobile devices are smaller items, so it’s easy to misplace them. When that happens, it’s easy for sensitive patient information to end up in the wrong hands.

Train your employees on the importance of properly handling these devices and set up some sort of tracking device, like downloading the Find My iPhone app or Where’s My Droid, to help you locate a device if it ends up lost.

3. Improperly disposing of papers and devices with patient information

When it comes time to get rid of papers or devices containing dental records or billing information, be sure you properly dispose of them. Crumpling paper in a ball and throwing it in the trash isn’t the correct way to do things nor is shutting down a device and then tossing it in the garbage. Use a paper shredder and wipe your devices clean of all information before disposing of them.

4. Not restricting access to patient information

Unauthorized access to a patient’s dental information will get you in serious trouble with HIPAA. Patients trust your office with this personal information, so be smart when handling such information so other patients, employees and relatives who aren’t allowed access don’t come across it.

A dental practice breached HIPAA in a case relating to this when they put a red sticker reading “AIDS” on the outside cover of patient folders and those not needing to know said information were able to read it while employees handled the folders. Don’t make simple, costly mistakes like they did.

5. Hacking/IT incidences

Most patient dental information now is stored on computers, laptops, mobile devices, and in the cloud. Today’s technology allows dental practices to more easily communicate, and look up and share patient information or their status on these devices.

The downfall of this technology is the people who are just as smart or smarter than your technology and hack into your devices or systems to get their hands on patient information. Make sure every device has some type of passcode or authentication to get on, install encryptions and enable personal firewalls and security software.

6. Sending sensitive patient information over email

While it’s not a violation to send these kinds of emails, it is a violation if the email is intercepted and/or read by someone without authorized access. Use encryptions and double check that whomever you’re sending the email to is supposed to be receiving the email.

7. Leaving too much patient information over a phone message

A patient may give you the A-Okay to call them, but be sure you don’t leave a message disclosing too much of their information. A friend or family member could check your patient’s message and hear things they shouldn’t, making said patient upset, or equally as bad, you could call the wrong number and say more than you should, which would probably make your patient even more upset with you. Your safest bet when calling a patient and they don’t answer is to leave a message for them to call you back.

8. Not having a “Right to Revoke” clause

When your dental office creates its HIPAA forms, you have to give your patients the right to revoke the permissions they’ve given to disclose their private dental information to certain parties. Not providing this information means your HIPAA forms are invalid and releasing subsequent information to another party puts you in breach of HIPAA.

9. Employees sharing stories about patient cases

People talk. It’s a simple fact. Employees talk with one another and they also talk to patients every workday. Remind them, though, that discussing a patient’s information to an employee lacking authorized access or to other patients is unprofessional and puts your whole practice at risk of being fined by HIPAA.

10. Employees snooping through files

It might seem shocking — or maybe not to some — but employees have been caught snooping through patient and co-worker files before. They do this to find out information for themselves but also because relatives or friends ask them to find things out about a certain person. Snooping is wrong and unprofessional on all levels.

Make sure your employees are clear on this and that they understand how bad the consequences can be for them and your office for doing so.

HIPAA violations in dental offices are all too common. Now that you know the top 10 ways dental offices are breaching HIPAA, you can take every precaution necessary to prevent your practice from violating any HIPAA laws and regulations.

About The Author

Trevor James is the marketing manager for Dentrix Ascend, a cloud based dental practice management software and Viive, a dental practice software for Mac’s.

July-27-2014

22:34


I agree with Wen that the EMR and claims data needs to be cleaned up. I think it gives the wrong message to say it’s not meaningful though. Once it’s cleaned up, it has a lot of value.


How many of you have applied for a job because you saw it posted on Twitter? I’m really interested in this since I do a lot of health IT job posts on Twitter. We see quite a bit of traffic from Twitter to our healthcare IT job board, but I haven’t added a good way to track who signs up and applies for jobs. That’s next.


I love how academic Practice Fusion tries to make the discussion. I thought I made the discussion of EMR vs EHR much simpler.

Blog url: 
http://www.emrandhipaa.com/

Follow Us: