Health IT and Electronic Health Activate your FREE membership today |  Log-in

Community Blog

August 27, 2015  10:28 AM

Non-repudiation and data integrity in healthcare

Posted by: adelvecchio
data integrity, Encryption, ePHI, HIPAA, hipaa security rule

Dr  Mathews (2)Guest post by Dr. Michael G. Mathews, president, COO, & co-founder, CynergisTek, Inc.

This second installment in a four-part series examines non-repudiation and data integrity healthcare; some of the lesser-known, fringe benefits of cryptographic algorithms that can help reduce fraud of e-prescribing medications and computerized physician order entries. The final two pieces in the series will focus on data in motion and at rest within healthcare.

In my previous article, I touched on the fundamentals of encryption using symmetric (shared secret) cryptography, asymmetric (public key) cryptography and combinations of the two to create a hybrid approach to keeping data confidential. Simply being able decode a message doesn’t guarantee the message wasn’t altered en route, nor that came from where it appeared to have originated.

Confidentiality of data was clearly the primary reason behind the initial implementations of encryption methodologies. Using crypto hash functions we can get a “signature” for any data set so that if it changes in any way — either in transit or while at rest — the changes will be known, making the data suspect. Drawing a parallel to the postal service, envelopes are designed to provide confidentiality over a postcard and the fact that the envelope is sealed is an indicator of data integrity. If an envelope arrives either unsealed or opened, it’s a visible sign that the contents could have been altered in some way or potentially disclosed.

For healthcare IT, the HIPAA Security Rule identifies integrity controls in the technical safeguards part of the rule with a focus on the unauthorized alteration or destruction of electronic protected health information (ePHI). Implementing a tool that uses of crypto hashes to keep track of the generated “fingerprints” of ePHI allows the tool to track any changes to that ePHI up to, and including, deletion. The rule is particularly broad here as it only identifies ePHI in general and stops short of calling out whether the scope in question is related to an EHR or all-encompassing within the environment. It also doesn’t identify any distinction between ePHI at rest and ePHI in transit.

Non-repudiation (digital signature) adds authentication and identification to the integrity controls within cryptography. It identifies if an encrypted message is really from the purported sender by confirming the message is unchanged from its original form after it was received and read. Returning to the postal analogy, think back to wax seals with signet rings. The wax seal served triple duty in this case, offering assurances of confidentiality, integrity, and non-repudiation of the message, at a somewhat reduced standard of assurance unlikely to be endorsed today.

Mechanically, a digital signature is very similar to a simple crypto hash for basic integrity controls as mentioned above. However, digital signatures make use of public key encryption and the user’s private key to generate the crypto hash so when the recipient verifies the message –using the user’s public key — the message is both verified for integrity (confirming that it’s unchanged) and authenticity (that it’s from whom it claims to be from). Digital signatures have evolved to take a much more prominent place in IT and help protect data integrity in healthcare. Within healthcare IT, electronic prescriptions allow physicians to attach electronic signatures for proof of authenticity, smart cards are used to grant access to workstations and restricted areas within the hospital and encrypted emails sail through the cloud into inboxes with digital signatures intact to ensure the recipient knows the message is authentic.

August 20, 2015  11:55 AM

Accountable care model depends on meaningful use of EHRs

Posted by: adelvecchio
Accountable Care Organizations, ACO, EHR incentives program, Meaningful use, Medicare reimbursement, Shared Savings Program

Richard RoyerGuest post by Richard Royer, CEO of Primaris

The Centers for Medicare and Medicaid Services (CMS) is trying to make the accountable care model a more compelling option for healthcare providers. The Affordable Care Act established the Medicare Shared Savings Program to improve care coordination and to incentivize providers and other healthcare institutions to participate in an accountable care organization (ACO).

By opting into the one-sided ACO track, an ACO can earn up to 50% percent of its shared savings, achieved by meeting quality performance standards. To entice providers to enroll in its two-sided ACO model, CMS sweetened the pot by offering as much as 60% percent of shared savings — the catch being the ACO is also responsible to repay a portion of any losses, based in part on its quality scores.

Participation in each of these programs is currently voluntary. But there is no denying the value-based and accountable care model they exemplify is the future, in both the public and private payer realms. Indeed, commercial insurers such as Cigna Corp. and Aetna Inc. have already launched their own versions of ACOs.

The adoption and meaningful use of certified EHRs underpins the whole concept of accountable care. These systems should serve as the source of data for dozens of clinical quality measures that ACOs must annually report to CMS. That data runs the gamut from recording preventive health measures, such as immunizations and mammography screenings, to tracking populations at risk for diabetes, hypertension and other chronic conditions.

But even if your institution isn’t participating in a public or private ACO, it’s important to consider ramping up your meaningful use of certified EHR technology. After all, any healthcare provider that wants to receive Medicare and Medicaid EHR incentives also needs to meet value-based care measurement thresholds.

Bring meaning to meaningful use

All that said, it appears there is still a ways to go to make the meaningful use of EHRs truly meaningful. Consider, for example, that according to a 2014 report by KLAS Research, based on a survey of 46 physician-led ACOs, EHR vendors earned an average 6.3 rating out of 9.0 for meeting ACO needs.

Fortunately, it is possible to improve EHR systems so healthcare providers in ACOs can more efficiently gather data to meet CMS reporting requirements and so any provider can be better positioned to receive payments from the Medicare and Medicaid EHR Incentive Programs, while avoiding possible penalties.

EHR systems can be optimized to help providers get ahead of healthcare quality issues, whether these practices are involved in ACOs or simply prepping for a future in which value-based and collaborative care models rule. That’s because EHR technology can be leveraged to give providers a better understanding of critical care points and associated risks, and give them an improved method of communicating required data to other partners in the medical chain.

Realize the value of the accountable care model

To get real value out of EHR systems, support meaningful use requirements, and position your organization for a future where accountable care is everywhere, it’s important to take the following steps:

  • Don’t just capture data. Capture it appropriately and accurately. EHR systems are only as smart as they are set up to be. And they won’t be very smart if you don’t correctly document what medical options you propose to patients, the education you share with them and the information you learn from them in an easily removable, communicable and reportable data format. That could translate into loading new templates or input forms into the EHR to ensure critical information is captured in a structured format, rather than simply in the notes field. That way, it can be easily and automatically reflected in a practice’s quality improvement efforts, such as screenings for flu vaccinations or smoking cessation.
  • Bring in the data reports and take action on them. One of the great things about EHRs is they potentially give healthcare organizations an improved capacity to plug gaps in treatment that can lead to accountable care gaffes, such as overlooking signals in patient data that wind up hurting the quality score related to hospital readmissions.
  • That capacity is easier to leverage if your practice has regular access to comprehensive and comprehensible data reports, making it simpler to spot problems affecting a fraction of the patients within a large population. Otherwise, that is no easy task, especially now that practices’ data volumes are exploding as samples and test results from external sources — such as labs or information from patients’ mobile healthcare devices — can directly import into EHR systems. But when the information is culled together so you can quickly spot a week-to-week roller coaster ride in a diabetic patient’s blood sugar levels, you can move quickly to correct the problem before the patient lapses into an acute condition.
  • Customize only where necessary. There are some situations where customizing your EHR system is unavoidable. Those are the only times where you should indulge in the practice. In other words, deploy customizations only for reasons of functionality, not aesthetics. For instance, many EHR systems don’t automatically include an interface to transmit immunization data to a state immunization registry, but adding one to your system is worth the investment given that providers must show they have performed at least one test of their certified EHR technology’s capacity to electronically submit such data.
  • When it comes to changing things like the location of a menu bar, though, skip it. That won’t be accounted for in the next general release of your vendor’s product, nor will the vendor have prepared it as an optional add-on that can be purchased for a reasonable fee. That means when upgrade time comes around, you’ll be undertaking the whole process again, and that can cost you thousands of dollars and increase the time it takes your practice to move onto the next version.
  • Consider where your expertise really lies. While the healthcare profession is changing and many physicians’ practices are being acquired by larger health systems, the industry still has more than its fair share of small practices. And most of them — perhaps your own — are without staff that is well-versed in technology or adept in the processes that optimize an EHR system for meaningful use. In those cases, it’s not a good idea to take the do-it-yourself approach to deploying EHR systems, and certainly not wise to follow that route to satisfy stage 1 or 2 criteria.
  • While trying on your own may seem reasonable, there’s a lot at risk if you hit significant stumbling blocks, including your cash flow. You may experience a decrease in returns from the Medicare Shared Savings Program or in meaningful use incentive payments. Many EHR systems also are responsible for triggering bills to patients or insurance companies. So, if issues arise with the system as you attempt to increase its meaningful use functionality — and those issues affect your ability to use the technology for other purposes — core revenue may be put in jeopardy. Under those circumstances, the old saying about asking for help when you need it could not be truer.

Are you ready to reap the value that comes from the meaningful use of an EHR system in a world moving to the accountable care model? Things are changing fast in the healthcare industry and the more prepared you are to meet those changes, the better off you’ll be.

About the author:

Richard A. Royer has served as the chief executive officer of Primaris since 2001. He has extensive administrative healthcare experience and is actively involved in a number of statewide healthcare initiatives. In 2006 he was appointed by the Missouri governor to the Missouri Healthcare Information Technology Task Force and chaired the resources workgroup. He also serves on the board of directors as treasurer for the Excellence in Missouri Foundation.

In his more than 35 years of medical business experience he has held positions as CEO at Cuyahoga Falls, Ohio, General Hospital; executive director of Columbia Regional Hospital in Missouri; and founder and president of Avalon Enterprises, a medical financial consulting firm.

July 15, 2015  2:18 PM

A primer on healthcare encryption

Posted by: adelvecchio
data encryption, Encryption

Dr  Mathews (2)Guest post by Dr. Michael G. Mathews, president, COO, & co-founder, CynergisTek, Inc.

Designed as a piece in a four-part series, this article will provide a brief primer on encryption before the remainder of the series addresses integrity and nonrepudiation, then encryption of data in motion and data at rest.

Historically, information security has addressed the confidentiality, integrity, and availability of data across a relatively broad base of domain expertise from compliance to business continuity, to identity and access management. One domain that is generally feared or lightly understood by many in the information security field — likely in part due to a general aversion to math — is encryption. That a generalization definitely holds true in healthcare. In this first installment of a four-part series, I will provide a basic primer (no pun intended) on cryptography to explain symmetric, public-key (asymmetric), and hybrid approaches to encrypt data.

Symmetric cryptography comes in many different cipher varieties, but they are unified by the fact the keys work like a traditional deadbolt on a home door — the same key is used to both lock and unlock. Key management works similarly as well; if someone else needs access, they would need to share the same key. Sharing of keys, physical or digital, is always a challenge in this mode of operation since losing or disclosing the key compromises that which is being protected.

Public key (asymmetric) cryptography relies on two different keys (a public and private key pair) that are related to each other. One key is used to encrypt data and the other to decipher data. The private key (used to decipher) is intended to be kept strictly private, where the public key (used to encrypt) is designed to be distributed widely among anyone who might need to share encrypted data.

A significant goal of public-key cryptography was to address the biggest issue of symmetric key management by removing the requirement to safeguard the key and its communication to those that need it. Due to the algorithmic design of public-key cryptography, it is more computationally demanding (and as a result, slower) than symmetric cryptography.

Combining the best parts of both types of cryptography to avoid the downfalls of the other creates the hybrid approach. Symmetric excels at speed and public-key excels at key distribution. Using the public-key model, an encrypted connection can be established without ever needing to share a key. Once the session is established, a symmetric key can be securely exchanged between the parties across the already encrypted channel. Typically, the symmetric key exchanged in this manner is deemed a “session key” and is considered a one-time use (disposable) key for protocols such as Secure Sockets Layer (SSL)/ Transport Layer Security (TLS). This method of key exchange can just as easily be applied to non-automated approaches (i.e. public-key encryption of email to share a symmetric key between two parties) to both key distribution and protection.

The cryptographic topics presented in this article are intended to fit a general need of keeping data confidential, but cryptography can be used for more than simply keeping prying eyes on the sidelines. In the next part of this series, I will cover cryptographic methods that help ensure the integrity and authenticate the originator (nonrepudiation) of data.

Part two: Data integrity and nonrepudiation in healthcare
Part three: Data in motion within healthcare
Part four: Data at rest within healthcare

June 3, 2015  1:07 PM

Five ways mobile devices move the patient engagement needle

Posted by: adelvecchio
HIMSS 2015, Mobile devices, Mobile devices and telehealth, Patient engagement, telehealth, wearable devices

John Smithwick-RoundingWell headshotGuest post by John Smithwick, CEO, RoundingWell

The rise of transformative technologies from EHRs to wearables is quickly making mobile devices a very real part of the healthcare journey. American adults spend an average of 43 hours per month using apps or surfing the Web on their phones, compared to just 22 minutes spent at an average doctor’s visit. Mobile devices make information instantly available to far more people, integrating them with our daily lives more than traditional desktop computers ever did.

Clinicians are also seeing how important mobile devices can be, not only for their patients, but as tools to help them deliver quality care in a more timely and cost-efficient manner. According to a survey released during the HIMSS 2015 conference, 54% of healthcare provider employees that use mobile devices to engage with patients have seen cost savings.

The rise of this collaborative approach to healthcare is one of the crucial steps in the journey toward a more time- and cost-efficient, value-based healthcare world. By utilizing mobile devices — which are already an ingrained part of people’s everyday lives — clinicians can tailor delivery of care, while also receiving data that can have an impact on patient outcomes.

Support ongoing, two-way conversations
The saturation of text messaging and social media has conditioned people to expect instantaneous communication. By deploying patient engagement technology, clinicians and patients can use mobile devices for secure, ongoing, two-way conversations that are more aligned with modern communication.

The ability to engage in an open-ended discussion can break down communication barriers, make patients more comfortable with physicians and transform patients into a resource for health information. In addition to increased patient satisfaction, establishing ongoing communication can also lead to earlier identification of potential adverse health events.

Share tailored, bite-sized content
We live in a hyper-connected world that is measured in 140 characters, and marked by messages that disappear after 24 hours. Health content is no exception: Care information must be delivered in small, digestible chunks relevant to patients and accessible anywhere, anytime.

Technology allows healthcare organizations share educational content — such as how to deal with a chronic condition — with the touch of a button, and helps them customize a treatment plan specific to each phase of every patient’s healthcare journey. Are you treating a diabetes patient who has just been discharged from the hospital after a life-threatening rise in blood sugar? Serve them with content that includes one low glycemic recipe a day. By using content to engage patients on a regular basis, clinicians can help proactively prevent readmissions and earn the trust of patients.

Remote monitoring
The number of hours available to engage with patients is often severely limited by the time it takes to chart all the information from a visit. While patients may get less than 30 minutes of a clinician’s time, a physician can spend as much as a third of a work day charting. Patient engagement technology allows physicians to reclaim some of those hours by making it easier to monitor patients from afar.

In addition to patient-provided health reports, HIPAA compliant monitoring devices allow physicians to monitor heart rate, blood glucose and other biometrics. In doing so, clinicians can spot health events and address them before they lead to a costly hospital visit.

Grant access to real-time data
Patients and providers are both hungry for real-time data — and patient engagement technology can provide it via mobile devices.

For clinicians, the ability to answer patient questions, check in and conduct health visits via mobile devices provides a stream of data that can be collected and analyzed on a rolling basis. These modern technologies help save time by eliminating many of the hours spent manually charting, faxing records and hand-entering medical data. For patients, this technology can integrate with some EHRs and other health information systems to provide a more complete picture of their health.

New ways to execute telehealth visits
Mobile devices also provide clinicians an avenue through which they can execute virtual visits in a way that enables the patient to see the face of their doctor (making the visit feel more real) and connect with physicians that might be out of state, while helping clinicians save money and resources. In fact, most clinicians can bring more dollars in the door without affecting patient satisfaction by using Current Procedural Terminology codes when practicing telehealth.

To stay relevant and solvent in this new world, healthcare organizations must start looking for technologies that integrate with the mobile lifestyle of patients and also deliver quality, easy-to-access data for physicians.

About the author:
John Smithwick is the CEO of RoundingWell. He co-founded RoundingWell in 2011 following four years at Nashville’s Healthways, where he led the design effort for their web-based disease and lifestyle management product offerings. Prior to his work at Healthways, he worked in product management at Microsoft in Redmond, Wash. and in technology strategy consulting with Accenture in Boston, Mass. A graduate of the University of Richmond, he holds a master’s of business administration from the University of Pennsylvania’s Wharton School of Business.

May 20, 2015  10:16 AM

The rise of patient-generated health data

Posted by: adelvecchio
Health Data Consortium, Health Datapalooza, Patient data, patient-generated data

booneGuest post by Chris Boone, Chief Executive Officer, Health Data Consortium

As the age of big health data emerges, a new category of data that can be leveraged by physicians and caregivers to discover more about their patients has arisen: patient-generated health data. While self-tracking — and the quantified self movement — is not a new phenomenon, the creation of technologies that can collect, store and analyze this data has given the movement new traction and momentum. With no one more interested in a successful health outcome than an individual with their own, patient-generated health data can provide clinicians a rich new vein of data to inform their decision-making.

A webinar hosted earlier this year entitled “Patient Generated Health Data: An Overview” brought together patient-advocate Scott Strange of Strangely Diabetic, Danny Sands, M.D., assistant professor at Harvard Medical School, Mandi Bishop, health plan analytics innovation practice lead for Dell, and Greg Meyer, director and distinguished engineer at Cerner Corp. They discussed the potential of leveraging patient-generated health data and data trends to improve and deliver integrated patient care, and what challenges lie ahead in achieving the reality of a comprehensive, person-centered view of an individual’s health.

This highly successful discussion will be continued at the session “Patient-Generated Health Data in the Real World” at Health Datapalooza 2015 with the same panelists and health cost transparency advocate Casey Quinlan as moderator. Other sessions that will discuss similar topics include “Leveraging the Potential of Patient-Generated Data: Progress and Opportunities,” to be moderated by Alison Rein, senior director for evidence generation and translation for AcademyHealth. “But What if I Want to Share? Contributing Your Own Data to Foster Public Good,” will be moderated by Niall Brennan, chief data officer for the Centers for Medicare and Medicaid Services. Another related session will be “Engaging Patients in Generating and Using Big Data,” along with many more.

Perhaps just as interesting as those sessions will be the ideas and collaborations generated from discussions between attendees about how to create integrated care through patient-generated health data. This year’s Health Datapalooza will continue to provide a forum for high-level cross-sector conversations between patients, providers, innovators and entrepreneurs, government, academics, and healthcare technologists.

To be a part of the conversation that will direct the potential of health data towards targeted and personalized healthcare, join us at Health Datapalooza from May 31-June 3 in Washington, D.C.

About the author:

Chris Boone is Chief Executive Officer of Health Data Consortium. He is a recognized expert in health systems, health informatics, health IT policy, and the use of electronic clinical data to generate clinical and scientific evidence for public policy, quality improvement, and patient-centered outcomes research efforts.

Prior to Health Data Consortium, Chris was a Vice President in Avalere Health’s Evidence Translation and Implementation practice, where he focused on developing evidence generation strategies for professional medical societies, consumer advocacy groups, and life sciences companies.

Chris holds a bachelor’s degree in Management Information Systems, a master’s degree in Healthcare Administration, and a doctorate in Public Affairs and Health Policy. Chris is also a fellow of the American College of Healthcare Executives (FACHE).

May 5, 2015  1:56 PM

The duality of patient data: How do we keep it secure and free-flowing?

Posted by: adelvecchio
Data privacy, data privacy and security, Health Data Consortium, Health Datapalooza

booneGuest post by Chris Boone, Executive Director, Health Data Consortium

At the end of 2014, two reports that revealed conflicting consumer opinions about sharing health data and data security were released. Forbes, with data compiled by PwC’s Health Research Institute, reported that 70% of consumers were concerned about health data stored or accessed on their phones, and as many as 78% were concerned about the general state of medical data security.

In contrast, an NPR-Truven Health Analytics poll showed the opposite, with only 10% of respondents reporting that they worried about their employers having access to their health data, with 11% concerned with their doctors being able to view their records. Additionally, 14% were uneasy with hospitals having access to their data and 16% felt the same way about insurers.

Two major polls returning starkly contrasted findings within such a short time span is jarring, to say the least. The difference in results may simply be attributed to the two polls asking different questions but framing the conclusions in the same context. However, it’s just as likely that the reports highlight the ambivalent nature of consumers’ beliefs about health data privacy and sharing their health data for the greater good of public health.

This duality will be on display and up for discussion at Health Datapalooza 2015 in sessions such as “A Delicate Balance: A Town Hall on Health Care Data Privacy and Security Issues” and “But What if I Want to Share? Contributing Your Own Data to Foster Public Good.” The former session, to be moderated by Deven McGraw of Manatt, Phelps, & Phillips, LLP, will address the sensitive and personal nature of health data and the deliberations about ownership, stewardship, and terms of use needed to achieve a patient-centered, learning healthcare system. The latter session will be moderated by Niall Brennan, chief data officer of the Centers for Medicare and Medicaid Services, and will cover how to help patients share data that meets research needs while protecting and securing individual privacy.

In addition, as part of Health Datapalooza’s workshops, attendees will be able to participate in a “Privacy and Security Bootcamp” which will offer participants an opportunity to learn more about navigating the waters of federal privacy and security laws. This year’s Health Datapalooza will provide a forum for high-level, cross-sector conversations between patients, providers, innovators, entrepreneurs, government representatives, academics and healthcare technologists.

To be part of a conversation about shaping the future of secure, patient-centered health data access and sharing, join us at Health Datapalooza from May 31-June 3 in Washington, D.C.

About the author:
Chris Boone is Executive Director of Health Data Consortium. He is a recognized expert in health systems, health informatics, health IT policy, and the use of electronic clinical data to generate clinical and scientific evidence for public policy, quality improvement, and patient-centered outcomes research efforts.

Chris holds a bachelor’s degree in management information systems, a master’s degree in healthcare administration, and a doctorate in public affairs and health policy. Chris is also a fellow of the American College of Healthcare Executives.

March 12, 2015  12:18 PM

Cloud clarity and the road to future patient care

Posted by: adelvecchio
EHR usability, hybrid cloud, Private cloud, Public cloud

roberta-katzGuest post by Roberta Katz, director, healthcare solutions, EMC, @Roberta_Katz, @EMCHealthcare

Increasing at a rate of 48% per year, healthcare data is one of the fastest-growing segments within the digital universe. The growth rate of healthcare data eclipses the 40% figure representative of the overall digital universe. This mass of new healthcare data is produced by a multitude of different sources including, clinical applications, compliance requirements, genomic sequencing — and future care-enabling technologies for cloud, big data, mobile, and social.

Health IT leaders are working toward a future where data driven healthcare will help provide precision medicine to improve health, treat diseases and avoid unnecessary healthcare costs. Also, patients will see improved outcomes because of better information sharing throughout the continuum of care. This means data will move more easily between physicians, hospitals, pharmacies, nursing homes, rehabilitation facilities and home health caregivers.

To reach these goals, health IT leaders are working on optimizing their EHR systems and determining how to best harness emerging technologies like cloud, big data, mobile and social media to store, protect, analyze and leverage healthcare data in a meaningful way. Most healthcare IT professionals feel their IT infrastructure is not fully prepared for what’s coming next, according to a recent MeriTalk survey. The questions is: what can they do to improve?

Goal: future ready

As healthcare providers work to leverage real-time data at the point of care, redefining their infrastructure to be “future ready” is becoming critical. The deployment of cloud models offers a path forward, enabling healthcare providers to deliver agile, next generation health IT to gain clinical and business efficiencies.

In 2015, 62% of health IT leaders planned to increase cloud budgets to help provide more coordinated, cost-effective care. Providers are starting to make the journey to an enterprise hybrid cloud as they balance clinical and business workloads with both private and public cloud resources.

Does public + private = hybrid?

Why all this focus on a hybrid cloud? The objective of an enterprise hybrid cloud is to deliver the same experience, capabilities and performance — regardless of how and where workloads are placed in the cloud — whether it be private, managed private or public. Another goal is to find a way to integrate traditional and next-generation clinical and business applications. To accomplish this, a software-defined approach is needed to change the way IT services are integrated and delivered to the care community.

A healthcare hybrid cloud environment is more than an infrastructure that includes public and private clouds. A hybrid cloud enables infrastructure transformation, application transformation and operating model transformation. It incorporates trusted, public clouds for access to a wide array of applications and services such as email and backup as a service. It includes private clouds for the reliable performance and security of critical clinical applications such as EHR systems and PACS. In other words, implementing a hybrid cloud framework helps healthcare organizations integrate multiple, disparate cloud environments and securely deliver the right data to the right caregiver at the right time.

As healthcare organizations position themselves to become future ready, there are even more reasons to deploy a hybrid cloud. With an enterprise hybrid cloud model, health IT becomes the broker of trusted IT services, the internal service provider of choice — balancing business and clinical workloads with private and public cloud resources, lowering IT costs, providing service catalogs and meeting service-level agreements (SLAs).

It’s not a destination, it’s a journey

As many as 18% of healthcare providers say they run EHR applications partially or fully in a hybrid cloud today. This figure means there is room for growth ahead. How can health IT get there?

For healthcare IT teams who are at the initial stages of investigating cloud models, the first steps should be to:
• Establish cloud roadmap priorities
• Execute a benchmarking assessment to review current IT capabilities
• Identify pain points, infrastructure automation, and any gaps for infrastructure, applications, and operating model for your ITaaS strategy

For healthcare IT teams with an understanding of their cloud-ready workloads, the following actions should be their next steps.
• Identify migration priorities
• Create a catalog of IT services across your network
• Build a charge-back process for IT service billing and financial transparency
• Establish an IT governance process
• Establish SLAs
• Quantify dollars saved or re-allocated to meet priorities; Review quarterly

According to a MeriTalk study, heathcare IT leaders believe cloud solutions will impact clinical and business workloads in the next two years by improving real-time data access, reducing cost of care, improving overall operations, reducing medical errors and improving insurance claims tracking.

Taken together, this progress means there will be more opportunities to focus on real innovation targeted at improving patient care outcomes.

About the author:
Roberta Katz is director of healthcare solutions at EMC where she focuses on helping healthcare organizations move forward their IT strategies and solutions for EMR optimization, healthcare hybrid cloud, patient data intelligence, and advanced medical imaging. Roberta has more than 25 years of health IT industry expertise in developing solutions to help improve patient care delivery, at the point of care, leveraging IT technologies.

March 4, 2015  2:17 PM

Common data visualizations for healthcare organizations

Posted by: adelvecchio
business intelligence, data visualization, payers, Quality improvement

zach watsonGuest post by Zach Watson, content manager, TechnologyAdvice

For large healthcare organizations, aggregating and analyzing data isn’t sufficient to improve business and care performance. Accountable care organizations, patient-centered medical homes, and other new models of care delivery require cross functional teams and greater integration of healthcare services. Any findings discovered by healthcare data analysts must be packaged in a consumable fashion for a range of audiences.

This enables the data to be more easily processed and used across departments. Luckily, the barrier to entry for using business intelligence or data visualization is lower than ever before. Some medical software suites now include basic data visualization capabilities. This makes it easier for executives to partner with analysts and produce effective data visualizations that convey clinical insight.

It makes sense to use data visualizations when possible because humans process information more easily when it’s presented with a strong visual element. Rows and columns of numbers may entice an analyst, but for the majority of their audience, such a presentation requires a heavy amount of explanation.

The most insightful reports often contain complex data sets that have been sliced and diced from multiple perspectives to arrive at an actionable conclusion. These reports usually present a mixture of regulatory, financial, and clinical data, making user-friendly visualization even more important.

As business intelligence has become more widespread, templates have emerged for common healthcare data visualizations. As a side note, these visualizations require the implementation of an enterprise data warehouse to normalize and order the data — which should be standard practice for large healthcare organizations using data at this scale. Let’s look at a few of the most useful visualizations for healthcare organizations.

Payer reimbursement mix

In order to effectively keep pace with the regulatory and reimbursement changes happening throughout the healthcare system, providers should record and analyze reimbursement trends on a per payer basis — with a particular focus on payers that make up a large percentage of a provider’s overall revenue.

A payer mix visualization displays the names of a hospital’s top payers in descending order with the percentage of total reimbursement each payer represents to the provider. In a complementary column, displaying the yearly payments for each payer helps executives quickly analyze broad reimbursement trends.

If providers have the capabilities to break down data by facility or location, then it’s possible to create a dashboard that can highlight differences in regional reimbursement rates. This type of payer mix has its benefits, but adding gains and losses data will maximize this visualization’s usefulness. This can be accomplished with a column of deviation charts that correspond to each payer on an annual basis.

A yearly visualization allows executives to view and share information about annual gains and losses on a per payer basis. Again, adding an interactive element for sorting historical data can increase the dashboard’s utility. Other options for data segmentation include distinct outpatient or inpatient views.

Analyzing historical and current payer trends and matching them with gains and losses allows providers to more easily identify which procedures, facilities, and patient populations cause the largest drain on resources.

Quality improvement initiatives

Once a provider’s leadership team has a better understanding of reimbursement movement in the payer arena, they can focus on improving their internal processes to achieve the three main goals of healthcare: lower costs, better patient outcomes and improved patient experiences.

These types of quality improvement initiatives require significant data analysis, with best of breed systems combining clinical, cost, billing, and ICD-9 or ICD-10 codes to sort and rank clinical processes. Once the data is structured and presented in graphical form, it’s best practice to look for significant variations in cost, which usually represent large variations in care quality.

Presenting this data as a bubble chart helps organizations identify the processes with the highest degree of variation compared to the number of times those processes occur. This type of visualization makes it easier to identify cross-departmental areas for improvement that will affect outcomes and resource use.

A number of other visualizations are quickly becoming commonplace in healthcare. Heat maps are a great method for presenting trends on patient populations at a geographic level, but these visualizations require data from each county in each state, placing them out of reach for all but the largest healthcare organizations.

Data analytics is quickly becoming embedded in the operating and decision making processes of healthcare organizations. Once the analysis is complete, it’s vital that executives supply stakeholders throughout their organization with a way to intuitively understand the conclusions that have been uncovered. Better data visualizations regarding payer reimbursements and quality improvements are becoming two common areas for analysis that can help organizations convey actionable findings.

About the author:
Zach Watson is the content manager at TechnologyAdvice. He covers healthcare IT, business intelligence, and other emerging technology. Connect with him on LinkedIn.

December 29, 2014  11:06 AM

2015 Healthcare IT community event calendar

Posted by: adelvecchio

SearchHealthIT has compiled a list of healthcare IT events for the upcoming year.

Know of an event that’s not included below? Suggest it in a comment and we’ll add it to the list!

January 2015

The Digital Health Summit (at 2015 International CES)
January 6 – 9 * Las Vegas, NV

Health 2.0 WinterTech
January 15 * San Francisco, CA

HL7 International – Working Group Meeting
January 18-23 * San Antonio, TX

iHT2 Health IT Summit in San Diego
January 20-21 * San Diego, CA

HealthIMPACT Southeast
January 23 * Tampa, FL

IHE North America Connectathon 2015
January 26 – 30 * Cleveland, OH

February 2015

ONC Annual Conference
February 2 – 3 * Washington, D.C.

eHealth Initiative Annual Conference
February 3–5 * Washington, D.C.

iHT2 Health IT Summit in Miami
February 10-11 * Miami, FL

Managed Care Compliance Conference
February 15–18 * Las Vegas, NV

Audit & Compliance Committee Conference
February 24–25 * Scottsdale, AZ

HealthIMPACT East
February  27 * New York, NY

March 2015

Mobile World Congress 2015
March 2–5 * Barcelona

iHT2 Health IT Summit in San Francisco
March 3-4 * San Francisco, CA

The CIO Healthcare Summit
March 15-17 * Chicago, IL

National Quality Forum Annual Conference
March 23 – 24 * Washington, D.C.

2015 State Healthcare IT Connect Summit
March 23-24 * Baltimore, MD

April 2015

HxRefactored 2015
April 1-2 * Boston, MA

HIMSS15 Conference and Exhibition
April 12–16 * Chicago, IL

Annual Compliance Institute 
April 19-22 * Lake Buena Vista, FL

Bio-IT World Conference & Expo
April 21-23 * Boston, MA

SAS Global Forum
April 26-29 * Dallas, TX

May 2015

ATA 20th Annual International Meeting & Expo
May 3-5 * Los Angeles, CA

Medical Informatics World Conference
May 4-5 * Boston, MA

HealthIMPACT Southwest
May 7 * Houston, TX

National Health Insurance Exchange Summit
May 11-13 * Washington D.C.

WEDI National Conference
May 18-21 * Scottsdale, AZ

iHT2 Health IT Summit in Boston
May 19-20 * Boston, MA

MIT Sloan CIO Symposium on Health IT
May 20 * Cambridge, MA

iHealth 2015 Conference
May 28-29 * Boston, MA

SIIM 2015
May 28-30 * Washington D.C.

Health DataPalooza
May 31- June 3 * Washington D.C.

Research Compliance Conference
May 31- June 3 * Austin, TX

e-Health Canada 2015
May 31- June 3 *  Toronto, ON, Canada

June 2015

2015 Health Privacy Summit
June 3-4 * Washington D.C.

NYHIMA’s 2015 Annual Conference
June 7-10 * Syracuse, NY

HealthImpact West
June 10 * Santa Monica, CA

National Healthcare Innovation Summit
June 15-17 * Chicago, IL

DIA 2015: 51st Annual Meeting
June 14-18  * Washington, D.C.

HealthTECH Council Meeting and Summit
June 28-30 * Location TBA

July 2015

iHT2 Health IT Summit in Denver
July 21-22 * Denver, CO

mHealth + Telehealth World
July 21-23 * Boston, MA

August 2015

iHT2 Health IT Summit in Seattle
August 18-19 * Seattle, WA

September 2015

HealthImpact Midwest
September 17, * Chicago, IL

AHIMA Convention & Exhibit
September 26-30 * New Orleans, LA

iHT2 Health IT Summit in New York City
September 29-30 * New York City, NY

October 2015

Health 2.0 Annual Fall Conference
October 4-7, * Santa Clara, CA

National Health IT Week
October 5-9, * Nationwide

iHT2 Health IT Summit in Chicago
October 6-7 * Chicago, IL

Partners HealthCare’s Connected Health Symposium
October 29-30 * Boston, MA

November 2015

Digital Healthcare Innovation Summit
November 3, * Boston, MA

AMIA 2015 Annual Symposium
November 14-18, * San Francisco, CA

December 2015

iHT2 Health IT Summit in Atlanta
December 2-3 * Atlanta, GA

mHealth Summit

December 16, 2014  11:51 AM

Five physician-driven healthcare IT vendors

Posted by: adelvecchio
EHR, EHR Adoption, EHR selection, EHR vendors

charles settlesGuest post by Charles Settles, content writer, TechnologyAdvice

Poorly-designed workflows, charting, and other aspects of the user interface are common user frustrations with medical software. There are many causes for this, but one is likely the lack of physicians working in EHR design. Of the hundreds of healthcare IT vendors, few are led by physicians.

Software developers are typically, often by necessity, bound by logic in both the literal and figurative sense. Meanwhile, medicine has its own logic — and the two don’t always coincide. Merging the desires of physicians and other users with the capabilities of developers means reconciling what’s possible with what’s practical. It takes a special kind of pragmatism for software vendors to do it properly, and it usually requires a physician at the helm, or at least one or more directly involved in the development and design processes. But does physician involvement in software design result in greater user satisfaction?

In our research at TechnologyAdvice, we’ve spoken with numerous physicians, patients, and vendors. An upcoming TechnologyAdvice research project will look at healthcare IT vendors that heavily involve physicians in leadership, design and development. The following five vendors, listed in no particular order, are a few notable examples.

One Touch EMR

One touch EMR

One Touch EMR, founded by internal medicine physician Robert Abbate, describes their software as designed “by doctors for doctors.” In a message from Abbate on the company’s website, he cites his previous experience with Web hosting and development as a major factor in the birth of One Touch EMR. Following his residency, Abbate wasn’t happy with any of the options available for his new practice. As a result, he decided to build his own. One Touch EMR is now fully certified as a complete ambulatory solution for both stages of the meaningful use program, and has an intuitive, tablet-based interface. It is Web delivered, works on Android and iOS, and features custom templates, macros, forms, integrations, and migrations from other systems, available at an additional cost. One Touch also offers a pre-integrated practice management solution and supports popular billing and voice recognition software out of the box. It supports a wide range of medical specialties.



Kareo, Inc., founded in 2004, employs physicians, including Chief Medical Information Officer Tom Giannuli. Giannuli previously held the same position at healthcare IT firm Epocrates, Inc. Kareo’s free EHR has consistently received above average marks in user satisfaction. The company’s paid practice management product has also been well received. Suitable for nearly any specialty, more than 25,000 providers use Kareo’s software or billing services and many would recommend it to their colleagues. Kareo supports a number of input interfaces, including intuitive touch and voice commands, and its customer support is an oft-cited added benefit. It is also a certified complete ambulatory EHR and ready for both stages of meaningful use attestation.

Practice Fusion

Practice Fusion

Practice Fusion Inc., founded in 2005, is one of the largest providers of cloud-based medical software in the United States. Seven medical doctors are members of company leadership or serve in an advisory capacity. These doctors’ backgrounds include everything from practicing internists, to professors of surgery and anesthesiology, to former presidents, medical directors, and administrators at hospitals and other care organizations. Like Kareo, Practice Fusion’s health records system is free, but their practice management product is not. Unlike Kareo, Practice Fusion does not provide billing services.

Modernizing Medicine

Modernizing medicine

Modernizing Medicine, Inc. developed its main Electronic Medical Assistant specifically for surgeons. The company also provides support for a wide variety of other common specialties, including: dermatology, ophthalmology, plastics, orthopedics, otolaryngology, and gastroenterology. More than 17 physicians are on staff at Modernizing Medicine, including co-founder and practicing dermatologist, Michael Sherling. Like the other systems profiled, Electronic Medical Assistant is a certified, stage 2-ready product. The program is tablet-based and delivered via the cloud. Due to its targeted nature, the company has seen rapid user growth over the past few years.



Founded in 1996, e-MDs, Inc. was created by David Winn for his own medical practice. Called the “father of EMR” on the company’s website, Winn has led e-MDs’ development of software, including a new ICD-10 coding product. The medical records system is offered alongside an integrated practice management product, and can serve providers in over twenty specialties. The modular system is certified for both stages of meaningful use and supports several third-party software offerings. It includes features such as voice recognition, e-prescribing and more.

These are just a handful of the physician-driven healthcare IT vendors that we’ve uncovered thus far. Consistent themes seen in the marketing materials of each of these providers are their high usability and user satisfaction ratings. A cursory glance at the latest ratings from unbiased research organization KLAS Enterprises LLC appears to confirm many of these vendors’ claims. For physicians looking to implement new medical software, searching for a physician-led vendor may be a pragmatic move.

Charles Settles is a content writer at TechnologyAdvice. He frequently covers topics related to health IT, gamification, and other emerging tech trends. Connect with Charles via Google+

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: