Tuesday, January 30, 2018

Finally!!! Apple has entered the EHR field

Apple has entered the EHR field.  This is very good news for patients.  Zdnet has a very interesting article forecasting that Apple will have success.  Here are the seven reasons why:

  • "The Apple Watch and iPhone is a conduit for micro-level data such as heart rate, activity and if in some cases medical conditions. Apple's HealthKit already gives the company a foothold in the healthcare market.
  • Apple is good with partnering. Just like Apple has with enterprise technology giants, the company has partnered with the leading players in the health record space. Apple is going for the aggregation approach and partnering to suck in data from participating medical institutions in one place.
  • The leading medical data players are on board with Health Records. Apple is starting with a dozen hospitals including Johns Hopkins Medicine and Penn Medicine and has connections into Epic Systems and Cerner. Epic and Cerner are the leading players in the medical record management space. Think of Epic as the SAP of hospital management software. The hospitals listed as Apple's launch partners run on Epic and Cerner for the most part.
  • Apple is going along with standards. Health Records is based on FHIR (Fast Healthcare Interoperability Resources), which is a standard for transferring electronic medical records.
  • The healthcare industry has already done a lot of the heavy lifting. The real work to move to electronic medical records has occurred over the last decade with a push from the government. All that IT integration primed the pump for a player like Apple to bring healthcare data to consumer devices.
  • Apple's enterprise footprint can be leveraged. When Apple is pitching its health record and portal wares it appeals to IT executives directly.
  • Privacy. Apple has played the privacy marketing well and differentiated itself from Google's cloud and data centric approach. In areas like artificial intelligence, Apple's approach is a handicap. In healthcare, that approach is an asset as Health Records will be encrypted and protected under a user's iPhone passcode."

Sunday, April 12, 2015

Health Information Blocking - Congress report

In my interactions with EHR companies over the years I have witnessed a reluctance to allow providers share "their own patients" information outside of that specific EHR ecosystem.   Sometimes this was veiled and presented as a concern for patient security while other times it was quite blunt, scaring providers with the high costs of interfaces.    

In a report presented this week by ONC, it was suggested that the Congress needs to intervene to prevent the intentional blocking of patient record sharing by health care providers and electronic record vendors.  Here is a link to that report

http://healthit.gov/sites/default/files/reports/info_blocking_040915.pdf

Your mother's maiden name

Below is a very interesting article I found here on the history and perils of choosing your mother's maiden name as a security question.  

"Your mother’s maiden name has been a ‘security question’ since 1882

It’s well-established that passwords are a flawed security system. Attackers can guess them, steal them from a database, or watch you type them in. But until we can get our smartphones to take our DNA to confirm our identities, we’re stuck with them.
The processes that let you recover your password if you forget it, though, can be much worse than passwords themselves.
Companies that take security seriously will ask you to authenticate your identity with a “second factor,” such as a code they send to a device they know you own. Companies that don’t care are more casual about your privacy will ask you to answer “security questions” — which are typically questions that anyone could guess after a thorough stalking of your Facebook account: Oh, there’s a photo of you with your high school best friend. Oh, there’s a status update with your “porn star name,” combining your first pet’s name with the first street you lived on. (It’s possible the NSA invented that game.) And oh, there’s your mom commenting on everything you upload, and look, she’s divorced and using her maiden name. Pwned.
Disturbingly, security questions haven’t changed much over the last century. During a search for the inventor of the “one-time pad” (the only theoretically unbreakable code system), Columbia computer science professor Steven Bellovin came across a paper from 1882 in the Library of Congress about encrypting telegrams so they couldn’t be read in transit by snoops. He discovered that we were using “mother’s maiden name” as a security question over 130 years ago. From Bellovin’s 2011 paper on crypto history, in which he writes, “Mother’s maiden name, that old standby ‘secret,’ was used that way at least as early as 1882:”
Frank Miller, the author of the 19th Century paper, “Telegraphic Code to Insure Privacy and Secrecy in the Transmission of Telegrams,” was a California banker. He was using telegrams for banking activity. “It would probably have been used when wiring money to someone,” said Bellovin by email. “The message would be from one bank to another, saying (via codewords): ‘Give $XXX to Joe Smith; he will authenticate himself by saying that his mother’s maiden name is Jones.'”
I’d like to say maiden names are still around as an identity authenticator because it’s “stood the test of time,” but really it’s just because we are a bit lazy and uncreative when it comes to security. The question was never a great one but certainly worked better in the 1800s when women were less likely to keep their maiden names after getting married, and in a time when no one’s mother was on Facebook."

Tuesday, September 2, 2014

Where is the health IT interoperability in 2014?


The quick answer is:  it is morphing (still !!).  This article from Lexology does a good job of describing where we are at the moment.

Laser focus on health IT interoperability

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) requires that the U.S. Department of Health and Human Services (HHS), in implementing the electronic medical records “meaningful use” incentive program, focus on the secure exchange of health information to improve individual and population health. Exchange requirements were fairly minimal, however, in the first stage of the program. Stage 2 began for early adopters this year, and concerns are being raised about the inability of program participants to meet exchange objectives, including:
  • Exchanging information with other healthcare providers to support transitions in care.
  • Sharing data with patients through portals and secure e-mail.
Lack of Interoperability Interferes with Sharing
Lack of “interoperability” is commonly perceived to be the main obstacle to sharing data. From a technical standpoint, interoperability is “the ability of two or more systems or components to exchange information and to use the information that has been exchanged.” (IEEE Standard Computer Dictionary, 1990) In the context of health IT, interoperability is more broadly understood to refer to the ability of disparate entities to access and share health information that can be easily utilized to inform decision-making by providers and patients and provide the foundation for improvements in individual and population health.
Pockets of interoperability exist today. The more robust interoperability needed to fully leverage the promise of health IT, however, has not yet been realized.
At the August Health IT Policy Committee, the HHS presented a summary of survey research on health information exchange activity between physicians and hospitals, as well as between providers and patients. Prior to Stage 2 of meaningful use, exchange among providers – particularly exchange with external providers – remained fairly limited, although it had increased since 2008. Early Stage 2 data shows there still is only a limited exchange of data to support transitions in care, and a significant number of patients continue to report gaps in information-sharing.
The HHS summary reinforced key themes that emerged from “listening sessions” conducted by the Health IT Policy Committee’s Information Exchange workgroup and reported to the Policy Committee at its April 2014 meeting. Those sessions revealed that providers participating in the meaningful use program were undergoing significant challenges in meeting both of the Stage 2 exchange goals—supporting transitions in care and implementing data sharing with patients through secure portals and e-mail.
New Focus on a Solution
In the past, solving obstacles to exchange was seen as having at least two major dimensions:
  • Technical barriers (specifically, the inability of different electronic medical record (EMR) systems to be able to send, receive and “consume” relevant clinical information about a patient), and
  • Lack of incentives to share information in fee-for-service payment models.
With payment reform—including Accountable Care Organizations (ACOs), medical homes, and bundled and value-based payments—gaining a greater foothold in the industry, the demand from providers to share data with one another is growing. In addition, HHS now seems more focused on finding answers to the remaining technical and policy obstacles to exchange.
The latest effort to overcome challenges to interoperability began in March 2013, when the Centers for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator (ONC) sent out a request for feedback from the public on “Advancing Interoperability and Health Information Exchange.” Several months later, the agencies jointly issued a report summarizing the public’s comments and identifying a number of principles and strategies for accelerating HIE.
On June 5, 2014, ONC, under new leadership, issued a “10-Year Vision to Achieve an Interoperable Health IT Infrastructure” that includes a short list of overarching guiding principles, broad goals and representative “use cases” that illustrate those goals to be met within three, six and 10 years. The agenda for achieving the vision, which is intended to engage all aspects of the federal government, focuses on five “building blocks”:
  1. Core technical standards and functions
  2. Certification to support adoption and optimization of health IT products and services
  3. Privacy and security protections for health information
  4. Supportive business, clinical, cultural and regulatory environments
  5. Rules of engagement and governance
A National Interoperability Roadmap to Achieve the 10-Year Vision
At the August 2014 meeting of the Health IT Policy Committee, Erica Galvez, the Interoperability Portfolio Manager for ONC, presented ONC’s efforts to develop a national interoperability roadmap to achieve its 10-year vision. The roadmap is expected to address three key questions:
  • What are the critical technologies and policies (including governance) required to achieve the vision?
  • Who needs to do what and by when (including government, technology developers and technology users)?
  • How will the roadmap be updated over time and at what frequency?
The roadmap is currently in development, informed by both an online community forum and the federal Health IT Policy and Standards Committees. The work is being augmented by research and analysis that both staff and consultants are actively performing.
The initial draft is expected to be released in October, in time for a joint meeting of the Health IT Policy and Standards Committees scheduled for October 15. The draft will be subject to comment from the Committees and their working groups, as well as from the public. The final roadmap is expected to be released in March 2015.
Efforts Informing the Roadmap’s Development
A number of developments could inform the roadmap’s development, including:
  • In March 2014, the GAO issued a report criticizing HHS for its exchange strategy. The report urged the Department to develop specific actions to advance health information exchange and to set milestones with timeframes for the actions to gauge progress more accurately.
  • In April 2014, the Agency for Healthcare Research and Quality released the JASON report prepared by Mitre Corporation, on “A Robust Health Data Infrastructure.” The report includes recommendations for developing a health information-sharing software infrastructure within the next 12 months, based on published application programming interfaces (APIs). Patients would control the sharing of their health data through expressed privacy preferences. The Health IT Policy and Standards Committees have established a joint workgroup to evaluate this report and provide feedback.
  • In June 2014, an article published in JAMIA by the SMART (Substitutable Medical Applications and Reusable Technology) C-CDA Collaborative identified issues with interoperability for C-CDAs, the standard for document exchange to support transitions of care for Stage 2 of meaningful use. The article suggested practical opportunities to improve C-CDA exchange capabilities in the coming years.
  • The U.S. Senate included language in the draft HHS appropriations bill directing the federal Health IT Policy Committee to submit a report on the technical, operational and financial barriers to electronic health records interoperability.
  • The private sector also is launching efforts to advance interoperability, including Healtheway’s Carequality initiative and the eHealth Initiative’s 2020 Roadmap.
Conclusion
The onset of Stage 2 has placed long-standing obstacles to exchange in sharper relief, and the recent spate of activity presents a critical opportunity for HHS to use its policy levers to build a firmer foundation for advancing interoperability. The success of this intensive effort, however, will depend as well on the willingness of the industry and other stakeholders to participate—and to embrace and support the changes that may be necessary to achieve interoperability.

Thursday, December 19, 2013

HealthVault - Psst, it's free!


If you are a patient desiring to keep track of your of health care electronically, Microsoft HealthVault is there to help. Once you sign up for free, HealthVault will give you a Direct Exchange address. You can give this address to your providers and, if they are Direct enabled, they will be able to send you results electronically to your HealthVault account.  By the way, you can sign in to Microsoft HealthVault with your FaceBook account. 

Here is an example of a letter HealthVault offers you to give to your doctor:

----
Microsoft HealthVault
Patient Name: Your Name
Direct address: yourname@direct.healthvault.com

Please send my medical information from your medical records system directly to my personal HealthVault record using the Direct address listed above. I’m taking an active role in my health and wellness by keeping a personal health record in HealthVault. By sending my medical information directly to HealthVault, you can help me manage the information about my health care. Thank you. 

More information If you are using an electronic health record (EHR) system that is certified for Meaningful Use Stage 2, then your software may be able to generate a CCDA and send it to me using the Direct protocol. (As you may know, Direct is a security-enhanced health messaging protocol designed to help protect health information when it is sent from one computer system to another). Your EHR software vendor should be able to provide instructions.

If you can’t yet send information via Direct, can you give electronic records another way, such as a disc? (My plug: or suggest the provider contacts Infomedtrix for a provider Direct account) HealthVault accepts structured information in CCDA, CCD, CCR, and BlueButton formats, as well as information in unstructured files as images, PDFs, and text. You can find more information about HealthVault and how it supports Meaningful Use Stage 2 at www.healthvault.com/providers.


Sunday, November 10, 2013

Infomedtrix Achieves DirectTrust.org/EHNAC Accreditation


Direct Trusted Agent accreditation ensures adherence to data processing standards and compliance with security infrastructure, integrity and trusted identity requirements 

Chattanooga, TN – Nov 5, 2013 – Infomedtrix LLC announced today it has achieved full accreditation with the Direct Trusted Agent Accreditation Program (DTAAP) for HISP, CA or RA from DirectTrust.org and the Electronic Healthcare Network Accreditation Commission (EHNAC). Direct Trusted Agent accreditation recognizes excellence in health data processing and transactions, and ensures compliance with industry-established standards, HIPAA regulations and the Direct Project.

Through the consultative review process, EHNAC evaluated Infomedtrix LLC in areas of privacy, security and confidentiality; technical performance; business practices and organizational resources as it relates to Directed exchange participants. In addition, EHNAC reviewed the organization’s process of managing and transferring protected health information and determined that the organization meets or exceeds all EHNAC criteria and industry standards. Through completion of the rigorous accreditation process, the organization demonstrates to its constituents, adherence to strict standards and participation in the comprehensive, objective evaluation of its business.

“Endorsed by the Office of the National Coordinator for Health Information Technology (ONC), the Direct Trusted Agent Accreditation Program ensures that organizations like Infomedtrix LLC establish and uphold a superior level of trust for their stakeholders,” says Lee Barrett, executive director of EHNAC. “The need in the marketplace for guidance and accountability in health information exchange is undeniable, and we applaud Infomedtrix’ commitment to the highest standards in privacy, security and confidentiality.

About DirectTrust.org
DirectTrust.org is a non-profit, competitively neutral, self-regulatory entity created by and for participants in the Direct community, including HISPs, CAs and RAs, doctors, patients, and vendors, and supports both provider-to-provider as well as patient-to-provider Direct exchange. The goal of DirectTrust.org is to develop, promote and, as necessary, help enforce the rules and best practices necessary to maintain security and trust within the Direct community, consistent with the HITECH Act and the governance rules for the NwHIN established by ONC.

DirectTrust.org is committed to fostering widespread public confidence in the Direct exchange of health information. To learn more, visit www.directtrust.org.

About EHNAC
The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include electronic health networks, payers, financial services firms, health information exchanges, medical billers, outsourced services, e-prescribing solution providers and direct trusted agents. 
EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation and open competition in healthcare. To learn more, visit www.ehnac.org or contact info@ehnac.org. Connect with EHNAC on Twitter, YouTube, LinkedIn and Facebook.

Sunday, September 29, 2013

When to automate manual tasks

Today I was trying to automate some of the manual tasks involved in keeping our infrastructure running smoothly.  Whenever I do this, it means writing programs, scripts, macros, etc, so I can speed things up.  However, the automation process takes effort.  

So, when does automation save you time?  This table I found here  offers a good indication: