The White Horse Cometh – For Heath IT workers.

The apocalypse for Information Technology (IT) workers within healthcare has come.  Emblem Health announced that they will be releasing 250 IT workers due to the fact that “We came to realize that building our own technology would require hundreds of millions of dollars and require time that we didn’t have,” states CEO Karen Ignagni.

In a nutshell, they have to lay off their IT crew and outsource because of poor technology planning on the part of their senior executives, go figure.

Of course being the caring and forward thinking company Emblem is, it will be offering a “Customized retraining program that we are preparing in partnership with Cognizant,” the CEO says.  Cognizant is their outsourcing company.

I have been through this; it’s not as nice as they make it sound.  It is very similar to mergers and companies that are sold to another where you have a counterpart.  Not everyone gets to keep their job, or is hired, and it is no picnic.

If you have the chance to get hired this doesn’t mean you will retain your salary or any benefits you may have, like vacation.  It’s like starting a new job.  The person being outsourced essentially has to interview for the position they already occupy, and it’s a good bet there will be a lot less money on the table, but hey, it’s a job, right?  That’s if the person is offered it.  Chances are the outsourcing company may only take on 10 employees, and that’s being generous.

Did I fail to mention that the outsourcing company Cognizant “is known for its use of H-1B visa workers.”  So yeah, there’s that, and since this is mentioned, it is reasonable to infer that Emblem uses mainly H-1B workers instead of U.S. citizens.

Ever since information technology went main stream, it has always been seen as a “black hole” of sorts within non-technical companies.  The IT department is always the first to get eviscerated when budgets are cut; layoffs are needed during bad times, or to simply trim the salary base.

I can’t help but wonder if the “Health IT Boom’ is over, and we are now seeing the beginning of a course correction.  Those that are working so hard to find work within this field, and those who were lucky enough to gain employment, might now be on the waning end of the ride.  Also, the ones who went into it as a second career after the recession are now cast aside once more because of poor leadership, stakeholder demands and cutbacks now face another downturn.

You can find the full article here:  EmblemHealth

Advertisements

Hacker Honey – Healthcare Data

If you think your healthcare information containing every piece of demographic information you have which includes your home address, age, SSN, phone and driver’s license number is safe – think again. This information is hacker’s honey. The push to digitize healthcare has made healthcare a big target.

Now, some of you in health care who read this may disagree, or anyone who reads this. So, just to give an idea of what has happened over that last few years:

According to Modern Healthcare:

– Anthem Health Plan: 80M records breached.
– Community Health Systems: 4.5M records breached.
– Advocate Medical Group: 4M+ records breached.

If that is not enough to make you a Meerkat on the lookout for predators, in 2015 ALONE:

– Between January and October, close to 100M records pertaining to healthcare were compromised according to IBM Security Intelligence.

This doesn’t mean all these records were stolen, per se, although millions were, just that breaches occurred due either to poor employee procedure/process, or human errors in judgment. This is a ton of data that has been compromised in the healthcare industry. I understand hospitals, insurance carriers, and other healthcare institutions are racing to comply with government standards and practices however, the one thing that always, always falls to the wayside is security.

Security is a catch 22. Security is a tradeoff between cost, risk and responsibility. The less security (and less cost for security) the more risk you assume, along with the responsibility you incur for breaches. The reverse is the same. The priority of healthcare is patient care and these institutions do not want to hinder the professionals in their work. However, they now have an additional burden they must confront, patient information security. It was easier to control when all there was were paper charts behind locked cabinets and doors. Now, because of digitization, other elements come into play.

Elements such as having workers who must log onto a system and control that logon while keeping, or raising, the patient care standard. The industry must now have an IT department well-versed in technology pertaining to security access, and electronic healthcare software capable of maintaining identity level security down to the record.

However, hacking a healthcare system isn’t just about data theft, it can be about money. The healthcare industry is now one of the most popular for hackers to hold systems hostage for ransom, known as a Ransomware Attack. Recently, a hospital has fallen victim to this attack, and it was reported that hackers asked for $3.4M in untraceable Bitcoin from Hollywood Presbyterian,  but in a statement released it was 40 Bitcoin worth $17,000 – which they paid. Once hackers gain access to a system, they have the ability to control data access. This has the potential to take lives, which is why the healthcare industry needs to be held to a higher security standard.

Healthcare, above all other industries, needs to tighten up. If just one person is denied something at a critical moment from a hack such as Ransomeware, there will be no holding back the storm that will rain down on them if the institution is unable to adequately prove proper security measures.

The healthcare industry and its professionals have, for the most part, embraced technology. It is time now for them to take a serious look at the security, employee process and procedures surrounding this technology.

Even though, according to the Health Information Management Systems Society most vendors are blocking healthcare data sharing in order to corner the market and keep software proprietary, there will come a day when our health records will be available to any doctor anywhere. I would think securing our information would be of critical importance to these vendors, institutions and us as individuals.

The healthcare industry needs to take a beat – start asking the tough security questions about the software/technology they are buying, start locking down, or upgrading the software they have, training its workers regarding security procedures and processes, and making us feel safe with them handling our information, because right now, I have zero faith that my information is. Knowing what I know from over twenty years in working with and securing networks and data, my healthcare information is one hacking stroke, or peeved employee away from being compromised, if it hasn’t been already.

H A L From Cyberdyne

Technology in medicine has come a long, long way in the past 20 years.  We have tele-medicine, electronic health records, pump infusers, and I could go on.  However, another breakthrough has come in the guise of rehabilitation. Enter the Hybrid Assisted Limb (HAL) from Cyberdyne Inc in Japan.

Okay, putting aside the obvious Terminator references, this is something to be heralded.  All you need to do is look at this video and the medical possibilities abound.   HAL has the ability to reduce hip and knee surgery rehab time, as well as getting stroke victims to walk again, and as long as the impulses from the brain get to the muscles, allowing accident victims and those with atrophied muscles learn to walk more quickly reducing rehab also.  This would allow a center, or hospital to have more patients, thus create more profit.  The monetary savings are there for the taking.

Let us not forget our medical professionals.  Soon, some savvy Healthcare CTO will see the benefits to HAL helping medical professionals by taking the pressure off their backs and knees when helping patients in and out of bed, or into wheelchairs.  HA!  You say?  From a business standpoint, how many dollars do hospitals spend a year on those out on disability due to hurting backs, hips or knees, how much “lost time” occurs because of the same?  I am quite sure the dollar figure is astounding.

I imagine health insurance companies will eventually see that pile of untouched cash as well.  There are many industries besides healthcare that people push their bodies to the limits.  They consistently bend, walk, or lift product for eight hours or more. Over the years this places extreme stress on the back, hip and knee joints.  The sheer cost of replacing hips and knees because of years of punishing your body because of your job costs the insurance companies billions.  Offering a healthcare discount to a company who allows its workers to wear a HAL to help prevent these issues would be the smart insurance company.  The cost of HAL is a mere drop in the bucket to keep the boots on the ground fit and working.

I am sure, in the not too distant future a nurse will walk into a room wearing one of these light weight suits to place someone in a wheel chair, lift them so another can change the bedding, or turn a coma patient so bedsores won’t form.  I see this used prevalently in many areas of healthcare.  It will be used in hospitals, home care and assisted living facilities. The future of healthcare has arrived.

The Client/Server EHR – Cloud Bound?

Let’s start off with what we already have in terms of the technology that the EHR has developed into. In information technology there is a platform known as Software as a Service (SaaS). Basically, it is a model of software distribution where vendors host applications at their site and are made available by companies for use over a network, usually the internet. This is designed to cut out the bottom line cost of in-house server hardware, software licensing, and life cycle management. Another added cost bonus is that you also do not need the employees to manage the client/server model and the costs associated with them

The SaaS model has been a help with EHR adoption for physician offices, acute care facilities, home health organizations, and hospitals. Two big players, Epic and Cerner, already have systems in the game. Epic now has an accredited provider offering their Epic Connect Program in a SaaS model to those who are unable to afford the implementation in house (Gregg, 2014, para. 11). This is a big step in getting small providers to accept the EHR and all of its benefits. Cerner has comparable SaaS solutions as well. To be frank, if you haven’t taken the plunge yet, now is the time as these two behemoths battle for market share.

Although both have the SaaS solution available, they are not totally at the level to provide a cloud based environment. The cloud environment is where all information is stored, managed and processed sans in-house servers and personal computers. Can’t be done you say? I beg to differ. The International Data Corporation (IDC) is an advisory, research and analytical firm of all things technological, and they say now is the time for a 3rd platform (cloud) EHR (Monegain, 2015, para. 1). It is a matter of time before the EHR merges into cloud based computing. Although there is no cloud based EHR’s as of yet as the IDC defines them, they predict that within three to five years these solutions will emerge from the SaaS platform, among others, now being offered (Monegain, 2015, para. 4). It is the next logical step.

Ultimately, cloud EHR interoperability is going to happen, and basically the decision to partake is a risk management one. Today’s connectivity is much better than it was decades ago. The routing protocols, fail-over capabilities, and the overall health of the networking world where our data traverses is pretty stellar. However, the question begs to be asked, would this be wise? Essentially, we would be giving up all control of our access to the information in the EHR. Even now, this is true with the current SaaS model. Our only life line to the information is the network we operate on, and the internet connectivity we have to the SaaS site. I would wager good money that anyone who has SaaS now has experienced the pain of a well-placed fiber cut by a road crew. Should we step into the cloud with the EHR? Chances are we will, because the cost of not doing so would be detrimental to the bottom line.

References

Gregg, H. (2014, 4 17). 10 Things to Know About Epic. Retrieved from Becker’s Hospital Review: http://www.beckershospitalreview.com/lists/10-things-to-know-about-epic.html

Monegain, B. (2015, 3 24). Ready for the next generation of EHRs? Retrieved from HealthcareIT News: http://www.healthcareitnews.com/news/ready-next-generation-ehrs?mkt_tok=3RkMMJWWfF9wsRoisqvLZKXonjHpfsX56eooX6%2B3lMI%2F0ER3fOvrPUfGjI4ET8VjI%2BSLDwEYGJlv6SgFQ7LHMbpszbgPUhM%3D

Medical Device Interoperability

Tags

, , , , , , , , ,

The medical device technologies, such as pacemakers, vital sign monitors, and infusion pumps are being introduced to help healthcare professionals help us. However, when they are not designed properly, they have the ability to exacerbate issues technology is meant to eliminate. In a recent study medical errors are the third leading cause of hospital deaths (The Leapfrog Group, 2014, para. 1). Now, medical errors can encompass a broad spectrum of issues. To the credit of the healthcare industry, they are placing even more life-saving procedures, and policies into effect to address patient safety. Add to this the increasingly complicated devices healthcare professional must now monitor, places more pressure on an already hard working, boots on the ground, work force.

Even though the medical device technology being implemented is, no doubt, revolutionizing the healthcare industry these medical errors abound. A recent finding indicates that 60% of registered nurses, who must program and monitor these devices, believe these errors could have been avoided if these devices had proper interoperability, and were coordinated (McCann, 2015, para. 3, 8). Registered nurses, among other healthcare professionals, must take readings from these critical medical devices and place them in paper (yes, this is still being used), or electronic charts.

In a hospital setting, this adds to an already long shift, and takes valuable time away from the many patients they serve on a daily basis and in many cases, adds overtime to the budget. There is no debate that patient safety should come first even so, it is estimated that $30B could be saved from a healthcare system that is fully interoperable that would reduce manual data entry, transcription errors and redundant tests (McCann, 2015, para. 4). Healthcare is spending billions on technology and yet, has not paid any attention to those who perform the daily duties of patient care.

The rush to implement technology to comply with government regulations, and financial burdens has, in some ways, helped us as patients by giving us some control over our healthcare, but has done little to relieve the work load of those who care for us. As a technology professional, I sincerely believe companies who design these devices need to be more aware of the devices interoperability. They should be able to make these devices connect securely to the hospitals network, to add lines of code that transmit the patients vitals, and other desired critical information, to the patients electronic record so professionals have access to “real-time” patient information. This would go along way to eliminate some of the human error issues associated with manual entry, and transciption errors.

References

McCann, E. (2015, 3 16). Nurses blame interoperability woes for medical errors. Retrieved from Healthcare IT News: http://www.healthcareitnews.com/news/interoperability-gets-blame-serious-medical-errors?mkt_tok=3RkMMJWWfF9wsRoivKrBZKXonjHpfsX56eooX6%2B3lMI%2F0ER3fOvrPUfGjI4ETMBjI%2BSLDwEYGJlv6SgFQ7LHMbpszbgPUhM%3D

The Leapfrog Group. (2014, 10 29). Hospital Errors are the Third Leading Cause of Death in U.S., and New Hospital Safety Scores Show Improvements Are Too Slow. Retrieved from Hospital Safety Core: http://www.hospitalsafetyscore.org/newsroom/display/hospitalerrors-thirdleading-causeofdeathinus-improvementstooslow

EHR Workflow

Tags

, , , , ,

The acceptance of Electronic Health Records (EHR) has, no doubt, increased patient care. However, the workflows, in regards to these systems, still need tweaking. Technology, at its core, is designed to make us efficient, more productive and essentially, help us work better. So, with the implementation of an EHR system, one would think workflow would change, for the better, as well.

In some cases, processes and workflows do change, but not without some push back. This was discussed in an earlier post. What I am now referring to is the workflow within the EHR itself. Many professionals have demonized the EHR due to their design flaws, usability issues and tend to blame the hardworking developers for workflows that they can’t make sense of. Although some issues may slip through the development and testing processes, many of the workflow issues have stemmed from the meaningful use criteria that they need to follow, as well as reimbursement, documentation, and regulatory stipulations.

EHR workflows are married to certification and regulatory requirements. In order to get certified, and be competitive, vendors must implement these requirements without questions. This in turn forces providers who wish to maximize reimbursement to adopt the workflows within the EHR, whether they make sense or not.

One size does not fit all, which means some of the meaningful use requirements are irrelevant to the care setting. Having a requirement to ask a child about their drinking, and smoking habits seems ludicrous. Although, after seeing a two year old, who smokes 40 cigarettes a day in Indonesia, this may not be so far-fetched, but still.

The processes and workflows that an EHR changes, or enhances, are still in growing pains. We have hit the far side of the pendulum when it comes to EHR workflows, in time, it will swing the other way and, eventually this will all level out and the pendulum will stop swinging. However, until our medical professionals and regulatory bodies hammer out the finer details, we should understand the frustration of them having to ask, as well as us having to answer, the questions of whether or not our child smokes, or drinks.

Snoops – Securing the Inside

Tags

, , , ,

My previous blog “A Pirates Haul” dealt with external breaches and only lightly touched on internal threats. The most looming internal threat is the employee. We humans are a curious lot and, some just can’t help to snoop. When rumor spreads of someone of stature is within our heath care walls, perhaps even under a pseudonym, the hunt is on.

This is why health care institutions need to track the computerized footsteps of those who work within. Now, some who read this may think this is an invasion of privacy, not so. The computers, email, EHR software, and the variety of other programs that are used within the health care system are not the employees, but the company which purchased them and, they can do what they see fit to protect a patients information. This includes tracking our clicks to see where we go and what we do with that information.

This is where security policies can be very helpful in terms of patient information but, most importantly, communicating these policies on a regular basis, is a key component. To put it in simpler terms, educate the employee. This can be done with simple reminders in email, dashboards, or in staff meetings. However, this alone will not suffice. Employees must also be made keenly aware their traversing through the network is audited, preferably on a daily basis.

Auditing users is not something that happens overnight, it takes a security plan, and, not every business audits the same information. Figuring out what to audit can be daunting however, when it comes to health care, accessing patient records is a big one. When a health care professional accesses a patient record when they have not been charged to do so, gives a hint of impropriety which could lead to a disastrous PR nightmare and, financial loss.

There is not one answer for this but, there are audit software programs that could help. Expressing audit concerns with a current vendor, or new one, can help choose the right one. To help manage the risk of snooping employees that could end up costing a health care institution millions, the purchase of a solid audit package along with diligence in communication and education is well worth it.

A Pirates Haul

Tags

, , , , , , , ,

The recent failure of security in the article pertaining to Anthem brings to the fore front the issue of Health Care security, once again.
It is time for Health Care to take the security of our information much more seriously. The critical personal information they keep on our behalf has become sweet honey for hackers. We, as patients, need to trust these vital institutions to keep our information from prying eyes, both internally and externally and, no breach should be tolerated. The Anthem breach is just another, in one of many, that should send the clarion call to all Health Care Providers to tighten the screws on security policies and procedures, along with a zero tolerance approach. There is an inherent responsibility laid on them to protect our information if they choose to use it for purposes pertaining to evidenced based medicine in order to increase patient care. If anyone in the Health Care industry believes that no one wants to hack healthcare, it is clear they are on a boat drifting on the river denial.
There is a ton of information a devoted hacker, or team of hackers, can use for nefarious purposes. The demographic information such as social security numbers, personal addresses, and such can be used for identity theft. Also, prescriber information pertaining to narcotic scripts has the potential for a whole other realm of possibilities. It is not just the patients’ information at risk here but, the physicians as well. It is only a matter of time before some savvy pod of hackers’ figures out a way to circumvent current procedures and call in narcotic prescriptions. Perhaps, this is what it will take for the industry to take the security of the patients’ information more seriously.
Of course, there is always the association between security and the assumption of risk. The higher the security, the less risk one assumes but, the conundrum prevails as to finding the balance. We do not want to make it so difficult that work cannot be done but, we need to consider the potential risks involved when this information is forcibly removed or breached internally. No system can be 100 percent secure, as Kevin Johnson, white hat hacker and chief executive officer of the security consulting firm Secure Ideas (McCann, 2015, para. 10), says in the article. He also states “We don’t want it secured 100 percent because we want to see who did this” (McCann, 2015, para. 10). However, we never seem to hear of anyone actually caught from these serious breaches. One has to wonder, why is that?
The level of sophisticated technology to track these breaches is just as high as those who use the technology to break in. However, many “White Hat” security firms are bound by laws that criminal hackers are not. This makes it much more difficult for them to find those who operate outside the law. Therefore, it must fall to the Health Care Industry to strengthen their physical, and cyber security models. When a Health Care firm gets breached, it is not the firm that suffers, not really. They may get a fine or a slap on the wrist for the lack of protocols or the like but ultimately, it is the patients who reap the devastation. Because it is our information now in the hands of those who tend to do ill with it.

Reference
McCann, E. (2015, 2 6). Anthem hack: ‘Healthcare is a target’. Retrieved from Healthcare IT News: http://www.healthcareitnews.com/news/anthem-hack-healthcare-target?mkt_tok=3RkMMJWWfF9wsRols6rIZKXonjHpfsX56O0rX6W3lMI%2F0ER3fOvrPUfGjI4CRMpjI%2BSLDwEYGJlv6SgFQ7LHMbpszbgPUhM%3D

Large EHR Records

Tags

, , , , ,

If you are a healthcare professional, ask yourself – do some electronic health records (EHR) retrieve slower than others?  If so, chances are these records a very large within the database.

Now, most of us go to the doctor once a year for a regular check up, maybe twice if you catch a cold, or the flu.  However, there are people out here, mainly the elderly, who go several times a week because they need attention, or monitoring of some sort, because of this their electronic health record (EHR) can get quite large.    In the electronic health record (EHR) there is what is called an “Encounter”, basically this is the record of your office, ED, or hospital visit.  This is where the doctor places their notes of the visit, any special instructions, the vitals the nurse took, and medications that maybe prescribed along with a myriad of other health related data.  That’s a lot of information.

The issue of the large electronic health record (EHR) is more and more prevalent as the use of the electronic health record (EHR) becomes more widespread.  This issue can be directly tracked back to the database and its limitation, it is a known fact that ever since the inception of the database, and large record retrieval has been a programming issue and the bane of database developers worldwide.  Data base programming is limited, and wholly inefficient, when storing and retrieving large files and/or records.

The database is all about storage and retrieval.  I am not going to delve into the “guts” per se of the database file itself, but suffice to say that if the software and database designers’ did a proper job, all this information is “split” across several databases in order to cut down on the retrieval time.  You may be thinking, “That’s just crazy, wouldn’t one database be more efficient?”  Simply put it is not more efficient.  I assure you this is a proven design method.  The smaller the database the faster the information can be processed.  However, when the information for a specific record grows beyond the capabilities of the database, and it takes what feels like forever for that record to spring onto the screen, there is a way around it.

Although the electronic health record (EHR) is necessary the health care field is beginning to see database limitations, and sometimes the old ways can be re-adopted in order to help ease some of the burdens of time.  Remember, in the “old days,” when a patient had a paper chart 5 inches thick?  What happened? You split the chart.  Well, this is what I am seeing in the electronic health record (EHR) community when large charts become a hindrance to the health care professional.

Thit is but one issue, and when adopting the benefits of technology, you also take on its limitations concerning networking, processing, crashes, updates and the myriad of other issues.

Until a new method of storing and retrieving data or some brilliant 14 year old discovers a way around these issues this particular problem will always be with us.  No matter how productive technology may make us, there are still limitations to that technology and we must find ways to work around, and with them.

IT Background? Why a Health IT Job May Be More Difficult To Land Than Previously Thought

In 2011 I took a Health IT course because I kept seeing articles saying that the Health Care field is booming, and because of the electronic health record (EHR) the next boom is Health IT.  I see Health IT jobs out there but I don’t see a boom.  Many Health IT positions I see want a medical  background, mainly nurses who no longer wish to do patient care, and are tough to land for those with IT backgrounds.   However if you have programming experience, especially in any of the major programs such as Epic, Nextgen, or Cerner these are a little easier to get.

The postings I speak of pertain to the Implementation and IT Project Management of the electronic health record (EHR).  The gist I get from these postings is that they feel a nurse understands Hospital workflow, terminology and procedures and they do.  However, these postings stress project management, implementation and support, yet, they still wish a medical background.  There has also been an outcry of why many of these implementations are colossal failures.  Make no mistake, an EHR is an IT implementation, and requires IT Project Management.  It needs someone who knows information technology, how to systematically go about the discovery of required information, the implementation, and the training of staff on said hardware/software.  Medical professionals, in turn, do not understand the technology, IT terminology, IT procedures and IT workflows which result in delays and miscommunications that lead to errors that could have been avoided.

Any IT Project requires a gathering of knowledge from the company and their various departments.  An IT Project Manager who has done an Enterprise Resource Planning (ERP) project, or any large scale IT implementation understands the process involved in gathering such information.  Placing a medical professional in an IT Project Management or Implementation role just because they may have a medical background regarding processes, procedures or workflows in a certain medical area is short term thinking.  The learning curve for such a placement is steep because these roles are historically technical.

Communication is a key element in any IT Project.  The Project Management and Implementation of any electronic health record (EHR), or electronic medical record (EMR), is a unique blending of technical knowledge and specific medical knowledge. This is where the experience of the medical professional regarding medical processes and procedures is paramount.  For someone to assume a medical professional is better qualified to manage an EHR/EMR project with so many technical dynamics may be inviting cost overruns, time delays and lack of user satisfaction.  They do not understand the incredible value someone in information technology brings to such an endeavor.

While trying to start a new career in the Health IT field I have come to find that there is a deep chasm in regards to what Hospitals and Provider offices look for when trying to fill Health IT positions when it comes to EHR/EMR implementations’.  Although an IT Project Management and Implementation background is required, the full collaboration between the Project Manager and the medical professional is vital.  For these implementations to fully succeed both of these roles are needed, and it is extremely rare that one person is fully competent in both areas.  There is a vast pool of IT people out here so very eager to get into this field, and have so much to offer, yet we’re overlooked because we do not have medical experience.

If we want to see higher degrees of success pertaining to EHR/EMR Implementations, then medical organizations will need to utilize people with IT Project Management and Implementation skills, along with their medical professionals.