Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Get all the latest EMR updates from a practicing doctor for FREE!

EMRs’ big gaping hole of secure messaging

Today’s post begins a series inspired by my recent participation in a breakfast panel in Washington, DC, Doctors and Patients Bridging the Digital Divide. There were a lot of useful ideas discussed during this panel, and so I decided to capture and share some with you.

One of the biggest holes in electronic medical records currently seems to be a lack of secure messaging systems built into the software.  Although maybe not universally true, this still represents a huge problem that also represents a great opportunity for gains in technology that will enhance the doctor-patient relationship and move digital healthcare forward into the future.

Currently, my electronic medical record vendor does not supply this feature as part of its software package.  However, as part of the Meaningful Use Stage 2 requirements by the federal government, the use of a certified EMR system that supports this function will be required.  A HIPAA-compliant secure messaging system will be needed as a part of every electronic medical record going forward.

Currently, if I wanted to use secure messaging to communicate with my patients, I would have to purchase a separate third-party vendor’s online software to communicate in a HIPAA-compliant fashion.  This involves an additional service agreement between the third-party and me, as well as monthly fees they can be expensive.  This would grant me the right to not only communicate with patients but also to bill third-party insurance companies for providing such electronic health services.  However, what may people do not appreciate is the small reimbursement allowance for such services, which is quite minimal.  Thus, regardless of the demand by patients, it’s currently more financially lucrative simply to see another patient in the office for a follow-up visit rather than answer a message electronically.  If an electronic medical record vendor builds secure patient messaging into their platform, when there is already a contractual arrangement between the doctor and EMR vendor, then a third-party cost would potentially become unnecessary.  The prospect of using a built-in, HIPAA-compliant, secure messaging system suddenly becomes much more attractive and potentially fiscally responsible.

Unfortunately, many EMR systems are in still developing stages at which they do not yet have built-in secure messaging features in their PHR or personal health record modules.

But what a wonderful and potentially powerful area for future development in order to further promote patients to become more engaged in playing a more active role in their own health care.  The ability of a patient to reach their doctor through the Internet is certainly an attractive feature if done right and seems potentially better than a patient spending five minutes on hold listening to elevator music only to finally speak to a front desk staff member who will only be able to forward a message, which may or may not be forwarded accurately.

September 12, 2012 I Written By

Dr. West is an endocrinologist in private practice in Washington, DC. He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC in 2009. He can be contacted at doctorwestindc@gmail.com.

Electronic Medical Records Lost Using External Hard Drive

I hate to call anyone stupid, but reading stories like Hospital Reports a Possible Data Loss really steams my Chinese dumplings.  According to the post, a doctor who works at two facilities, including the famous Harvard’s Brigham and Women’s hospital (of NOVA fame) walked out carrying a hard drive with over 600 patients’ personal, private medical records and then “lost” it on a trip to Mexico.  How could anyone commit or sanction such a risky action as walking out of a medical facility while hand-carrying an unprotected copy of so many people’s medical records in electronic form?!  And you gotta love that the records ended up in freakin’ Mexico of all places.  Whoever the legendary doctor was — who remains nameless — couldn’t have done a better job, short of sending the records to Al-Qaeda.  Can you imagine?!  Ugh…

You know what the answer to this is?  It’s quite simple — don’t store records on removable hardware. With the Cloud in place, I dream of the day when it’s mandated by law that health records cannot be stored on portable hardware.  We have so many brilliant companies using the latest SaaS technology that I really scratch my head wondering why this isn’t the default choice for all EMR and EHR systems.  There is little reason that the above disaster should still be allowed to happen in 2011.

Rather interestingly, and yet again, this is another example of data theft of patient records that was NOT electronic theft.  No usernames and passwords were hacked to get at the information.  It’s was just a plain, simple (at least as far as anyone knows) dumb-luck loss.  Another shining and yet pitiful  example of why I believe that records are far safer on the web and in the Cloud than in someone’s portable hard drive or laptop.  Do we really need to start anti-theft pad-locking and chaining hardware in place at medical facilities?

On another note, I’d love to have been the fly on the wall when the doctor was asked what happened that encouraged him or her to walk out with it.  Just how common is it?

Dr. West is an endocrinologist in private practice in Washington, DC.  He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC, as a solo practice in 2009.  He can be reached at doctorwestindc@gmail.com.

August 16, 2011 I Written By

Dr. West is an endocrinologist in private practice in Washington, DC. He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC in 2009. He can be contacted at doctorwestindc@gmail.com.

Data breaches and EMRs: bad guys or just dumb mistakes?

I love this post by George V. Hulme at CSO Online because it really highlights my high level of skepticism regarding all the need for worry about encrypting everything to death where electronic medical records are concerned.  Yeah, yeah, yeah.  I’ve heard it over and over, ad nauseam.  I don’t necessarily disagree that data security is important, but just please someone name me some examples of where a nefarious miscreant was purposely trying to steal protected health information (PHI) electronically with hacking.  I’m sure such documented incidents must be out there somewhere, but they don’t seem common since I’ve never heard of any actual cases.  Even the strange one reported (but not really well referenced) in the above post was, okay technically crime, but not electronic at all.  The criminal cited in the story was apparently trying to manually steal what sounds like a hardcopy paper file from the doctor’s home.  I’ve always told my colleagues and friends, “What the bleep would anyone want with some average patient’s health information?  And who’s gonna go to the level of sophisticated, tech-savvy theft to get it?”

It really seems like crazy paranoia to me to think that anyone cares about Mrs. Smith’s medication doses, whether she smokes or has a beer every now and then, or when she was last seen in the office.  Come on, people, that’s not going to make anyone rich — pretty much has no street value at all on the surface.  So I ask again for your assistance in throwing me a bone.  Help me understand where the rubber meets the road and we really need to go crazy with overly expensive and extreme technology to avoid electronic data theft.  Someone think up the next blockbuster summer movie script.  “The Net III”?  I’ll take crazy Sandra Bullock movies for $100, Alex.

Dr. West is an endocrinologist in private practice in Washington, DC.  He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC, as a solo practice in 2009.  He can be reached at doctorwestindc@gmail.com.

August 3, 2011 I Written By

Dr. West is an endocrinologist in private practice in Washington, DC. He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC in 2009. He can be contacted at doctorwestindc@gmail.com.

Tornadoes and HIPAA

[Note:  Since this post was published, I found an excellent post over at EMRandHIPAA.com.]

My friend John Lynn over at EMRandHIPAA.com posted an interesting piece discussing hospital liability when health information is literally strewn around town after a tornado hits.  With all of the recent tornado activity and tragedy occurring in the U.S., it seems likely to happen again and again.

This also highlights another reason I love my web-based, redundantly backed-up EMR system.  You can’t lose any protected health information unless the locked-up primary server farm and the locked-up secondary backup server farm, which are typically geographically isolated from each other, are both destroyed .  You can’t blow paper chart notes out windows or plastic x-ray films into tree tops when they don’t exist.

Inadvertent exposure of PHI?  Think again.  Web-based records require the person to login remotely to access them, so you can’t just lose a laptop on the train or in a cab and be at risk of data breach.

I feel bad for all the patients who lost, or will lose, their records because they were kept on paper, since it probably means they’re at high risk of having a less informed doctor treating them in the future.  Don’t fight future tornadoes… embrace the cloud today!

 

Dr. West is an endocrinologist in private practice in Washington, DC.  He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC, as a solo practice in 2009.  He can be reached at doctorwestindc@gmail.com.

June 16, 2011 I Written By

Dr. West is an endocrinologist in private practice in Washington, DC. He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC in 2009. He can be contacted at doctorwestindc@gmail.com.