Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
At Least … Not Yet!
By David K. Luke MIM, Certified Medical Planner™ candidate
www.CertifiedMedicalPlanner.org
Since Feb 17, 2009 when President Obama signed into legislation the Health Information Technology for Economic and Clinical Health Act (HITECH) as a part of the 2009 stimulus package, the incentives were promised for the adoption in health care practices of Electronic Health Records (EHRs).
The Carrot and the Stick
The incentives payments for “meaningful use” range from $63,750 over 6 years by Medicaid to maximum payments of $44,000 over 5 years for Medicare. The penalty for not adopting by Medicare will be 1% of Medicare payments in 2015, increasing to 3% over 3 years. Stimulus money is granted based on meaningful use of an EHR system.
The Reality
Stories are rolling in by early adopters now that give cause for a prudent physician to rethink implementation anytime soon of an EHR for his/her practice. Here is a sampling:
- EHRs can be hacked and doctors will be held accountable. A total of 385 breaches of protected health information affecting over 19 million records have been reported since August 2009 (Redspin Breach Report 2011). Redspin also reports that industry estimates have put the value of a stolen health record on the black market at about $50 per record. For me, this is the biggest red flag for implementing an EHR now. Vendors are offering solutions in the form of data “masking”, but this could increase the cost of the systems.
- EHRs have stringent audit requirements under the HITECH Act. Health care organizations are expected to monitor for breaches of PHI. Audit logs must be kept. Audit strategy, process, and implementation tools must be used to meet stage 1 meaningful use criteria. Sanctions to employees for not following protocol. Healthcare facilities leave themselves vulnerable to individual and class action lawsuits when they do not have a strong enforcement and audit program in place for their EHR.
- EHRs are expensive to implement, both in terms of money and in terms of time. Dollar costs range from free (Practicefusion) to $50,000+ for such EHR vendors as Allscripts or eClinicalWorks + ongoing maintenance costs. But don’t’ forget the time investment. Even small EHR systems can take 2 years to implement. I have just witnessed a client’s large pediatric practice literally crippled with the initial time investment required for staff and physicians to learn the system. Half staffing the front desk and other areas so employees can go to training has caused a drain on both patient and employee morale.
- Legal concerns are still unanswered regarding EHRs. Currently the debate is still on about who owns the electronic data. The EHR vendor will tell you that you do. HIPPA gives the patient the right to see their record or chart, and the right to have a physical copy of their record based on a reasonably cost for copying and postage. Typically doctors share medical records with other health care providers as a professional courtesy. Empowered patients think they own their records. According to a reference regarding an HIMSS white paper, a patient owns the data in a Continuity of Care Document and has the ability to input and access that information.
- Obtaining meaningful use stimulus payments is not a given. I met with a physician owner client a few months ago in Arizona that has implemented an EHR for their pediatric practice and was hoping to receive the stimulus payment for stage one by completing the 20 criteria needed. After plowing through the 31-page “Arizona Medicaid EHR Incentive Program” guide provided by The Arizona Health Care Cost Containment System Administration or AHCCCS, which is the Arizona arm of Medicaid he turned in his application, which was denied. His initial reaction was that the program did not have the funding in Arizona, but that seems not to be the case as a number of large payments have been made now in the state. Banner Healthcare, which operates the largest hospital system in the state with thirteen inpatient facilities, reported a total of $12.4 million in Medicaid booty for implementation of its NextGen Healthcare EMR systems in 2011. It appears that there is a learning curve involved here and the smaller practices will catch up while the hospitals currently seem to have better systems in place to capture the stimulus money. An entire MU industry has emerged to help physicians such as my client perfect their stimulus applications.
Risk vs. Reward
In the investment world I am always comparing risk vs. return when managing my client’s portfolios. At times in the marketplace, for various reasons, it just does not make economic sense to make certain investments as the possible risks far outweigh the potential return. An easy example now is the investment in “safe” longer-term treasury bonds. With a near 40-year low in interest rates, the 30-year treasury today yields 3.18 %. Yet if interest rates rise 1% in the marketplace, that 30-year treasury can drop 12%. A 2% rise can result in a fall of 22% in value. It would take 7 years accumulating 3.18% to offset the loss in value caused by a 2% rise in rates. I do not think rates are going up 2% tomorrow, but I just do not like the risk/reward spectrum here. Likewise, the biggest concern currently I have with EHRs is data breeches, as mentioned above, and the stiff penalties involved currently. Paper systems look a whole lot cheaper and safer when considering the ease at which a data breech can occur with electronic data. Fines, criminal sentencing, and disciplinary action by licensing boards are risks not worth taking considering current history on data breeches. Losing your license or your business or personal freedom because of an employee’s careless actions is not worth it. Lest you think I exaggerate, consider the following examples from the past few years enforced by the Office for Civil Rights (OCR), the enforcement side of the US Department of Health and Human Services that enforces HIPAA, and by employers and licensing boards:
Incident: A terminated researcher at UCLA School of Medicine retaliated by accessing UCLA patient records (many celebrities) 323 total times over the next four weeks.
Penalty: 4 years in prison for the terminated researcher for violating HIPAA Privacy Rules
Incident: Thirteen staff members at UCLA hospital accessed Britney Spears’ medical records without authorization.
Penalty: UCLA fired the 13 individuals, suspended another six.
Incident: A doctor and two hospital employees accessed the medical records of a slain Arkansas TV reporter. Details were leaked to the press of her attack.
Penalty: All pled guilty to misdemeanors for violating HIPAA privacy rules and were sentenced to one-year probation. The three all were curious about the case and “peeked” at the patient’s record as employees of the hospital, even though she was not their patient. The doctor’s privileges were suspended by the hospital for two weeks; he was fined $5,000 and ordered to perform 50 hours of community service by speaking to medical workers about the importance of patient privacy. The two other employees were terminated.
Incident: Cignet denied 41 patients, on separate occasions, access to their medical records when requested.
Penalty: Initial violation was $1.3 million. OCR concluded that Cignet committed willful neglect to comply with the Privacy Rule and fined an additional $3 million.
Incident: 57 unencrypted computer hard discs containing PHI of more than one million people was stolen from a storage locker leased by Blue Cross Blue Shield of Tennessee (BCBST).
Penalty: OCR fined BCBST $1.5 million in settlement. The fact that BCBST secured the information in a leased data closet that was secured by biometric and keycard scan in a building with additional security was not enough. BCBST also spent $17 million in investigation, notification and protection efforts and had increased future compliance costs.
Incident: Health Net discovered that nine portable hard drives that contained PHI and personal financial information of approximately 1.5 million people were missing. The hard drives in question went missing from an IBM-operated datacenter in Rancho Cordova, California.
Penalty: The complaint alleged violations of HIPAA. Connecticut Insurance Commissioner wins a $375,000 fine for failing to protect member information and not reporting in a timely manner just months after the Connecticut AG won a $250,000 settlement for the breach. Vermont’s AG jumps in and gets a settlement of $55,000 to the State because 525 Vermonters were on the lost drive.
Incident: WellPoint / Anthem Blue Cross became aware that its customers’ health applications and information website, which contained up to 470,000 applicant’s information, was potentially publicly accessible when an applicant alerted the company that altered URLS after an upgraded authentication code could allow access to other people’s information.
Penalty: WellPoint / Anthem agreed to the terms of a class action lawsuit filed in California that will provide $1.5 million in general settlement, with an additional donation of $250,000 to two non-profit organizations aimed at protecting consumer’s rights, $150,000 donated to Consumer Action and $100,000 donated to the Public Law Center in Orange County. WellPoint / Anthem also agree to pay $100,000 to the state of Indiana for the data breach that exposed 32,000 state residents. A 2009 Indiana law requires companies to notify the state of certain data breaches within a certain period that was not met.
An Investment?
I bring up these examples to make a point. The EHR vendor will talk about your EHR being an “investment”. You cannot have an ROI if you lose money. Notice that most cases were due to careless, innocent lapses of judgment. Also in many cases actual damages either did not occur or were hard to prove. The new HITECH act extends HIPAA to allow the states’ attorney general to also bring actions, which adds more salt to the wound. Some of these cases do not appear to be done yet either as far as the lawyers are concerned. Also, notice that even when the health care provider regarding storing the data exercised extreme care (BCBST with biometric, keyscan leased lockers and Health Net employing IBM’s “secure” datacenter), the health provider was sued and fined. Smaller medical practices I believe are even more susceptible to EHR data breaches, where bad password management practices and website maintenance problems are more common and often protocols and training are not firmly in place.
Assessment
The widespread use and integrated implementation of EHRs are going to happen, no doubt. Your practice will eventually have one. 2015 is still a few years off before the first 1% Medicare penalties hit. Tell the EHR vendor to call back in 2014 once the kinks are worked out. Waiting two more years may not prevent a costly incident due to the vengeful fired employee or due to a careless slip in protocol. Those landmines will always be there.
But, two more years will allow the EHR stakeholders more time to improve their product, namely the security and encryption of the data in case of a breach, and two more years will allow the OCR and the state AG’s to fill up on the low hanging fruit and make their point.
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
- DICTIONARIES: http://www.springerpub.com/Search/marcinko
- PHYSICIANS: www.MedicalBusinessAdvisors.com
- PRACTICES: www.BusinessofMedicalPractice.com
- HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
- CLINICS: http://www.crcpress.com/product/isbn/9781439879900
- ADVISORS: www.CertifiedMedicalPlanner.org
- BLOG: www.MedicalExecutivePost.com
- FINANCE:Financial Planning for Physicians and Advisors
- INSURANCE:Risk Management and Insurance Strategies for Physicians and Advisors
Share this:
Filed under: CMP Program, Information Technology | Tagged: CMP, Continuity of Care Document, david luke, EHRs, EHRs - Not Yet Ready For Prime Time, EMRs, HIPAA, HITECH Act, medical records, OCR, www.CertifiedfMedicalPlanner.org |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
I’m no longer alone
[Here’s a huge I told you so]
“EHRs – Still Not Ready For Prime Time” by David K. Luke MIM was posted on the Medical Executive-Post, above.
David Luke describes “Reality”:
– EHRs can be hacked and doctors will be held accountable.
– EHRs have stringent audit requirements under the HITECH Act.
– EHRs are expensive to implement, both in terms of money and in terms of time.
– Legal concerns are still unanswered regarding EHRs.
– Obtaining meaningful use stimulus payments is not a given.
Other than the hundreds of unwelcome articles critical of the HIT industry I’ve posted starting in 2006, I think David Luke’s is one of the first to acknowledge that stakeholders, including HHS, have indeed misled Americans about EHRs from the very beginning.
Fortunately for doctors, patients and taxpayers, the stakeholders’ free ride in the media is coming to an end at last. Truth always wins over politically-correctness. It just takes more time when billions of free stimulus dollars cloud common sense.
D. Kellus Pruitt DDS
LikeLike
Concessions
Today above, I posted a link to David K. Luke’s article, “EHRs – Still Not Ready For Prime Time” on LinkedIn under the title, “Here’s a huge I told you so.” It drew a response from Genevieve Morris.
http://www.linkedin.com/groupAnswers?viewQuestionAndAnswers=&discussionID=110194657&gid=3993178&commentID=77969121&goback=%2Egmp_3993178&trk=NUS_DIG_DISC_Q-ucg_mr#commentID_77969121
Genevieve Morris:
Since I really don’t feel like getting into a long confrontation, I will only point out one thing. Yes EHRs can be hacked. However, if you look at the HHS wall of shame, Hacking incidents are minimal and all, except for one are network servers, email, or computer. One lists network server and EMR, which probably means the server was hacked. The EHR itself was not hacked, and there are no instances of an EHR that is a hosted solution by a vendor being hacked. I appreciate the author’s comments, and if you read to the end he doesn’t say you shouldn’t adopt an EHR, he says that waiting 2 years will give the industry time to improve security. No argument there. While I would love all providers to have EHRs today, I understand that for business reasons, providers may wait a bit. However, it is coming and the author recognizes that.
My reply:
Thanks, Genevieve. Even long confrontations over the value of dangerous and expensive EHRs never frighten me. I find them rewarding because EHRs are dangerous and expensive. That naturally gives me a huge advantage.
It’s an increasingly bad idea to discount the danger hackers pose these days. Studies show that cyber-security is only getting worse, and even government security officials admit they have no idea how bad the epidemic really is. What’s more, hackers are increasingly state-sponsored and targeting medical identities over financial.
Saying EHRs are inevitable doesn’t make it so. The potential healthcare savings and miracle cures from safe, interoperable EHRs that we all want are slipping away from us as fast as Protected Health Information. If we lose consumer trust in the security of EHRs today, interoperability could be delayed for a generation. You know I’m right.
It’s refreshing to see you agree that now is a lousy time to invest in EHRs. That’s the kind of transparency we need.
D. Kellus Pruitt DDS
LikeLike
eHR Access Speed
One Ms. Regina Holliday, an activist for patient rights, is targeting the American Hospital Association [AHA] on an eHR matter.
The rights issue involves how quickly patients are able to see their own electronic medical information after leaving the hospital. The AHA wants a 30-day grace period to give doctors more time to prepare and review material. Holliday demands immediate access.
What do you think?
Clairborne
LikeLike
In Mass.
Electronic health records would be required for all medical providers, by 2017, according to a new proposal.
http://www.bostonglobe.com/lifestyle/health-wellness/2012/05/08/mass-plans-vie-for-savings-health-care/b2LcoO4fKCNgUOUOv8brSI/story.html
Larkin
LikeLike
Larkin,
Even though both the House and Senate bills presented in the article reveal that healthcare providers in Massachusetts have pitiful representation in state government, I didn’t read where the state is demanding that providers purchase and use EHRs by 2017.
How could such a law be legally enforced without contracts with all providers?
Darrell DK
LikeLike
EMR liability needs to go further than just the physician
Here is an example of a disaster waiting to happen in the form of an error-promoting CPOE.
http://www.kevinmd.com/blog/2012/05/emr-liability-physician.html
Is it a poster example of why the net of litigation needs to be cast far wider than just clinicians when EHR-related errors result in injury or death?
Jason
LikeLike
Partners attributes drop in operating income to EHR writeoff
Partners Healthcare, the largest healthcare organization in Massachusetts, just attributed a big drop in its fiscal second quarter operating income to its decision to replace its homegrown electronic health record with a new clinical information system.
http://bostonglobe.com/business/2012/05/24/partners/kQ7eeflfDl4I9akFwPLqZL/story.html
But don’t worry, they will make it back, one way or another.
Bristol
LikeLike
Disappointment in EHRs
As long as I can remember, there’s been palpable disappointment in physicians’ EHRs, even while dentists remain very quiet. Too quiet.
Along with rapidly diminishing professional respect of the HIPAA/HITECH mandate and it’s co-dependent Affordable Care Act, nationwide disappointment in Electronic Health Records is growing – even causing stakeholders’ criticism of paper records to become politically risky. For example, how long has it been since Newt Gingrich last said “Paper kills”? See what I mean?
“Majority of Physicians Say EHRs Interfere With Care, Survey Finds” was posted today on ihealthbeat.org (no byline).
http://www.ihealthbeat.org/articles/2012/6/14/majority-of-physicians-say-ehrs-interfere-with-care-survey-finds.aspx
The article features results from Sermo and Athenahealth’s third annual Physician Sentiment Index, mined from survey data provided by 500 physicians:
– 73% of respondents said that EHR systems are a distraction from physician-patient interactions, an increase of 12 percentage points from the 2011 survey
– 80% of respondents said that they have purchased an EHR system, up from 70% in 2011
– 44% said that EHR systems are not designed with physicians in mind, up from 32% in 2011
– 32% said that they have a favorable opinion of EHR systems, down from 39% in 2011
– 15% said that they believe EHR systems somewhat or significantly worsen patient care, up from 11% in 2011
So what do such surveys reveal of dentists’ feelings about their EDRs? Since no leader in my profession has yet found the courage to betray hidden weaknesses of EHRs in dentistry, all I know is, not one HIPAA-covered dentist is complaining (publicly).
If EHRs are a burden to physicians whose complicated practices serving tens of thousands of patients need computers much more than dental practices serving thousands, why aren’t we hearing even more complaints from dentists? And if dentists are so satisfied that nobody has any (public) complaints about impressively faultless EDR systems, why are dentists not advertising the advantages of their paperless practices over practices with paper dental records? I recognize lack of confidence in EDRs.
It looks to me like an unavoidable market correction will soon mark the end of the road for a few of dentistry’s unresponsive, unaccountable HIT stakeholders who mistook mandate for job security. Truth about costly products that harm uninformed dental patients cannot be hidden forever from a nation of discerning consumers. God bless America’s picky customers. They improve life for everyone.
Really now. Who didn’t feel that fat bubble pop?
D. Kellus Pruitt DDS
LikeLike
Bad week for HIT
Even as HIT stakeholders continue to evade this dentist’s questions about EDRs systems’ increased risk of identity theft over paper dental records, it’s already been a bad week for HIT security.
“Personal information for more than 1,000 Newfoundland patients compromised”
http://www.thestar.com/news/canada/article/1235198–personal-information-for-more-than-1-000-newfoundland-patients-compromised
CORNER BROOK, N.L.—More than 1,000 patients in western Newfoundland have had their privacy violated after an employee inappropriately accessed their personal records, a provincial health board said Wednesday.
Western Health said it fired the employee after discovering that 1,043 people had their privacy breached.
“Hartford Hospital and VNA HealthCare Notify Patients of Computer Theft”
Click to access PR-VNA-Data-Incident.pdf
HARTFORD – On June 26, 2012, the leadership teams of Hartford Hospital and VNA HealthCare learned that an unencrypted laptop computer containing personal information of some of their patients was stolen from the home of an employee of a firm called Greenplum, which is a subsidiary of one of our vendors, EMC Corp. Greenplum was performing data analysis for EMC on our behalf as part of a qualityimprovement project related to hospital readmissions.
————
Why does it seem to be unprofessional to share this information?
Darrell
LikeLike
Redemption
Redemption at last – The ugly truth emerges about the true cost and safety of EHRs. Again, I told you so, long, long ago.
If EHRs arguably create more problems for physicians than they solve, how can they possibly provide a return on investment for far simpler dental practices? If you haven’t yet heard the news, they can’t.
“Electronic Medical Records: Their Time Has Not Yet Come,” was posted today by Dr. Dennis Gottfried, Associate professor, University of Connecticut Medical School.
http://www.huffingtonpost.com/dr-dennis-gottfried/electronic-medical-record_1_b_1749795.html
“The theoretical benefits of an electronic record are not matched by its actual performance – a performance that increases costs but detracts from clinical efficiencies and does nothing to improve patient outcomes. Although the adoption of EMRs is one of the few health care measure to enjoy bipartisan support, the technology is not good enough to warrant that enthusiasm. In health care, the lawmakers have yet to learn that new is frequently not better and change is rarely improvement.”
For years, shady businesspeople with selfish interests in healthcare IT misled not only physicians, but also dentists into purchasing expensive, dangerous EHRs. I confidently proclaim that those days are over in the dental community. Not long ago, when I pointed out the lack of a return on investment on EDRs, as well as the epidemic level of digital data breaches, defenseless leaders in the dental industry chose to censor my warnings before blocking me from access to their intentionally uninformed customers. In spite of the dentalcare stakeholders’ aggression against this dentist, I successfully shut down their favorite lies. My pleasure.
I would point out that while virtually everyone else in the dental industry remained “professionally” silent about the true cost and safety of EDRs compared to paper, I alone stood up and demanded honesty from stakeholders. I just hope the sleazy leaders who tried to silence me never forget my name. In case I forget theirs I’ve got them listed on my Google Alert. Should they pop up on the internet pushing software, I’ll be right there to remind them of business ethics.
Six years ago, when I first noticed the absurdity of HIPAA in dentistry, I never imagined this adventure would lead me to become this disappointed in our elected leaders on all levels. Their ineffective representation of dental patients’ needs before lawmakers truly saddens me.
D. Kellus Pruitt DDS
LikeLike
EMRs – not ready for primetime
“Electronic medical records not a panacea for patient safety problems” by Stephanie Baum was posted on MedCity News today.
http://medcitynews.com/2012/12/electronic-medical-records-not-a-panacea-for-patient-safety-problems/
“For those under the impression that technology will replace doctors, I wouldn’t get ready for the revolution just yet. A new study by a patient safety group has found mistakes and near misses involving electronic health records were analogous to those made with paper- based records with one caveat. Mistakes made with EHR stand to be amplified and can affect a larger group of people.”
D. Kellus Pruitt DDS
LikeLike
Death of an EHR Evangelist
He feels like a part of him is dying. He is losing something that has been a part of him for nearly 20 years.
http://thehealthcareblog.com/blog/2013/02/25/death-of-an-evangelist/
Rob Lamberts MD bought in to the idea of electronic records in the early 90′s and was enthusiastic enough to implement them in his medical practice in 1996.
But, he is disappointed, today. Read why?
###
Another similar oninion by Schott Shreeve MD of Aliso Viejo, CA; note the date.
http://crossoverhealth.com/2011/12/obituary-rip-to-the-ehr/
Ann Miller RN MHA
LikeLike
“HIT Errors ‘Tip of the Iceberg”
So says ECRI by Cheryl Clark, for HealthLeaders Media, April 5, 2013
http://www.healthleadersmedia.com/page-1/TEC-290834/HIT-Errors-Tip-of-the-Iceberg-Says-ECRI
“Healthcare systems’ transitions from paper records to electronic ones are causing harm and in so many serious ways, providers are only now beginning to understand the scope.”
Darrell
LikeLike
New JAMA eHR Study
Misdiagnosis Poses Significant Potential for Harm.
http://thehealthcareblog.com/blog/2013/04/05/jama-ehr-study-misdiagnosis-poses-significant-potential-for-harm/
Kirk
LikeLike
Legislative Brief – HR 1331
Re-introduced on April 1st, by Rep. Diane Black (R-TN), and is called the Electronic Health Records Improvement Act.
http://info.successehs.com/successehs-brief/bid/290059/electronic-health-records-improvement-act?source=Blog_Email_%5BElectronic%20Health%20Re%5D
But, is it more accurately described as lowered expectations?
Darrell
LikeLike
Major Medical Records Breaches Pass 1,000 Milestone as Enforcement Ramps Up
Nearly 31.7 million individuals, a number equal to 1 in 10 people in the U.S., have had their medical records exposed through known and reported major data breaches by healthcare providers and their business associates. With 34 publicly reportable breaches coming in June alone, the total number of breaches on the federal “wall of shame” website topped the 1,000 mark this month.
With the industry’s ongoing poor security record as a backdrop, there is evidence that the civil rights office is picking up the pace of its enforcement efforts. Last month, the office reached a record settlement amount for a single breach case when it negotiated a combined payment of $4.8 million with New York-Presbyterian Hospital and Columbia University after 6,800 patient records were exposed to the Internet.
But, the focus of the civil rights office in the overwhelming majority of cases is to achieve compliance, OCR spokeswoman Rachel Seeger said.
Source: Joseph Conn, Modern Healthcare [6/13/14]
LikeLike
Disappointment with EHRs
“Disappointing outcomes despite a massive investment in EHRs – Until EHRs guide practitioners in the future provision of care rather than simply serve to document care already delivered, facilitate stratification of patient populations by disparity or need, successfully engage patients in their own care, and “talk” to other systems involved in a patient’s care, we will fail to recognize significant benefits from our massive IT investment. And without a more sophisticated concept of health care privacy, we will continue to hamstring efforts to use information technology to its fullest advantage.”
By Mark Nunlist MD
Betsy Nicoletti MS
[KevinMD.com August 30, 2014]
http://www.kevinmd.com/blog/2014/08/disappointing-outcomes-despite-massive-investment-ehrs.html
D. Kellus Pruitt DDS
LikeLike
ANTHEM
“Lessons from Anthem – The breach involving 80 million records at the nation’s second-largest health insurer fulfilled the warnings many have offered for years: there is no such thing as a secure electronic health information system.”
Jim Pyles
[Washington DC privacy attorney for The Hill]
February 20, 2015
http://thehill.com/blogs/congress-blog/healthcare/233167-lessons-from-anthem
Pyles adds: “There have always been people looking to make an easy buck by ripping off the system. The difference is that 20 years ago you’d have needed a small army and a fleet of tractor trailers to haul away the 80 million (paper) records that can now go poof with the click of a mouse.”
He warns: “One thing that is increasingly clear is that credit monitoring cannot effectively limit the damage from health identity theft. Victims need to know when someone is using their health information to file a claim or get treatment under their name. Credit monitoring doesn’t provide that kind of protection.”
Medical identity theft can be lethal.
D. Kellus Pruitt DDS
LikeLike
EHRs
According to a recent ONC report described in yesterday’s Wall Street Journal, it is not by accident that transparency does not exist in the EHR industry. The agency listed numerous complaints it has received about vendors, but said it couldn’t determine the full extent of the EHR problems because “contracts often forbid customers from discussing prices and other terms.”
(See: “Obama Administration Report Slams Digital Health Records,” by Melinda Beck for WSJ, April 10, 2015).
http://www.wsj.com/articles/report-slams-digital-health-records-1428638879?mod=rss_Technology
Darrell K. Pruitt DDS
LikeLike
HIPAA failed. “Too punitive.” EHRs at stake
Doc, it looks to me that our leadership capitulated about the same time Newt Gingrich’s book “Paper Kills” hit the streets. Those were giddy times for insiders who benefitted from rumors of an EHR mandate. Compared to the mortal danger of insurance theft, maybe paper isn’t so bad after all, Newt.
HHS no longer wants to disclose the increasing number of data breaches through the “Wall of Shame” because transparency threatens sales of EHR systems to healthcare providers, which in turn hurts Wall Street – another Wall of Shame. Predictably, extortionists like TheDarkOverlord have stepped in to report the breaches along with ransom demands.
“We’ll not be caught, ever.”
TheDarkOverlord
June 21, 2017
“Irony: When blackhats are our only source of disclosure for some healthcare hacks” Dissent for DataBreaches.net
June 24, 2017.
https://www.databreaches.net/irony-when-blackhats-are-our-only-source-of-disclosure-for-some-healthcare-hacks/
Dissent: “What, if anything, will HHS and state regulators do if they learn that entities have not reported breaches to them and/or to patients? Will this get swept under a rug because the HHS breach tool is viewed by some as ‘too punitive?’ Or will someone actually investigate to see whether patient information had been reasonably protected and patients notified of any breach?”
Darrell Pruitt DDS
LikeLike
Cost of Healthcare Data Breaches Reach Nearly $6.5M: Study
The financial impact of healthcare data breaches on organizations is nearly $6.5 million, according to a recent IBM study on data breach costs. Healthcare organizations had the highest cost of a breach,for the ninth year in a row––about 60% more than other industries in the study. Data breaches can result in losses of millions of dollars and customer turnover for companies across all industries, but the consequences can be even larger for healthcare organizations,which have sensitive patient information including medical records and personal information.
Over the last five years, the cost of a data breach across all industries has risen 12%, with an average cost of $3.92 million. Of that average, $1.42 million, or 36%, was the cost of lost businessfor organizations. Over the last 14 years of the study, the costs for data breaches in the U.S. have increased 130%. The costs represent the multiyear financial impact of breaches, increased regulation, and resolving criminal attacks.
Source: Amy Baxter, Health IT [7/24/19]
via Ann Miller RN MHA
LikeLike