• Member Statistics

    • 772,527 Colleagues-to-Date [Sponsored by a generous R&D grant from iMBA, Inc.]
  • David E. Marcinko [Editor-in-Chief]

    As a former Dean and appointed Distinguished University Professor and Endowed Department Chair, Dr. David Edward Marcinko MBA was a NYSE broker and investment banker for a decade who was respected for his unique perspectives, balanced contrarian thinking and measured judgment to influence key decision makers in strategic education, health economics, finance, investing and public policy management.

    Dr. Marcinko is originally from Loyola University MD, Temple University in Philadelphia and the Milton S. Hershey Medical Center in PA; as well as Oglethorpe University and Emory University in Georgia, the Atlanta Hospital & Medical Center; Kellogg-Keller Graduate School of Business and Management in Chicago, and the Aachen City University Hospital, Koln-Germany. He became one of the most innovative global thought leaders in medical business entrepreneurship today by leveraging and adding value with strategies to grow revenues and EBITDA while reducing non-essential expenditures and improving dated operational in-efficiencies.

    Professor David Marcinko was a board certified surgical fellow, hospital medical staff President, public and population health advocate, and Chief Executive & Education Officer with more than 425 published papers; 5,150 op-ed pieces and over 135+ domestic / international presentations to his credit; including the top ten [10] biggest drug, DME and pharmaceutical companies and financial services firms in the nation. He is also a best-selling Amazon author with 30 published academic text books in four languages [National Institute of Health, Library of Congress and Library of Medicine].

    Dr. David E. Marcinko is past Editor-in-Chief of the prestigious “Journal of Health Care Finance”, and a former Certified Financial Planner® who was named “Health Economist of the Year” in 2010. He is a Federal and State court approved expert witness featured in hundreds of peer reviewed medical, business, economics trade journals and publications [AMA, ADA, APMA, AAOS, Physicians Practice, Investment Advisor, Physician’s Money Digest and MD News] etc.

    Later, Dr. Marcinko was a vital recruited BOD member of several innovative companies like Physicians Nexus, First Global Financial Advisors and the Physician Services Group Inc; as well as mentor and coach for Deloitte-Touche and other start-up firms in Silicon Valley, CA.

    As a state licensed life, P&C and health insurance agent; and dual SEC registered investment advisor and representative, Marcinko was Founding Dean of the fiduciary and niche focused CERTIFIED MEDICAL PLANNER® chartered professional designation education program; as well as Chief Editor of the three print format HEALTH DICTIONARY SERIES® and online Wiki Project.

    Dr. David E. Marcinko’s professional memberships included: ASHE, AHIMA, ACHE, ACME, ACPE, MGMA, FMMA, FPA and HIMSS. He was a MSFT Beta tester, Google Scholar, “H” Index favorite and one of LinkedIn’s “Top Cited Voices”.

    Marcinko is “ex-officio” and R&D Scholar-on-Sabbatical for iMBA, Inc. who was recently appointed to the MedBlob® [military encrypted medical data warehouse and health information exchange] Advisory Board.

    entrepreneur

    Frontal_lobe_animation

  • ME-P Information & Content Channels

  • ME-P Archives Silo [2006 – 2019]

  • Ann Miller RN MHA [Managing Editor]

    ME-P SYNDICATIONS:
    WSJ.com,
    CNN.com,
    Forbes.com,
    WashingtonPost.com,
    BusinessWeek.com,
    USNews.com, Reuters.com,
    TimeWarnerCable.com,
    e-How.com,
    News Alloy.com,
    and Congress.org

    Comprehensive Financial Planning Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners(TM)

    Product Details

    Product Details

    Product Details

  • CERTIFIED MEDICAL PLANNER® program

    New "Self-Directed" Study Option SinceJanuary 1st, 2018
  • Most Recent ME-Ps

  • PodiatryPrep.org


    BOARD CERTIFICATION EXAM STUDY GUIDES
    Lower Extremity Trauma
    [Click on Image to Enlarge]

  • ME-P Free Advertising Consultation

    The “Medical Executive-Post” is about connecting doctors, health care executives and modern consulting advisors. It’s about free-enterprise, business, practice, policy, personal financial planning and wealth building capitalism. We have an attitude that’s independent, outspoken, intelligent and so Next-Gen; often edgy, usually controversial. And, our consultants “got fly”, just like U. Read it! Write it! Post it! “Medical Executive-Post”. Call or email us for your FREE advertising and sales consultation TODAY [770.448.0769]

    Product Details

    Product Details

  • Medical & Surgical e-Consent Forms

    ePodiatryConsentForms.com
  • iMBA R&D Services

    Commission a Subject Matter Expert Report [$250-$999]January 1st, 2019
    Medical Clinic Valuations * Endowment Fund Management * Health Capital Formation * Investment Policy Statement Analysis * Provider Contracting & Negotiations * Marketplace Competition * Revenue Cycle Enhancements; and more! HEALTHCARE FINANCIAL INDUSTRIAL COMPLEX
  • iMBA Inc., OFFICES

    Suite #5901 Wilbanks Drive, Norcross, Georgia, 30092 USA [1.770.448.0769]. Our location is real and we are now virtually enabled to assist new long distance clients and out-of-town colleagues.

  • ME-P Publishing

  • SEEKING INDUSTRY INFO PARTNERS?

    If you want the opportunity to work with leading health care industry insiders, innovators and watchers, the “ME-P” may be right for you? We are unbiased and operate at the nexus of theoretical and applied R&D. Collaborate with us and you’ll put your brand in front of a smart & tightly focused demographic; one at the forefront of our emerging healthcare free marketplace of informed and professional “movers and shakers.” Our Ad Rate Card is available upon request [770-448-0769].

  • Reader Comments, Quips, Opinions, News & Updates

  • Start-Up Advice for Businesses, DRs and Entrepreneurs

    ImageProxy “Providing Management, Financial and Business Solutions for Modernity”
  • Up-Trending ME-Ps

  • Capitalism and Free Enterprise Advocacy

    Whether you’re a mature CXO, physician or start-up entrepreneur in need of management, financial, HR or business planning information on free markets and competition, the "Medical Executive-Post” is the online place to meet for Capitalism 2.0 collaboration. Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds. ******************************************************************** THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
  • OIG Fraud Warnings

    Beware of health insurance marketplace scams OIG's Most Wanted Fugitives at oig.hhs.gov

An Argument for Wikileaks in US Healthcare

On Allscripts CEO Glen Tullman

By Darrel K. Pruitt DDS

In 2008, Allscripts CEO Glen Tullman told Alex Nussbaurm of Bloomberg.com that physicians should take out loans to invest in his EHR product “to ensure that doctors have some skin in the game.” What did you expect? How much charm does it take to sell federally subsidized products when everyone knows that they’re mandated anyway?

Life Sans Blumenthal 

Yesterday, Nicole Lewis posted “Health IT’s Future without David Blumenthal” – a glowing and arguably deserved tribute to Dr. David Blumenthal who is leaving the ONC

http://www.informationweek.com/news/healthcare/leadership/showArticle.jhtml;jsessionid=0OLOEMENGCENJQE1GHRSKH4ATMY32JVN?articleID=229201216&pgno=1&queryText=&isPrev=

From where I’m sitting, it’s clear that Tullman used Lewis and InformationWeek to score more points with Washington and Wall Street, while continuing to marginalize the interests of those who actually take out loans to purchase his product: “David shepherded ONC through a very critical time . . . the creation, definition, and implementation of meaningful use, which really is a way to ensure that physicians actually use electronic records to improve care, but also that taxpayers get good value for their investment.” What about the doctor’s investment and more importantly, if a doctor is busy clicking on links to qualify for meaningful use dollars, who is accountable to the patients?

I don’t know about you, but it’s not difficult for me to recognize that like other HIT stakeholders whose careers are propped up by easy mandates rather than finicky satisfied customers, Tullman indeed has solid free-market reasons to play to investors and politicians while fearing his customers. They’re pissed at the man.

A Nationwide Survey           

HCPlexus recently partnered with Thompson Reuters to conduct a nationwide survey of almost 3,000 physicians concerning their opinions of the quality of health care in the near future considering the Patient Protection and Affordable Care Act (PPACA), Electronic Medical Records, and their effects on physicians and their patients. (See “5-page Executive Summary”)

http://www.hcplexus.com/PDFs/Summary—2011-Thomson-Reuters-HCPlexus-National-P

“Sixty-five percent of respondents believe that the quality of health care in the country will deteriorate in the near term. Many cited political reasons, anger directed at insurance companies, and critiques of the reform act – some articulating the strong feelings they have regarding the negative effects they expect from the PPACA.”

At this crucial time when Republicans are already threatening to cut off remaining HITECH funding, whose job will it be to break the news to HHS Secretary Kathleen Sebelius that the EHR savings she was counting on to fund a major portion of healthcare reform are only as valuable as CEO Tullman’s politically-correct fantasy? Pop! From what Nicole Lewis writes, my bet is that the Secretary won’t take the news well: “[Sebelius] reiterated that the successful adoption and use of HIT is fundamental to virtually every other important goal in the reform of the nation’s health care system.” Such pressure from the top down will make it even more difficult for HIT stakeholders, including insurers and politicians, to disown the most egregious. crowd-pleasin’, bi-partisan blunder in medical history since blood-letting was declared Best Practice by popular demand.

According to the HCPlexus-Reuters survey results, one in four physicians think EHRs will actually cause more harm than help in spite of Dr. Blumenthal’s best efforts. I wonder if the escalating bad press about EHRs helped Blumenthal decide to return to his academic position at Harvard. Of course, the controversy over HITECH is nothing new. There have been signs for years that EHRs, including Allscripts products, will neither improve care nor provide taxpayers (our grandchildren) a good value for their investment.

If Tullman was unaware of the highly critical HCPlexus-Reuters study when he assured InformationWeek that his subsidized product has value in the marketplace, he must have been aware of the disappointing news concerning two other recent studies performed by Public Library of Sciences (PLoS) and Stanford which also confirm that EHRs do not improve care. So imagine what it’s like to be one of Tullman’s new, naïve and trusting customers who are expected to use the product for something it’s not designed to do.

My Opinion 

It’s my opinion that Tullman’s apparently incorrigible business ethics have no place in the land of the free, and that more transparency in healthcare would help protect the nation from such politically-connected tyrants. Tullman, a long-time Chicago friend of Barack Obama and a Wall Street sweetheart, would still be just another domesticated CEO if it weren’t for the bi-partisan mandate for electronic health records that help Allscripts, Obama and Wall Street more than clueless patients.

Assessment 

If you want to seriously cut costs in US healthcare as well as cut our grandchildren’s taxes, demand transparency from not just the doctors and patients, but from stakeholders as well. Protected communications between good ol’ boys in healthcare are hardly diplomatic cables about military secrets and always increase the cost of healthcare.

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. So when do you want to get the website started? I’m here to serve wherever you need me. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com and http://www.springerpub.com/Search/marcinko

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Product Details  Product Details

   Product Details 

Inviting Debate with eDR Stakeholders

An ME-P Exclusive – Almost

By D. Kellus Pruitt DDS

I really, really love being provocative in my neighborhood that I know so well. It just doesn’t seem fair. In fact, for five years, I’ve watched the electronic dental record [eDR] market very closely, and I tell you, something big is moving under the radar. If you recall, in the last couple of weeks I brought your attention to unexplained interest blips appearing on the Medical Executive-Post www.MedicalExecutivePost.com concerning eDRs. I suggested that Internet interest in the topic following years of silence from even the ADA, could be a sign that important news about electronic health records in dentistry may be breaking soon.

CCHIT Seeking Comments 

Just a couple of hours ago, Andis Robeznieks posted “CCHIT seeks comments on specialized EHRs” on ModernHealthcare.com.

http://www.modernhealthcare.com/article/20101119/NEWS/311199996/#

Robeznieks writes: “The Certification Commission for Health Information Technology has opened a public comment period for its proposed oncology and women’s-health electronic health-record certification criteria and test scripts. The comment period will end December 10th at 5 pm CT.”

Meaningful Dental Use 

Is it possible that following the establishment of “meaningful use” guidelines for these specialists, dentistry could be next in line? The nature of the approaching bolus of news concerning eDRs is pure speculation, but rest assured I’ll be right in the middle of it – which brings me to the next sign that eDR stakeholders are getting restless: An almost unheard of conversation about eDRs appeared today on the Internet. Since the only news about eDRs on the Internet are press releases from Dentrix – the largest vendor in the nation – conversations about value of electronic dental records only rarely break out. But, when they appear, I always try my best to be provocative – just to tease out new rationalizations I might have otherwise missed.

I think I found promising opportunity this morning following an article by “John” titled, “EMR Stimulus Q and A: EMR Stimulus Money and Dentists.” It was posted yesterday on the EMR and HIPAA blog.

http://www.emrandhipaa.com/emr-and-hipaa/2010/11/18/emr-stimulus-q-and-a-emr-stimulus-money-and-dentists/comment-page-1/#comment-126257

My Comments

I’ve looked into whether stimulus money will be available to dentists. Many in your audience won’t like it, but here’s your answer: 

Dentists will not receive any ARRA stimulus to help pay for electronic dental records – even if a practice is 30% Medicaid as required. For one thing, it’s already too late to collect on the biggest portion of our grandchildren’s money unless the practice can prove utilization of an ONC-certified eDR in a “meaningful” way by this time next year. And, that’s simply impossible because there are no ONC-certified eDRs, and meaningful use has still not been defined by HHS – with help from the ADA. Eventually, someone from the ADA will either have to promote computer busywork as meaningful use, or concede that meaningful use of eHRs in dentistry simply does not exist.

Example

For example, do you want to log on to a password-protected, HIPAA-compliant computer just to notify the lab that you have a pick-up? For dental practices, speed-dial on the telephone – or fax machine – is much more meaningful, and neither requires the dentist to be a HIPAA-covered entity. In addition, none of the conventional ways of communicating put patients’ identities at risk like digital records on a stolen or hacked computer. That’s Hippocratic meaningful.

Digital Drawbacks 

Here’s another drawback to digitalization: Even though electronic dental records are cutting-edge cool, they have yet to show a return on investment for dental practices, and data breaches will continue to make them more and more expensive. Without ROI, paperless is a hobby paid for by clueless patients in higher fees. Bet you haven’t heard that chunk of honesty very often. Honesty about hi-tech non-solutions is repressed even in the ADA because it is so politically incorrect to admit that our dental leaders who misled members were misled themselves by HIT stakeholders and Newt Gingrich. It’s really difficult for high officials inside and outside dentistry to stand up and say, “Oops! We were wrong.”

See: “Is ARRA Stimulus Money for Dentists?”

https://medicalexecutivepost.com/2010/11/16/is-arra-stimulus-money-for-dentists/

Assessment

I happened to post the article on the Medical Executive-Post two days before John’s article was posted here on the EMR and HIPAA forum. I invite you to read it, and tell me what you think. Other than here, nobody talks about these issues. That can’t be good for dental patients.

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com and http://www.springerpub.com/Search/marcinko

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Product Details  Product Details

   Product Details 

More on the Meaningful Use of eMRs

Join Our Mailing List

Final Meaningful Use Rules Released by HHS on July 13, 2010.

[By Shahid N. Shah MS]

Link: http://shahid.shah.org

For ambulatory care practices and physicians there are about 25 objectives and measures that must be met to become a “meaningful user”. Keep in mind that meaningful use is not tied to a certified EHR alone; in fact, unless you use the EHR properly and in all the ways the government wants you to, you will not be a “meaningful user”. Don’t be fooled by EHR vendors guaranteeing that they will make you a “meaningful user” – no vendor’s software, no matter how nice, can get your staff to use the software in the way the government wants. You, as the CIO of your practice, are the only one that can guarantee that. In fact, you don’t even need an EHR from a vendor to meet the requirements – you can even roll your own, use open source, or find any other means. But, in general, as long as you can attest and send data to the government that they require you can do it in any way that you want. Be aware that some unscrupulous vendors are scaring practices and making promises that they cannot keep.

Final MU Rules

The final Meaningful Use (MU) Rule was published by HHS on July 13, 2010. It defines 24 objectives for and measures eligible hospitals that could be met to become a meaningful user and qualify for incentive funding. There is a “core set” that must be met by all institutions and a “menu set” of from which organizations must implement at least 5 objectives.

Core Set Objectives

These are the “core set” of 14 objectives that must be met by all institutions and a “menu set” of 10 from which organizations must implement at least 5 objectives (at least 1 public health objective must be chosen from that set).

  1. Use Computer Provider Order Entry (CPOE).
  2. Implement drug-drug, drug-allergy, and drug-formulary checks.
  3. Record demographics.
  4. Implement one clinical decision support rule.
  5. Maintain a problem list of current and active Dxs based on ICD-9-CM or SNOMED CT.
  6. Maintain active medication list.
  7. Maintain active medication allergy list.
  8. Record and chart changes in vital signs.
  9. Record smoking status for patients 13 years or older.
  10. Report hospital clinical quality measures to CMS or States.
  11. Provide patients with an electronic copy of their health information, upon request.
  12. Provide patients an e-copy of discharge instructions at time of discharge, upon request.
  13. Exchange key clinical e-information among providers and patient-authorized entities.
  14. Protect electronic health information.

Menu Set Objectives

These are the “menu set” of 10 objectives from which organizations must implement at least 5. At least one public health objective must be chosen from this set as well (numbers 8, 9, or 10).

  1. Drug-formulary checks.
  2. Record advanced directives for patients 65 years or older.
  3. Incorporate clinical lab test results as structured data.
  4. Generate lists of patients by specific conditions.
  5. Use certified eHR technology to identify patient-specific education resources and provide to patient, if appropriate.
  6. Medication reconciliation.
  7. Summary of care record for each transition of care/referrals.
  8. Capability to submit electronic data to immunization registries/systems.
  9. Capability to provide electronic submission of reportable lab results to public health agencies.
  10. Capability to provide electronic syndromic surveillance data to public health agencies.

Assessment

As can be seen in the link below, the Office of the National Coordinator for Healthcare IT (ONCHIT) is a component of the Department of Health and Human Services (HHS). ONCHIT, usually abbreviated just ONC, is the principal policy group of the Federal Government that defines and manages NHIN.

  • ONC is responsible for coordinating with the Department of Commerce’s National Institute of Standards and Technology (NIST) on the specifications for the NHIN standards.
  • The HIT Policy and HIT Standards Committees are the working groups that advise ONC on what to put in the standards.
  • NIST is responsible for coming up with the test materials (assertions, procedures, methods, tools, data, and so on) that will be used to certify working systems.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details 

A Voting Poll on eMRs as a Balance Sheet Item?

A Real or Economically Stimulated Need?

Join Our Mailing List 

Many doctors – and their CPAs – view an in office electronic medical record [eMR] system as a balance sheet item to purchase for a medical practice; much like any other piece of business equipment or medical instrumentation.

Of course, ARRA and the HITECH Acts also treat eMRs like an asset that the Federal government can motivate doctors to purchase thru their “meaningful use” economic stimulus and rebate program … sort of a social engineering fiscal health policy for medical professionals. 

And so, the question for doctors really is: do you believe in eMRs as a stand-alone item above and beyond their rebate earning capacity?

THINK “cash for clunkers”, or the first time home buyer “mortgage credit rebate program”.

In other words, sans this Federal economic rebate program externality, would you purchase an eMR system despite the HITECH Act? Will you purchase one once the rebate period has expired. Are eMRs a depreciating or appreciating asset?

Please opine with your vote!

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Understanding HIT Security Risks – The Ugly Truth!

Join Our Mailing List

On the Privacy and Security of Healthcare Records

Dr. Mata

[By Richard J. Mata, MD, CIS]

There is no privacy …  get over it.

Scott McNealy, Former Sun Microsystems CEO

Storing and transmitting health information in electronic form exposes it to risks that do not exist, or exist to a lesser extent, when the information is maintained in paper.  For example, although both paper-based and electronic systems need protection from fire, water, and wear and tear because of aging, electronic data is also vulnerable to hardware or software malfunctions that can make data inaccessible or become corrupt, and to non-secure policies that can make data vulnerable to illegal access.  In addition, cyber-crimes, and unauthorized intrusions originating both internally and externally, are increasing dramatically every year, costing companies millions of dollars.  Nonetheless, electronic medical records (EMRs) are usually considered more secure than paper patient charts because paper records lack an audit trail, papers are easily lost, and their contents can be illegible.

Take Care the Risks

Healthcare organizations must take the new risks seriously, however, because health information is a vital business asset, and protecting it preserves the value of this asset.  In addition, securing patients’ information protects their privacy and enhances the organization’s reputation for professionalism, patient well-being, and trustworthiness.  Hospitals, emerging healthcare organizations (EHOs), physicians, and healthcare entities long ago recognized the value of health information, and implemented security policies and procedures, but as they move more into the electronic arena, it is vital to revise and update policies and procedures to acknowledge the different risks inherent in the digital age.

Three Components of Security

The three classic components of information security are confidentiality, integrity, and availability.  Donn B. Parker, a pioneer in the field of computer information protection,[1] added possession, authenticity, and utility to the original three.  These six attributes of information that need to be protected by information security measures can be defined as follows:  

  • Confidentiality: The protection and ethics of guarding personal information — for example, being cognizant of verbal communication leaks beyond conversation with associated healthcare colleagues.
  • Possession: The ownership or control of information, as distinct from confidentiality — a database of protected health information (PHI) belongs to the patients.
  • Data integrity: The process of retaining the original intention of the definition of the data by an authorized user — this is achieved by preventing accidental or deliberate but unauthorized insertion, modification or destruction of data in a database.  Make frequent backups of data to compare with other versions for changes made.
  • Authenticity: The correct attribution of origin — such as the authorship of an e-mail message or the correct description of information such as a data field that is properly named.  Authenticity may require encryption.
  • Availability: The accessibility of a system resource in a timely manner — for example, the measurement of a system’s uptime.  Is the intranet available?
  • Utility: Usefulness; fitness for a particular use — for example, if data are encrypted and the decryption key is unavailable, the breach of security is in the lack of utility of the data (they are still confidential, possessed, integral, authentic and available).

Ethics

When these attributes are considered in the healthcare context, another factor comes into play: ethics.  According to Dr. J. A. Magnuson, professor of public health informatics at Oregon Health Science University’s Medical Informatics Program, privacy,[2] security, and ethics are inextricably intertwined, and all are critical to public health’s role as a trustee of the public’s data.  As public health becomes increasingly involved in Electronic Data Interchange (EDI;[3]), the information aspects of privacy, security, and ethics become ever more critical.  All doctors take an ethical oath to protect the patient, and the obligation to uphold this oath extends to health data management, even for employees who do not take an oath.

The fields of medicine and information technology (IT) each have separate and related ethical considerations.  Ethics may prohibit technology, for example, when using a specific application that would make a security breach likely.  However, ethics may also demand technology.  Suppose that a new surveillance application would improve public health — is it not ethically imperative to utilize it to save countless lives?  But suppose it also almost guarantees a security breach — what does the ethical position on use of the application become then?  That is an extreme example, though not completely unrealistic.

FISA

Varied Uses

Complicating the picture is the fact that IT in the healthcare arena has so many and varied uses.  For instance, office-, clinic-, and hospital-based medical enterprise resource planning (ERP) is based on the same back-end functions that a company requires, including manufacturing, logistics, distribution, inventory, shipping, invoicing, and accounting.  ERP software can also aid in the control of many business activities, like sales, delivery, billing, production, inventory management, quality management, and human resources management.  However, other applications particular to the medical setting include the following:

  • The EMR, which has the potential to replace medical charts in the future, is feasible.[4]
  • Healthcare application service providers (ASPs)[5] are available via Internet portals.
  • Custom software production may produce more solution-specific applications.
  • Medical speech recognition systems and implementation are replacing dictation systems.
  • Healthcare local area networks (LANs), wide area networks (WANs), voice-over Internet protocol (IP) networks, Web and ATM file servers are ubiquitous.
  • The use of barcodes to monitor pharmaceuticals is decreasing the chance of medication errors and warns providers of potential adverse reactions.
  • Telemedicine and real-time video conferencing are already a reality.
  • Biometrics will be used more often for data access.
  • Personal digital assistant (PDA) wireless connectivity, which relies on digital or broadband technology including satellites, and radio-wave communications are increasingly common.
  • The use of wireless technology in medical devices will be increasing.

No Healthcare Standardization

All of these applications offer advantages, but the security of these IT methods and devices is not yet fully standardized or familiar to health professionals; despite the CCHIT, Office of the National Coordinator for Health Information Technology, etc.  They all involve inherent security and privacy risks, and the prudent healthcare organization will want to ensure that these risks are identified and contained.  For instance, a single firewall or intrusion detection system (IDS) may not be enough.

The process must begin by conducting a security risk assessment — that is, doing a thorough assessment of current systems and data, and performing checks such as real-time intrusion testing, validation of data audit trails, firewall testing, and remediation when gaps or failed systems are exposed.  These activities are part of developing a healthcare security plan, including disaster recovery.

Privacy Officers

To ensure that the risk assessment is thorough, hospital network administrators and Privacy Officers should have a working knowledge of federal regulations and of the following security mechanisms:

  • vulnerability assessment;
  • security policy development;
  • risk management;
  • firewall assessment;
  • security application assessment;
  • network security assessment;
  • incident response and recovery assessment;
  • authentication and authorization systems;
  • security products;
  • firewall implementation;
  • public key infrastructure (PKI) design;
  • virtual private network (VPN) design and implementation
  • intrusion detection systems;
  • penetration testing;
  • security program implementation;
  • security policy assessment; and
  • security awareness training.

The federal government has recognized the importance of health information security by establishing regulatory guidance with its Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The International Standards Organization

Join Our Mailing List 

IT system managers in healthcare settings are also familiar with the comprehensive security model offered by the International Standards Organization (ISO).  For instance, using ISO’s 17799 Code of Practice for Information Security Management, versions 2000, 2005, or 2010 information security is achieved by implementing a suitable set of controls to govern policies, processes, procedures, organizational structures and software and hardware functions.  The Code requires the IT manager to establish, implement, monitor, review, and where necessary, improve these controls to ensure that the specific security and business objectives of a healthcare organization are met.

Assessment

The work of the National Institute of Science and Technology (NIST) in developing innovative technology for the healthcare sector is also of interest to IT system managers.  For instance, research on a computer note-writing system that captures clinical data automatically and a data repository system that captures patient data and integrates it with clinical decision support and knowledge bases are two of the initiatives that have originated with NIST.  In addition, the organization publishes numerous Special Publications that provide guidance on how to establish and maintain IT security.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

References:


[1]   Donn B. Parker developed the so-called Parkerian Hexad Principles, which discuss the attributes of information security.

[2]   Privacy generally refers to a ‘people’ context, a state of being free from unauthorized intrusion or invasion.  This concept is as applicable to medical records as it is to your own house.  Confidentiality is viewed more in the context of information, usually dealing with accessing and sharing information or data.

[3]   EDI involves electronic transmission methods, often utilizing networks or the Internet.[3]  The benefits of EDI include speed, data entry savings, and reduction of manual errors; the risks are legion.

[4]   Terms used in the field include electronic medical record (EMR), electronic patient record (EPR), electronic health record (EHR), computer-based patient record (CPR), etc.  These terms can be used interchangeably or generically, but some specific differences have been identified.  For example, an EPR has been defined as encapsulating a record of care provided by a single site, in contrast to an EHR, which provides a longitudinal record of a patient’s care carried out across different institutions and sectors.  However, such differentiations are not consistently observed.

[5]   An application service provider (ASP) is a business that provides computer-based services to customers over a network.

Buy from Amazon

On HIT Continuity Planning

Join Our Mailing List

Setting Up Your HIT Security System

Dr. MataBy Richard J. Mata, MD, CIS, CMP™ [Hon]

In order for a healthcare organization to thrive, it must be able to continue to function no matter what the circumstances are.

When disaster strikes, the organization must mobilize all the talent and resources needed to continue their operations and return to a normal state as soon as possible.

Time is money, and in today’s economy, an hour could be worth thousands of dollars.  Every department in an organization has responsibilities during a disaster.  Planning for a disaster and then dealing with it is a team effort by all parts of an organization.

Phases of Healthcare Business Continuity Planning

A system is required to realize this objective, and part of this system is healthcare entity business continuity planning (BCP).

Phase One: Set up a BCP Project

The first step is to set up a BCP project, which includes feedback from key members from all departments.  Appoint a project manager who has a solid background in the clinical and financial systems and functions that the organization deploys or services it provides.  The project manager can work with business and system analysts to document business flow and interactions with computerized systems that may go down, and how the organization will function on a manual system until service returns.

Phase Two: Review Emergencies and Assess Business Risk

The second phase involves reviewing the different types of emergencies that can arise and assessing the risks to the various business processes already documented.  This is accomplished following a system or service function.

Phase Three: Prepare for Emergencies

The third phase includes identifying of back-ups and recovery strategies to mitigate the effects of an emergency.  A storage area network (SAN) or redundant server could be used as back-ups.

Phase Four: Plan for Disaster Recovery

The fourth phase involves the development of procedures to be followed by a Disaster Recovery Team where human life may be at risk.  A disaster might be caused by weather, sabotage, or electrical power and be specific to the particular organization and its business and IT infrastructure.

Phase Five: Plan for Business Recovery

The fifth phase is critical, and involves developing detailed procedures for the recovery of the business.  Again, the BCP project manager could use each business or service procedure that was documented in phase two and detail which financial or clinical systems are involved, what would be done if the systems were down, and what the plan for recovering the system might be.

Phase Six: Test Business Recovery Procedures

The sixth phase involves simulating authentic emergencies and testing of the business recovery phase.  For example, how would business processes or services be affected by an electrical outage?  How fast can a power generator pick up the outage – and what might happen after a timely pause?  How would patients who were receiving mechanical support be affected?  What would happen to the clinical laboratory?

Phase Seven: Train the Staff

Phase seven covers the training of all employees in the procedures necessary to manage the business recovery process.  These are the procedures tested in phase six, which may require modification.

Phase Eight: Maintain the Currency of the Plan

Phase eight includes treating BCP as a dynamic project to be kept up to date to reflect all changes to business processes and employee structure.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

Sevocity® Announces Free Electronic Health Records (EHR) System

For Educators and Regional Extension Centers (REC)

ADVERTISEMENT

By Catherine G. Huddle

VP, Market Development

www.Sevocity.com

Ph: (210) 412-5653

True Internet / Cloud EHR System Ideal for Educating Providers, Clinical Staff, and REC Support Staff

San Antonio, TX –Sevocity, a division of Conceptual MindWorks, Inc. (CMI), today announced Sevocity U, its Internet-based Ambulatory Electronic Health Records (EHR) program for Regional Extension Centers (RECs), Local Extension Centers (LECs), Management Service Organizations (MSOs), Technical Colleges, Universities, Medical Schools, and other organizations needing a turn-key EHR for training.

The Program

Under the program, educational organizations will receive free use of the fully functional Sevocity EHR for up to 20 users (teachers and students) through a demonstration clinic specifically for the educational organization.   Because Sevocity is a true Internet-based EHR, these organizations will not need to purchase, install, or maintain any servers or special software.  All that is required to access the system is a standard personal computer and an Internet connection, making student access for training and practice easy for the educator.  Sevocity U demonstration clinics will use the fully functional production version of Sevocity EHR.

CCHIT Certified

Sevocity 08 is CCHIT Certified® by the Certification Commission for Healthcare Information Technology (CCHIT®) and meets the Commission’s ambulatory electronic health record (EHR) criteria for 2008.  Sevocity will release its next version of Sevocity EHR this summer, at which time the company will apply for CCHIT 2011.  Sevocity is also committed to “meaningful use” certification and plans to apply as soon as certification is available.  Sevocity’s customer agreement includes a commitment to certification and any other requirements for providers to receive EHR incentives under the American Reinvestment and Recovery Act of 2009 (ARRA).

“We developed this program because we recognize the tremendous challenge Regional Extension Centers and other educators have teaching clinicians and others about Electronic Health Records in a very short period of time and with limited funding,” stated Catherine Huddle, VP of Market Development with Sevocity.   “While more standardization of EHRs is coming, today most systems have the same basic functionality.  Because Sevocity is a true Internet-based EHR and is very easy to use, it provides the ideal platform for educators providing EHR training.”

Join Our Mailing List

Assessment

Sevocity is rolling out this program in phases. Phase I begins today with the availability of Sevocity to the first ten (10) educational organizations that apply. Interested organizations should contact Sevocity at 877-777-2298 or EHReducation@Sevocity.com.

About Sevocity

Based in San Antonio, Texas, Sevocity empowers physician practices and health centers to embrace electronic health record (EHRs) by providing an easy-to-use, Internet-based electronic health record system. Because Sevocity EHR is an Internet-based (or cloud computing) product that provides secure access to clinical information via the Internet, practices and health centers avoid the expensive upfront capital expenditure and ongoing maintenance costs associated with client/server offerings. For more information about Sevocity, visit www.sevocity.com or call (877) 777-2298.

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Use the product, or give them a click and tell us what you think.

Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe. It is fast, free and secure.

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

%d bloggers like this: