HIMSS

Study: Top health IT initiatives listed

Anne Zieger — Sun, 13 Jul 2008 12:15:52 -0400

According to a new study sponsored by healthcare IT company Logicalis, data storage is the top driver for many hospital and healthcare IT projects underway right now. However, when it comes to the projects themselves, predictably, EMRs are in the lead, according to the study, which names the top 10 IT initiatives being undertaken by healthcare organizations. The remainder of the list includes disaster recovery; medical archiving systems; storage consolidation/virtualization; backup; business intelligence; PACS; health IT infrastructure; compliance and the security of personal health information.

What's interesting about these conclusions is that they differ in some respects from those drawn by a status released by HIMSS in April. For one thing, HIMSS respondents said that improving safety and reducing errors were key drivers of IT investment. Also, it's worth bearing in mind that according to HIMSS results, security breaches still seem to be rather common within healthcare organizations, with 18 percent of respondents having seen a breach within the past six months. If patient safety and security are key drivers, that takes one down a different road than projects driven by storage. I'm not sure how to reconcile these results--readers, what do you think?

To learn more about the study:
- read this Healthcare IT News piece
- read the Logicalis press release

Related Articles:
HIMSS: Patient safety top reason for IT investment
Study: Hospital execs stress IT investment for coming years
Study: Nursing point-of-care IT can interfere with workflow
Study: Better health IT could give nurses more patient time

SPOTLIGHT: Hospital IT adoption slower than expected

Anne Zieger — Sat, 05 Jul 2008 00:19:17 -0400

Hospitals have ambitious plans for health IT adoption, of that there's no doubt. The thing is, they're doing it at a slower pace than executives had predicted, according to a new study by HIMSS. The study of 5,084 hospitals found that they spent 7 percent less on healthcare IT than they'd allotted at 2007--and that much of what they spent went toward claims and billing processing. For 2008, HIMSS Analytics predicts that hospitals will spend 3 percent of their total budgets. Article

Identity thieves getting better at stealing patient data

Mon, 12 May 2008 06:59:57 -0400

Where they once focused on banking data and credit card statements, identity thieves have become increasingly focused on breaking into patient data systems, observers say. Medical records offer a rich trove of information for an identity thief, often including not only health insurance account numbers and billing addresses, but also dates of birth, Social Security numbers and even credit information. That's particularly the case with hospitals which, since they offer costly services, may do more credit research on a patient.

Security industry researchers note that many hospitals haven't taken adequate steps to prevent malicious clinical data breaches, perhaps unaware that in addition to posing great risk to patients, each intrusion can cost $200 per record and $6.3 million per incident. Instead, many hospital IT departments are focused more on implementing or supporting EMR rollouts, according to a survey announced at HiMSS '08.

To learn more about medical record theft:
- read this USA Today article

Related Articles:
The growing problem of medical identity theft
NY hospital worker charged with massive file theft
California expands health data breach rules
U.S. hospitals have security 'blind spot'

U.S. hospitals have security 'blind spot'

Mon, 14 Apr 2008 06:59:57 -0400

A new study confirms what many health IT administrators already know--that hospitals aren't doing a great job when it comes to investing in security. The study, which was commissioned by risk consulting firm Kroll Fraud Solutions and published by HIMSS, concluded that hospitals' focus on medical privacy and compliance has distracted them from the threat of patient identity theft and other data breaches. While HIT administrators are very familiar with HIPAA, and eager to meet its privacy provisions, their HIPAA compliance measures won't do much to prevent fraud or malicious hacking, the study noted.

In addition, hospitals aren't being reminded as often as they should be that their peers are having security problems that could affect them, too. The HIMSS study noted that many data breaches don't get reported, given that there's no firm rules in place requiring such disclosures.

Even worse, HIT leaders and their peers may be ignorant as to just how expensive a malicious data breach can be--despite the fact that the average cost of such a breach generally is estimated at nearly $200 per record and $6.3 million per incident.

To learn more about the study:
- read this Healthcare IT News piece
- register and download the original report

Related Articles:
More hospital data security breaches
Hospitals face ID security holes
HIMSS08: IT execs ready to lock down security

HIMSS08: Google unveils details of PHR

Mon, 03 Mar 2008 06:59:57 -0500

So, the Google boys have marched into town with their own PHR, which they demonstrated last week for a marveling crowd at HIMSS08. At a modest booth on a side alley at the exhibition, Google was premiering a simple PHR interface consisting of only few text links, including a link to a feature allowing users to search for doctors, and another accessing Google Scholar to search for medical information. The PHR's key function was a link to a utility allowing users to import records from varied provider systems, then store the records online. Of course, Google CEO Eric Schmidt has been making the rounds assuring privacy advocates that the search giant won't share these records without the patient's consent, but as I understand it, since Google's not a provider they're not required to meet HIPAA standards unless they feel like it. How long that will last, particularly if competitors like Microsoft and Revolution Health begin to loosen their standards?

As we've previously noted, the records will be accessible through the same name/password combination consumers use to access other Google features, such as Calendar and Gmail. OK, readers, I'm sure you know far more than me on this front, but isn't that a fairly weak security method to store extremely private information? When I asked one of the young Google-ites manning the booth this question, he brushed it away. I don't know about you, but that didn't impress me much.

To get more background on the Google PHR:
- read this iHealthBeat piece

Related Article:
Google begins storing medical records. Article

HIMSS08: Kolodner expects increase in EMR use

Mon, 03 Mar 2008 06:59:56 -0500

Just in case you haven't had your fill, here's more optimism from the feds on HIT adoption. (As for me, it's getting a bit grating, as I don't see enough going on to actually make adoption happen.) At least in this case, the optimism is driven by the likelihood that hospitals will step up, which seems a bit more realistic.

In his HIMSS speech last week, Dr. Robert Kolodner, national coordinator of health information technology, said that he hopes that to see a 50 percent increase in the use of health information technology this year. He's also predicting that the Nationwide Health Information Network will become operational this year, and that EMR vendors will begin incorporating federal standards into their products. Dr. Kolodner contends that an increased use of EMRs will be driven partly by a growth in hospital donations of such software to physicians who practice at their facilities. Thanks to this and other trends, he says, by 2012 at the outside half of all doctors will use EMRs. My question is, how will everyone pay for this?

To get more of Kolodner's predictions:
- read this Government Health IT piece

Related Articles:
Groups say IT changes must be part of national reform. Article
CCHIT invites vendors to apply for EMR pilot. Article

HiMSS08: IT execs ready to lock down security

Mon, 25 Feb 2008 06:59:59 -0500

A big hello to all of you from HiMSS08, here in the lovely, though slightly muggy, city of Orlando. As it turns out, the conference has drawn even more attendees than originally expected, a whopping 27,000 participants. That's a big hit even for a town that's used to tourists: we HiMSS-ies have taken over!

Today, I attended the HiMSS event at which they unveiled the results from their annual HiMSS Leadership Survey--sort of a "state of the union" thing. The 307 respondents, who represented more than 700 hospitals, had some interesting things to say. Perhaps the most interesting, though, was the apparent contradiction between what they said they wanted and what they actually plan to buy.

Some not-so-shocking takeaways included that:

* 75 percent of HIT professionals expected their budgets to increase this year (though not by very much).

* 26 percent of respondents said that a lack of financial support--not end-user resistance or even an inability to prove ROI on IT investment--was the biggest barrier to implementing their plans.

* 75 percent said that they had management responsibility for non-IT functions, including telecom, biomedical engineering and medical informatics.

More noteworthy, to me, was the clash between what HIT execs said they were actually going to do versus what they called a "top priority." According to the survey, two of their top investment priorities were identity management and security technologies. On the other hand, 45 percent said that clinical information systems were the most important application to address over the next two years, followed by CPOE and EMR systems. And when asked what their IT priorities were today, most said inpatient clinical information systems and helping to reduce medical errors and promote safety were central.

Given that about a quarter of hospitals saw a security breach over the last year (another survey stat), it's hardly surprising that these folks want to go beyond standard firewalls, user access controls and audit logs to the next level of security management. The thing is, they seem to have trouble admitting it.

Truthfully, we're probably years away from seeing industry-wide adoption of cutting edge EMRs, clinical decision systems and other worthwhile technologies focused around patient care. In the meantime, I'm not surprised that HIT execs want to boost security. Hey, when you're in doubt, pull up the drawbridge first; then you'll have time to improve operations within the castle.

More HiMSS08 news on the way tomorrow ... see you then! -- Anne

HiMSS '08: Navigating the vendor maze

Thu, 21 Feb 2008 06:59:59 -0500

So, HiMSS '08 is upon us. You know, it seems like only yesterday that my feet were recovering from the blisters I got walking the giant show floor in New Orleans last year! This HiMSS, which takes place in magical reality land of Orlando, isn't likely to be easy on the shoe leather, either. In fact, it promises to be a blockbuster--a spectacle worth of Disney.

For one thing, there's a brain-boggling list of more than 900 exhibitors competing for your attention with booth babes, gear, demos and lots of giveaway toys. And of course, there's a smörgåsbord of brain food available at the 200-odd educational sessions taking place throughout the show's run, user groups, innumerable vendor-sponsored events, games and parties and God knows what else in the way of entertainment. (I like Citrix's booth game "Are you Smarter Than an IT Geek?"--a bit arch, but hey, I'm ready to play.)

So, where's should the smart but weary health IT exec spend their limited HiMSS time? Here's a few ideas on how to navigate the vendor maze:

* It never hurts to play with an EMR--or any other technology that has to be accessible to non-geeks--since an awkward design can make an otherwise clever product useless to your docs.

* By all means, fire tough questions at the security vendors, many of whom just seem to be getting the idea that healthcare-specific products are a Good Thing. But don't be fooled: a lot of them seem to be talking security without really "getting" healthcare realities.

* Anyone who claims they can make your pay-for-performance program's documentation and management easier deserves a listen. As with EMRs, the wrong technology here can actually make things worse.

* If a vendor has ready-to-roll technology available which can support remote patient monitoring, I'd love to see it--and you might want to as well.

By the way, while the most noise always comes from the billion-dollar vendors with the gigantic booths, dazzling light shows and models in short skirts, smaller vendors are staking their claim there too, and you should check some of them out. Actually, you're likely to encounter vendors at HiMSS that you won't run into any other way, as they probably don't have the marketing budget to reach you otherwise.

Don't underestimate these small, scrappy players. Even if you don't end up buying their products, talking with emerging vendors can be quite a source of ideas. And after all, aren't ideas why you come to shows like HiMSS in the first place?

Now, read on to get more detail on topics that should prove to be some of the hottest and most interesting at the show. I hope they're helpful. Meanwhile, with any luck, I hope to meet some of you there. If you see me, feel free to say hello! - Anne

EMRs, EMRs and more EMRs

Thu, 21 Feb 2008 06:59:58 -0500

Sure, EMRs have been a hot idea for quite some time. But now that federal and state legislators have made electronic data sharing their pet project--something which implies a pretty robust EMR installation base out there--there's been nothing less than an explosion. Sure, market leaders like Cerner, McKesson, GE and Epic will be there, but also lots of folks you've never met before. The problem is, the ways they define "electronic patient record" vary so widely that it's hard to tell, sometimes, that they're claiming to solve the same problem. So you're going to have your hands full sorting them out. of course, each of them claim to have the "real" EMR model in their possession, too.

On the show floor, there's interesting entries like Catalis, which offers CCHIT-certified "graphical patient record" software for primary use on a wireless tablet PC. Others, like Axolotl, offer health information exchange-focused products with EMR capabilities. There's enterprise software vendors like Allscripts, for which EMR functionality is just one element in a broad clinical data automation strategy. Then there's products like CSW's CaseNotes, which proposes to integrate existing data and help document care without actually calling themselves EMR vendors. And what about vendors like 3SG Corp., which seems to focus primarily helping you with EMR-related document conversions. It's enough to give you a two-Motrin headache.

Sure, some of you will want to pick and choose best-of-breed tools among these various vendors, and assemble your own clinical data management solution. (If you attend case study-based educational sessions, you'll find that this is what many of your peers are doing.) But if you think of an EMR as an organic whole, a solution which brings together everything you need to replace and improve on paper records, you're not going to find many options. The ones that come closest are crazy expensive, too. All told, expect to find more confusion than answers.

The hunt for specialized data security tools

Thu, 21 Feb 2008 06:59:57 -0500

At this year's show, you'll find no shortage of clinical data technology vendors who assure you that their security protections are impenetrable. And you'll be able to attend any number of sessions (see Datebook, below) in which IT leaders share how they security-proofed their particular institution's systems. This is all well and good. The thing is, vendor promises usually have a lot of "yes, but"s in them, and case studies only give you a snapshot of how one provider's processes and technology changed. That's the trouble with security; it's easy to brag about but tough to implement right for your unique needs.

You'll certainly find the traditional infosec options on display at HiMSS, such as network access controls and access management solutions. Still, the number of consultants on hand to pitch their security management and integration services seems to outweigh the number of security technology vendors by a considerable margin. For the foreseeable future, that's just how it's likely to be, at least until key clinical data elements like EMRs standardize a bit more. Everyone's going to need custom work, so they're going to flourish.

What you're not likely to find at the show, meanwhile, is the major brand names in the security industry. Maybe the next thing to do, after the show, is to get in the face of traditional giants and make them understand your needs. Don't let them tell you healthcare is just like banking or military security or the like; after all, you know better. Those industries have tough security issues to crack, but they just aren't providers. In the mean time, it's worth giving some props to the security vendors who do show up and try to understand the industry.