Re: Can we talk about EHR security and the big picture?

[Guest guest]

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security. How all of us are faced with it and how can we handle it? or not?I'm gonna need particular advice when it comes down to the choosing in future. But right now, can we talk?Thanks all,KI'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article."Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients."http://www.nytimes.com/2009/10/18/business/18stream.html?th= & adxnnl=1 & emc=th & adxnnlx=1255881706-tlmUCp8B5BcqZQf2Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen

[Guest guest]

RE choosing EMR for clinical use vs others' use

1) You need to make the very real choice of either using an EMR for clinical goals or financial ones.

Meaning are you going to use it to claim future revenews for some "shady" meaningful use definition or or clnical helpfulness.

2) There are some very good small install EMRs that give you great bang for bucks to do good clinical meaningful use, such as Amazing Charts and SOAPware. Neither is "CCHIT" fully certified (SOAPware is offering, or will be offering options for noncert vs cert (higher cost), and other posts show that Amazing charts is considering CCHIT certification (note CCHIT cert does NOT automatically mean meaningful use!).

3) There are next step up programs with added expense and more fully integrated systems like eCW, eMDs that will allow you to "do more" but you'll need to put more into them; if you're a relatively large organization (3+ docs) or if you generate a sizable above average throughput of pts (20+/day/doc), the govt "promised" rebate may be worth it. The structure of such programs would probably be worth it too, but only if you put alot of effort into usage and it improves your clinical work flow within 6 months I'd say.

4) Higher end EMRs such as Practice Partners, Allscripts will bring efficiencies but costs may be harder to justify.

My take is that the larger the system, the more likely the vendor will take security issues more seriously, BUT also more likely to mine your data for other purposes!

I'm a small profile practice, 30-50 pts/week.

Using a small footprint EMR since 2004 fully for documentation; using since 1997 (worked for hospital based).

I support good software, but am supported by my pts.

Don't go too "batty" on the security issue... think clinical use and be SURE you have an escape method to get your data out if the company withdraws.

Matt in Western PA

Former EMR consultant

Always a FM doc since 1988 residency completed

Re: Can we talk about EHR security and the big picture?

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security. How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future. But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article."Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients."http://www.nytimes.com/2009/10/18/business/18stream.html?th= & adxnnl=1 & emc=th & adxnnlx=1255881706-tlmUCp8B5BcqZQf2Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen

[Guest guest]

Security 101, don't use something you can't own... If you don't own and have a copy of the software your data was created in, then how the heck do you plan to access your hosted data in 10 years from now unless you never devorce your vendor??? I will never have important data like charts and finances stored on some hosted server that I can't own a functional copy of the software the data was collected and stored in...

Level two, if all else fails, you can always take your medical computers of the internet and keep them all on an in-house closed loop that only those in your office will ever have access to... Now that's security. We did that for a long while when we first opened. Charts here, internet access on a separate solo machine and never the two met... If it's not on the net it can't be hacked, infected or stolen, it's that simple and many times I'm real tempted to go back to such a concept... Now that is about as safe as it can get other than a good regular back up plan... Oh yeah, always take a back up copy home every night... Ala el cheap off site back up...

Now that's good almost free high quality sercurity... Better than almost any of the disaster plans and super expensive firewalls and internet security programs even the fortune 500 use....

To: Sent: Sun, October 18, 2009 12:21:02 PMSubject: Re: Can we talk about EHR security and the big picture?

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security. How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future. But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is

scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article."Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients."http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen

[Guest guest]

USB keys remain a potential threat to your network even if it's not connected to the internet.Offsite backup is a HIPAA requirement I believe.Fortune 500 companies have more demanding business requirements with their data!

If you're running your own server, you simply must check that your backup and restore systems work.

 

Security 101, don't use something you can't own... If you don't own and have a copy of the software your data was created in, then how the heck do you plan to access your hosted data in 10 years from now unless you never devorce your vendor??? I will never have important data like charts and finances stored on some hosted server that I can't own a functional copy of the software the data was collected and stored in...

 

Level two, if all else fails, you can always take your medical computers of the internet and keep them all on an in-house closed loop that only those in your office will ever have access to... Now that's security. We did that for a long while when we first opened. Charts here, internet access on a separate solo machine and never the two met... If it's not on the net it can't be hacked, infected or

  

stolen, it's that simple and many times I'm real tempted to go back to such a concept... Now that is about as safe as it can get other than a good regular back up plan... Oh yeah, always take a back up copy home every night... Ala el cheap off site back up...

 

Now that's good almost free high quality sercurity... Better than almost any of the disaster plans and super expensive firewalls and internet security programs even the fortune 500 use....

To:

Sent: Sun, October 18, 2009 12:21:02 PMSubject: Re: Can we talk about EHR security and the big picture?

 

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security.  How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future.  But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.

Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. 

Supposedly this information is

scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.

Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article. " Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients. "

http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLA

This is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 

3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.

Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

Matt---

Good points. Given that I have 18% Medicare pts, I am looking for stim

money and also not be penalized

for lack of EMR so I do want a system that will be certified. But

useful clinically is utmost.

Which system do you use and does it interface/have billing with it?

Thanks.

Ellen

Dr Levin wrote:

>

>

> RE choosing EMR for clinical use vs others' use

>

> 1) You need to make the very */real/* choice of either using an EMR

> for clinical goals or financial ones.

> Meaning are you going to use it to claim future revenews for

> some " shady " meaningful use definition or or clnical helpfulness.

>

> 2) There are some very good small install EMRs that give you great

> bang for bucks to do good clinical meaningful use, such as Amazing

> Charts and SOAPware. Neither is " CCHIT " fully certified (SOAPware is

> offering, or will be offering options for noncert vs cert (higher

> cost)/, /and other posts show that Amazing charts is considering CCHIT

> certification (note CCHIT cert does NOT automatically mean meaningful

> use!).

>

> 3) There are next step up programs with added expense and more fully

> integrated systems like eCW, eMDs that will allow you to " do more " but

> you'll need to put more into them; if you're a relatively large

> organization (3+ docs) or if you generate a sizable above average

> throughput of pts (20+/day/doc), the govt " promised " rebate may be

> worth it. The structure of such programs would probably be worth it

> too, but only if you put alot of effort into usage and it */improves

> your clinical work flow within 6 months /*I'd say.

>

> 4) Higher end EMRs such as Practice Partners, Allscripts will bring

> efficiencies but costs may be harder to justify.

>

> My take is that the larger the system, the more likely the vendor will

> take security issues more seriously, BUT also more likely to mine your

> data for other purposes!

>

> I'm a small profile practice, 30-50 pts/week.

> Using a small footprint EMR since 2004 fully for documentation; using

> since 1997 (worked for hospital based).

> I support good software, but am supported by my pts.

>

> Don't go too " batty " on the security issue... think clinical use and

> be SURE you have an escape method to get your data out if the company

> withdraws.

>

> Matt in Western PA

> Former EMR consultant

> Always a FM doc since 1988 residency completed

>

>

> * Re: Can we talk about EHR

> security and the big picture?

>

>

>

> Note: In my previous post I wasn't looking for advice, in

> particular for my choice of EMR, but more for a discussion of EMR

> security. How all of us are faced with it and how can we handle

> it? or not?

>

> I'm gonna need particular advice when it comes down to the

> choosing in future. But right now, can we talk?

> Thanks all,

> K

>

>

>> I'm hoping we can engage the subject of EHR security on this very

>> smart listserv.

>> I've been thinking about this a lot as a pre-IMP looking at

>> various options for EHR (see below) but also as citizen patient

>> who's data is swimming in the big pool. In fact the security and

>> use of health care data looms large in my mind right now.

>>

>> Will 'meaningful use' be defined by whether or not and how use

>> the patient information is to someone or something larger than,

>> and outside of our practices? Is that a good thing?

>>

>> Clearly there is huge value in identifying best practices in

>> medicine, tracking outcomes, data mining for research and

>> evidence based medicine. But there is also huge value to those

>> who would sell information, predicted to be a 5 billion dollar

>> industry.

>>

>> Supposedly this information is scrubbed of individual identity,

>> however researchers are suggesting perhaps we shouldn't get too

>> comfortable.

>> When I saw this piece in the NYT today, I was already primed to

>> be very uncomfortable as I consider EHR for my someday IMP.

>>

>> Practice Fusion jumped right off the page at me, because I know

>> some of us use it. Here is that paragraph followed by the link to

>> the NYT article.

>>

>> " Big players like the Cerner Corporation, which maintains

>> electronic health systems for 8,000 clients, including large

>> hospitals and retail clinics, and smaller players like Practice

>> Fusion, which offers its Web-based health record systems free to

>> health care providers, say they make use of patient data

>> collected from their clients. "

>>

http://www.nytimes.com/2009/10/18/business/18stream.html?th= & adxnnl=1 & emc=th & adx\

nnlx=1255881706-tlmUCp8B5BcqZQf2Mr2XLA

>>

<http://www.nytimes.com/2009/10/18/business/18stream.html?th= & adxnnl=1 & emc=th & ad\

xnnlx=1255881706-tlmUCp8B5BcqZQf2Mr2XLA>

>>

>> This is my primitive category of options for EHR:

>>

>> 1.Web based options where information is stored on distant

>> servers of the host EHR company ( less expensive ) vs

>>

>> 2.a system housed in the office ( much more expensive )

>>

>> 3. Hybrid system hosted on servers housed in the central hospital

>> for it's affiliated practices and hosp owned practices. A

>> friend's practice has this. Caritas Org. Physician Network

>> purchase eClinical for it's 400+ physicians.

>>

>> Can we talk about this?

>>

>> Kathleen

>>

>

>

Attachment: vcard [not shown]

[Guest guest]

Offsite back up can be as simple as taking home the backup tape that ran last night......you will have everything except today in the event of a fire etc.

Dannielle Harwood, M.D.-- Confidentiality Notice --This email message, including all the attachments, is for the sole use of the intended recipient(s) and contains confidential information. Unauthorized use or disclosure is prohibited. If you are not the intended recipient, you may not use, disclose, copy or disseminate this information. If you are not the intended recipient, please contact the sender immediately by reply email and destroy all copies of the original message, including attachments.

Re: Can we talk about EHR security and the big picture?

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security. How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future. But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article."Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients."http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

Offsite backup is intended to protect and secure your data in the event of a disaster at the office.So, while offsite backup may be as simple as taking home the backup tape, unless you have another tape reader that can read those tapes, you haven't really provided a working solution to the problem that HIPAA is addressing with this requirement.

Every office should have a tested and working disaster recovery plan.

 

Offsite back up can be as simple as taking home the backup tape that ran last night......you will have everything except today in the event of a fire etc.

Dannielle Harwood, M.D.-- Confidentiality Notice --This email message, including all the attachments, is for the sole use of the intended recipient(s) and contains confidential information. Unauthorized use or disclosure is prohibited. If you are not the intended recipient, you may not use, disclose, copy or disseminate this information. If you are not the intended recipient, please contact the sender immediately by reply email and destroy all copies of the original message, including attachments.

Re: Can we talk about EHR security and the big picture? 

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security.  How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future.  But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article. " Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients. " http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.com

Synapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

Graham,

I back up to a external hard drive. Take my lap top home with me.

If I were to drop the laptop ect then I would use the external hard drive load and use my

table top computer.

What do you think? enough security?

Myria

To: Sent: Sun, October 18, 2009 9:37:30 PMSubject: Re: Can we talk about EHR security and the big picture?

Offsite backup is intended to protect and secure your data in the event of a disaster at the office.

So, while offsite backup may be as simple as taking home the backup tape, unless you have another tape reader that can read those tapes, you haven't really provided a working solution to the problem that HIPAA is addressing with this requirement.

Every office should have a tested and working disaster recovery plan.

On Mon, Oct 19, 2009 at 2:24 PM, dannielle harwood <dharwood100@ sbcglobal. net> wrote:

Offsite back up can be as simple as taking home the backup tape that ran last night......you will have everything except today in the event of a fire etc.

Dannielle Harwood, M.D.-- Confidentiality Notice --This email message, including all the attachments, is for the sole use of the intended recipient(s) and contains confidential information. Unauthorized use or disclosure is prohibited. If you are not the intended recipient, you may not use, disclose, copy or disseminate this information. If you are not the intended recipient, please contact the sender immediately by reply email and destroy all copies of the original message, including attachments.

Re: [Practiceimprovemen t1] Can we talk about EHR security and the big picture?

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security. How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future. But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't

get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article."Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients."http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= &

adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.comSynapse'>http://www.synapsedirect.comSynapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsed irect.comSynapse - the use from anywhere EMR.

[Guest guest]

Heh, where did you get that HIPAA requirement for "offsite backup?"

Re: Can we talk about EHR security and the big picture?

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security. How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future. But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article."Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients."http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

MyriaThere are lots of tales in the press about laptops being stolen and 1000s of patient details being exposed.  Potentially you could face a HIPAA penalty if your backup drive were stolen.

But the way around this is to encrypt the backup drive and laptop.  Windows 7 professional offers this.See http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption

 

Graham,

I back up to a external hard drive. Take my lap top home with me. 

If I were to drop the laptop ect then I would use the external hard drive load and use my

table top computer.

What do you think? enough security?

Myria

 

To:

Sent: Sun, October 18, 2009 9:37:30 PMSubject: Re: Can we talk about EHR security and the big picture?

 

Offsite backup is intended to protect and secure your data in the event of a disaster at the office.

So, while offsite backup may be as simple as taking home the backup tape, unless you have another tape reader that can read those tapes, you haven't really provided a working solution to the problem that HIPAA is addressing with this requirement.

Every office should have a tested and working disaster recovery plan.

On Mon, Oct 19, 2009 at 2:24 PM, dannielle harwood <dharwood100@ sbcglobal. net> wrote:

 

Offsite back up can be as simple as taking home the backup tape that ran last night......you will have everything except today in the event of a fire etc.

Dannielle Harwood, M.D.-- Confidentiality Notice --This email message, including all the attachments, is for the sole use of the intended recipient(s) and contains confidential information. Unauthorized use or disclosure is prohibited. If you are not the intended recipient, you may not use, disclose, copy or disseminate this information. If you are not the intended recipient, please contact the sender immediately by reply email and destroy all copies of the original message, including attachments.

Re: [Practiceimprovemen t1] Can we talk about EHR security and the big picture? 

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security.  How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future.  But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.

Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. 

Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't

get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article.

" Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients. "

http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= &

adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 

2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.

Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.comSynapse'>http://www.synapsedirect.comSynapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsed irect.com

Synapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse'>http://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

Outsource billing as costs to maintain billing would be more than I pay the billing company

Amount you'd get from Medicare depends on the billing you do -- be sure to judge the money you put in compared to what you could potentially get out!

Right now, I'd take the "cut"; I figure that I'll wait for the "standard".

Matt

* Re: Can we talk about EHR> security and the big picture?>> >> Note: In my previous post I wasn't looking for advice, in> particular for my choice of EMR, but more for a discussion of EMR> security. How all of us are faced with it and how can we handle> it? or not?>> I'm gonna need particular advice when it comes down to the> choosing in future. But right now, can we talk?> Thanks all,> K> >>> I'm hoping we can engage the subject of EHR security on this very>> smart listserv. >> I've been thinking about this a lot as a pre-IMP looking at>> various options for EHR (see below) but also as citizen patient>> who's data is swimming in the big pool. In fact the security and>> use of health care data looms large in my mind right now.>>>> Will 'meaningful use' be defined by whether or not and how use>> the patient information is to someone or something larger than,>> and outside of our practices? Is that a good thing? >>>> Clearly there is huge value in identifying best practices in>> medicine, tracking outcomes, data mining for research and>> evidence based medicine. But there is also huge value to those>> who would sell information, predicted to be a 5 billion dollar>> industry. >>>> Supposedly this information is scrubbed of individual identity,>> however researchers are suggesting perhaps we shouldn't get too>> comfortable. >> When I saw this piece in the NYT today, I was already primed to>> be very uncomfortable as I consider EHR for my someday IMP.>>>> Practice Fusion jumped right off the page at me, because I know>> some of us use it. Here is that paragraph followed by the link to>> the NYT article.>>>> "Big players like the Cerner Corporation, which maintains>> electronic health systems for 8,000 clients, including large>> hospitals and retail clinics, and smaller players like Practice>> Fusion, which offers its Web-based health record systems free to>> health care providers, say they make use of patient data>> collected from their clients.">> http://www.nytimes.com/2009/10/18/business/18stream.html?th= & adxnnl=1 & emc=th & adxnnlx=1255881706-tlmUCp8B5BcqZQf2Mr2XLA>> <http://www.nytimes.com/2009/10/18/business/18stream.html?th= & adxnnl=1 & emc=th & adxnnlx=1255881706-tlmUCp8B5BcqZQf2Mr2XLA>>>>> This is my primitive category of options for EHR: >>>> 1.Web based options where information is stored on distant>> servers of the host EHR company ( less expensive ) vs >>>> 2.a system housed in the office ( much more expensive ) >>>> 3. Hybrid system hosted on servers housed in the central hospital>> for it's affiliated practices and hosp owned practices. A>> friend's practice has this. Caritas Org. Physician Network>> purchase eClinical for it's 400+ physicians.>>>> Can we talk about this? >>>> Kathleen>>>>

[Guest guest]

Show me the regulation from the "HIPAA document"

Re: Can we talk about EHR security and the big picture?

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security. How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future. But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article."Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients."http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/nist80066.pdfNote that they mention you need to have a backup of the application software as well.

 

Heh, where did you get that HIPAA requirement for " offsite backup? "

Re: Can we talk about EHR security and the big picture? 

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security.  How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future.  But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article. " Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients. " http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.com

Synapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

I print all of my notes.

Every one.

Noone else uses my system, only me.

Still need that mega backup?

Re: Can we talk about EHR security and the big picture?

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security. How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future. But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article."Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients."http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

"This guideline has been prepared for use by federal agencies. It may also be used by nongovernmental organizations on a voluntary basis "

How about that?

Re: Can we talk about EHR security and the big picture?

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security. How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future. But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article."Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients."http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

"Covered Healthcare Providers—Any provider of medical or other health services, or supplies, who transmits any health information in electronic form in connection with a transaction for which the Department of Health and Human Services (DHHS) has adopted a standard. "

I don't "transmit" any information from my EMR. Why do I have to do this?

Re: Can we talk about EHR security and the big picture?

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security. How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future. But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article."Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients."http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

of course!

Dannielle Harwood, M.D.-- Confidentiality Notice --This email message, including all the attachments, is for the sole use of the intended recipient(s) and contains confidential information. Unauthorized use or disclosure is prohibited. If you are not the intended recipient, you may not use, disclose, copy or disseminate this information. If you are not the intended recipient, please contact the sender immediately by reply email and destroy all copies of the original message, including attachments.

Re: Can we talk about EHR security and the big picture?

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security. How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future. But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article."Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients."http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

If you don't use an EMR, and don't use a fax, don't use email .. then sure... you're not a covered entity.Rest easy.

 

" Covered Healthcare Providers—Any provider of medical or other health services, or supplies, who transmits any health information in electronic form in connection with a transaction for which the Department of Health and Human Services (DHHS) has adopted a standard. "

 

I don't " transmit " any information from my EMR.  Why do I have to do this?

Re: Can we talk about EHR security and the big picture? 

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security.  How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future.  But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article. " Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients. " http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

Ok, I was being sarcastic.  You can read the decision tree here http://www.cms.hhs.gov/HIPAAGenInfo/Downloads/CoveredEntitycharts.pdf

I take it you submit all your claims by fax or by snail mail which makes you a non-covered entity.

If you don't use an EMR, and don't use a fax, don't use email .. then sure... you're not a covered entity.Rest easy.

 

" Covered Healthcare Providers—Any provider of medical or other health services, or supplies, who transmits any health information in electronic form in connection with a transaction for which the Department of Health and Human Services (DHHS) has adopted a standard. "

 

I don't " transmit " any information from my EMR.  Why do I have to do this?

Re: Can we talk about EHR security and the big picture? 

Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security.  How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future.  But right now, can we talk?

Thanks all,

K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article. " Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients. " http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

Could back up be as simple as downloading to a thumb drive every night?of course!Dannielle Harwood, M.D.-- Confidentiality Notice --This email message, including all the attachments, is for the sole use of the intended recipient(s) and contains confidential information. Unauthorized use or disclosure is prohibited. If you are not the intended recipient, you may not use, disclose, copy or disseminate this information. If you are not the intended recipient, please contact the sender immediately by reply email and destroy all copies of the original message, including attachments. Re: Can we talk about EHR security and the big picture? Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security. How all of us are faced with it and how can we handle it? or not?I'm gonna need particular advice when it comes down to the choosing in future. But right now, can we talk?Thanks all,KI'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article."Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients."http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

Sure ... and many of these thumb drives have encrypted partitions that you can use to secure the data.

 

Could back up be as simple as downloading to a thumb drive every night?

of course!Dannielle Harwood, M.D.

-- Confidentiality Notice --This email message, including all the attachments, is for the sole use of the intended recipient(s) and contains confidential information. Unauthorized use or disclosure is prohibited. If you are not the intended recipient, you may not use, disclose, copy or disseminate this information. If you are not the intended recipient, please contact the sender immediately by reply email and destroy all copies of the original message, including attachments.

 Re: Can we talk about EHR security and the big picture?

 Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security.  How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future.  But right now, can we talk?Thanks all,K

I'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.

Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. 

Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.

Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article. " Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients. "

http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLA

This is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 

3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.

Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.com

Synapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

I went to a HP/Microsoft meeting last week and the guy who did one of the talks had a laptop with an external hard drive. He also had a security card attached to the laptop that ensured all the data on the external hard drive was being encrypted.

Off topic, he was talking about Microsoft's new Foundation server which is a really cheap version of windows 2008 server .. but it is only bundled in with low end HP and Dell hardware.  Great for the small office.

Sure ... and many of these thumb drives have encrypted partitions that you can use to secure the data.

 

Could back up be as simple as downloading to a thumb drive every night?

of course!Dannielle Harwood, M.D.

-- Confidentiality Notice --This email message, including all the attachments, is for the sole use of the intended recipient(s) and contains confidential information. Unauthorized use or disclosure is prohibited. If you are not the intended recipient, you may not use, disclose, copy or disseminate this information. If you are not the intended recipient, please contact the sender immediately by reply email and destroy all copies of the original message, including attachments.

 Re: Can we talk about EHR security and the big picture?

 Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security.  How all of us are faced with it and how can we handle it? or not?

I'm gonna need particular advice when it comes down to the choosing in future.  But right now, can we talk?Thanks all,K

I'm hoping we can engage the subject of EHR security on this very smart listserv. 

I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.

Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. 

Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.

Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article. " Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients. "

http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLA

This is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 

3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.

Can we talk about this? Kathleen

-- Graham Chiuhttp://www.synapsedirect.com

Synapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

Thank you, Graham. Good to know about encryption for thumb drives. My 15 yo uses his everyday for his homework. That thing goes back and forth to school. God knows what he's dragging home to our house computer. I need to have a discussion with him. At home we're mac users, with laptops and the mother unit connected by firewire. I will have to think about hygiene and firewire when it comes to emr. That is, if I go mac.Such great information all of you. I'm learning so much. Thank you Mat. I 'll try not to go too batty. But still just looking down the rabbit hole is dizzying. KathleenSure ... and many of these thumb drives have encrypted partitions that you can use to secure the data.On Mon, Oct 19, 2009 at 3:53 PM, Kathleen Patton <krpattoncomcast (DOT) net>wrote: Could back up be as simple as downloading to a thumb drive every night?of course!Dannielle Harwood, M.D.-- Confidentiality Notice --This email message, including all the attachments, is for the sole use of the intended recipient(s) and contains confidential information. Unauthorized use or disclosure is prohibited. If you are not the intended recipient, you may not use, disclose, copy or disseminate this information. If you are not the intended recipient, please contact the sender immediately by reply email and destroy all copies of the original message, including attachments. Re: Can we talk about EHR security and the big picture? Note: In my previous post I wasn't looking for advice, in particular for my choice of EMR, but more for a discussion of EMR security. How all of us are faced with it and how can we handle it? or not?I'm gonna need particular advice when it comes down to the choosing in future. But right now, can we talk?Thanks all,KI'm hoping we can engage the subject of EHR security on this very smart listserv. I've been thinking about this a lot as a pre-IMP looking at various options for EHR (see below) but also as citizen patient who's data is swimming in the big pool. In fact the security and use of health care data looms large in my mind right now.Will 'meaningful use' be defined by whether or not and how use the patient information is to someone or something larger than, and outside of our practices? Is that a good thing? Clearly there is huge value in identifying best practices in medicine, tracking outcomes, data mining for research and evidence based medicine. But there is also huge value to those who would sell information, predicted to be a 5 billion dollar industry. Supposedly this information is scrubbed of individual identity, however researchers are suggesting perhaps we shouldn't get too comfortable. When I saw this piece in the NYT today, I was already primed to be very uncomfortable as I consider EHR for my someday IMP.Practice Fusion jumped right off the page at me, because I know some of us use it. Here is that paragraph followed by the link to the NYT article."Big players like the Cerner Corporation, which maintains electronic health systems for 8,000 clients, including large hospitals and retail clinics, and smaller players like Practice Fusion, which offers its Web-based health record systems free to health care providers, say they make use of patient data collected from their clients."http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= & adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLAThis is my primitive category of options for EHR: 1.Web based options where information is stored on distant servers of the host EHR company ( less expensive ) vs 2.a system housed in the office ( much more expensive ) 3. Hybrid system hosted on servers housed in the central hospital for it's affiliated practices and hosp owned practices. A friend's practice has this. Caritas Org. Physician Network purchase eClinical for it's 400+ physicians.Can we talk about this? Kathleen-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.

[Guest guest]

An example of bad security:

I just found out a Blue Cross employee downloaded provider information onto her

personal computer so she could work on it at home. Her computer with all the

un-encrypted, unprotected data was stolen. So now, some thief has my SSN.

BCBS is paying for a year of credit monitoring but when will people realize they

can't go walking around with unsecured personal information?

UUUGGHHHHH!

Craig

> >>

> >>> I'm hoping we can engage the subject of EHR security on this very

> >>> smart listserv.

> >>> I've been thinking about this a lot as a pre-IMP looking at

> >>> various options for EHR (see below) but also as citizen patient

> >>> who's data is swimming in the big pool. In fact the security and

> >>> use of health care data looms large in my mind right now.

> >>>

> >>> Will 'meaningful use' be defined by whether or not and how use the

> >>> patient information is to someone or something larger than, and

> >>> outside of our practices? Is that a good thing?

> >>>

> >>> Clearly there is huge value in identifying best practices in

> >>> medicine, tracking outcomes, data mining for research and evidence

> >>> based medicine. But there is also huge value to those who would

> >>> sell information, predicted to be a 5 billion dollar industry.

> >>>

> >>> Supposedly this information is scrubbed of individual identity,

> >>> however researchers are suggesting perhaps we shouldn't get too

> >>> comfortable.

> >>> When I saw this piece in the NYT today, I was already primed to be

> >>> very uncomfortable as I consider EHR for my someday IMP.

> >>>

> >>> Practice Fusion jumped right off the page at me, because I know

> >>> some of us use it. Here is that paragraph followed by the link to

> >>> the NYT article.

> >>>

> >>> " Big players like the Cerner Corporation, which maintains

> >>> electronic health systems for 8,000 clients, including large

> >>> hospitals and retail clinics, and smaller players like Practice

> >>> Fusion, which offers its Web-based health record systems free to

> >>> health care providers, say they make use of patient data collected

> >>> from their clients. "

> >>> http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= &

> >>> adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLA

> >>>

> >>> This is my primitive category of options for EHR:

> >>>

> >>> 1.Web based options where information is stored on distant servers

> >>> of the host EHR company ( less expensive ) vs

> >>>

> >>> 2.a system housed in the office ( much more expensive )

> >>>

> >>> 3. Hybrid system hosted on servers housed in the central hospital

> >>> for it's affiliated practices and hosp owned practices. A friend's

> >>> practice has this. Caritas Org. Physician Network purchase

> >>> eClinical for it's 400+ physicians.

> >>>

> >>> Can we talk about this?

> >>>

> >>> Kathleen

> >>>

> >>>

> >>

> >>

> >>

> >>

> >>

> >>

> >>

> >>

> >> --

> >> Graham Chiu

> >> http://www.synapsedirect.com

> >> Synapse - the use from anywhere EMR.

> >>

> >>

> >>

> >>

> >>

> >>

> >> --

> >> Graham Chiu

> >> http://www.synapsedirect.com

> >> Synapse - the use from anywhere EMR.

> >>

> >>

> >

> >

> >

> >

> >

> >

> > --

> > Graham Chiu

> > http://www.synapsedirect.com

> > Synapse - the use from anywhere EMR.

> >

> >

>

[Guest guest]

The company should be fined ....

 

An example of bad security:

I just found out a Blue Cross employee downloaded provider information onto her personal computer so she could work on it at home. Her computer with all the un-encrypted, unprotected data was stolen. So now, some thief has my SSN.

BCBS is paying for a year of credit monitoring but when will people realize they can't go walking around with unsecured personal information?

UUUGGHHHHH!

Craig

> >>

> >>> I'm hoping we can engage the subject of EHR security on this very

> >>> smart listserv.

> >>> I've been thinking about this a lot as a pre-IMP looking at

> >>> various options for EHR (see below) but also as citizen patient

> >>> who's data is swimming in the big pool. In fact the security and

> >>> use of health care data looms large in my mind right now.

> >>>

> >>> Will 'meaningful use' be defined by whether or not and how use the

> >>> patient information is to someone or something larger than, and

> >>> outside of our practices? Is that a good thing?

> >>>

> >>> Clearly there is huge value in identifying best practices in

> >>> medicine, tracking outcomes, data mining for research and evidence

> >>> based medicine. But there is also huge value to those who would

> >>> sell information, predicted to be a 5 billion dollar industry.

> >>>

> >>> Supposedly this information is scrubbed of individual identity,

> >>> however researchers are suggesting perhaps we shouldn't get too

> >>> comfortable.

> >>> When I saw this piece in the NYT today, I was already primed to be

> >>> very uncomfortable as I consider EHR for my someday IMP.

> >>>

> >>> Practice Fusion jumped right off the page at me, because I know

> >>> some of us use it. Here is that paragraph followed by the link to

> >>> the NYT article.

> >>>

> >>> " Big players like the Cerner Corporation, which maintains

> >>> electronic health systems for 8,000 clients, including large

> >>> hospitals and retail clinics, and smaller players like Practice

> >>> Fusion, which offers its Web-based health record systems free to

> >>> health care providers, say they make use of patient data collected

> >>> from their clients. "

> >>> http://www.nytimes. com/2009/ 10/18/business/ 18stream. html?th= &

> >>> adxnnl=1 & emc=th & adxnnlx= 1255881706- tlmUCp8B5BcqZQf2 Mr2XLA

> >>>

> >>> This is my primitive category of options for EHR:

> >>>

> >>> 1.Web based options where information is stored on distant servers

> >>> of the host EHR company ( less expensive ) vs

> >>>

> >>> 2.a system housed in the office ( much more expensive )

> >>>

> >>> 3. Hybrid system hosted on servers housed in the central hospital

> >>> for it's affiliated practices and hosp owned practices. A friend's

> >>> practice has this. Caritas Org. Physician Network purchase

> >>> eClinical for it's 400+ physicians.

> >>>

> >>> Can we talk about this?

> >>>

> >>> Kathleen

> >>>

> >>>

> >>

> >>

> >>

> >>

> >>

> >>

> >>

> >>

> >> --

> >> Graham Chiu

> >> http://www.synapsedirect.com

> >> Synapse - the use from anywhere EMR.

> >>

> >>

> >>

> >>

> >>

> >>

> >> --

> >> Graham Chiu

> >> http://www.synapsedirect.com

> >> Synapse - the use from anywhere EMR.

> >>

> >>

> >

> >

> >

> >

> >

> >

> > --

> > Graham Chiu

> > http://www.synapsedirect.com

> > Synapse - the use from anywhere EMR.

> >

> >

>

-- Graham Chiuhttp://www.synapsedirect.comSynapse - the use from anywhere EMR.