Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

5 Features to Look for in a Medical Billing Company

Posted on March 4, 2015 I Written By

The following is a guest blog post by Harold R Gibson, Chief Financial Officer at M-Scribe Technologies, LLC.
Harold Gibson
A full-service medical billing company does more than code and file medical insurance claims. While that may still make up the bulk of a company’s output, a good medical billing company should offer additional services to help a practice achieve both profitability and compliance goals. Look for the following main features in a medical billing company:

  1. With the transition from ICD-9 to the new ICD-10 coding system in place, a billing company’s coding, billing and other EHR staff should be trained and experienced to ensure optimum accuracy – the foundation of compliance, and therefore improved timely payment. Since many practices have less time or budget for training billing staff in all aspects of the newer, more complex coding system, it falls to the medical claims processing service to fill in any gaps in the EHR process. A company which carefully monitors the EHR content entered will improve the accuracy of the codes and therefore ensure better compliance and payment as well as lessen the chances of an audit. Duplicate claims, payments included in a previously-billed service or procedure already adjudicated and non-covered charges are some of the most common reasons for claim denials. Make sure your practice doesn’t make these billing mistakes by letting a professional medical billing services company handle the workload.
  1. Accurate medical documentation is critical to having claims paid on time, with no rejection due to errors or incomplete filings. This is especially true of Medicare claims, whereby a Certificate of Medical Necessity and other required documentation must be correct and current to merit payment without multiple resubmissions. The right medical billing services company should use  technology and experience when entering only claim-relevant content data, correct procedure (CPT) and diagnosis codes (ICD-9 and ICD-10). These should then be entered into the EHR charts, providing convenience, increased efficiency and cost reduction.
  1. Specialty-specific billing services are available to group practices and clinics as well as individual physicians. Whether your practice uses billings systems such as eClinicalWorks, Greenway, Kareo, NextGen or other popular systems, the right service should be able to help. Whether your practice specializes in Surgical, Dermatology, Nephrology, Orthopedic, Radiology or anything else this should not be a problem for your billing provider. As a bonus, full-service billing companies can provide other services to you, including patient scheduling, verification of eligibility, performing patient demographics, coding and claims submission.
  1. Pre-RAC audit-related support: Complying with the complexities of Medicare and Medicaid regulations can be challenging even for an experienced billing staff in many practices – even more so for smaller or solo practitioners, who often have just one or two staffers handing billing as well as other duties. On the other hand, offering pre-audit support can be tricky for smaller, less experienced billing companies.  An experienced medical billing company can help with preparing a pre-audit checklist to supply requested audit information.
  1. Training webinars for billing and coding staff are another service designed to reduce the chance of errors caused by unfamiliarity with the new coding system as well as keeping abreast of regulatory and other changes. Offered free of charge, these webinars explore the history of ICDs, a comparison of ICD-9 and ICD-10, coding guidelines and formats as well as a step-by-step plan for implementation. These webinars can help solve the dilemma of not enough time or money to send busy staff to expensive, days-long ICD-10 training classes.

If you are looking for a medical billing company, it is important to choose a company that houses the above five features and remember to look for a company that will help with profitability and compliance goals.

About Harold R Gibson
Harold R Gibson is the Chief Financial Officer at M-Scribe Technologies, LLC, an accomplished healthcare professional with extensive experience in the medical billing and coding industry. You can find him on Twitter @mscribetech. He is interested to get your feedback/suggestions. Please email him at

Posters Flame ONC Comments

Posted on March 3, 2015 I Written By

When Carl Bergman isn't rooting for the Washington Nationals or searching for a Steeler bar, he’s Managing Partner of, a free service for matching users and EHRs. For the last dozen years, he’s concentrated on EHR consulting and writing. He spent the 80s and 90s as an itinerant project manger doing his small part for the dot com bubble. Prior to that, Bergman served a ten year stretch in the District of Columbia government as a policy and fiscal analyst.

Someone at ONC who has to read public comments deserves a break. They’ve been flamed.

ONC just released the public comments on its 10 year Interoperability Plan. Many of the posts are from stakeholders who provided careful, point by point comments. These often represent greatly divergent views. However, these commenters have one thing quite solidly in common. They’ve read the plan.

Not so, many others who skipped the boring reading homework. They just dumped on it with one theme: The federal government has no business getting its hands on my medical records! There are dozens upon dozens of comments on this theme. They’re irate, angry and often vituperative – to say the least. The fact that nothing like that is in the plan doesn’t stop them from believing it and roundly denouncing it.

Where did all these folks get this notion? From what I can tell, two sources made the inductive leap from practioners sharing EHR records to the feds wanting to know about your lumbago.

One was the Citizens Council for Health Freedom, which issued an August 14, 2014 press release saying:

Our government is funneling billions of dollars into systems that will dump all of our private medical records into one giant hub—accessible by many,” said CCHF president and co-founder Twila Brase. Doctors and nurses who have already started using these systems are not convinced that they are ready for use or even necessary. The government is touting these procedures as ways to streamline patient care, but they’re actually an attempt to capture and store Americans’ private medical data and share it with agencies that have nothing to do with health care.

The release then urged readers to comment on the plan.

Brase cites no sources in or out of the plan for her observations or conclusions.

The other source was Tammy Bruce. On December 14, 2014 she wrote:

Your personal healthcare information will be shared with an astounding 35 agencies (at least), offices and individuals including the Department of Defense, NASA, the Federal Trade Commission, the Department of Agriculture, the Department of Labor, the Federal Communications Commission, the HHS assistant secretary for legislation, the HHS office for civil rights, the HHS office for the general counsel, the Office of Personnel Management, the Social Security Administration, the Department of Justice and the Bureau of Prisons.

Clearly, this is meant to establish the fact that every federal agency will be participating in this scheme and will have access to your health information. Not only should this be anathema to every American on principle alone, but having all of our personal information available in the cloud also poses ridiculously obvious general security threats to our personal security.

She also urged readers to comment about the plan.

Again, no proof, no cites, just assertions and conclusions.

I don’t have anything to say about their claims, other than this. Our open political discourse means that those who read posts have to carefully sort out thoughtful, even if misinformed, opinion from dross. Pushing phony claims for whatever reason just makes it all the more difficult. Whoever at ONC has to slog through the dross in these comments has my sympathy.

Millennials Reshaping Digital Health

Posted on February 26, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I thought that the infographic below was really interesting and a nice balance to Paul’s previous post Mobile Health and Me…I Think Not! The infographic is based on the report, “Healthcare Without Borders: How Millennials are Reshaping Health and Wellness”, which looked to study Millenial healthcare values. There’s clearly a large divide between generations when it comes to how they approach healthcare. It will be interesting how this divide impacts healthcare going forward.


Is the Concierge Model A Real Option for Providers?

Posted on February 25, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This article last month in Crain’s New York Business talks about the pressures that primary care doctors are facing and how those financial pressures are getting many of them to try cash-only or concierge practices. Here’s an excerpt from the article:

To stave off the pressures prompting many physicians to sell their practices to hospital systems, Manhattan internist Peter Bruno has tried a number of creative solutions. They have ranged from forming a now-disbanded group practice with 60 colleagues to his ongoing strategy of working at a nursing home one day a week to supplement his income in his current solo practice.

With reimbursements dropping, Dr. Bruno made the bold move in July of converting his six-employee private practice on East 59th Street in Manhattan to a hybrid concierge model. In concierge care, patients pay an annual fee or retainer to get more immediate, customized care. Hybrid practices treat both concierge and traditional patients. He worked with SignatureMD, a Santa Monica, Calif.-based network that assists physicians in doing so.

I don’t think we need to cover the financial realities of being a solo physician here. You’re all to aware of the challenges. However, I’m interested to hear what you think about the potential for the concierge model of medicine for primary care doctors? Is that an option for most primary care doctors?

I ask this because I’ve seen concierge medicine work in the rich areas (the above case is Manhattan for example), but I have yet to see it really work in poorer areas. If we’re shifting to concierge medicine, what does that mean for the poorer areas of the country?

Here in Las Vegas, they have an interesting hybrid model that they’re trying where concierge medicine is part of the insurance plan. In fact, it could be part of the insurance plan your employer provides. I just signed up for the plan, so we’ll see how it goes.

I’m also watching how the EHR market is adapting to this trend as well. Over on EMR and HIPAA I wrote an article titled “An EHR Focused On Customer Requests, Not MU” which talks about what an EHR would look like that was just focused on patient care and how Amazing Charts was offering that product.

Just today SRSsoft announced their new SRS Essentials product that’s a non-MU EHR as well. Although, they offer an interesting wrinkle that allows their SRS Essentials customers to move up to an meaningful use certified EHR should they decide they later want to take part in meaningful use (or whatever that program eventually becomes).

Of course, SRSsoft focuses mostly on the specialty market and not general medicine. Although, maybe this physician focused EHR product will be of interest to the emerging concierge and direct primary care doctors as well.

What do you think of these new models of medicine? What’s their place in the healthcare world? Where are they going in the future? Will their technology needs be different than other doctors?

Why Are So Many Big Health IT Companies from Small Cities?

Posted on February 23, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I was reading over something on HIStalk the other day that talked about how many major healthcare IT and EHR companies have come out of small cities. In fact, when you think about the EHR world, there are only a handful of EHR companies that have come out of the tech hub of the world, Silicon Valley, and they’ve all been started within the past 10 years.

In the article HIStalk mentioned the town Malvern, Pennsylvania. I hadn’t even heard of the town, but a look at Wikipedia has Siemens Healthcare, Ricoh Americas, and Cerner as among the companies based in Malvern. I think the Cerner mention in the list must be because Cerner just purchases Siemens Healthcare, so they are now claiming them. However, Cerner is definitely a Kansas City based company. Either way though, Kansas City is not a HUGE city either and certainly hasn’t been the hub of technology (although, I know they have some cool tech things happening now, like most cities).

The healthcare IT behemoth, Epic was founded in Madison, Wisconsin and now has headquarters in Verona, Wisconsin. If you aren’t in healthcare IT, my guess is that you’ve probably never even heard of Verona.

Those are just a few examples and I’m sure there are many more. Why is it that so many of the large healthcare IT companies have come from small cities? Will that trend continue or will large cities like San Francisco, Boston, New York, and LA start to dominate?

I’m a bit of a young buck in this regard. So, I don’t have the answer. Hopefully some of my readers do. I look forward to hearing your thoughts. Is there an advantage to being from a small town when going into healthcare? It’s exciting to me that healthcare innovation can come from anywhere. I hope that trend continues.

Mobile Health and Me…I think not!!

Posted on February 20, 2015 I Written By

All that I read tells me, or at least tries to, that the future of healthcare is embedded in mobile healthcare. Through the magnificence of technology, I can see how my health is, test results were and when done, shop for a doctor to fix me if I’m broken. I have the opportunity to find the least expensive option for a cure or, when and if I have the time and after a self-diagnosis I can research my options on the care I need to fix whatever is broken. AND, I can do it all from my iPhone. Are you kidding??? You guys believe that there really are Super Heroes flying around out there, right??

I know that I am not a kid anymore. I know that even though my local hospital is rated as one of the best in the country, it and the doctors in it are a long, long way from the health technology I read so much about. Do we really want them to “compete” for our business?

Forsaking the fact that I live out in the pucker brush, if I get sick, I don’t want to find out about it because I researched the results of some tests, did a self diagnosis and went shopping for a cure. I want MY doctor to tell me what the problem is, if there is one and what can be done to fix it. If I agree with MY doctor, I want him to come up with a cure and whom I might need to be referred to to make it happen. I know that that is not technologically advanced, but it works.

That is one of my problems with all this and I guess I qualify for the title of Dinosaur. I can accept that, but I am also a parent. I take that responsibility very seriously.

One of my son’s is at the tail end of baby boomers and the other at the leading edge of Millennials. Both are very technology savvy. I think that the healthcare expectations I read about are nuts and even if it means being labeled a Dinosaur, I have to caution them about mHealth.

I watched my youngest son ignore the fact that the cold he was suffering from was very severe and getting worse. He finally went to one of those minute clinics and found out that he really had the flu and a touch of pneumonia to go with it. They suggested that he go to where I was trying to get him to go to. A real doctor. Had he done it originally he wouldn’t have lost three weeks because he was too sick to do much.

Then there is my very tech savvy baby boomer son. He understands HIT and mobile health better than most. Two times in the last three years he needed medical care. The first time he went to the minute clinic and they gave him Ibuprofen. It cured the hurt. The second time, he was doing an EHR implementation at a major university hospital. He spoke to one of the doctors he was working with, explained his issues, and was referred to the emergency room. They diagnosed him, treated him and sent him home because he was still contagious. He had also done a self diagnosis, on his smart phone. while sitting in an airport. His diagnosis was faulty.

Having gone through 3-4 life threatening illnesses in my life, the future methods of healthcare scares the heck out of me. It’s the future of medicine, I’m told. Iron Man, Bat Man, where are you when we need you?

Patient Wait Time Tracking – Can We Learn Something from Fast Food?

Posted on February 19, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I was recently asked by @HIMTrainer (Jennifer Della’Zanna if you prefer) if I knew where my article was that I wrote about having a “patient wait” timer in an office. I vaguely remember talking about the idea, but couldn’t find and don’t remember specifically posting about the topic. However, the idea of a timer that tracks a patient’s wait time was interesting.

I’m sure that most of you are familiar with these timers at fast food restaurants. They track how long you’re waiting for your food and they often have some promise of free food if it takes over a certain amount of time. I’ve always found these timers interesting. In fact, I can’t remember a time when I’ve been to a restaurant with one of these timers that I ever had to wait very long for my food. Is that because of the timer or is that the nature of the restaurant and this was just a marketing mechanism? The answer is that it’s likely both.

The timer is a visual display of how long you’re really waiting. Time is a funny thing. A wait time that is relatively short can feel really long. We often lie to ourselves about how long something is, but that’s our perception. A timer helps to readjust that perception to the proper perspective. Of course, on a bad day it can also illustrate how much the restaurant needs to improve.

The other value of the timer is that it encourages the staff to work faster. At first this probably means the staff will feel some anxiety over the timer. However, over time it will just be a visual indication of how quickly or slowly their working and will help to ensure a consistent speed of service from most employees.

Now I’m sure that many of you are thinking that Fast Food is an awful comparison to healthcare. Fast Food is a pretty consistent product with a consistent request. Healthcare is a pretty inconsistent product with a wild variety of requests (almost limitless). Plus, I’m sure that many people’s gut reaction will be that this is an awful idea and corrupts the practice of medicine. I can already hear the cries for “Where’s the humanity in medicine?”

Certainly an organization could take this too far. However, maybe there’s something we can learn from the wait time clock that could help healthcare improve. Plus, when people cry fowl over something, that really makes me want to dig into that idea and see how it can help.

What’s Realistic in Healthcare?
There’s no way you’re going to see an actual clock at the check in or check out window in healthcare. I can’t even imagine how that workflow and tracking would work. So, it won’t be the same as fast food, but there are certainly a number of options available to track how long a patient is waiting. In fact, in many cases you can get quite granular.

Built in EHR Status Tracking
10 years ago when I first implemented an EMR system (yes, it was EMR, not EHR at the time), we could track the patient wait times in our EMR system. It wasn’t a perfect process, but you could get a good idea of how long a patient was in the office, how long they waited to be put in a room, how long they waited from the nurse to the doctor, and then when they checked out. Of course, you can add it all together and get an idea of how long the patient was in the office.

We simply used the statuses in the EHR to track this time data. It worked out pretty well with a few exceptions. If we didn’t have something that was specifically queued off of that status, then the data would be incorrect. For example, the nurses knew to bring a patient into an exam room based on the front desk changing them to a checked in status. So, the front desk always did this. The doctor would know to go into the room based on the nurse changing the status of the patient, so the nursing staff always did this. The patient was marked as discharged when the patient was making their payment (or checking to see if they had payments) and so this final status change was always done. Nothing was queued off of the doctor changing the status, so this often failed and so that data wasn’t very accurate.

Running these reports was fascinating and we could slice and dice the data in a variety of different ways. We could see it by provider, by appointment type, etc. Seeing the data helped us analyze what was taking the most time and improve it. We were also able to exclude any outliers that would skew the data unfairly to a provider who had a crazy complex case or in case a status change was missed.

Proximity Tracking
While EHR status tracking is good, there’s an even more powerful and effective way to track patient wait times in an office. I saw this first hand at the Sanford Health clinic in Fargo, ND at the Intelligent Insite conference. The entire clinic was wired with proximity tracking and other wireless monitoring technology that could track everyone in the clinic. Every nurse, doctor, MA, etc all had this technology embedded in their badge. Patients were issued a tracking device when they checked in for their appointment.

With this technology in place, you can imagine how the workflow for my above tracking is totally automated. They would actually immediately room the patient upon the patient’s arrival. In this case, the room would automatically know that the patient was in the room and provide an indication to the nursing staff that the patient was ready and waiting. I can’t remember the exact times, but they worked to have a nurse go into the room with the patient almost immediately after the patient got in the room. No doubt that’s a unique setup, but with these tracking devices they could know how well they were doing with the goal.

I won’t dive into all the other details of this workflow, but you can imagine how all of these tracking devices can inform the flow of patients, nurses and doctors through your office. Plus, all of this data is now trackable and reportable. The nurse, doctor, or patient don’t have to remember to do anything. The proximity devices do all the tracking, status change, etc for you.

I asked them if many patients walk out of the office with their tracking device. They told me that they’ve never had that happen, but they have returning the device as part of their checkout procedures so that could be why.

Informing the Patient
I think we’re just getting started on all of this. The price of this technology will continue to come down and we’ll do a much better job of tracking what happens in a practice. Plus, it offers so many interesting workflow benefits. I wonder if one of the next steps is to inform the patient of their wait time.

If we’re tracking the wait time, it’s not that far of a stretch to share that wait time with the patient. Kick off a clock that starts counting once they check in for their appointment. Maybe that wait time is displayed in an app on the patient’s smartphone. Maybe the wait time could be integrated into the Epion Health tablets a practice gives the patient during their office visit. If it’s a fast visit, do you prompt them to do a review of the doctor on a social site like Yelp or HealthGrades? Would doctors be ready for a patient to see front and center how long they’ve been waiting?

Final Thoughts
I’m sure that many doctors and practices will be afraid of this type of transparency. Plus, I’ve seen some general medicine doctors in particular make some serious arguments for why they run behind. Maybe the app could take this into consideration and inform the patient accordingly. While there are many unreasonable patients that are going to be unreasonable regardless of the situation, many other patients will have a much better experience if they just know more details on what’s going on.

While the comparison to a fast food timer clock is a stretch, the concept of tracking a patient’s time in an office is a discussion that is just starting. As providers work to differentiate themselves from their competitors, I’ll be interested to see how all these new technologies combine to make the patient experience better.

Telehealth, or ‘How to Ditch the Waiting Room’

Posted on February 13, 2015 I Written By

The following is a guest blog post by Ryan Nelson, Director of Business Development for Medical Web Experts.

Navigating the doctor’s office for a non-emergency can feel like getting lost in a quagmire of lengthy routines. For those who choose to forego the experience for as long as possible, haphazardly browsing WebMD in the middle of the night is no better. This could all change soon.

Telemedicine is on the rise as health insurers and employers have become more willing to pay for online video consultations in recent years. Convenience (imagine not having to leave the comfort of your home for every service!) and positive health outcomes – not to mention significant cost savings for both employers and patients – are propelling online video consultations to the forefront of healthcare strategies.

People don’t like driving far, and they don’t like spending 45 minutes in a waiting room only to be discharged in under 15. The average wait time for a doctor’s appointment is 20 days in the US. This is more than enough time to deter patients from booking appointments for conditions that could be minor. Doctors usually don’t get reimbursed for time spent taking phone calls, so they often nix the medium altogether. Virtual doctor visits can fulfill patients’ need for instantaneous advice, closing a potentially dangerous communication gap while opening a new business opportunity for healthcare professionals.

A recent Harris Poll survey commissioned by Amwell found that around 40% of consumers would opt for video appointments for both antibiotics and birth control prescriptions, while at least 70% would rather have an online video visit to obtain a prescription than travel to their doctor’s office. Telehealth also offers a good solution for patients with mobility issues or chronic conditions, and it gives patients and doctors in rural or remote communities more options for receiving and dispensing care.

Health Outcomes
Biomed Central’s systematic review of telehealth service studies revealed that health outcomes for telehealth and in-person appointments are usually similar. About one-third of studies showed improved outcomes and only two indicated that telehealth was less effective. One way that online video appointments can improve health outcomes for the general population is to filter out minor health concerns and free up ER staff to deal with more serious ailments in-house. Additionally, video consultations can make it easier for physicians to track the recovery of discharged patients and to monitor patient adherence in a time-sensitive manner.

Cost Savings
The Amwell survey revealed that 64% of patients are willing to attend virtual appointments, challenging the dated assumption that in-person interactions tend to be perceived as a better experience. Contributing to this popularity is the fact that virtual appointments cost much less than an ER visit and are cheaper than an urgent care center or most face-to-face consults, generally figuring in around $40 to $50.

Biomed Central also found that out of 36 studies, nearly two-thirds showed cost savings for employers and patients. Meanwhile, Towers Watson predicted that the number of employers offering telemedicine will increase by 68% in 2015, which would result in $6B in employer savings.

Consumer Concerns
Consumers are concerned about how doctors can thoroughly examine patients through video, according to Amwell. However, the proliferation of self-monitoring mobile devices that can be used in conjunction with video consultations suggests that doctors may be able to get much of the information they need online. Besides, it can be argued that during most medical appointments a doctor doesn’t have much time to perform a comprehensive examination or truly get to know a patient.

Amwell subjects also questioned how a patient can be certain that he or she is speaking to a real doctor; however, this can easily be addressed by medical web platforms that thoroughly screen physicians and can thus provide adequate proof of their qualifications.

Digital Relationships
Research has shown that online video communication improves patient satisfaction and increases efficiency and access to healthcare for all demographics, at all times. While the medium appeals to people across all age groups, it especially appeals to younger, tech-savvy patients. This demographic tends to prefer instantaneous communication for non-emergencies and is generally comfortable communicating despite physical distance.

Consumers already use technology to communicate with their friends and families. Finally, doctors – another one of every person’s most intimate relationships – can join the ranks.

Towers Watson

FTC Gingerly Takes On Privacy in Health Devices (Part 1 of 2)

Posted on February 10, 2015 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site ( and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Are you confused about risks to privacy when everything from keystrokes to footsteps is being monitored? The Federal Trade Commission is confused too. In January they released a 55-page paper summarizing results of discussions with privacy experts about the Internet of Things, plus some recommendations. After a big build-up citing all sorts of technological and business threats, the report kind of fizzles out. Legislation specific to the IoT was rejected, but several suggestions for “general privacy legislation” such as requiring security on devices.

Sensors and controls are certainly popping up everywhere, so the FTC investigation comes at an appropriate time. My senator, Ed Markey, who has been a leader in telecom and technology for decades in Congress, recently released a report focused on automobiles. But the same concerns show up everywhere in various configurations. In this article I’ll focus on health care, and on the dilemma of security in that area.

No doubt about it, pacemakers and other critical devices can be hacked. It could be a movie: in Scene 1 a non-descript individual is moving through a crowded city street, thumbing over a common notepad. In Scene 2, later, numerous people fall to the ground as their pacemakers fail. They just had the bad luck to be in the vicinity of the individual with the notepad, who implanted their implants with malicious code that took effect later.

But here are the problems with requiring more security. First, security in computers almost always rests on encryption, which leads to an increase in the size of the data being protected. The best-known FTC case regarding device security, where they forced changes for cameras used in baby monitors, was appropriate for these external devices that could absorb the extra overhead. But increased data size leads to an increase in memory use, which in turn requires more storage and computing power on a small embedded device, as well as more transmission time over the network. In the end, devices may have to be heavier and more costly, serious barriers to adoption.

Furthermore, software always has bugs. Some lie dormant for years, like the notorious Heartbleed bug in the very software that web sites around the world depend on for encrypted communications. To provide security fixes, a manufacturer has to make it easy for embedded devices to download updated software–and any bug in that procedure leaves a channel for attack.

Perhaps there is a middle ground, where devices could be designed to accept updates only from particular computers in particular geographic locations. A patient would then be notified through email or a text message to hike it down to the doctor, where the fix could be installed. And the movie scene where malicious code gets downloaded from the street would be less likely to happen.

In the next part of this article I’ll suggest how the FTC and device manufacturers can engage the public to make appropriate privacy and security decisions.

The Paperless Healthcare Startup – lol

Posted on February 9, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

One of my healthcare IT friends posted this picture and caption to their Facebook page:

Paper Regulation in a Healthcare World

The past 8 months of my life can be summed up in just under 2k pages of internal documentation and reporting evidence. I’ll be so happy when this is over. Two days and counting…

Yeah, federal regs don’t choke healthcare startups at all. < /sarcasm>

I asked about which regulations (there are so many to choose from) and she said ISO and they also were lucky enough to get slapped with an FDA audit as well.

While not all regulation is bad and in fact some regulations is good, I’m pretty sure that these notebooks will almost never be cracked open. They’ll gather dust on a shelf. Of course, many would argue that the real value was the evaluation process that the company went through in creating these documents.

Regardless, this image is a good illustration of why many tech folks don’t get into healthcare.