Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

Patients Want Access To Physician Notes Despite Privacy Concerns

Posted on October 4, 2013 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

While privacy concerns remain, patients’ desire to access their medical records online seems to outweigh those concerns, according to a study reported in iHealthBeat.

The study, which was published in the Journal of Medical Internet Research, included 3,874 primary care patients at Beth Israel Deaconess Medical Center, Geisinger Health System and Harborview Medical Center. Each of these institutions implemented OpenNotes, a portal which allows patients to read the notes written by their doctors following office visits, e-mail correspondence and phone calls. The patients were able to view the notes via the portals where other parts of their medical records are stored.

Researchers interviewed patients at baseline, prior to their using the OpenNotes portal. They were interviewed again after a one year period during which they were able to use the OpenNotes portal to review the notes doctors made during their visits.

Privacy remained a concern throughout the study period, iHealthBeat noted. At the study’s outset, about 33 percent of OpenNotes project participants reported having concerns about privacy;  meanwhile, almost 37 percent said they were concerned about privacy after the one year period of using the portal.

After using the portal  for a year, 15.5 percent of patients said they were more concerned about privacy, while 12.7 percent said they were less concerned about privacy.

That being said, study participants were still very enthusiastic about having access to the notes. In fact, at the study’s end, 99 percent of participants said they wanted continued access physician notes, despite their initial privacy concerns.

In April of last year, when I first wrote about this project, I  predicted that patients would become very attached to the level of intimacy OpenNotes would offer with their providers.  It seems that this has come to pass. If 99 percent of patients want to continue with the project despite having privacy concerns, that’s a ringing endorsement of the concept. Now, I’m curious as to whether other institutions will get on board.

Study: Auditing Cloud-Based EMR Providers A Good Idea

Posted on August 28, 2013 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

Providers that use cloud-based EMRs should have an outside party audit the EMR before they begin using them in production, according to a Journal of Medical Internet Resesarch piece reported in iHealthBeat.

The study, which was conducted through a literature review of Medline sources and correspondence with with cloud EMR providers, found that auditing cloud service providers would prove a useful window into management information processes and allow for an apples-to-apples comparison of security features between different providers.

To ensure the privacy and security of cloud EMRs, providers should look into the following features, the study said :

*  Access monitoring
*  Data encryption
*  Digital signatures
*  Network security mechanisms
*  Role-based access

Even with a thorough audit, providers are likely to find holes in the EMRs’ security and management capabilities. The study’s authors note that cloud-based EMR management systems are “still under development.”

For that, healthcare providers thinking about moving their EMR to the cloud should implement a thorough security policy, including:

* Third party certification:  Cloud providers must be compliant with standard third-party requirements such as FISMA, ISO 27001, PCI DSS Level 1 and SAS70 Type II.

* Monitoring:  The provider should include automated monitoring tools to assure high levels of performance and system availability.

* Internal communications:  The cloud provider should use the platform as a communications channel keeping personnel up to date on everything that happens within the system.

Background checks: Providers must have strong policies to control user access, and require that employees accessing patient data agree to background checks.

* Physical security:  The data center should be strictly controlled and feature video surveillance, expert security staff, intrusion detection and other electronic monitoring.

These steps, along with other standard  protocols, should go a long way toward addressing any security questions about cloud EMRs. But it still seems like most healthcare facilities are paranoid enough about their cloud installations that they seldom discuss them in public. Though I suspect things will change over time, I think cloud installations are still suspect in the eyes of hospital CIOs.  Perhaps a research-backed blueprint for cloud security will reassure some.