Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

How To Respond to Data Breaches

Posted on May 19, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 13 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

A lot of people have really liked this whitepaper on the 6 Reality Checks of HIPAA compliance. It’s a good download for those concerned about their HIPAA readiness. It will wake you up to the fact that you need to be ready and compliant with HIPAA.

Mac McMillan recently did a great HIPAA compliance interview with me where he said “A little bit of prevention goes a heck of a long way to preventing a bad event.” That’s great advice and if you read this whitepaper I think you’ll be woken up to the need to do a little more than you’re doing today to be HIPAA compliant.

While prevention is better, I was intrigued by this article (annoying registration required) in Health Data Management that talks about what to do in the event of a data breach. I love this quote from Rita Bowen, Senior VP at Healthport, “Breaches are inevitable.” It’s true. Despite your best efforts, breaches happen in every organization large and small.

Rita also points out that the key to a data breach is to have a system in place to “learn what went wrong and fix it.” I’ve always found HIPAA to be pretty generous with mistakes. As the HIPAA name says, it’s more about accountability than anything else. If you’re accountable for the decisions you’re making, then it’s more lenient than a lot of laws out there.

The article also gives three insights worth considering if you experience a data breach:

  • Honesty, the best policy
  • Keep Asking, “What if?”
  • Go the Extra Mile

All of these are great advice. If you go the extra mile and are honest about what happened, then you’ll usually be able to recover from a data breach. If you try and cover it up or hide what happened, then that will often come back to haunt you and damage you much more than if you were just honest and up front about what happened.

Bold EMR Move, Universal Personal Medical Record, and Unified EMR

Posted on June 9, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 13 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.


I’ll be really glad when the day arrives that this isn’t a bold move. Really, it’s a bold move to give patients access to the charts that they’ve always been able to request and get access to on paper?


I know dozens of companies working on this. Too bad I see so few patients adopting it. Although, if you go to the tweet itself (it may embed the whole conversation above as well), @nursefriendly and @JamieKaufmann have a nice conversation about security and privacy of this information. I’m definitely on @nursefriendly’s side of the conversation. I don’t agree with Jamie that a smart phone app with your health information is necessarily any less secure than an HIS system at a hospital. In fact, the value of hacking the HIS system is much more than hacking an individual record. So, I could easily argue that an HIS has a much higher risk.


I guess we can all dream.

Our Health Privacy Paranoia

Posted on November 21, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 13 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Katherine’s recent post on using EMR data to Market to patients got a lot of really interesting discussion about how this data should be used and if it’s ok to use the EMR data for marketing. The majority of comments were quite scared of the idea of EMR data being used for marketing. Most saw that their could be benefits, but saw it as a slippery slope and we should be careful going down that path. Most wanted an opportunity to opt out from such a policy.

Mark H. Davis offered a little different view in his comment about the need for privacy in this and other healthcare situations. Here’s what Mark said:

And now for a slightly different take…

I have no issues with my hospital using its knowledge of my health situation to provide me with targeted opportunities that might be beneficial. I see it as potentially a positive and proactive outreach. They will need to be sensitive in doing this, however, but in my region, the hospital system is pretty tightly woven into the community, anyhow, and would be rather affected by any backlash. And honestly, sometimes I feel like we make an overblown fuss about health data privacy just because everybody else is making a fuss about it, without stepping back and examining the actual impacts. For example, my mailman, with only slight observation, could easily deduce the health issues my wife, children and I have been treated for. The folks behind me in line at the drug store could do the same. Even most doctor’s offices I visit do a poor job of protecting privacy within the office itself. Just last week, I had to forcibly ignore the conversation taking place in an adjacent examination room. It was easily audible. Anyone who signs in at their PCP can see who has checked in earlier, for what doctor, for what time. Anyone who signs the pharmacist waiver form at the CVS can see who has signed in front of them. The prevalence of OTC meds makes it easier to tell what your fellow shoppers’ ailments are just by looking at their shopping cart. And somehow, we still co-exist. I’m not saying we shouldn’t protect ourselves against a massive data breach that could have dire consequences in the form of identity theft and other fallout. I’m just asking everyone to be honest about how serious they really are about privacy. It’s easy to pick on a hospital system without recognizing other areas where we turn a blind eye.

Mark does a great job articulating how many healthcare situations expose our healthcare data without any major issues. Yet, people tend to get far more worked up over the potential idea of an EMR data breach.

Certainly I’m not advocating for reckless behavior when it comes to healthcare data and securing it properly. We need to make a thoughtful effort to ensure that patient data is kept secure and private. However, let’s be reasonable in our expectations about what’s possible and reasonable.

Bill Gates Talks About Electronic Medical Records and Healthcare

Posted on August 20, 2009 I Written By

From an Interview with Bill Gates of Microsoft. Some of his views about electronic medical records and healthcare. See complete article.

Mr. Gates was also critical of the United States government’s unwillingness to adopt a national identity card, or allow some businesses, like health care, to centralize data-keeping on individuals. “It has always come back to the idea that ‘The computer knows too much about you,’ ” he said. The United States “got off to a bad start” when it comes to using computers to keep data about its citizens, he said. Doctors are not allowed to share records about an individual patient, and virtual doctor visits are banned, he said, which “wastes a lot of money.” The United States “had better come up with a better model” for health care, he said.

I agree and disagree with Mr. Gates. We need more data sharing and more interoperability BUT confidentiality IS an important issue. Just look at how the drug tests became public about Major League Baseball Players when they were PROMISED it would be strictly confidential!!!! I don’t trust big government or big business. Question: How do you tell an attorney or politician or corporate executive are lying? Answer: Their lips or moving or their fingers are typing!

We have to make sure medical information about individuals remains confidential and remains in the control of the individual.

EMR Adoption Higher When Fewer Privacy Laws Exist

Posted on May 9, 2009 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 13 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Everyone knows that HIPAA rules the privacy world of healthcare.  However, each state actually has their own laws governing the privacy of patient data and in particular data stored in an EMR.  I recently came across an interesting study talking about how those states which have fewer privacy laws for patient data actually have higher EMR adoption rates.  Here’s a short section from the article:

State laws in place to protect patients’ confidentiality may be causing some hospitals to be more skittish about adopting electronic medical records systems, a factor that could impede the push for the industry to go paperless, a study says.

Researchers from the Massachusetts Institute of Technology and the University of Virginia recently concluded that state privacy regulations reduce aggregate EMR adoption by between 20% and 30%. States that got rid of some of their regulations experienced a 21% gain in hospital EMR adoption rates around the years the laws changed compared with just an 11% gain in states that kept them intact, said the study.

This is really interesting, because I would have initially just called privacy laws an excuse. However, if this study holds true, then it’s more than just an excuse for why EMR adoption is low. Granted, it’s just one of many that people are using. I also think it’s worth noting that this is talking about EMR adoption in hospitals. I’m not sure most small doctors’ offices really pay enough attention to HIPAA and privacy rules for it to affect their adoption of EMR.