Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

Hospital Competition Hinders HIE – Some Solutions to the Problem

Posted on July 31, 2012 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In response to my post about the Real HIE Problem, Tim Dunnington provided this powerful insight into a major challenge that are faced by HIEs. However, more importantly, Tim provided some suggestions on how to solve the problems.

I work for an HIE system vendor, ICA. One of the challenges we see our HIE’s face is FUD (Fear, Uncertainty and Doubt) around sharing patient data. The fear arises in sharing data with other participants that are direct competitors. The competition between participants can lead some participants to refuse to share “their” patient data with other participants, creating complex sharing rules based on these relationships, and meaning that the view of a patient’s record will change depending on what facility you happen to be in. This results in the patient’s medical record not being complete. The patient, meanwhile, is not aware of these nuances and is not aware that their record is incomplete due to these competitive issues. I can’t say we have an answer as to how to solve this, but it’s definitely a potentially large roadblock, larger I think that EMR adoption itself.

I would say in response to these issues:
* The EMR determines what data is shared, so you (as a customer of the EMR) should have some control over what exactly is shared and when
* The HIE will not by any means have a “complete dump’ of your database; the EMR sends out a limited amount of data about the patient or the encounter
* The interoperability standards are set up to keep participants from attempting what I call “patient surfing,” keeping the availability of data to those patients for which you have an established relationship. This means that your competition cannot simply download every one of your patient records, as they have no access to a means to query for all your patients.
* Auditing and regulatory measures ensure that attempts to access records for purposes other than direct patient care are caught and properly sanctioned.

I’d love to hear your thoughts and perspectives on the challenge of data sharing in a HIE. Do you think that Tim’s suggestions are good?

EMR Data Theft Returns!

Posted on August 8, 2011 I Written By

Dr. West is an endocrinologist in private practice in Washington, DC. He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC in 2009. He can be contacted at

My August 3rd post Data breaches and EMRs: bad guys or just dumb mistakes? discussed my skepticism about the DEFCON level we need to have regarding EMR and EHR.  I found it eyebrow-raising when Reuters was quick to distance itself from the author at the beginning of her article The road to electronic health records is lined with data thieves, which I have not often seen in EMR and EHR blogs.  After I read through it, I began to think that maybe the disclaimer had to do with the content of the post.  This story was a bit more interesting than Digitized medical records are easy prey, but all is not lost, the topic of my August 3rd commentary, in that it really highlighted more of the paranoia and fear about what could be rather than what probably will be.  I’ve also said in previous posts that it’s not that I believe electronic medical records are going to be completely secure and HIPAA compliant under all circumstances.  However, the following excerpts from the Reuters post drove me nuts with all the fear mongering that was clearly promoted.

Setting an epic tone for her piece, Constance Gustke begins discussing “The future of your personal health information…” and“gigantic Internet-driven databases”.  The rest of her post includes the following comments.  I admit they’re a bit voluminous, but the quotability here was difficult to resist.

“the data being stored is sensitive and so far it isn’t very secure,”

“… access explodes”.

“data breaches can have harmful effects, including medical discrimination.”

“we can’t see who uses our electronic records,” “And they can be back-door mined.”

“only 10 percent of all hospitals lock down their data”  “HHS investigations have found… dozens of data breaches… in New York, California, Illinois, Texas, Massachusetts, Georgia and Missouri.”

“patients can put their information at risk at home, too, using unsafe computers that may not be secure”

“wild west in terms of how data flows,”  

“Assets are roaming on the open ranges.  And the rustlers are out foxing us all.”

“identity thieves and other fraudsters”  

“Medical records are a gold mine of personal data, including Social Security numbers,”  “financial and medical information.”  “It shows everything about you.”

“Even more dangerous, stolen medical data can damage your healthcare.  There could be more healthcare discrimination,”

“government regulation is weak.” “doesn’t offer enough protections”  “no system can completely track access”.

“Currently, there are 281 cases listed, including hospitals, doctors and insurance companies that reported large data thefts, losses and other breaches. For example, HHS found that Massachusettes Eye & Ear Infirmary and Kaiser Permanente Medical both had medical data thefts.”

But which were cases of electronic theft that actually required hacking?  Which ones were specifically due to the fact that the records were stored on an EMR or EHR system and then electronically stolen?  This is to me perhaps the most important question, since without true electronic crime, a lot of the gusto cited above tends to be less grounded.  She doesn’t stop with EMRs, but rather goes on to warn, “Right now, portals put more information at risk.”  Okay, okay…  I think I get the message.

Dr. West is an endocrinologist in private practice in Washington, DC.  He completed fellowship training in Endocrinology and Metabolism at the Johns Hopkins University School of Medicine. Dr. West opened The Washington Endocrine Clinic, PLLC, as a solo practice in 2009.  He can be reached at