Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

Sending PHI Over SMS

Posted on February 26, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I recently was talking with a doctor who told me about a healthcare communications company called YouCall MD. The doctor liked many of the features that YouCall MD provided. He loved that they would answer your Live Calls, transcribe a message to you and send you that message by SMS. Well, he loved all of it except the part that YouCallMD was using insecure SMS messages to send protected health information (PHI).

I wrote about this before in my post called “Texting is Not HIPAA Secure.” I know that many doctors sit on all sides of this. I heard one doctor tell me, “They’re not going to throw us all in jail.” Other doctors won’t use SMS at all because of the HIPAA violations.

While a doctor probably won’t get thrown in jail for sending PHI over SMS, they could get large fines. I think this is an even greater risk when sending PHI over SMS becomes institutionalized through a service like YouCallMD. This isn’t a risk I’d want to take if I were a doctor.

Plus, the thing that baffles me is that there are a lot of secure text message services out there. Using these services would accomplish the same thing for the doctor and YouCall MD and they wouldn’t put a doctor or institution at risk for violating HIPAA. Soon the day will come when doctors can send SMS like messages on their phones in a secure way and they won’t have to worry about it. I just think it’s a big mistake for them to be using their phone’s default SMS.

Collecting Bills, Wifi Install, Decrease HIPAA Violations, and Cash For Clunker EHR’s

Posted on August 19, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re back once again with our weekly roundup of EMR and health IT tweets. I found some really interesting tweets and a couple responses to tweets or blog posts that I wrote. I think you’ll find them interesting and get some value.

By the way, if you have tweets that you think I should mention in this weekly roundup, be sure to let me know. I’m always on the lookout for great content. Despite what some people believe, I don’t spend all day on Twitter.


Ok, so this link is to what I think is a pretty terrible article. However, the tweet raises a pretty interesting question. Will you need an EHR to be able to do medical billing in the future? I’m sure some would argue that it’s a practice management software that you’ll have to have, but in most cases these two software are coming together. I’m not sure which is which anymore.

My answer to the question is that unless you’re going pure private pay, concierge or some alternative payment model, I think the day will come that you’ll need an EHR. I’m sure this is scary for many doctors to consider.


Doesn’t this tweet get under your skin? I know it does mine. Think about the groundbreaking tech that’s happening long term care: Wi-fi. Welcome to the state of IT in healthcare.


This is a post I did on EMR and HIPAA and it really is as the tweet says. I wish that every healthcare institution did the two items outlined in that post. If they did, a lot less HIPAA violations would occur.


I’m sure most of you saw this post, but I loved Steve Sisko’s extension to the idea of Cash for Clunker EHR’s. All I could do was roll my eyes at the thought. I guess one could argue that with the existing EHR program they decided to pay for a bunch of clunker’s instead of replacing them.

HIPAA Violations Aren’t Happening in SaaS EHR

Posted on June 20, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Micheal Koploy over at Medical Software Advice put together an interesting post that looked at all the HHS breach data. He does a pretty in depth look at the various incidents of breach that occurred and even does a deep dive into the specific EMR related HIPAA breaches that are listed. He then forms an interesting conclusion:

HIPAA Violations Aren’t in the Cloud
Some have said that increasing the number of EMRs make our records more vulnerable. I’d cite the above data to argue otherwise. Paper records and portable devices are the weakest link in HIPAA security. The systems themselves – and certainly cloud-based systems – have a pretty good track record. HIPPA violations aren’t happening in the cloud. Rather, they’re happening in the doctor’s office, hospital IT closets, cars, subways, and homes.

And the statement that cloud-based EMR systems are more vulnerable to security breaches simply isn’t supported by facts. Of course, it remains to be seen if this holds true as more cloud-based systems are deployed. As more physicians move their records to the cloud, the opportunity for breaches will increase.

If my doctor asked me how to ensure patients’ data is secure, I would offer the following: go to the cloud. Web-based EMRs eliminate the most common security risks because there aren’t physical files to be compromised. And no matter your system, it’s essential to train your staff on the necessary security measures to ensure patient privacy is a systematic imperative

I think he makes a good point about it possibly being too early to really know how many cloud based SaaS EHR companies are going to have breaches. I also think it’s fair to consider that when those do happen, they’re going to be big breaches. They won’t just be a few records that are breached, but a whole bunch. Although, this is true for any electronic medical record HIPAA breach as compared with a paper chart HIPAA breach.

The other thing I can’t help but wonder is if there are more breaches with cloud EHR software, but we just don’t know that their happening. Although, that goes against the common thinking that EHR software does a much better job of tracking breaches than a paper chart. Your digital fingerprints are all over a digital chart and can be reported on quite easily. It’s a little harder to track the inappropriate fingerprints on a paper chart.

All in all, I’d have to agree with Michael and his assertion that we’re likely to see many fewer EHR breaches from a SaaS or cloud based EHR company than we will see from all the in house EHR software. In an in house system, the EHR company can just blame the clinic for the breach (in most cases). In a SaaS based EHR system, a HIPAA breach would have a much more damaging effect on the future sales of that EHR company. So, they’re more likely to put in the effort needed to avoid such breaches.