Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

eClinicalWorks Warns Users About Patient Safety Risks

Posted on December 21, 2016 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

EMR vendor eClinicalWorks has issued a warning to users about “potential patient safety risks” in its software, a very unusual step which is almost unheard of from vendors in this market.

If there are any meaningful care problems that could occur by using the company’s software, they could have a broad impact. According to the vendor, 115,000-odd physicians use its software, 850,000 healthcare professionals and 70,000 facilities.

Unlike many such announcements by software vendors – which typically identify, say a security vulnerability or a newly-identified bug – the press announcement on the topic is rather broad. In its press release on the subject, eClinicalWorks summarizes its goals as follows:

eCW is making this announcement to ensure that all participants in the healthcare process – clinicians, pharmacies, and patients and their family members or caregivers – are aware of key patient safety risks and are focused on the roles they can play in minimizing those risks.

But there’s certainly more. In what comes across as exasperation with providers who aren’t keeping up with advisories, eCW asks its users to implement software upgrades needed to address problems with medication management, electronic prescribing and the process of ordering tests and procedures.

Specifically, eCW notes that it needs providers to install upgrades issued back in December of last year. It also pleads with doctors to upgrade their eCW to the latest version of their software, which it issued in July of 2016, as well as asking users to upgrade to the most current version of the Multum or Medispan drug databases.

In addition to making these technical requests, eCW makes several operational suggestions, including that users should read every patient safety notice, designate a patient safety officer to serve as eCW liason, and asks providers to confirm order accuracy as well as training patients to do the same. It also urges providers to follow appropriate steps for modifying medications and to take special care with custom medications.

Then, in a particularly unusual move, the press release also speaks directly to patients, advising them to be educated about their care, to know their medications and orders and to confirm that tests performed are the right ones and med orders are accurate.

It remains to be seen how effective eCW’s public awareness strategy will be. After all, if your end users are so recalcitrant that they don’t bother to keep their critical software up to date, neither pleading nor shaming them is likely to do the trick. Plus, many users don’t upgrade EHR software because there’s a cost to upgrade the software (Not sure if eCW’s upgrades are free or not).

That being said, doctors using eClinicalWorks will have virtually no excuse they can offer if a patient is harmed by software they were privately and publicly warned to update. If its customers figure this out, perhaps fear of med mal litigation will achieve eCW’s purpose after all.

E-Patient Update: The Smart Medication Management Portal

Posted on December 16, 2016 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

As I work to stay on top of my mix of chronic conditions, one thing that stands out to me is that providers expect me to do most of my own medication tracking and management. What I mean by this is that their relationship to my med regimen is fairly static, with important pieces of the puzzle shared between multiple providers. Ultimately, there’s little coordination between prescribers unless I make it happen.

I’ve actually had to warn doctors about interactions between my medications, even when those interactions are fairly well-known and just a Google search away online. And in other cases, specialists have only asked about medications relevant to their treatment plan and gotten impatient when I tried to provide the entire list of prescriptions.

Sure, my primary care provider has collected the complete list of my meds, and even gets a updates when I’ve been prescribed a new drug elsewhere. But given the complexity of my medical needs, I would prefer to talk with her about how all of the various medications are working for me and why I need them, something that rarely if ever fits into our short meeting time.

Regardless of who’s responsible, this is a huge problem. Patients like me are being sent with some general drug information, a pat on the back, and if we experience side effects or are taking meds incorrectly we may not even know it.

So at this point you’re thinking, “Okay, genius, what would YOU do differently?” And that’s a fair question. So here’s what I’d like to see happen when doctors prescribe medications.

First, let’s skip over the issue of what it might take to integrate medication records across all providers’s HIT systems. Instead, let’s create a portal — aggregating all the medication records for all the pharmacies in a given ZIP Code — and allow anyone with a valid provider number and password to log in and review it.  The same site could run basic analytics examining interactions between drugs from all providers. (By the way, I’m familiar with Surescripts, which is addressing some of these gaps, but I’m envisioning a non-proprietary shared resource.)

Rather than serving as strictly a database, the site would include a rules engine which runs predictive analyses on what a patient’s next steps should be, given their entire regimen, then generate recommendations specific to that patient. If any of these were particularly important, the recommendations could be pushed to the provider (or if administrative, to staff members) by email or text.

These recommendations, which could range from reminding the patient to refill a critical drug to warning the clinician if an outside prescription interacts with their existing regimen. Smart analytics tools might even be able to predict whether a patient is doing well or poorly by what drugs have been added to their regimen, given the drug family and dosage.

Of course, these functions should ultimately be integrated into the physicians’ EMRs, but at first, hospitals and clinics could start by creating an interface to the portal and linking it to their EMR. Eventually, if this approach worked, one would hope that EMR vendors would start to integrate such capabilities into their platform.

Now I imagine there could be holes in these ideas and I realize how challenging it is to get disparate health systems and providers to work together. But what I do know is that patients like myself get far too little guidance on how to manage meds effectively, when to complain about problems and how to best advocate for ourselves when doctors whip out the prescription pad. And while I don’t think my overworked PCP can solve the problem on her own, I believe it may be possible to improve med management outcomes using smart automation.

Bottom line, I doubt anything will change here unless we create an HIT solution to the problem. After all, given how little time they have already, I don’t see clinicians spending a lot more time on meds. Until then, I’m stuck relying on obsessive research via Dr. Google, brief chats with my frantic retail pharmacist and instincts honed over time. So wish me luck!

Artificial Intelligence Can Improve Healthcare

Posted on July 20, 2016 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

In recent times, there has been a lot of discussion of artificial intelligence in public forums, some generated by thought leaders like Bill Gates and Stephen Hawking. Late last year Hawking actually argued that artificial intelligence “could spell the end of the human race.”

But most scientists and researchers don’t seem to be as worried as Gates and Hawking. They contend that while machines and software may do an increasingly better job of imitating human intelligence, there’s no foreseeable way in which they could become a self-conscious threat to humanity.

In fact, it seems far more likely that AI will work to serve human needs, including healthcare improvement. Here’s five examples of how AI could help bring us smarter medicine (courtesy of Fast Company):

  1. Diagnosing disease:

Want to improve diagnostic accuracy? Companies like Enlitic may help. Enlitic is studying massive numbers of medical images to help radiologists pick up small details like tiny fractures and tumors.

  1. Medication management

Here’s a twist on traditional med management strategies. The AiCure app is leveraging a smartphone webcam, in tandem with AI technology, to learn whether patients are adhering to their prescription regimen.

  1. Virtual clinicians

Though it may sound daring, a few healthcare leaders are considering giving no-humans-involved health advice a try. Some are turning to startup, which offers a virtual nurse, Molly. The interface uses machine learning to help care for chronically-ill patients between doctor’s visits.

  1. Drug creation:

AI may soon speed up the development of pharmaceutical drugs. Vendors in this field include Atomwise, whose technology leverages supercomputers to dig up therapies for database of molecular structures, and Berg Health, which studies data on why some people survive diseases.

  1. Precision medicine:

Working as part of a broader effort seeking targeted diagnoses and treatments for individuals, startup Deep Genomics is wrangling huge data sets of genetic information in an effort to find mutations and linkages to disease.

In addition to all of these clinically-oriented efforts, which seem quite promising in and of themselves, it seems clear that there are endless ways in which computing firepower, big data and AI could come together to help healthcare business operations.

Just to name the first applications that popped into my head, consider the impact AI could have on patient scheduling, particularly in high-volume hostile environments. What about using such technology to do a better job of predicting what approaches work best for collecting patient balances, and even to execute those efforts is sophisticated way?

And of course, there are countless other ways in which AI could help providers leverage clinical data in real time. Sure, EMR vendors are already rolling out technology attempting to help hospitals target emergent conditions (such as sepsis), but what if AI logic could go beyond condition-specific modules to proactively predicting a much broader range of problems?

The truth is, I don’t claim to have a specific expertise in AI, so my guesses on what applications makes sense are no better than any other observer’s. On the other hand, though, if anyone reading this has cool stories to tell about what they’re doing with AI technology I’d love to hear them.

mHealth App-makers Must Develop Privacy, Security Standards

Posted on November 30, 2015 I Written By

The following is a guest blog post by Jon Michaeli, Executive Vice President of Medisafe

In recent times, consumers have developed a rapidly-growing interest in mobile health apps. In fact, more than half of the 1,600 mobile phone users surveyed recently by a New York University research team had downloaded at least one such app. And signs suggest that user uptake of mHealth apps could grow dramatically over the next few years.

But consumers’ adoption of mobile health apps is being held back by concerns that their health data isn’t safe.  Nearly half of consumers surveyed told Healthline that they’re afraid hackers may try to steal their personal health data from a wearable, and one-quarter of respondents said that they don’t believe app or health tracking data is secure.

We believe that it’s time for mHealth app developers and vendors to take a stand on mobile health data privacy and security. Consumers have the right to exchange private health data securely, and to be sure that data is never stolen or shared with unauthorized parties.

But until we develop industry-wide standards for protecting mobile health data, it’s unlikely that we’ll be able to do so. To make that happen, we welcome the creation of a broad industry coalition to create these standards.

Security fears justified

Concerns over the security and privacy of mHealth data are well-founded. Less than one-third of the 600 most commonly-used mHealth apps have privacy policies in place, according to recent research published in the Journal of the American Medical Informatics Association. Another study, by HIMSS, suggests that health IT leaders are just beginning to scope out their mobile health security strategies.

Worse, some practices engaged in by app developers pose a clear risk to users’ health data. For example, some health apps use a Social Security number as a “secure” user method of validating user identity. Unfortunately, Social Security numbers are often stolen during hacking exploits, and they’re fairly easy to buy online. Thieves have a powerful incentive to steal SSNs, as health data now sells for 10 times the prices of credit card numbers.

Once SSNs are obtained by the wrong party, the results can be catastrophic. If I obtain a user’s SSN and download their claims data, I might find out that they, for example, take meds used to treat psychiatric conditions or HIV. Malicious parties could conceivably use this information to blackmail someone, expose them at work or in the community, outflank them during a divorce or worse. There’s a reason that SSNs sell for 10 times the price of a stolen credit card number on the black market.

Not only that, even among those who post privacy policies, few app developers make it clear how they address privacy issues. Developers often fill their policy write-ups with jargon and deceptive language. And few consumers are informed enough to demand plain, straightforward disclosures in areas that may affect them. For example, they may not be aware that their privacy could be compromised if the app pulls data from outside sources without requiring an additional login and password.

Those opaque privacy policies may also conceal questionable data-sharing practices, such as the sale of personal data. If individually-identifiable data gets shared with the insurance industry, insurers might use this data to reject applications for coverage. Pharmaceutical companies could leverage this data to market meds to such consumers. Employers could even buy such data to screen out sick applicants. The possibilities for harm are great.

Time for mHealth security standards

Fortunately, mHealth vendors that want to boost security and privacy protections don’t have to start from scratch. Practices and standards already in place in healthcare IT departments provide a good foundation for mHealth app developers. Certainly, consumers need to play a role in protecting their own health information, by taking a responsible and smart approach to app use, but we have obligations too.

First, we should assume that any mHealth app must meet HIPAA standards for protecting patient health information (PHI). Requirements include making sure users are who they claim to be (authentication), seeing that PHI isn’t altered prior to reaching its destination, and assuring that data is encrypted at rest, in transit and when stored on independently-managed servers.

Also, if PHI is being exchanged, mHealth developers must be sure that any third-party apps integrated into our health app also meets HIPAA requirements. And we need to verify that compliance. If connected third parties are compromised, the app isn’t secure either.

But above all, our industry needs to establish privacy and security standards that meet the unique needs of mobile health environment, standards which evolve as mHealth changes. I believe it’s high time that the mobile health industry leaders collaborate and create these standards. Otherwise, we may fail in our ethical obligations and do lasting damage to consumer trust. We invite other mHealth app vendors and their partners to join us in collaborating to protect consumers.

Jon Michaeli is Executive Vice President of Medisafe (, a cloud-synched platform which helps consumers manage their medications.

Innovative Collaboration on Medication Management and Community Resources

Posted on April 23, 2015 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site ( and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Although experts agree that the future of health is coordinated care, it is sorely lacking in the US health care system now. This article focuses on the single, relatively simple issue of medication management. Patients are prescribed barrels of pills, but there is little coordination other than looking for contra-indications and drug interactions–and these often suffer from the caretaker’s not knowing the patient’s full complement of drugs.

Sandra Raup, president of Datuit, points out that all kinds of subtleties get lost when patients are simply told how often to take a medication. For instance, if medications are spaced out throughout the day instead of being being taken all at once when we remember to take them (as so many people do), they may be absorbed more effectively and tolerated by the body. Patients–especially those with lower incomes and less education, who are more likely to be on multiple medications in the first place–need all sorts of support.

Here we come to an interesting twist: coordinated care does not have to be initiated by doctors. Given the doctor shortage and the forces keeping clinicians from adopting new models of treatment, other professionals can take on the long-term goals of improving patient health.

In a pilot ramping up in a residence for low-income seniors and the disabled in Maryland, Connected Health Resources is working with Alfa Specialty pharmacy using its Community Health Gateway to help patients straighten out their medications and keep to their schedules. This works because the pharmacy is in a somewhat unusual position: they have supported this community for some time and have built relationships with patients informally. The Gateway pilot has created a service, using Datuit’s SafeIX public API, that can potentially fulfill these needs with less work on the pharmacist’s part. The service is designed for easy navigation by the patients and their family caregivers, making it attractive to the patients and the pharmacists.

Connected Health Resources logo

The SafeIX Platform is designed using modern programming technologies to integrate data from multiple sources (including EHRs and HIEs) into a patient record for both patients and healthcare providers to use, based on their rights to access and share it. In the Gateway implementation, the pharmacist uses the SafeIX Platform to receive CDA documents from the HIE and to auto-assist medical data reconciliation between the various documents.

This information, along with the pharmacist recommendations, are organized into a daily medication calendar using an application from Polyglot Systems Incorporated, a company that offers medication regimen summaries in 18 languages. Low health literacy and the estimated 50 million people who do not speak English at home result in many patients not understanding their medication instructions. The plain language and multilingual, easy-to-use daily calendar can make the difference between understanding and total confusion.

Datuit’s SafeIX Platform uses interoperability standards (including, in test mode, the next-generation FHIR standard) to create a patient record that can show patients everything seen by multiple clinicians and allow a patient’s self-selected care team to view and add to a shared care plan. Datuit is encouraging app developers to build mobile apps for SafeIX that would prompt patients to take medications and record whether they did so, but that’s outside the scope of the pilot. There are plenty of challenges just fulfilling the tasks they have already taken on.

First, Connected Health Resources has to break down the clinical data silos that make it difficult for patients to collect their information. According to co-founder Shannah Koss, Maryland has a relatively advanced Health Information Exchange (HIE) called CRISP. However, it is defined as a provider-to-provider exchange, so it was only after a long-term relationship and negotiation that Connected Health Resources could collect medical data on behalf of the patients. This is the first time CRISP has allowed data to be retrieved for a patient-facing organization that is not a provider.

When enrolling, the patient gives the Gateway permission to get data through CRISP. Family and friends can be invited by patients to be part of their health community and enroll in the Gateway. The invitation includes a unique code that allows the Gateway to securely share records and help with health and social services navigation. If the patient wants help or is incapable of managing the medication list, a caregiver can do so.

CRISP transmits data primarily from hospitals. To round out a more comprehensive listing of medications from clinics and other healthcare providers, CRISP has enabled the ability to query Surescripts, which provides prescription fill data from chain pharmacies and pharmaceutical benefit management companies.

Pilot participants authorize the Gateway and the Alfa pharmacists to access their medication information and maintain, share, and augment the information in the secure SafeIX Platform. The CRISP data gives more complete medication records for the pilot participants. CRISP also provides an event notification system that let’s the pharmacist know whether a patient has been admitted to a hospital or visited the emergency department. These types of transition are precisely when medications get changed, but the clinicians at those crucial junctures often don’t know all of a patient’s current medications.

Finally, over-the-counter (OTC) medications can play an important role in a patient’s care. This has to be added to the daily calendar. The Alfa Pharmacist is helping round out the complete medication picture by working with the patient and family to identify OTC medications, supplements, and the medications that are actually being taken through the medication therapy management (MTM) program. The Gateway provides the means for everyone to better understand and manage the medicines for the best outcomes.

Further, the Gateway Community Resource Finder has enabled information about important resources such as transportation, meal delivery, social services, and home nursing. The MTM pharmacist knows that patients without food or transportation to their physicians cannot adequately manage their health or medications. The underlying SafeIX Platform also allows the Gateway to offer secure messaging that looks like email and lets the pharmacist, patient, friends, and family exchange messages about the patient’s care.

Traditional EHRs don’t accommodate treatment plans of the specificity designed by the pharmacy for patients in the pilot. This is where Datuit is pushing the EHR to new horizons: its SafeIX Platform helps multiple clinicians (including long term care providers), patients, and family caregivers contribute data. For example, patients can enter their own healthcare problems, such as fear of falling. The patients, families, and clinicians can then add interventions to address them.

Like other new organizations I’ve spoken too in health care, Connected Health Resources has grand plans beyond the current pilot. They are taking it slow, because Koss believes personal health records (PHRs) have tried to do too much at once and have overwhelmed their users with too many possibilities. But she would like Connected Health Resources to grow in response to what patients and families say they need. The Gateway tools already include the ability to generate multi-lingual discharge instruction from Polyglot. The initial pilot purposefully focuses on the more narrow scope of medications along with the health and social services support. The next step will be to engage hospitals to provide the plain language multi-lingual discharge instructions.

Chronic care ultimately goes beyond medications to things supported by a patient-centered medical home (PCMH), community health workers, and the many community-based service providers. The Gateway in partnership with the Datuit SafeIX Platform are poised to allow all participants identified by the patient and families to contribute to and be part of their health community.