Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

Some Important Tips On Telemedicine Security

Posted on March 22, 2018 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

Recently, WEDI released a paper offering a pretty basic overview of the main categories of telemedicine services. From my standpoint, most of the paper wasn’t that new and exciting, one section had some interesting suggestions worth sharing. While you’ve probably heard some of them before, you probably haven’t seen the full package they shared.

First, WEDI provided some general principles providers should consider when delivering telehealth services, including that all interactions should be conducted through a secure transmission channel and that privacy notices must be displayed or easy to find on the telehealth site. Makes sense but not earthshattering.

Where things got interesting was when WEDI went through its own telemedicine security Q&A. Its feedback on key topics included the following:

  • Make sure you have a policy addressing provider-to-provider disclosures of HIPAA-protected information which is gathered via telemedicine consult.
  • Secure all telemedicine data. Verify and authenticate user identities and their authority levels before patient treatment, possibly through the log-in process. This could include making sure that there’s a one-to-one match with the person logging in to view the data being retained.
  • Set up standards for data storage and retention, as well as establishing policies, procedures and auditability for access, use and transfer of telemedicine-related PHI. Afterward, monitor compliance with those standards.
  • Decide how telehealth data breaches will be handled, and who will be responsible for doing so. Determine who will be notified when a breach occurs, what the timeline is for doing so and who else might need be notified. Also, identify what experts should be part of a breach response process, such as legal, information security and public affairs representatives, and make sure they know what their roles are if a breach takes place.
  • Bear in mind that any technology used for providing telemedicine services needs to be included in your HIPAA risk assessment.

Unless you work for a large organization, you probably won’t dig into security issues this deeply. Particularly if you work for a smaller practice with ten or fewer clinicians, you may end up outsourcing your entire IT function, including security and privacy protection.

However, it’s important to remember that members of your organization are ultimately responsible for any security violations, whether or not a contractor was involved in permitting the breach to happen.

It’s important that at a minimum, you have a security protection and incident response process in place — going well beyond “call the IT consultant” — that protects both patients and your practice from needless health data breaches. As you add telemedicine to the mix, make sure your process embraces that data too.

Fixing Small Stress Inducing Moments Creates Magic

Posted on June 13, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I thought this was a really genius perspective that I heard at the WEDI Annual conference. Or at least it was the thought that was inspired at the conference. I think the speaker was referencing various apps like Uber or Lyft and how they took a whole set of small, individually stress inducing moments and solved them.

Using that example, it was stressful to wonder when the cab would come, it’s stressful to know if the cab will take credit cards, it’s stressful to know if the cab is taking a longer route to make you pay more, etc etc etc. None of these individually was all that stressful but combined they made for a pretty stressful experience. Uber and Lyft were able to look at all of those minor individual stresses and make a great customer experience by removing them.

It’s worth pointing out that these companies likely needed to solve more than one stress for their app to be successful. If they’d only solved one small stress, they likely wouldn’t be as popular today as they have been.

Now let’s apply this to healthcare IT. Ironically, I think many would argue that EHRs have taken a bunch of small stresses and turned them into large stresses. That’s the pessimistic viewpoint. Although, it’s pretty hard to argue that most EHR software has taken the stress out of the medical documentation experience. Is it any wonder that so many doctors hate EHR?

I guess I’m pretty pessimistic that EHR vendors will change and start taking the little stresses out of the healthcare experience. A few EHR vendors have done better than others but most of them are making so much money doing what they’re doing, they’re unlikely to change course. Does that mean we give up hope?

Not me. I’m optimistic about technology’s ability to make healthcare better. I just don’t think it’s going to come from EHR vendors. Instead, it’s going to come from entrepreneurs who do create magical experiences that take the small stresses out of a doctor’s or patient’s day. They may tie into the EHR, but they’ll build it separately.

What do you think? Where have you seen solutions that solve the “small” stresses in healthcare? We could use more “magic”.

Insights from #WEDI25

Posted on May 25, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This week I’ve been spending time at the WEDI annual conference in Salt Lake City. I’ve never been to a conference with a more diverse set of attendees. I’ve really enjoyed the diversity of attendees and perspectives that were at the conference. I was a little disappointed (but not really surprised) that clinicians weren’t part of the event. I understand why it’s hard to get them to attend an event like this, but it’s unfortunate that the physician voice isn’t part of the discussion.

Here’s a quick list of some insights I tweeted during the conference which could be useful to you: