Symantec Launches Hosted Medical Image Archiving and Sharing

2017-07-27T00:01:09+00:00 August 12th, 2010|Uncategorized|

Symantec offers healthcare providers hosted solutions to reduce storage costs and streamline medical image sharing

Symantec Corp. (Nasdaq: SYMC) announced Symantec Health, a new hosted medical image archiving and sharing solution for healthcare providers, that helps lower storage costs and provides secure, Web-based image sharing for non-affiliated hospitals and physicians. The new Symantec Health Safe solution consists of two components: Symantec Health Safe and Symantec Health Image Share.

With medical images increasing in volume and density and longer retention periods occurring, storage costs are growing exponentially. Many IT organizations struggle to accurately budget and fund on-site storage. Symantec Health Safe addresses the high cost of storage by providing affordable capacity on-demand and business continuity.

“Health IT executives continually cite the soaring costs associated with medical image storage as one of the biggest challenges they face,” said Lori Wright, vice president and general manager of the Electronic Health Group at Symantec. “Symantec’s security and storage management expertise and its leading Software as a Service portfolio are key reasons why many healthcare industry leaders trust Symantec to deliver these new hosted offerings in a cost-effective and secure way.”

According to Rick Schooler, vice president and chief information officer of Orlando Health, a 1,800 bed hospital system in Orlando, FL, “Symantec has been able to create an affordable alternative to onsite storage to help reduce image archiving costs and capital expenses while enhancing business continuity. A key advantage of Symantec Health is its surprisingly quick deployment and integration with the existing Picture Archiving and Communication System (PACS).”

In addition, Symantec Health Image Share enables healthcare providers to confidently share images and reports with non-affiliated hospitals and physicians over the Internet, reducing the inconvenience and costs associated with CDs and DVDs used in many organizations today.

“Symantec offers secure image sharing that is like a social network for healthcare—one clinician can invite another clinician to view images without having to implement complex interfaces,” said Dr. John Halamka, chief information officer of Beth Israel Deaconess Medical Center in Boston, MA.

Key features and benefits of Symantec Health solutions include:

Symantec Health Safe:

  • Affordable and reliable storage to accommodate the growing number and size of medical images
  • Capacity on demand and business analytics to provide budget predictability and control
  • Business continuity to ensure that medical images are secure and available in the event of a business disruption, a disaster or a security breach

Symantec Health Image Share:

  • Ability for non-affiliated clinicians to search, view and download images with a physician-friendly Web interface
  • Secure provider-to-provider image sharing to streamline clinical operations, reduce re-imaging, and enable hospital outreach for expanding the referral network

 

Source: Symantec.com

Symantec Launches Hosted Medical Image Archiving and Sharing

2017-07-27T00:01:11+00:00 March 23rd, 2010|Uncategorized|

Symantec Corp. (Nasdaq: SYMC) announces Symantec Health, a new hosted medical image archiving and sharing solution for healthcare providers, that helps lower storage costs and provides secure, Web-based image sharing for non-affiliated hospitals and physicians. The new Symantec Health Safe solution consists of two components: Symantec Health Safe and Symantec Health Image Share.

With medical images increasing in volume and density and longer retention periods occurring, storage costs are growing exponentially. Many IT organizations struggle to accurately budget and fund on-site storage. Symantec Health Safe addresses the high cost of storage by providing affordable capacity on-demand and business continuity.

 

“Health IT executives continually cite the soaring costs associated with medical image storage as one of the biggest challenges they face,” said Lori Wright, vice president and general manager of the Electronic Health Group at Symantec. “Symantec’s security and storage management expertise and its leading Software as a Service portfolio are key reasons why many healthcare industry leaders trust Symantec to deliver these new hosted offerings in a cost-effective and secure way.”

 

According to Rick Schooler, vice president and chief information officer of Orlando Health, a 1,800 bed hospital system in Orlando, FL, “Symantec has been able to create an affordable alternative to onsite storage to help reduce image archiving costs and capital expenses while enhancing business continuity. A key advantage of Symantec Health is its surprisingly quick deployment and integration with the existing Picture Archiving and Communication System (PACS).”

 

In addition, Symantec Health Image Share enables healthcare providers to confidently share images and reports with non-affiliated hospitals and physicians over the Internet, reducing the inconvenience and costs associated with CDs and DVDs used in many organizations today.

 

“Symantec offers secure image sharing that is like a social network for healthcare—one clinician can invite another clinician to view images without having to implement complex interfaces,” said Dr. John Halamka, chief information officer of Beth Israel Deaconess Medical Center in Boston, MA.

 

Key features and benefits of Symantec Health solutions include:

Symantec Health Safe:

  • Affordable and reliable storage to accommodate the growing number and size of medical images
  • Capacity on demand and business analytics to provide budget predictability and control
  • Business continuity to ensure that medical images are secure and available in the event of a business disruption, a disaster or a security breach

Symantec Health Image Share:

  • Ability for non-affiliated clinicians to search, view and download images with a physician-friendly Web interface
  • Secure provider-to-provider image sharing to streamline clinical operations, reduce re-imaging, and enable hospital outreach for expanding the referral network

Symantec Health Safe is currently available, and Symantec Health Image Share is expected to be available in the coming weeks.

Source: Symantec

E-Medical Records: 10 Steps To Take Now

2010-03-11T14:51:52+00:00 March 11th, 2010|Uncategorized|

Don’t wait for the government to finalize meaningful use requirements. Here’s how to jump-start your health IT efforts.

The federal government’s $20 billion-plus healthcare IT stimulus program has more hospitals and doctors than ever planning to implement e-medical record and other health IT systems. But many healthcare providers have put plans on hold as they wait for the government’s final “meaningful use” rules that will determine which types of systems are eligible for reimbursements.

“I’ve been in this industry for 25 years, and I’ve never seen as much anxiety and confusion,” said Dr. Mark Leavitt, chairman of the Certification Commission for Health IT. Leavitt spoke with Informationweek at the Healthcare Information Management Systems Society (HIMSS ) conference in Atlanta Tuesday.

Despite all the uncertainty, there are steps providers can take now that will help them jump-start system deployments once the final rules are issued later this spring. Here are 10 top ones:

1) Get buy-in and sponsorship from your organization’s top leadership, including influential clinicians and the CEO. “Solicit your leadership team and actively communicate with upper management,” said Curt Kwak, CIO of the western region of Providence Health & Services, a provider that serves Washington, Oregon, Montana, California, and Alaska.

Support from the top is critical, especially when convincing users to give up old work habit and processes. Make sure everyone understands your goals, such as how the new systems will improve quality of care.

2) Decide how you’ll fund the project–remember stimulus dollars don’t start flowing until 2011. Some EMR vendors are offering interest-free loans for the upfront costs related to the purchase of these systems. Also consider applying for federal, state, and private grants. And some hospitals are offering free EMR software to doctors under the relaxed federal Stark rules.

3) Start evaluating your workflow and processes. Figure out what steps you’re doing now waste time and money, and can be eliminated with the new system. “Health IT is truly a magnifying glass, you’ll see all your flaws,” said Florence Chang, senior VP and CIO at MultiCare, a Tacoma, Wash., hospital network. “Decide what steps don’t add value.”

4) Find out where key information resides in your organization. For instance, is information on patients’ allergies in paper charts or computerized files? Start collecting information on how many prescription drug orders your doctors put through, and how they do those orders–paper, fax, or phone-in. You’ll need this data later to measure your organization’s meaningful use of electronic ordering, said Mike Wilson, senior IT director of clinical systems at Compuware.

5) Look at EMR and other health IT products for the ones that fit your organization’s needs. Consider products that have a good shot at attaining meaningful use certification, like those already approved by the Certification Commission for Health IT, or software from vendors that are offering meaningful use compliance guarantees.

6) If you’re not ready for a big bang approach to EMRs, consider modular software and components that let you add functionality in increments. “Look at the entire puzzle for what pieces fit now, and what can fit later,” Providence Health & Services’ CIO Kwak said.

7) Determine whether you have the resources and staff to handle an on-site system–both to implement it and keep it running. If not, then maybe a hosted model makes more sense. If you need to recruit talent, figure out the skills you’ll need and get going.

8. Get your infrastructure ready to deal with new systems. For instance, can it handle computerized physician order entry? If not, what foundation can you start laying, said Avery Cloud, VP and CIO of New Hanover Health Network, a health care organization in Wilmington, N.C.

9) If you were already planning or implementing health IT systems prior to the HITECH legislation passing in February 2009, don’t change things now. Don’t divert your original plans because meaningful use deadlines are compressing the timeframe, said Kwak.

10) Finally, don’t jump into poorly thought out health IT plans just to try getting the stimulus rewards. “Don’t do it just for the money,” said Wilson. “It’s like having a baby just for the tax break.”

Source: By Marianne Kolbasuk McGee,  InformationWeek
March 3, 2010
URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=223101301

Endpoint Virtualization for Healthcare Providers

2017-07-27T00:01:12+00:00 January 15th, 2010|Uncategorized|

It’s one of the more vexing challenges in healthcare.CB051669
Every day, doctors, nurses, case managers, and other hospital workers need quick and reliable access to key applications. And because they’re continually on the move, they need to be able to go to any workstation or kiosk to call up a particular application. But all too often they can’t get access because of problems inherent in the delivery of specific and proprietary healthcare applications and complexities managing the client system environment.
What if applications, and even the entire desktop, were able to follow these roaming users and be accessed from virtually any device? What if there was a much easier way for users to work in an increasingly digital environment, where Computerized Physician Order Entry (CPOE) and Electronic Medical Records (EMR) are becoming commonplace?
This article looks at how centralized data management and endpoint virtualization can help physicians and clinicians, as well as IT staff, work more productively and securely.

The frustration factor

The access challenges that physicians and clinicians routinely face today can be daunting, to say the least.

  • Password problems: It’s easy to forget which passwords to use for which applications, and when to reset passwords. Calling the helpdesk for assistance can take up valuable time.
  • Application access and printing confusion: When using another workstation, or returning to the kiosk they were using earlier in the day, doctors and other users have to find the right application and navigate back to the place where they left off. This can be frustrating and time-consuming, particularly if the user moved to a different workstation that has a different user interface. Printing can also turn into a hassle for roaming users. They may not know which printer is used by a particular workstation. Or a printer may not be located nearby.
  • Remote access issues: When working remotely, users may not be able to reliably connect to the network and access the applications they need. And when they connect, the desktop may be different from what it is at the hospital. Even more frustrating, remote connections are often unreliable, dropping users in mid-session.
  • Inability to use computing resources: Some guest users, such as candy stripers and vendors, can’t use computing resources for basic functions because they aren’t authorized for the corporate network.

The IT challenges

Now let’s look at access from the point of view of the IT department. Since hospitals never close, IT has to ensure continual, reliable access every hour of every day. And there’s no shortage of challenges in making that happen:

  • Desktop management: Clinicians often share workstations in a kiosk-like fashion, and it’s not unusual for a single workstation to be used by dozens of people in a single day. Many times, hospital workers also need to access applications and patient data from different client devices. To enable device-to-device roaming and kiosk capabilities, IT must apply the highest-common denominator to every workstation. This means setting up and maintaining each workstation with all of the applications users might need, and making sure each workstation has the computing power to handle all of these applications. That’s not an efficient use of resources.
  • An inundated help desk: When a user doesn’t know how to find the local printer, it means another call to the help desk. And when users can’t remember their passwords or haven’t reset them, the help desk has to walk them through the process. To save time, people end up using other workers’ passwords instead of contacting the helpdesk. Shared passwords not only violate HIPAA mandates, they also hinder identity management initiatives.
  • Remote access issues: Enabling remote access is a must for most healthcare facilities, but addressing VPN connectivity issues can become a time-consuming chore for the IT staff.

The promise of centralized management

Symantec believes that many of these challenges can be addressed by taking a centralized approach to the management of data, which makes information more easily accessible to both healthcare providers and IT personnel. With a centralized management approach, care providers in different geographical locations can access the same applications and information simultaneously no matter where they are. This increases efficiency and productivity, while enabling providers to respond more quickly and improve quality of care.

By employing centralized management, hospitals can reduce IT costs and response times while increasing user satisfaction and security. Password management is easier, and password security is actually increased, for example, as is reporting and auditing for regulatory compliance issues. Access to patient information does not rely on the availability of a single workstation. When a particular endpoint becomes unavailable, the information remains accessible elsewhere.
Centralization also strengthens data security procedures for healthcare providers and networks. Hospitals typically use an open architecture in which users who are not employed by the hospital are constantly entering and leaving the environment. Although each endpoint may have security measures installed, the responsibility for updating and maintaining those measures today lies with the owner of the endpoint. Central management of data and applications strengthens this model by ensuring protection regardless of any security measures implemented on endpoints.

The promise of endpoint virtualization

There is an additional technology solution that can streamline the way healthcare organizations provide access to key applications: endpoint virtualization. While many organizations are already familiar with server virtualization, endpoint virtualization may be a new concept for them.

Endpoint virtualization in this context refers to the ability to provide a portable computing experience across a broad range of computing environments. The promise of endpoint virtualization lies in improving the end-user experience while helping to lower the cost of managing endpoint devices.
For clinicians, endpoint virtualization offers access to the user’s personalized workspace (desktop and applications) from any device (networked or remote) via a single authentication method. If physicians are able to authenticate to a network with a single sign on, rather than authenticating from each endpoint they use throughout the day, they can access applications from any networked or remote device.
Endpoint virtualization supports a clinical work environment by allowing the shared use of devices through rapid desktop switching and the ability to roam from one device to another while maintaining the active state of the desktop. Users can print locally even when roaming, eliminating the hassle of tracking down printers. And for physicians working remotely, their personalized workspace looks and acts exactly as it does when they’re in the hospital.
For IT professionals, endpoint virtualization enables IT to centrally manage all users, workstations, and applications, simplifying IT efforts to provision applications and updates to users. By intelligently allocating computing resources based on user class profiles, IT can optimize these resources. IT staff no longer need to apply the “highest common denominator” to every workstation.
In addition, by centralizing control of password management and enabling single sign on, IT can more quickly and easily resolve password issues when they arise.
The bottom line: IT can reduce costs and response times while maintaining a high level of user satisfaction and security.

Symantec and endpoint virtualization

Thanks to its extensive portfolio for managing virtual workspaces and providing a portable computing experience, Symantec can help organizations better secure and manage their endpoint data and applications. Symantec’s strategy is to help enable a truly dynamic endpoint, where applications and information are delivered to any computing environment in a seamless manner.

As hospitals continue to automate and add applications, providing convenient access to these applications for physicians and clinicians while maintaining security and patient data privacy will prove to be a challenge. But increasingly, hospitals will discover that centralized data management and endpoint virtualization can help address these issues.

Microsoft, Google Face Off On Healthcare

2017-07-27T00:01:12+00:00 December 1st, 2009|Uncategorized|

Microsoft and Google are taking their rivalry to the doctor’s office, running competing services that allow people to store their medical records online for access by family members and healthcare providers.

Google Health and Microsoft HealthVault are similar approaches: They let patients input their own medical data either by typing it in or by giving permission for the vendor to get the information from a healthcare provider or insurer with which it’s partnering. Google Health and Microsoft HealthVault then provide tools for those partners to give the patient personalized health advice and other services built around the person’s records.

These “personal health records”–PHRs for short–complement electronic medical records. Both types of records contain a lot of the same information on the patient’s conditions, test results, prescriptions, and other medical data. But PHRs are compiled and controlled by the patient, while EMRs are compiled and, for the most part, controlled by the doctors, hospitals, and other healthcare organizations.

Google’s Approach

Google Health aims to let consumers “get more directly involved in their healthcare,” said Roni Zeiger, product manager for Google Health. “Medicine continues to become more complicated, doctors have less and less time to spend with patients in the exam room, and each of us as a patient has greater responsibility to take care of ourselves and our loved ones.”

Google has been a leading player in e-health simply because searches on healthcare topics have always been popular. When people get sick–or think they getting sick–one of the first things they do is go online for information.

“What I hear from a lot of my doctor friends is that people are often coming in with a pretty big pile of questions that they’ve gotten from reading online or elsewhere,” said Zeiger, who’s a practicing doctor. “Sometimes those are well-informed questions, sometimes less so. Part of our mission is to narrow down the 20 pages worth of questions to perhaps one page of more informed questions.”

That’s good for the patient, and it also lets doctors see patients more quickly without compromising quality of care. And sometimes patients find treatments in their research that their own doctors aren’t aware of.

Google Health, which was launched last year, provides an interface where users can type in data. Users can also give Google Health permission to access data held by various healthcare companies. For example, more than 100 million people in the U.S. can give Google Health access to electronic copies of their prescription histories at a pharmacy or pharmacy benefit manager, such as CVS Caremark, Walgreens, and Medco Health Solutions.

Google Health lets people organize all relevant health information in one safe place, Zieger said.

Partnering Up

Google is teaming with other organizations that can use its PHRs to offer personalized information and services. For example, the American Heart Association–with your permission–will check your blood tests imported from another partner, Quest Diagnostics, to find out your cholesterol level, blood pressure readings, and correlate those with other health data, such as whether you have diabetes. It then can compile all the information to determine your ten-year risk for a heart attack, and what you can do to lower the risk.

Another example: Google Health partner MDLiveCare, which offers video consultations with doctors, let a patient click a button on the MDLiveCare site to import all of his or her medical history from Google Health. That way the doctor has some background on the patient’s medical condition.

Cleveland Clinic, a not-for-profit academic medical center, lets patients export their records into Google Health. Beth Israel Deaconess Medical Center, a Harvard Medical School teaching hospital, has linked its PatientSite patient portal to Google Health. Other partners that are letting Google import medical and drug prescription information, with a patient’s permission, include Allscripts, and Blue Cross Blue Shield of Massachusetts.

Google Health is free to consumers and partner organizations. Google expects that, as more people use Google Health services, they’ll do more searches, which will increase the company’s ad revenue.

Microsoft HealthVault’s mission is similar to Google Health. “Your health information is fragmented,” said George Scriban, senior global strategist at Microsoft Health Services Group. An person’s medical records are scattered among every doctor who’s ever seen them, every pharmacy that’s filled a prescription, labs, employers–even devices, like diabetics’ glucometers, for people managing chronic conditions. The situation is exponentially complicated for parents managing health records for their entire families. “All of these are records you need on a reasonably frequent basis, if not every day. You need a place to keep it all,” Scriban said.

Like Google, Microsoft HealthVault is partnering with other companies. It has created a set of APIs and interfaces to HealthVault data repositories that let third parties communicate with HealthVault. Some of these third parties are just engaged in data exchange. But in a lot of cases, organizations like the Mayo Clinic, American Heart Association, and American Cancer Society have written applications using HealthVault medical records. “It’s a storage service, but it’s also a platform,” Scriban said. “It provides personalized and individualized guidance just for you.”

New York Presbyterian Hospital links HealthVault with its patient portal, and Johns Hopkins University’s School of Medicine, EMR provider Allscripts, and others are partnering with Microsoft for Internet services.

HealthVault offers the same channels for inputting health records as Google Health: If healthcare providers are partners with Microsoft, then individuals can give HealthVault permission to access the records. Alternately, patients can type in the information themselves. Compatible devices such as glucose meters, blood pressure cuffs, and pedometers can send information to HealthVault.

Also, Unival, which provides EMR services, lets healthcare providers fax records to them, and then Unival transmits those faxes to HealthVault, where they’re stored digitally. “It’s not machine-readable, but at least it’s in one place,” Scriban said.

Big Differences

So far, Microsoft and Google’s health offerings look pretty much the same, offering the same types of services, and in some cases even with the same partners, such as the American Heart Association.

But they’re really very different, said John Moore, analyst at Chilmark Research. “Microsoft has been putting enormous investment into HealthVault and into its health solutions group,” he said. “The same cannot be said of Google. Google has been more of a hands-off approach, letting it grow organically. Every now and then they announce a partnership and someone who has joined the ecosystem.”

Microsoft is also ahead on allowing biometric devices to feed into HealthVault, using its Connection Center software for Windows. Google has partnered with the Continua Health Alliance to achieve the same goal, but so far with fewer compatible devices, Moore said. “Right now, I think there’s one device on the market,” he said.

Likewise, staffing levels are different. Microsoft has more than 550 people in its Health Solutions Group. “If you look at Google it’s not more than 18 people, I bet,” Moore said.

“Microsoft is taking more of a structured and clinical approach. Google Health is more of a loose-knit health and wellness platform,” Moore said.

Microsoft and Google are both going after the big pot of stimulus money set aside for healthcare spending, in the U.S. American Recovery and Reinvestment Act of 2009 and elsewhere, which totals $44 billion, Moore said. Some of that money is targeted at getting physicians, practices, and hospitals to provide personal health records by 2013, and healthcare providers may be able to qualify for that money by partnering with Microsoft or Google.

Dossia, a consortium of employers offering PHRs for their employees as part of health benefits is a potential competitor to Microsoft and Google, but it’s taking a very different approach. Dossia performs the same function as HealthVault and Google Health–but only if you’re an employee or family member of one of the companies in the alliance. So far, only Wal-Mart is live on Dossia. Other members, like Intel, Pitney Bowes, and Vanguard Health, are likely to go live in 2010. All told, Dossia covers 8 million employees and family members. “It can be a fairly substantial platform if employees sign onto it,” Moore said.

The biggest obstacle to PHR adoption is consumer and healthcare provider resistance, said Dr. Paul Abramson, a San Francisco doctor.

“Patients are confused, they don’t see how this relates to healthcare,” Abramson said. “If you go into an ER, they’re not going to log into Google Health to get your records. There’s no integration to any live, real-time health systems that are used clinically.” In hospitals “no one thinks to ask the patient if they have a Microsoft HealthVault account when we access records,” he adds.

PHRs will take off when they’re better integrated with medical practitioner systems, Abramson said. “Right now, it’s pretty much a novelty.”

HealhVault is the more flexible solution, said Abramson, who is also a former professional programmer. He’s consulting on developing Hello Health a Web-based medical practice app that will synch with Microsoft HealthVault and Google Health.

HealthVault stores any kind of XML-based patient data in its Repositories, Abramson said, letting you import an XML file, store it, and then retrieve it from elsewhere. The service can be used as a data repository and pipeline between e-health systems, even if it doesn’t understand all the data it’s storing, he said. Google Health, on the other hand, takes the XML files, strips out the subset of data it can understand, and discards the rest. It stores basic information like diagnoses, medications, and allergies, but it doesn’t understand or store a broad range of additional information that might be useful to a medical practitioner, including family medical, social, and psychological histories, Abramson said.

The Mayo Clinic is partnering with Microsoft on its PHR system, the Mayo Clinic Health Manager. Launched in April, it integrates with HealthVault, storing medical records, immunizations, and information on conditions being managed such as allergies. It also makes recommendations for health based on the patient’s personal medical history.

Mayo Clinic partnered with Microsoft because of Microsoft’s reputation and expertise. “They tend to be frontrunners in the things that we do,” said Michael Greenhalgh, senior manager of product management for Mayo Clinic Global Products and Solutions. “We had a shared vision. We were looking to make things better in the health field.” Mayo is looking to improve the service by increasing the range of conditions it covers.

Mayo is also looking to partner with Google Health on a future project, the details of which haven’t been worked out yet, Greenhalgh said.

Privacy Concerns

Neither Google Health nor Microsoft HealthVault is covered by the U.S.’s chief health privacy regulations, Health Insurance Portability and Accountability Act (HIPAA). “This is because Google doesn’t store data on behalf of health care providers. Instead, our primary relationship is with the user,” according to an e-mailed statement from a Google spokesman. But both companies say that patient privacy is paramount.

“Although Google Health is not covered by HIPAA, we are committed to user privacy and have in place strict data security policies and measures, and ensure that users control access to their information,” Google said.

Google explained its privacy policy with regard to Google Health in a May, 2008 blog post. The company said it doesn’t sell health user information, and has “strict data security policies and measures in place to limit access to sensitive information and to protect against data breaches.”

The Google Health Privacy Policy, on the company’s Web site, is short and in plain English. It gives users control of their information, says that the user is by default the only person who can view and edit information, but can choose to share with others. Users can completely delete their information at any time, and immediately. Users can also revoke sharing privileges at any time.

Microsoft uses four privacy principles for HealthVault: The user owns and controls information they create. The user gets to decide what goes into the records, and what leaves it. And “Microsoft is just the steward of this information. We work on your behalf. We won’t commercialize it unless we ask and you consent,” Scriban said. The company won’t use the information to deliver targeted advertisements, and consent to share information must be given on an individual basis; users can’t give permission to share information to a whole class of entities, like all doctors, for example.

But Phil Cox, principal consultant at SystemExperts, a network security consultancy, said security at both Google Health and HealthVault is lousy.

For starters, both services use generic credentials, the Windows Live ID and Google ID, which have had security violations in the past. Also, the data being protected in a PHR repository is much more sensitive than the e-mail and calendaring information the Windows and Google credentials mainly protect, Cox said.

Both companies “place the security burden on the user, and have specific language in their respective use agreements that hold them harmless for any breach of data caused by a compromise of a user account,” Cox said in an e-mail. Given the security issues with generic credentials, “I worry that individual users will have little recourse if their information is compromised. I do think this will cause some very interesting legal challenges.”

He said he believes that both services will eventually be brought under HIPAA rules, which might cause Google and Microsoft to drop the services rather than bring them up to regulatory standards.

Google and Microsoft plan to evolve their services to a complete data repository of health information, which would be a “HUGE collection of highly sensitive data” with “inadequate” protection, Cox said.

He added, “One last concern I have is over the language that basically states there is no guarantee of accuracy or timeliness of information, and that they can drop the service at any time. With those two ‘stipulations,’ I do not see how any user will take them seriously. I certainly would not rely on the service, and if I can’t rely on it, why use it.”

But analyst Moore said he believes the privacy and security concerns for services like HealthVault and Google Health are overblown. Sure, a major security breach of either of those services, should they become popular, would be a disaster. But the companies will use top-of-the-line security to protect data. And right now the data is scattered around small physician practices and hospitals, which have data breaches regularly. “I am of the opinion that your records will actually be safer and more secure than what is happening today,” Moore said.

Both Microsoft HealthVault and Google Health are vying to become the chief repository for personal health information. They appear similar on the surface, but have differences underneath, and privacy and security are ongoing issues for both. Individuals will have to take the pulse of both services and decide for themselves.

Source: By Mitch Wagner,  InformationWeek

Key Considerations for Hospitals Making the Move to EHRs

2017-07-27T00:01:12+00:00 October 27th, 2009|Uncategorized|

Will the economic stimulus package signed into law by President Obama in February accelerate the broad adoption of electronic health records? The expected impact of the bill has been widely discussed since it was enacted.
 
According to a study that appeared last year in the New England Journal of Medicine, only 17% of office-based physicians are using some sort of EHR. Hospitals have also been slow to go electronic. Another study appearing in the NEJM found that just 1.5% of non-federal hospitals have a comprehensive EHR system across all clinical units.
 
So while many hospitals and physicians have taken initial steps with automation, they have yet to adopt comprehensive systems. High costs, the difficulty of changing the clinical culture from a paper-based workflow, and the current economic downturn (resulting in reduced budgets, layoffs, a drop in patients, and difficulties in getting credit) have all impeded caregivers’ ability to invest in new systems.
 
But the reluctance to embrace EHRs could dissolve soon as a result of the stimulus package and healthcare reform, observers say.
 
The $787 billion package, officially known as the American Recovery and Reinvestment Act (ARRA), sets aside $17 billion in direct incentive payments to physicians and hospitals that adopt EHRs, plus significant indirect funds to enable adoption and remove technology barriers. Some analysts put the complete number as high as $36 billion. Efforts to reform healthcare have focused on improving the quality of patient care and reducing costs through information technology.
 
This article looks at some of the special challenges hospitals face as they make the move to electronic health records.
 
The bottom line: Do more with less
Under the new law, a hospital that adopts certified EHR technology will be rewarded with increased Medicare or Medicaid reimbursements. Incentive payments will go to hospitals that demonstrate “meaningful use” of certified EHR technology during each incentive payment year starting in 2011. To encourage hospitals to adopt EHR technology early, the total possible amount of incentive payments will decrease the longer a hospital waits to become an EHR user and eventually will turn into “penalties” by ways of decreasing Medicare reimbursement..
 
To qualify as a meaningful user of EHR technology, a hospital must demonstrate that its EHR technology enables it to prescribe electronically, exchange data with other providers, and generate reports on how it performs on certain “clinical quality measures.” Also, the EHR system in use must be certified. (These are the proposed criteria, which have yet to be finalized.)
 
The federal government estimates that the conversion to digital records will save $12 billion in healthcare spending over 10 years, which presumably would result in lower Medicare and Medicaid outlays, as well as positive impacts for employers and citizens alike.
 
But a new study finds that the current economic conditions are making it difficult for hospitals to adopt “meaningful” EHR systems.
 
According to the PricewaterhouseCoopers Health Research Institute report, “Rock and a Hard Place: An Analysis of the $36 Billion Impact From Health IT Stimulus Funding,” healthcare providers are struggling to find money to implement EHR systems because the economic recession has depleted capital resources and forced them to make cuts in their IT budgets.
 
A separate PricewaterhouseCoopers survey of 100 hospital CIOs found that 82% of hospitals already have cut their IT budgets by an average of 10%, while 10% have cut their budgets by more than 30%. Two-thirds of the CIOs surveyed said they anticipate making additional cuts in IT spending by the end of this year.
 
In such an environment, it is clearly difficult to commit to large projects like the implementation of an EHR. For many hospitals, it’s a matter of having to do more with less. Hospitals need to be efficient in their IT systems to reduce costs so that they can invest in clinical automation and EHRs, and support them cost-effectively.
 
More stringent privacy and security requirements
Under the health IT provisions of the stimulus package, all entities that handle protected health information must comply with HIPAA (Health Insurance Portability and Accountability Act) security and privacy regulations. Under the new Breach Notification for Unsecured Protected Health Information; Interim Final Rule, which becomes effective September 23, the stimulus law also calls for health care providers to:
  • Notify all affected patients within 60 days of a security breach
  • Report security breaches to the HHS secretary and prominent local media outlets if the incident affects more than 500 individuals
  • Track all personal health information disclosures
  • Upon patient request, provide an account of every disclosure for the previous three years
In addition, the new law expands HIPAA regulations to business associates, tightens rules on when patient information can be used for marketing, increases penalties for noncompliance, and enables significantly more aggressive enforcement.

Today’s distributed business environment

The push for more widespread adoption of EHRs comes at a time when the requirements for a secure infrastructure are more challenging then ever, especially given today’s distributed business environment. Increasingly, hospitals’ IT networks are connected to clinics, physician remote offices, remote contractors, suppliers, university networks, and other external parties. At the same time, managed and unmanaged endpoints, including laptops and other mobile devices inside and outside the hospital, are proliferating. As a result, security perimeters must expand beyond the internal network to numerous critical endpoints.

 
In this constantly evolving environment, traditional security measures alone, such as firewalls, antivirus, and intrusion detection systems/intrusion prevention systems, are no longer sufficient.
 
Hospitals must also comply with multiple standards and regulations regarding patient data privacy, including those issued by The Joint Commission, HIPAA, and individual states. As a result, they are implementing methods to monitor and report access to critical systems and information.
 
Security best practices
Symantec recommends that hospitals adopt a comprehensive and automated enterprise security plan, beginning with the creation of a roadmap that includes best practices such as:
  • Performing comprehensive risk assessments
  • Identifying critical endpoints based on criticality of uptime, importance to business processes, and susceptibility to a security or privacy incident
  • Defining cost-effective measures to secure critical endpoints, including mobile devices and databases, and minimize data leakage
  • Implementing automation for ongoing measurement of existing security effectiveness, adherence to security policies, and regulatory compliance
  • Implementing automation for monitoring, quickly identifying and responding to policy violations, and reporting on security and privacy on multiple levels—from executive dashboards to detailed reports for IT staff
  • Protecting sensitive patient information from breaches by implementing data loss prevention

Managing storage complexity

As can be imagined, the adoption of EHRs also has profound implications for hospitals’ storage systems. EHRs summarize and organize patient information, including digitized images of scanned paper documents and electronic data from patients, payers, and pharmacies. They can contain vast amounts of form-based information that must be copied into backup and disaster recovery versions. 

Managing storage complexity

As can be imagined, the adoption of EHRs also has profound implications for hospitals’ storage systems. EHRs summarize and organize patient information, including digitized images of scanned paper documents and electronic data from patients, payers, and pharmacies. They can contain vast amounts of form-based information that must be copied into backup and disaster recovery versions.

 
For many hospitals, storage demands are already growing more than 70% each year, and current data storage systems aren’t scalable to meet the demands of exponentially increasing amounts of retained data.
 
The rapidly growing storage in hospitals translates to more IT staff resources required to manage it, and the demand is especially burdensome due to the use of disparate storage systems that are based on different technology platforms and have to be managed individually.
 
Without an enterprise-wide storage strategy, providers are continuing to purchase and deploy additional storage islands—each of which requires even more individual management. Implementation of a solution that automates and centralizes the management of stored data using a single interface would maximize the utilization of these various storage systems to accommodate growing amounts of data, thereby reducing costs for purchasing additional storage hardware and relieving demands on IT.
 
Conclusion
Dr. David Blumenthal, the Obama Administration’s National Coordinator for Health Information Technology, said recently that electronic technology will soon be considered “as fundamental to medicine as the stethoscope.” Federal incentives for the meaningful use of such technology, he added, will propel the nation.
 
As hospitals and their IT departments increasingly apply automation to improve patient care quality, attract and retain talent, and reduce costs, traditional IT infrastructures are being pushed to the limit. Factor in the budget cuts brought about by the economic recession, and it’s clear that many hospitals find themselves having to do more with less.
 
Symantec can help healthcare providers attain their EHR goals by delivering best practices and industry-leading products and services for security, storage management, and compliance. To learn how the Symantec Healthcare Provider Solution addresses these critical IT issues, go to the Symantec Healthcare website.
 
Related Link

Customer Success Story

Source: Symantec.com

Half of Hospital CIOs Say Stimulus Funding is Crucial for Adopting Electronic Health Records

2017-07-27T00:01:13+00:00 August 21st, 2009|Uncategorized|

PwC Analysis On the Impact of Health IT Stimulus Funding Finds Future Penalties May Be Bigger Motivator Than Short-term Incentives to Invest in Health IT

Federal stimulus incentives for doctors and hospitals to implement interoperable electronic health records (EHRs) will not nearly compensate them for the overall costs they will incur, but future penalties from reduced Medicare reimbursement could be a bigger motivator, according to an analysis published today by the PricewaterhouseCoopers LLP (PwC) Health Research Institute.

In its paper entitled “Rock and a Hard Place: An Analysis of the $36 Billion Impact From Health IT Stimulus Funding,” PricewaterhouseCoopers says that capital-constrained healthcare organizations are struggling to find the necessary funding to purchase EHR systems at a time when they are being asked to cut information technology costs.
In a March 2009 survey of 100 hospital chief information officers (CIOs), PwC found: (more…)