Category: E-prescribing

Security and Backup: Yes…backup, again!

Posted on | by SOS Blog | Leave a Comment on Security and Backup: Yes…backup, again!

Once a month, on average, our technical support specialists are confronted with a customer whose database has become corrupted because of some hardware issue and who has no usable backup. After last week’s adventure, I decided I would again write about backup. Then, last night, I saw a discussion on a Psychology and Technology listserv that included some of our customers talking about full disk encryption of a Mac laptop. Encryption is something we recommend for every customer who uses our software or maintains any Protected Health Information (PHI) on a computer…especially on a laptop. To round out the clues that security and backup should be my topics of choice this week, I noticed an article in eweek of March 21, 2011 entitled ‘Remote access presents complexity, security issues.’

The rate at which users want to be able to access their work applications remotely has grown geometrically. Fifteen years ago, we were asked about remote access a couple of times a year. Five years ago, that increased to a couple of times a month as many more users wanted to be able to access their software from home. Now, everyone who carries a laptop, or even a smart phone, wants to be able to do everything they need to do for their jobs from wherever they are located with whatever device they have handy.

Whew! If only they realized what an expectation that is! And, all of these expectations complicate the issue of security in ways that those of us who are not very technically savvy cannot imagine. But imagine we must…if we plan to protect PHI, that is.

First, the issue of backup. This is the primary way in which you protect the security and integrity of client information. If you do not have a usable backup from which you could restore PHI in the event of a catastrophe, you are only one step away from having allowed the destruction of your client’s PHI.

Yes, the identifying demographics together with the diagnosis you use to file claims is PHI and is protected under HIPAA. Everything you have in an EMR is PHI. Yes, you are responsible to assure that this information is intact, safe from destruction, and secure from preying eyes (and hacks). Without a usable backup (preferably encrypted) stored in a secure location ready at a moment’s notice to replace data on your computer system, you are not even doing the most basic things necessary to provide protection to your patients. You could probably be demonstrated to be guilty of ‘willful neglect,’ the level of culpability that will generate the highest of fines from HHS and OCR under their HIPAA authority.

If you are not sure of what kind of backup strategy is minimally adequate, take a look at the backup recommendations and product suggestions we make to our customers.

The issue of remote access, especially from handheld devices like smart phones and iPads, is one that concerns me considerably. HIPAA requires that we must provide for the security of PHI while it is at rest (on a computer drive or CD or smart phone) and while it is in motion (being transmitted from one location or device to another).

Access tunnels like a secure VPN or MS Terminal Services are specifically designed to assure the safety and security of the data being transmitted through those tunnels. Those of us who are not very technically sophisticated may assume that the developers of the iPad and smart phones have already taken care of equivalent security for us. Not so, folks. While there are some products that will provide that security, they are not built into those hand held devices and we are on our own to find them.

Do you realize what that means? Do you understand that using your cell phone to access your desktop computer and patient information without adding specific protection assures that your data are vulnerable? There is not built-in security in your telephone or tablet. Even having your client names and phone numbers in your telephone contact list is potentially a breach of their privacy.

No one has volunteered to create a secure environment for your data…that is your job. You must do the research and determine which products will give your PHI the greatest protection.

Not being informed about a problem of insecurity is not considered an excuse by HIPAA. You must know what security your devices use to assure the safety of PHI. Do you have password protection on your phone? Do you have a way of wiping all data from the phone if you lose it or it is stolen? Have you initiated the services that are available to accomplish those purposes?

I know, this has started to sound like a rant. I do not mean to suggest that everyone is acting irresponsibly with client PHI. I do mean to suggest that we take a much too casual attitude toward protection of that PHI…especially when it comes to technologies about which we know little but assume much.

What policies does your organization have in place about use of portable devices and the protection of PHI? Have you found products that are wonderful to accomplish that protection? Will you share their names and your experiences with the rest of us?

Please enter your comments below.

Change: How do you respond?

Posted on | by SOS Blog | 2 Comments on Change: How do you respond?

The move to electronic medical records and the Federal stimulus funds to assist eligible providers in making that change have resulted in massive and rapid development of products and solutions to help providers move quickly. There are over 300 EMR products, some for hospitals, some for doctor’s offices. I have even been shown a small, modular product that includes only the steps and information necessary to meet the Meaningful Use requirements, built for doctors who are not ready to commit to a full EMR yet.

As I look at the huge changes that are happening, I find myself  thinking about how individuals handle change.

To oversimplify, it seems to me that there are people who seek out change and all things new…the thrill-seekers of the world. Then there are those who fight change of anything at all costs…the ultraconservatives of the world. And, of course, there are those in the center who struggle to embrace changes that seem constructive while trying to hold onto what they value in the old . . . a delicate balancing act. How do you deal with change?

I am one of those middle-of-the-road people who likes things to stay mostly the same, as long as people are not hurt by that sameness. I like to do the same things day-to-day in very similar ways. I like to experience lots of things, most in moderation (except for reading), but is difficult for me to do new things just for the sake of doing something new…except for traveling to new places. I do not dive into new technology or new software programs if the old are doing the job for me.

I know, I know . . . those of you who know me as a radical feminist and politically liberal woman will be amazed by those statements. After all, I actively endorse public and personal ‘policies’ that support dramatic social change so more people have the right and ability to seek their happiness and success and to be safe and secure as they do so. Nevertheless, those who work with me know of my strong tendency to say ‘no’ first, and only later to consider the new way of accomplishing something. I am comforted by the familiar and will face the anxiety caused by the new only if I deem the potential benefit to be worth the discomfort.

I share this perspective on myself to encourage you to assess your own responses to change.

Are you the first in your group of colleagues and friends to try out a new assessment technique or therapeutic modality, new computer or software? Do you go to all the workshops because they are fun and stimulating rather than just to meet the requirement for continuing education credits? Have you already started using an EMR or clinical record software product?

Or do you fall on the side of ‘If it ain’t broke, don’t fix it’? Do you prefer the comfort of seeing clients in the same way you have always done so without feeling the need to explore new methods? Are you determined that you will not move to an EMR? Electronic prescribing? Patient portals? Will you just retire before it is required that all behavioral health professionals participate in the electronic record revolution?

How does your personal approach to change affect your opinions about and participation in your organization’s direction? Are you leading the charge for change or being dragged along by those who are racing ahead? Are you just sitting back and taking a wait-and-see posture rather than jumping into the fray?

Please share your experiences with change and how your personal approach is affecting your view of the move to Electronic Medical Records. Just enter your comments below.

E-prescribing and a Behavioral Health EHR: Where to from here?

Posted on | by SOS Blog | 1 Comment on E-prescribing and a Behavioral Health EHR: Where to from here?

For the past several years Synergistic Office Solutions, Inc. has had the privilege and pleasure of participating as a member of the Software and Technology Vendor Association (SATVA), a group of vendors of software and other technology for the Behavioral Health and Social Services community. Last Thursday, I returned from our semi-annual member meeting…charged up with information about what is happening in the behavioral health world and full of questions about how all of the current events will impact SOS and our customers.

Standards for Electronic Health Records (EHR) for Behavioral Health were our primary discussion topic at this meeting. The community mental health world has long known that they will need to use EHRs to maximize the efficiency of their services and document the effectiveness of their treatments. State reporting requirements alone make use of an EHR a worthwhile way to simplify the lives of clinicians and administrators. Psychologists and psychiatrists in the private practice community have been slower to embrace the idea that electronic clinical records will improve care. The cost of the product and the time it takes to learn and use such software has been an obstacle for many organizations. While our mental health clinical record software has been around since 1992, we have many fewer users of that product than of our billing software.

Some states and payers are rapidly moving toward mandates for implementation of aspects of an EHR. FierceHealthIT, a newsletter for those working in information technology for health care, reported last week that MA BCBS will be requiring e-prescribing by January 1, 2011 for physicians who participate in their incentives program. The Centers for Medicare and Medicaid Services (CMS) has developed an electronic prescribing incentive that will increase physician reimbursement by 4.5% by 2014 for those who use qualified electronic prescribing products. The National Governor’s Association (NGA) has provided a forum and support for states to move forward on Health Information Exchange (HIE), electronic prescribing and computerized physician order entry (CPOE) . At the federal level, a public-private partnership has been formed in the AHIC Successor, Inc. to move forward the process of developing a National Health Information Network (NHIN); and the Certification Commission for Healthcare Information Technology (CCHIT) has formed the necessary work group to certify a Behavioral Health EHR.

While the names and acronyms of these bodies may be new to many of you, they are working hard to assure that interoperable EHRs are widely implemented by 2014. Many in the industry consider this an unrealistic goal date for such comprehensive change, but many entities are dedicated to seeing successful adoption of this technology in the not very distant future.

How will the requirement for health care providers to utilize EHRs affect psychologists, psychiatrists and social workers in private practice? Will the expectations be different for private care providers than for behavioral health providers in a community setting? How do you expect these changes to affect your organization? Are you already using an EHR? Let’s talk about where you see this going in your world.