Category: The technical world

We have recently had a number of customers retire or sell their practices. While many other companies do not, we allow our customers to transfer their software to another individual or organization with our approval. In our last newsletter, we set out some requirements and procedures for folks to follow. We also reminded them that they are likely governed by state licensing laws about record keeping and record maintenance specific to behavioral health professionals. Those records belong to your patients, not to you as the provider, so some mechanism must be established for them to obtain the record if they want it.

But what about all your personal accounts and data? What should you do to make sure that the appropriate people have access to your information when you die or are no longer competent to or interested in dealing with everything you have done online? How will you assure that your family can access the hundreds of photos you have stored in the cloud? Do you know if you have a right to pass on your library of ebooks or your digital music collection?

A couple of weeks ago, I read some comments made by a colleague, Bruce G. Borkosky, Psy.D., about passing on digital account information when you die. He talked about the password management program that he uses (LastPass) and the way they are handling transfer of your passwords to a designated individual.

One of the best things you can do for your loved ones, after you pass, is to given them access to your accounts. With a password manager, this can be done pretty easily (doesn’t take care of things where the person needs legal access, of course, such as financial or health).

You could give them the master ps, of course. Better, though, I just discovered a feature in lastpass.com. It works like this:

1. loved one signs up for free lastpass.

2. you send them a one-time invite to be your emergency-handler

3. they accept.

4. you specify a waiting period (so you can decline a wrongful request)

then, in case of your illness or untimely death:

5.  they request access to your account

6. they wait the waiting period

7. your passwords show up on their account

Bruce G. Borkosky, Psy.D., P.A.

Sebring, FL

http://www.fl-forensic.com/

Blog author Angela Alcorn shares Dr. Borkosky’s enthusiasm about using LastPass for this purpose. There are other password management products (Roboform, Keepass, DashLane*) that are free or inexpensive. You could always just leave the master password to that manager you have chosen in your safe deposit box.

A quick Google search of ‘access to password accounts after death’ had over 42 million hits, so I guess some other people are thinking about this, too.

Recently, Apple refused to reset the device password for a widow who shared her iPad with her husband. She had the password to the app she used, but not the one to login to the device. They told her to get a court order. Estate planning attorney Jim Lamm (Minnesota, North Dakota and South Dakota) has created a digital audit that can be maintained on paper or in a document to provide your heirs with this important information. Lamm’s blog (Digitalpassing.com) focuses on this issue.

One of the biggest challenges is keeping the information current. Most of us are not privileged with the information about when we are going to die and there is a real tendency to put off attending to matters such as these. A password management program keeps itself updated.

This article on computerhope.com suggests a sealed envelope with all the necessary information…and an online password manager. But a company called PasswordBox.com and Legacy Locker have developed specific tools for this purpose. Google and the other services have their own mechanisms for handling the accounts of deceased users. Do you have any idea what those mechanisms are for the banks and other companies with whom you do business or for the email services you utilize?

I know that many people will look at this and think that it is just too morbid to consider. Others are planners and have their wills and personal instructions all in place. Where do you fit on the continuum from ‘have it all in place’ to ‘I won’t even think about this’? What do you want to happen to your digital life after your life?

Please share your thoughts and comments below.

*Neither SOS nor I have any proprietary or financial interest in any of these companies or products.

The past two weeks have reminded me that I sometimes struggle with technology, and often let myself get very frustrated.

While I was away at a yoga training, Seth created a video to teach our customers how to use the SOS ICD-10 Prep Utility we have created for our software, SOS Office Manager. We decided that I would record a voice track and then determine which to use.

I cranked up the software I have used to create videos in the past and spent two days getting the audio recorded and the video edited to my satisfaction. Then I tried to produce the video. It kept inserting green or black screens in places I had made edits. After another day of working with it, I realized I was not going to be able to get a clean video with my software.

Seth suggested I use YouTube’s editing tools but I could not figure out how to do so.

This is the point at which I made my biggest mistake. I searched for free video editing software and downloaded a product to my computer. I spent another two days trying to get the video edited properly and finally gave up, turning the project back over to Seth.

When I re-focused on my other tasks, I started to notice some changes to Chrome, my preferred browser. My usual search engine and new tab page were no longer Google. Instead, Yahoo kept showing up every time I opened a new page. I also found that I could not attach a document to an email. I do not know what other problems might have appeared if I had not realized that something was wrong.

I then spent part of the day on Monday, part of Tuesday, and all day Wednesday searching the web for solutions to my problems. At first, I did not connect them with the download of VSDC , the video editor. When I looked at the history in Chrome and traced back the appearance of the Yahoo! page, I was able to correlate it with this download. Like many other free and low cost products, this software installs Potentially Unwanted Programs (PUPs) on your computer when you install it. I was even careful to uncheck boxes accepting other software, to no avail. This is how these software companies make money: they get paid by other vendors to install software on your computer, often without your knowledge.

This method has also become the most common way serious exploits are installed on your machine. And most virus software does not search for such programs to prevent their installation. Malware products do, but most of us do not have those on our computers.

I was lucky this time that only my browser search choices were hijacked. I hope to avoid a next time!

Lessons Learned:

1. Do not download free software.
2. In the event that a free product is the only reasonable way to accomplish a goal, download it only from the company’s site directly. Do not use sites that aggregate free products.
3. Learn how to find reviews on free and inexpensive software products and determine if anyone has reported malware problems related to the software. Avoid any that have even a single such mention.
4. Especially, do not download free software when in a time crunch. Deadlines make for poor judgment!

Okay, now that I have ‘fessed up, please share your own experiences in the comments below!

Just before the end of last year, I was at one of the big box stores with my husband. He is a bicyclist, tech hobbyist, and unabashed advocate of use of the Internet for every possible thing. I am more conservative when it comes to technology . . . especially where my privacy might also be involved. I had decided that I wanted a pedometer. I would like to improve my general activity level and I thought awareness of how much I move during the day might help me. He suggested I get a fitness device instead. That way, I could track my sleep as well as my steps and other activity. His own device tracks steps and sleep and connects with the same online database he uses for his bicycling.

As I was setting the device up, I found myself having some concern about my information. In the settings, I was able to indicate that only I would be able to see the data, but I know that all of this information is getting stored in some huge database that is or will be mined to sell me things. After all, it is connected to an app on my smartphone. The device communicates by bluetooth with the phone.

Several weeks after starting to use this new toy, I decided I wanted to lose a few pounds. In the past, I have successfully used a telephone app to track what I eat and my workouts, and guess what! It connects with my new fitness device, so my device can give me activity credit. That way I have an idea of how many calories I can eat and still lose weight. Hmmm, more personal data on the Internet and now connected together.

On March 31, I received one of the FierceHealth newsletters to which I subscribe. I was struck by an article about the Internet of Things (IoT) and the need for a framework for how such things should be regulated, should manage data, should handle security, should interface with our lives. I realized that I had stepped into what is rapidly becoming a very large pond.

So what is this Internet of Things? According to Wikipedia,

The Internet of Things (IoT) is the network of physical objects or “things” embedded with electronics, software, sensors and connectivity to enable it to achieve greater value and service by exchanging data with the manufacturer, operator and/or other connected devices. Each thing is uniquely identifiable through its embedded computing system but is able to interoperate within the existing Internet infrastructure.

The term “Internet of Things” was first documented by a British visionary, Kevin Ashton, in 1999.^[1] Typically, IoT is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine communications (M2M) and covers a variety of protocols, domains, and applications.^[2] The interconnection of these embedded devices (including smart objects), is expected to usher in automation in nearly all fields, while also enabling advanced applications like a Smart Grid.^[3]

Things, in the IoT, can refer to a wide variety of devices such as heart monitoring implants, biochip transponders on farm animals, electric clams in coastal waters,^[4] automobiles with built-in sensors, or field operation devices that assist fire-fighters in search and rescue.^[5] These devices collect useful data with the help of various existing technologies and then autonomously flow the data between other devices.^[6] Current market examples includesmart thermostat systems and washer/dryers that utilize Wi-Fi for remote monitoring.

Besides the plethora of new application areas for Internet connected automation to expand into, IoT is also expected to generate large amounts of data from diverse locations that is aggregated very quickly, thereby increasing the need to better index, store and process such data.^[7][8]

 

Healthcare devices that are part of the IoT such as pacemakers have been around for a while. Those of you who work in corrections have probably had clients who have worn ankle bracelets to determine their whereabouts. The possibilities are endless as Cisco, Microsoft and Google have determined.

While I am not creative enough to come up with ways the IoT will impact behavioral health services, I am sure it will. At the very least, according to Nic Cuccia and OpenMinds, it is likely to change health care customer service. This realm will have much more impact on your life than that computer sitting on your desk ever did.

How will you allow the Internet of Things into your life? into your practice? into your services? Please share your comments below.

Do you ever feel like your head is going to explode from all the new pieces of information you are trying to cram into it?

‘No,’ you say. You never let yourself get overwhelmed by too much information – TMI. Please teach me how you do that!

I am constantly presented with new things that I think I should know more about, so I try to organize my life so I can learn it. Perhaps I spent too much of life as a student to let such a circumstance pass me by. If someone even vaguely implies that I should be informed about something, and they tell me where I can get the information, I feel compelled to go there and gain that knowledge. I have referred to myself as a sucker for learning something new. It is one of my greatest of joys; it is also one of my heaviest of burdens, especially as my aging brain resists assimilating more data.

The arena in which I am currently trying to become more informed is website analytics and email tracking. I know about Google Analytics. We have had an account for many years, since the days when it was fairly straightforward and simple. Have you looked at it lately?  This service has become so sophisticated that just clicking onto our Dashboard makes me feel like I need to start this only when my brain is at its sharpest.

For the last several years I have used an alternative service that has served up a lot of this analytic information in bite-sized portions for those like me with limited time to do it themselves. This has been a great tool, but that company has grown beyond my ability to keep up with their services. As a result, I am looking to bring some of that tracking and analysis in-house and share it with another staff person. We want to be able to use the tools that will help us and leave the rest behind….kind of a *KISS* approach.

So what is a person to do? Well, Google it, of course!

I started by doing this search: “google analytics learning” and found many places I can go for training. Of course, I will start with the Google Analytics Guide. Hopefully, this will get me started before I move on to ‘Get Started’ at the Google Analytics Training and Certification site. Or maybe I will start with Get Started….hmmm? But then, it seems that I need to learn something about this ‘regular expressions‘ stuff so I don’t get too lost. It looks like I can pay lynda.com to teach me about this and everything else technical; or I can let Eugen Oprea at Udemy teach me for free. Or maybe it would be even better to go to this YouTube Google Analytics channel. Undoubtedly, this article from KISSmetrics, 50 Resources for Getting the Most Out of Google Analytics, will do it for me. After all, it is using that *KISS* notion, right?

You see what I mean about TMI? Maybe you have discovered a simpler way that does not include hiring a marketing firm. After all, we are in the behavioral health community and do not have lots of resources to spend on fancy stuff. How do you handle analytics for your website. Any insights for the likes of me?

Thanks for reading and for your comments.

Remember that CBS Evening News report back in 2010 that got everyone panicked about patient data that might be stored on the hard drives of copy machines and other multipurpose machines like combination printer/fax/copy machines?

Well, it turns out there is good reason that any health-related practice that uses such a machine (one that has a hard drive) should panic; in fact there are 1,215,780 such reasons. That is the amount Affinity Health Plan was fined by OCR this month for the potential breach of PHI that was reported in this incident.

I know, this could never happen to you. But are you sure of that? Does your organization own or lease a copy machine? Do you have one or multiple printers that are also copy and fax machines as well as a scanner? What is your organization’s policy for the hard drives in those machines? What about the hard drive in that computer you are using to read this? What is your policy for removing any PHI that might be on it?

If you do not know the answers to these questions, you may not have been properly trained in your organization’s HIPAA policies and procedures. Or you may not even have such policies and procedures. Or the practice you work for did all this before you were hired and you have never been informed. These excuses do not fly when it comes to OCR enforcement.

The Federal Trade Commission (FTC) has guidance on handling copier data. NIST, the National Institute of Standards and Technology, has recommendations on how to sanitize electronic media. And Medscape, among others, offers lots of training on HIPAA security. (You might need to register for Medscape before you can access their materials.)

When was your organization’s last HIPAA training? What did you learn? Please share how you address these issues.