Tuesday, November 20, 2012
The Patient Experience of EHRs
I'm often asked if the use of EHRs diminish clinician-patient interactions in the exam room.
At BIDMC, Jan Walker and Tom Delbanco have done focus groups with patients about technology. Generally, they found that patients will embrace technology that gives them access to information about their care. At BIDMC, where we have both a patient portal and Wi-Fi throughout the hospital, doctors often arrive at the bedside to find a patient viewing lab results on an iPad, ready with questions about their tests.
The literature studying outpatient offices with computers in the exam room suggest computers do not get in the way as long as clinicians are facile with them and maintain eye contact with patients.
Here are three articles:
"The examination room computers appeared to have positive effects on physician-patient interactions related to medical communication without significant negative effects on other areas such as time available for patient concerns. Further study is needed to better understand HIT use during outpatient visits." J Am Med Inform Assoc. 2005;12:474–480. DOI 10.1197/jamia.M1741.
"Studies examining physician EHR use have found mostly neutral or positive effects on patient satisfaction, but primary care researchers need to conduct further research for a more definitive answer." J Am Board Fam Med 2009;22:553–562.
"With the implementation of the electronic medical record—called HealthConnect—in all exam rooms throughout the Kaiser Permanente health care delivery system, how computers in the exam room affects physician-patient communication is a new concern. Patient satisfaction scores were obtained for all primary and specialty care physicians in a large medical center in Southern California to determine how scores changed as physicians started using HealthConnect in the exam room. Results show no significant changes in patient satisfaction for these physicians. Although concerns were not realized that patient satisfaction might decrease after HealthConnect was introduced, there was also no evidence that introducing an electronic medical record in outpatient clinics increased patient satisfaction." The Permanente Journal / Spring 2007/ Volume 11 No. 2
Clinicians have different approaches to the use of technology in the exam room - iPads, typing into a laptop, or just taking notes then entering data outside of the exam room. When clinicians and patients work together to ensure safe, accurate, and timely record keeping, everyone wins. Certainly, there may be awkwardness when clinicians struggle with new technology and patients perceive a change in attentiveness. However, it is highly likely that as clinicians spend their entire practice lives using EHRs and all patient records are recorded in EHRs, that this awkwardness will disappear. Just as mobile devices have replaced newspapers and magazines as the favored way for adults to access media, the EHR and PHR, as well as the processes needed to use them, will become a standard part of every clinical encounter, supporting rather than detracting from the patient experience.
Monday, November 19, 2012
A Novel Idea for Managing Consent
In 2008, I wrote about representing privacy preferences in an XML form that I called the Consent Assertion Markup language (CAML).
At the November HIT Standards Committee we discussed the draft Meaningful Use Stage 3 Request for Comment (RFC), which includes a measure relating to query for a patient's record. The RFC suggests an exchange of authorization language to be signed by the patient in order to allow retrieval of the requested information. Discussion elicited the suggestion that perhaps patient consent preferences might be included as metadata with the data exchanged so that the patient approved uses of the data - treatment/payment/operations, clinical trials, transmission to a third party - could be respected.
After the meeting, Dixie Baker proposed a simple, scalable and powerful approach to avoiding the necessity of either exchanging authorization language for signature, and the complexities involved in exchanging patient preferences as metadata. Her suggested approach draws from both the CAML idea with the metadata idea, but simplifies privacy-management for both consumers and providers, while offering the kind of scalability needed for the dynamic, collaborative healthcare environment we envision.
Imagine that instead of having to fill out a new privacy-preferences form at each encounter, the consumer could select and manage her preferences with a single entity, and at every other encounter, would need only provide the URI to where her preferences were held. Then, upon receipt of a request for her health information, an EHR would only need to query the privacy-management service at the URI she provided to determine whether the request could be honored. Her preferences would be captured as structured, coded data to enable query, without having to exchange a complete "form" in order to adjudicate an access request. Per the CAML idea, this XML could include queryable preferences about what data the patient consents to exchange with whom and in what circumstances. This set of privacy preferences could be maintained by the patient and would include such concepts as institution-level permission to share data with partner insitituions, permission to send data using a health information exchange organization, and approval to use data for certain types of research.
Instead of sending these preferences with the data itself, the metadata header in Consolidated CDA summary exchange would include a Uniform Resource Identifier (URI) that points to the privacy-management service where the patient's privacy preferences are held.
This simple idea - represent patient's privacy preferences/consents in query-able XML at a specific URI - enables an entirely new approach to health information exchange, while making it easier for consumers to make meaningful choices, and manage them over time.
For example
1. A hospital is "pushed" a patient record from a primary caregiver. The hospital wants to push that data to a specialist. Before any data transfer is done to an outside organization, the URI is retrieved from the metadata and the patient's current consent preferences are applied to the data exchange.
2. An emergency department wants to pull data from multiple data sources to ensure safe, quality, efficient care of an unconscious patient. The URI of service holding the patient's privacy preferences is available from the state HIE, and the data is retrieved from various sources per the patient's preferences.
3. At discharge, the patient's information is to be pushed to the patient and the primary caregiver/referring clinician per meaningful use stage 2 requirements. Before the push happens, the patient's URI is checked for current data exchange preferences.
As we continue to work on a variety of "meaningful consent" approaches and support complex state privacy policy variants, the notion of recording patient privacy preferences in a place that is under the control of the patient and is query-able via a simple XML makes great sense.
I look forward to continued discussion of Dixie's ideas at the next Standards Committee meeting.
At the November HIT Standards Committee we discussed the draft Meaningful Use Stage 3 Request for Comment (RFC), which includes a measure relating to query for a patient's record. The RFC suggests an exchange of authorization language to be signed by the patient in order to allow retrieval of the requested information. Discussion elicited the suggestion that perhaps patient consent preferences might be included as metadata with the data exchanged so that the patient approved uses of the data - treatment/payment/operations, clinical trials, transmission to a third party - could be respected.
After the meeting, Dixie Baker proposed a simple, scalable and powerful approach to avoiding the necessity of either exchanging authorization language for signature, and the complexities involved in exchanging patient preferences as metadata. Her suggested approach draws from both the CAML idea with the metadata idea, but simplifies privacy-management for both consumers and providers, while offering the kind of scalability needed for the dynamic, collaborative healthcare environment we envision.
Imagine that instead of having to fill out a new privacy-preferences form at each encounter, the consumer could select and manage her preferences with a single entity, and at every other encounter, would need only provide the URI to where her preferences were held. Then, upon receipt of a request for her health information, an EHR would only need to query the privacy-management service at the URI she provided to determine whether the request could be honored. Her preferences would be captured as structured, coded data to enable query, without having to exchange a complete "form" in order to adjudicate an access request. Per the CAML idea, this XML could include queryable preferences about what data the patient consents to exchange with whom and in what circumstances. This set of privacy preferences could be maintained by the patient and would include such concepts as institution-level permission to share data with partner insitituions, permission to send data using a health information exchange organization, and approval to use data for certain types of research.
Instead of sending these preferences with the data itself, the metadata header in Consolidated CDA summary exchange would include a Uniform Resource Identifier (URI) that points to the privacy-management service where the patient's privacy preferences are held.
This simple idea - represent patient's privacy preferences/consents in query-able XML at a specific URI - enables an entirely new approach to health information exchange, while making it easier for consumers to make meaningful choices, and manage them over time.
For example
1. A hospital is "pushed" a patient record from a primary caregiver. The hospital wants to push that data to a specialist. Before any data transfer is done to an outside organization, the URI is retrieved from the metadata and the patient's current consent preferences are applied to the data exchange.
2. An emergency department wants to pull data from multiple data sources to ensure safe, quality, efficient care of an unconscious patient. The URI of service holding the patient's privacy preferences is available from the state HIE, and the data is retrieved from various sources per the patient's preferences.
3. At discharge, the patient's information is to be pushed to the patient and the primary caregiver/referring clinician per meaningful use stage 2 requirements. Before the push happens, the patient's URI is checked for current data exchange preferences.
As we continue to work on a variety of "meaningful consent" approaches and support complex state privacy policy variants, the notion of recording patient privacy preferences in a place that is under the control of the patient and is query-able via a simple XML makes great sense.
I look forward to continued discussion of Dixie's ideas at the next Standards Committee meeting.
Friday, November 16, 2012
Cool Technology of the Week
One of the hottest concert pop stars in Japan is an anime hologram with a vocal synthesizer. Meet Hatsune Miku who appears in live concerts, despite the fact that she does not exist.
She's a vocaloid created with software that anyone can use to create realistic rock performances.
Ms. Miku is not alone. She's done duets with fellow vocaloid hologram Megurine Luka.
Wired Magazine described the technology behind the creation of a wholly digital pop star.
Hatsune Miku is a cultural phenomenon in Japan, yet she lives only in the digital world.
That's cool!
Thursday, November 15, 2012
Building Unity Farm - The Community
* What is the zoning?
* How will your neighbors react to wandering guinea fowl or an escaped llama?
* Are there other farms nearby?
For our farm, we chose Sherborn, a very agriculturally friendly town just west of Boston.
The Sherborn town bylaws indicate that no agricultural pursuit can be restricted. Of course, various wetland restrictions and environmental controls apply, but if we wanted to raise ostriches and emus on our 15 acres, we could. Our land was previously a 200 acre farm and our only current neighbors are a 55 acre apple orchard and a 15 acre property used for horse rescue/mini-donkeys. Those neighbors admire and support our livestock.
But what about nearby farms?
This week, we ate foods gathered or purchased from our farm and surrounding farms (photo above).
The western border of our property is the Dowse orchard. At the Dowse Orchard Farm Stand we purchased:
Romaine and red leaf lettuce
Field broccoli
Apples (Mac, Cortland and Empire)
Local seasonal pies
Fresh pressed apple cider
Just over the hill from us is a 1700's dairy farm - the Sunshine Farm.
We purchased:
Field turnips
Field carrots
Field onions
Homemade sweet corn veggie pizza
Just down the street from us is the Sweet Meadow Farm where we purchased sugar pumpkins and grain/hay for our animals.
At our own Unity Farm, we gather 8 eggs per day from our chickens. This season we grew eggplant, garlic, onions, and potatoes in our raised beds. In our kitchen garden we grew parsley, sage, rosemary and thyme. We planted our own apple orchard and will be planting an acre of high bush blueberries in the Spring. We're building a 20 foot x 72 foot hoop house that will enable us to grow year round produce.
Nearby, the Boston Honey Company runs a Honey CSA. Our share this year included fresh combs and local wildflower honey.
If December 21, 2012 really does bring cataclysmic or transformative events, living in Sherborn is good preparation for self sufficiency. From our perspective, it's an ideal farm community.
Wednesday, November 14, 2012
The Next Generation of Entrepreneurs
When I was 13 years old, the Altair 8800 appeared on the cover of Popular Electronics. By 16, I was building enough hardware and software that I achieved the Malcolm Gladwell 10,000 hours of competency by age 18. By 19, I founded a company that produced tax calculation software for the Kaypro, Osborne, and new IBM PC. Every week in the Silicon Valley of the early 1980's brought a new startup into the nascent desktop computer industry.
To me, we're in a similar era - a perfect storm for innovation fueled by several factors. Young entrepreneurs are identifying problems to be rapidly solved by evolving technologies in an economy where existing "old school" businesses are offering few opportunities.
This morning, I lectured to an entire classroom of MIT Sloan school entrepreneurs . Today the Boston Globe published articles about the Harvard Innovation Lab and the Mayor's efforts to connect entrepreneurial students with mentors.
Tonight I'll introduce a Harvard Medical School entrepreneurial team at the Boston TechStars event .
This pace of innovation reminds of that time 30 years ago when Sand Hill Road was just beginning its evolution to the hotbed of venture investing it is today.
Who are these new entrepreneurs and what kind of work are they doing? Tonight I'll be introducing Lissy Hu and Gretchen Fuller.
Lissy Hu is passionate about helping patients find the right care. Her clinical experiences at leading Boston and New York hospitals have shown her first-hand the frustrations her patients and their families face when finding after-care. Lissy previously worked on a Medicare demonstration project involving transitions in care for 3,000 medically-complex patients. She is currently on-leave from the Harvard Medical School and Harvard Business School joint-degree program. Lissy hopes to leverage her clinical and business insights to engage in social entrepreneurship and tackle healthcare’s most challenging problems. Lissy graduated from Columbia University Phi Beta Kappa, Summa Cum Laude, and with Honors in her major.
Gretchen Fuller is committed to improving healthcare quality and communication amongst providers and patients. At Harvard Medical School, she co-directed a student group (Improvehealthcare.org) dedicated to improving medical school education on healthcare policy: this organization was responsible for creating course material that is now part of a mandatory Health Policy course. She spent the last year spearheading three healthcare quality investigations at 5 hospitals in Buenos Aires, Argentina, including projects on problematic patient handoffs, barriers to the use of surgical checklists, and medical school curricula on patient safety. Gretchen graduated Cum Laude in Biology at Harvard University, where she also captained the Division I Field Hockey team.
They will be presenting CarePort, a software startup improving patient transitions from hospitals to post-acute care providers though an easy-to-use online booking engine.
As I know well from my mother's recent hip fracture, many patients require additional care after a hospital stay. The current process of discharging patients to post-hospital care providers is complex, confusing, and cumbersome. Careport connects patients, hospitals, and care facilities directly. Patients and their families, along with hospitals, can search for care facilities that meet their clinical needs and book reservations immediately. Careport also tracks patient care in the hospital and post-acute care settings and communicates critical clinical information back to primary caregivers, thereby ensuring effective care coordination. Careport identifies variables driving medical complications, readmissions, and patient satisfaction.
I am convinced that Meaningful Use Stage 2, with its focus on increased interoperability, and Meaningful Use Stage 3, with its proposed enhancements to patient and family engagement, will accelerate the demand for products like Careport. Modular certification will make it much easier for young entrepreneurs to make their products part of the physician and hospital software set used for attestation.
It's an exciting time to watch the creativity of the next generation fixing healthcare. With Techstars, Rock Health, Healthbox and other incubators/accelerators combined with Datapaloozas and innovation competitions, I'm convinced the breakthroughs we need in healthcare process improvement will be invented by the twenty-somethings and not mid career professionals in established companies.
So immerse yourself in advising and mentoring these people. Tonight, I will be.
To me, we're in a similar era - a perfect storm for innovation fueled by several factors. Young entrepreneurs are identifying problems to be rapidly solved by evolving technologies in an economy where existing "old school" businesses are offering few opportunities.
This morning, I lectured to an entire classroom of MIT Sloan school entrepreneurs . Today the Boston Globe published articles about the Harvard Innovation Lab and the Mayor's efforts to connect entrepreneurial students with mentors.
Tonight I'll introduce a Harvard Medical School entrepreneurial team at the Boston TechStars event .
This pace of innovation reminds of that time 30 years ago when Sand Hill Road was just beginning its evolution to the hotbed of venture investing it is today.
Who are these new entrepreneurs and what kind of work are they doing? Tonight I'll be introducing Lissy Hu and Gretchen Fuller.
Lissy Hu is passionate about helping patients find the right care. Her clinical experiences at leading Boston and New York hospitals have shown her first-hand the frustrations her patients and their families face when finding after-care. Lissy previously worked on a Medicare demonstration project involving transitions in care for 3,000 medically-complex patients. She is currently on-leave from the Harvard Medical School and Harvard Business School joint-degree program. Lissy hopes to leverage her clinical and business insights to engage in social entrepreneurship and tackle healthcare’s most challenging problems. Lissy graduated from Columbia University Phi Beta Kappa, Summa Cum Laude, and with Honors in her major.
Gretchen Fuller is committed to improving healthcare quality and communication amongst providers and patients. At Harvard Medical School, she co-directed a student group (Improvehealthcare.org) dedicated to improving medical school education on healthcare policy: this organization was responsible for creating course material that is now part of a mandatory Health Policy course. She spent the last year spearheading three healthcare quality investigations at 5 hospitals in Buenos Aires, Argentina, including projects on problematic patient handoffs, barriers to the use of surgical checklists, and medical school curricula on patient safety. Gretchen graduated Cum Laude in Biology at Harvard University, where she also captained the Division I Field Hockey team.
They will be presenting CarePort, a software startup improving patient transitions from hospitals to post-acute care providers though an easy-to-use online booking engine.
As I know well from my mother's recent hip fracture, many patients require additional care after a hospital stay. The current process of discharging patients to post-hospital care providers is complex, confusing, and cumbersome. Careport connects patients, hospitals, and care facilities directly. Patients and their families, along with hospitals, can search for care facilities that meet their clinical needs and book reservations immediately. Careport also tracks patient care in the hospital and post-acute care settings and communicates critical clinical information back to primary caregivers, thereby ensuring effective care coordination. Careport identifies variables driving medical complications, readmissions, and patient satisfaction.
I am convinced that Meaningful Use Stage 2, with its focus on increased interoperability, and Meaningful Use Stage 3, with its proposed enhancements to patient and family engagement, will accelerate the demand for products like Careport. Modular certification will make it much easier for young entrepreneurs to make their products part of the physician and hospital software set used for attestation.
It's an exciting time to watch the creativity of the next generation fixing healthcare. With Techstars, Rock Health, Healthbox and other incubators/accelerators combined with Datapaloozas and innovation competitions, I'm convinced the breakthroughs we need in healthcare process improvement will be invented by the twenty-somethings and not mid career professionals in established companies.
So immerse yourself in advising and mentoring these people. Tonight, I will be.
Tuesday, November 13, 2012
The November HIT Standards Committee Meeting
The 42nd meeting of the HIT Standards Committee began with an inspirational introduction from Farzad Mostashari. He told us that the HIT Standards Committee members should keep their "eyes on the prize and feet on the ground". We should be aspirational in reviewing the Meaningful Use Stage 3 criteria, identifying standards recommendations for 2016 which are likely, which are possible with focus, and which are unrealistic. We should not be intimated by all the ideas in the Meaningful Use Stage 3 request for comment, but realize that unless all ideas are considered, we'll regret not thinking broadly about important safety, quality, and efficiency improvements. As the request for comments process progresses, the doable priorities will emerge. The public release of the Stage 3 request for comment will occur later this week, with comments due in January.
Michelle Nelson, ONC Meaningful Use Workgroup Lead, presented the Meaningful Use Stage 3 recommendations, assisted by Doug Fridsma and Jodi Daniel. We reviewed the Stage 3 recommendations line by line, noting that the Policy Committee had included some data exchanges that the Standards Committee suggested were unlikely to occur by 2016. Although most of the Standards Committee advice was incorporated, the Policy Committee felt some goals were so important they were worth pushing. Overall, the Standards Committee commented that the Meaningful Use Stage 3 recommendations need to be grouped into common policy goals, be less workflow prescriptive and more outcomes oriented, take into account the burden of implementation, and focus on a few significant improvements to EHRs that would accelerate several goals. For example, if all EHRs became QueryHealth compliant then clinical trials, quality measures, and population health reporting would all be simplified. As a next step, ONC will reorganize the Stage 3 material into policy clusters and themes for assignment to the Standards Committee for detailed standards recommendations.
Next, Dixie Baker presented a Privacy and Security Workgroup Update regarding security and privacy criteria for modular EHR certification. Their concern is that without security and privacy guidelines, we could end up with a module that weakens protections and data integrity of the enterprise. Dixie suggested several paths forward and the Committee decided that Modular EHRs should be required to demonstrate compliance with the Meaningful Use security criteria by either including features within the module or by making calls (standards-based or non-standards based) to other applications which provide the needed security.
Doug Fridsma provided an update on S&I Framework projects and focused on the Automate Blue Button initiative to support patient "subscription" to their healthcare data or automated requests for delivery of their data.
Kate Goodrich from CMS provided an overview of efforts to "re-boot" Clinical Quality Measures by
*Eliminating abstracting and skip methods that based on paper
*Using new measures that are EHR-based, not old measures that are retooled to work with EHRs
*Reducing complex exclusionary criteria in numerators and denominators
*Consolidating measures across various programs - ACO, PQRS, CMS Core etc.
We then heard three presentations that are part of efforts to simplify future stages of Meaningful Use by providing national infrastructure.
Ivor D'Souza from the National Library of Medicine presented the Value Set Authority Center , which is now open for business. This valuable resource provides downloadable/searchable vocabularies and code sets that support Meaningful Use Stage 2.
Christopher Chute from Mayo Clinic presented Common Terminology Services 2 (CTS2) which provide an easy way to exchange code sets in batch from sources such as the Value Set Authority Center. I've posted previously about CTS2.
Michael Fitzmaurice presented the United States Health Information Knowledgebase. It includes access to Chris Chute's Value Set Authority Center Common Terminology Services application. I've posted previously about USHIK.
Lastly, we heard from Carol Bean about the Meaningful Use Stage 2 Testing and Certification details. We look forward to piloting the scripts before they are placed into production.
An important meeting that set the stage for deliberations on Stage 3. I look forward to simplifying the Stage 3 recommendations into common themes that reduce the burden on implementers.
Michelle Nelson, ONC Meaningful Use Workgroup Lead, presented the Meaningful Use Stage 3 recommendations, assisted by Doug Fridsma and Jodi Daniel. We reviewed the Stage 3 recommendations line by line, noting that the Policy Committee had included some data exchanges that the Standards Committee suggested were unlikely to occur by 2016. Although most of the Standards Committee advice was incorporated, the Policy Committee felt some goals were so important they were worth pushing. Overall, the Standards Committee commented that the Meaningful Use Stage 3 recommendations need to be grouped into common policy goals, be less workflow prescriptive and more outcomes oriented, take into account the burden of implementation, and focus on a few significant improvements to EHRs that would accelerate several goals. For example, if all EHRs became QueryHealth compliant then clinical trials, quality measures, and population health reporting would all be simplified. As a next step, ONC will reorganize the Stage 3 material into policy clusters and themes for assignment to the Standards Committee for detailed standards recommendations.
Next, Dixie Baker presented a Privacy and Security Workgroup Update regarding security and privacy criteria for modular EHR certification. Their concern is that without security and privacy guidelines, we could end up with a module that weakens protections and data integrity of the enterprise. Dixie suggested several paths forward and the Committee decided that Modular EHRs should be required to demonstrate compliance with the Meaningful Use security criteria by either including features within the module or by making calls (standards-based or non-standards based) to other applications which provide the needed security.
Doug Fridsma provided an update on S&I Framework projects and focused on the Automate Blue Button initiative to support patient "subscription" to their healthcare data or automated requests for delivery of their data.
Kate Goodrich from CMS provided an overview of efforts to "re-boot" Clinical Quality Measures by
*Eliminating abstracting and skip methods that based on paper
*Using new measures that are EHR-based, not old measures that are retooled to work with EHRs
*Reducing complex exclusionary criteria in numerators and denominators
*Consolidating measures across various programs - ACO, PQRS, CMS Core etc.
We then heard three presentations that are part of efforts to simplify future stages of Meaningful Use by providing national infrastructure.
Ivor D'Souza from the National Library of Medicine presented the Value Set Authority Center , which is now open for business. This valuable resource provides downloadable/searchable vocabularies and code sets that support Meaningful Use Stage 2.
Christopher Chute from Mayo Clinic presented Common Terminology Services 2 (CTS2) which provide an easy way to exchange code sets in batch from sources such as the Value Set Authority Center. I've posted previously about CTS2.
Michael Fitzmaurice presented the United States Health Information Knowledgebase. It includes access to Chris Chute's Value Set Authority Center Common Terminology Services application. I've posted previously about USHIK.
Lastly, we heard from Carol Bean about the Meaningful Use Stage 2 Testing and Certification details. We look forward to piloting the scripts before they are placed into production.
An important meeting that set the stage for deliberations on Stage 3. I look forward to simplifying the Stage 3 recommendations into common themes that reduce the burden on implementers.
Monday, November 12, 2012
Protect, Protect, Protect. Now Share
Later this week, I'm joining a healthsystemCIO.com webinar about security and health information exchange.
A theme I discuss frequently in my keynotes and lectures is the current regulatory challenge which suggests we should engage patients/families, share data for care coordination in accountable care organizations, and use registries to analyze population health/public health all while keeping the data security and respecting patient privacy preferences. It's a tall order.
As I've posted previously, BIDMC hired Deloitte to perform a security assessment of our policies and technologies. Going through the assessment has given me a great opportunity to review the security standard practices in the healthcare industry and the best practices across all industries.
We've reviewed emerging techniques in Data Loss Prevention (DLP), Governance/Risk/Compliance (GRC) tools, Enterprise audit log analysis tools, Learning Management Systems, and Network Access Control.
BIDMC has implemented or is implementing most of these.
At the same time, we're passionate about healthcare information exchange technologies for provider/provider summaries and patient/provider communications (portals, automated blue button, and state hie connections to patients).
Here are the slides I'll use in the webinar, illustrating that it possible to secure the enterprise and at the same time use Direct-enabled, certificate protected, health information exchange with patients, providers, and payers.
The most secure library in the world would not check out any books - it would be a secure but useless library. We must protect privacy and at the some time share information. It is possible to achieve a balance that does both.
I look forward to the webinar.
A theme I discuss frequently in my keynotes and lectures is the current regulatory challenge which suggests we should engage patients/families, share data for care coordination in accountable care organizations, and use registries to analyze population health/public health all while keeping the data security and respecting patient privacy preferences. It's a tall order.
As I've posted previously, BIDMC hired Deloitte to perform a security assessment of our policies and technologies. Going through the assessment has given me a great opportunity to review the security standard practices in the healthcare industry and the best practices across all industries.
We've reviewed emerging techniques in Data Loss Prevention (DLP), Governance/Risk/Compliance (GRC) tools, Enterprise audit log analysis tools, Learning Management Systems, and Network Access Control.
BIDMC has implemented or is implementing most of these.
At the same time, we're passionate about healthcare information exchange technologies for provider/provider summaries and patient/provider communications (portals, automated blue button, and state hie connections to patients).
Here are the slides I'll use in the webinar, illustrating that it possible to secure the enterprise and at the same time use Direct-enabled, certificate protected, health information exchange with patients, providers, and payers.
The most secure library in the world would not check out any books - it would be a secure but useless library. We must protect privacy and at the some time share information. It is possible to achieve a balance that does both.
I look forward to the webinar.
Subscribe to:
Posts (Atom)
