How about a Chromebox for patient web access?

In the run-up to building our new health center in Anchorage, we had plans to buy and deploy kiosk-style computers in the facility. These would be made available for patients to access a patient portal or our web site. But three things got in the way:

True kiosk hardware that’s hardened against public tampering is very expensive, and we needed other stuff more
We hadn’t yet launched a patient portal, so the value was diminished
Configuring, deploying, managing, and supporting kiosk PCs is a hassle we didn’t want eating up valuable IT staff time

So no kiosk PCs for us. At least not yet. Someday… someday…

But you? Maybe you’re ready to make a few Internet PCs available for the public to use in your facility, but it needs to be safe and low-impact. How about trying out a Chromebox as a great alternative to a locked-down Windows or Linux PC?

Running Chrome OS, the Chromebox (like the Chromebook) is basically a stripped-down custom Linux that runs a Google Chrome browser and a few plugins (like Flash) that makes the web work fine without all the Windows cruft. It also retails for just $330. It auto-updates to the latest Chrome build every so often, staying current both in features and security. If you haven’t used Chrome OS lately, you may not know that it now includes a Guest mode that doesn’t save any information between user sessions. I’ve been a Chromebook user on and off since last summer and I like the OS for a lot of web work.

Why mention all this now? Well, Samsung is releasing a revised Chromebox soon, as reported yesterday: Meet Samsung’s new Chromebox, same as the old Chromebox (Updated).

However, this news comes at a time when Chrome OS devices are largely unavailable. The new ARM-based 11″ Chromebook is sold out as of this writing — and it sold out pretty much at launch back in November. The Chromebox is now only available used through Amazon, and is sold out at Staples, sold out at TigerDirect, sold out everywhere. Google and Samsung have not announced when Chromeboxes will be available again — but you know they’re coming, given the redesign.

Whenever you get your Chromebox going, you’ll need to bring your own monitor, keyboard, and mouse. And you might need a kiosk or desk. Finally you might also want to get a Kensington lock to tie down the Chromebox.

While you’re waiting for Chrome OS device stock to appear, consider a few resources. First up, a review video from mid-2012 when the major revamp of Chromebooks and Chromeboxes came out. Some things have changed then in the OS since this video was shot, but on the whole this is a good intro:

The written review at The Verge is also good.

Meanwhile, there’s yet another alternative if you want an Internet PC for the public without the hassle of rolling your own Windows or Ubuntu box. HP now makes the sexily-named HP Passport 1912nm 18.5-inch Internet Monitor. It’s a custom Linux build that puts users into a browser space with no configuration options. One wonders how serious HP is about this product (although the same could be said about Google, really). But the good news? Just $200 gets you the screen, the OS, keyboard, and mouse all in one box.

If you’re using Chrome OS devices in your healthcare organization, I’d love to hear about it.

Health IT Links: 2012-01-03

Here are my selected links, with commentary, from the Health IT, community health center (CHC), nonprofit, and general IT sectors today. Please pass me any recommendations you’ve got in the comments or hit me up on Twitter: @jmproffitt.

Products

PhoneFactor (Mini-Review at SC Magazine)
Add 2-factor authentication based on phone calls, SMS messages, and OATH to your web apps, Terminal Services, Citrix sessions, and RADIUS-backed VPN sessions on the cheap. Pretty cool. SC Magazine certainly liked it. (Another option would be to deploy an SSL VPN with 2-factor features built-in, but that’s a story for another day.)
Technologies to watch 2013: Windows Server 2012 cannot be ignored
The Windows Server platform continues to march on, with some great additions in the 2012 edition. This article points to more than 9 advances that just might solve some problems for you, including the vastly-improved Hyper-V, and some fascinating storage pooling techniques blended with a faster SMB file transmission implementation. Of course, watch out for application hosting issues — your app vendors may not yet support Server 2012. I don’t know about you, but we’re still eliminating Windows Server 2003 servers.

Security

Microsoft issues temporary fix for zero-day IE vulnerability
You’re not still using Internet Explorer 6, 7, or 8, right? Well, get the fix from Microsoft and start deploying. Better yet, move to IE 9 and get ready for IE 10.

Business of Healthcare

WellPoint to cover virtual doctor visits
More payers are starting to cover telemedicine / telehealth costs. Do you do any telehealth in your clinic today? We don’t do it yet, but there’s a real future here, so I know I’m paying close attention.

Lose a laptop with 441 patients’ records, pay $50,000 and pray for donations

The latest HIPAA breach story out of northern Idaho breaks my heart. It also chills me to the bone. First off, here’s the news:

It’s official: HHS announces first breach settlement on report affecting less than 500
Hospice Gets $50,000 HIPAA Penalty
HHS Press Release: HHS announces first HIPAA breach settlement involving less than 500 patients

I actually worked with a hospice on tech issues in the last couple years, and I can tell you the attitude about security and IT in general was… less than progressive. They had better things to do. Literally. Hospice folks have a really rough job, emotionally and financially, providing a service that’s simply not properly supported by payers, whether private or public. They live on donations and posthumous gifts. They’re the soup kitchen of modern healthcare, providing a vital service that no one really wants to think about.

But pleading a charity case obviously didn’t work on HHS. The hammer continues to fall with increasing speed and strength in matters of ePHI security.

Yet again, this breach is the story of a lost, unencrypted laptop with patient information on board. It’s not clear whether the records were actually accessed or distributed, but that’s obviously irrelevant.

Community Health Centers and other smaller health providers: Pay attention. HHS is now bringing the penalty thunder down to breaches of less than 500 records. And the price is high, at $50K for just 441 records (theoretically) stolen in this case. Of course the HHS write-up points to lack of policies, no risk assessment, no controls over mobile devices, no encryption, and so on. It’s kind of a broken record now.

So consider this your last chance to get your HIPAA policies and procedures drafted and start making regular progress on improving security. The key is to show active interest and ongoing improvements. Do your risk assessment. Build your list of critical improvements. Do them. Keep records of what you’re doing.

This stuff takes staff time and cash money to buy some technology, which is always tough in nonprofit healthcare. So get these stories in front of your CEO right away if you’re not getting the resources you need. Alternatively, put them in front of your CFO — because a big enough breach could threaten the financial viability of the company.

Health IT Links and Notes: 2013-01-02

Here are my favorite news and commentary links from the Health IT, community health center (CHC), nonprofit, and general IT sectors today.

Are we headed toward the over-quantified self?
Answer: No (unless you’re talking about a tiny number of folks that have mental health issues). Basically the article suggests we’re already going too far with monitoring devices everywhere. But folks: Look at adoption and usage rates before going crazy while reading the flurry of product announcements. Let’s focus on making useful and better “quantified self” tools and techniques before starting a moral panic.

Infographic: Why are ACOs Necessary?
I have a love/hate relationship with infographics. Sometimes they entertainingly put together information that you really need. Sometimes it’s just graphics to make 3 points that everyone already knew. But I’m starting to think that I might use infographics to help educate our staff. Print them out really big, post them in common spaces, and at least get people talking and thinking. In this case, there’s a PDF version available. BONUS: If you’re willing to give up your email address, you can sign up for “Eye on Infographics” to get new infographics specific to healthcare every 2 weeks.

The 20 Most Insightful Healthcare Technology Infographics of 2012
While we’re talking infographics… here’s a nice collection of them. Consider printing out some of them (big) and posting them for staff to see and discuss. Be sure to pass around “How Patients Learn in the Digital Age” to everyone.

Fire The Head of Social Media And Make These 10 Wishes Come True
For Community Health Centers, this is a non-issue — we generally don’t have “heads of social media” to fire. But we may have marketing folks that should heed the warnings and advice in this piece, not to mention CEOs. Social Media needs to move out of the marketing office and into the broader company, both in public social media and internal social media. The best of the Top 10 list: “Make blogging a core way for how the company communicates to each other and the world. You will never need a social media director if a lot of people are blogging. People who write are forced to think. That’s a good thing. It’s actually nutritious for the mind.”
[Hat Tip: Linda Lia / @EMRAnswers on Twitter]

Ten stats to show we’re entering the post PC age
Whether it’s Apple’s device or someone else’s, the market has spoken: lots of folks don’t need full-blown Windows laptops to do what they do the most: email, social media, browsing, shopping. This article has tons of links embedded. If you need to make the case to upper management that it’s time to get iPads, this is your go-to resource. The best 3 stats and facts:

Mobile devices make up 13% of global Internet traffic today, up from just 4% in 2010.
Desktop and laptop sales dropped 2.6% in 2012, but tablets were up 50%
More than 50% of all memory chip manufacturing today is for mobile devices, not desktops, servers, or other systems

Oh, and make your company web site work on mobile devices for cryin’ out loud.

Compliance with HIPAA policies to take on greater prominence [this] year
Might as well start out the new year thinking about HIPAA policies and your own procedures, right? I know 2013 will be a big year for me as we really dig deep into new procedures, training, and so forth. Good to be reminded that the regulations are getting tighter and forgiveness of security sins will be harder to come by as we go along.

Health IT Links and Notes: 2012-12-31

Here are my favorite links from the Health IT and general IT sector today. Follow me on Twitter to get most of these links real-time, albeit with less commentary.

OCHIN awarded federal grant to help community health centers with HIT
OCHIN has scored a 3-year $775,000 annual grant to provide services to client clinics dealing with PCMH, MU, EHR implementations and so forth. Good for them. But I wonder whether the client clinics might be better off struggling with some or all of these issues directly. After all, they’ll have to change their cultures to really develop a viable PCMH program, and you can’t buy culture. Furthermore, if you think Health IT changes are going to stop after PCMH and MU, you’re dreaming. Plan to hire IT capacity in-house if you can, because you have got to have internal change and technical capacity.

Vampire data and 3 other cyber security threats for 2013
I’m always a little suspicious of a security services vendor trumpeting all the threats that will destroy your business if you don’t hire someone like them. But in truth the threats are real — it’s just a question of how much risk you’re really facing in your situation. Still, the threats and issues to consider here include:

Watch out for risks posed by data you aren’t aware of or can’t easily monitor or control (what they’re calling “vampire data”), including cloud-hosted stuff or old data stores you’ve forgotten about
If you don’t already have lawyers and others on retainer to help you in a breach situation, you really should because you don’t want to be scrambling to hire them after a breach
You really need to be logging stuff and reviewing the logs, folks (easier said than done)
Hackers are as much about disrupting your business as stealing your data these days
Just start publishing your breaches, even if it doesn’t involve ePHI

Analysis: Microsoft Is Squandering Its Hyper-V Opportunity
Critics love the Hyper-V included with Windows Server 2012. But it’s not taking off because of several strategic mistakes Microsoft has made and continues making. Meanwhile, VMware remains king of virtualization for most businesses.

How to Say ‘Yes’ to BYOD
Saying “no way in hell” to smartphones, tablets and other employee-owned gear in the enterprise strikes me as a bigger risk than saying “yes, but with controls” and this audio panel discusses how you can say yes and feel good about it. About 15 minutes long.

How MiGym plans to quantify the health club workout
Finally. Pretty soon you’ll be able to take your smartphone to the gym and capture workout data from the machines already there, then sling that data into an online PHR (like Microsoft’s almost-forgotten HealthVault). My own thinking is that there’s a future for CHCs in the health club space. I mean what are we doing, disease management or health promotion? Keep an eye on gyms, health data devices (the “quantified self” movement), PHRs, and developments in payer preferences for preventive care with results.

ICYMI: Google’s 2012 year-in-review videos

As a Google Apps administrator and user (I converted our health center to Google Apps early in 2012 and have converted other nonprofits in the past) and an enthusiastic user of many Google services, I appreciate them putting together this pair of year-end videos as just a little memento of what we’re leaving behind in 2012.

The first video is serious, covering major news and cultural events of the last year. Notably absent from the video is any reference to the Newtown massacre, because the video was compiled too early.

The second is hilarious, gathering major YouTube stars to do humorous covers of the two big ear worm musical numbers of 2012: “Gangnam Style” and “Call Me Maybe” with copious references to major videos from the year.

See ya later, 2012.

Tip: Get your CHC data/voice circuits prioritized for repair in a disaster

I got a fantastic tip from Jason Pomaski at the NACHC conference in Las Vegas back in November. He’s the AVP for Technology at Community Healthcare Network in New York, and he and his team survived the onslaught of Superstorm Sandy not long ago.

One of the things that helped them recover rapidly was registering their voice and data circuits with their telco providers as being high-priority circuits for public health. This is a program run by the Department of Homeland Security, as described here:

Telecommunications Service Priority (TSP)

I haven’t done this myself yet, and being from Alaska, this program may not be available to me because my local telcos may not participate. But you can bet I’m going to dig into this in 2013. We have earthquakes, volcanic fallout, high winds, and ice storms in Anchorage and getting our data circuits restored first in a disaster would allow us to get our public health services running again faster.

This can cover both wired and wireless services. Read up and see if you can get your health center registered. And if you have any experience with the program, hit me up with a comment.

Health Care and Healthcare: One gets you well, the other gets paid

It’s good to know I’m not the only one confused over the use of “healthcare” and “health care” when referring to elements in this industry. Lots of articles out there, including these, that shed light on the controversy:

The general consensus seems to be that “healthcare” is suggestive of the entire system, or the industry, and not specific acts of medical service. When the space is added between the words, it’s more personal, more medical, more health-focused.

If we agree on that, then most of the time I’ll be using “healthcare” in my writing, since I’m usually thinking and working at a systemic level — I’m not a provider. So for me…

I’m a “health care” consumer when I see a doctor.
I’m at the mercy of “healthcare” when I deal with my insurance company.
I’m a “healthcare” practitioner by way of technology, and hopefully my colleagues can provide better “health care” when I’ve done my job well.

Or put simply: health care gets you well, but healthcare gets paid.

Bonus Points: HIPAA
Seeing HIPAA written incorrectly is a particular pet peeve of mine, so I loved this quote from Bob Coffield at the Health Care Law Blog:

As for HIPAA — I always use whether someone spells it correctly to judge how knowledgeable they are about the subject.

Get ready for 2013. It’s time for some changes.

When I left public media I kept up this blog for a while, but naturally it’s fallen out of favor when competing for my time and attention. I’ve since moved back into the IT world, worked almost exclusively with nonprofits, and now I’m working in healthcare IT within a nonprofit. For me, this has been a great move — I like technology, I like working with nonprofits, and healthcare is a fast-moving industry. Put it all together and it keeps me busy.

But I’ve missed blogging. Even my Twitter habit has fallen by the wayside in the last couple years, especially as I worked on a massive project throughout 2012: opening a new healthcare facility with an built-from-scratch IT infrastructure.

The new facility work is wrapping up now, and while there’s always plenty to do at the office, I figure I’ve got some insights I’d like to share, and I’d like to engage in some conversations with folks out there that do the same kind of work I do every day.

So I’m coming back to blogging. It just won’t be about public media.

I thought about leaving gravitymedium.com behind and getting a new domain. Hell, I actually bought a few domain names and even set a couple up. I created new Twitter accounts, even a unique Google+ account and a Google Apps domain. But I kept coming back to my first domain, where I’ve put in so much work over the years, and I just can’t give it up. So I’m not.

Gravity Medium will remain my blogging home online, but since my focus is shifting, so will the blog. New topics will include healthcare and small business IT, nonprofit and technology management, consumerization of tech, data security, privacy, and so on — all the things I’m busy with professionally and want to share. And naturally, I’m hoping some of the folks out there doing the same work I’m doing will be interested in sharing their comments and ideas, too.

So here we go. The new year is upon us. And I’m taking this blog supernova.

On seeking trust in public media

Public media consultant Michael Marcotte posted about some of his recent work on ethics guidelines for public media employees and I was moved to comment. I started commenting directly on his blog, but realized — after 700 words — that I should really post this on my site and link over to it. No need to gunk up his comments.

Be sure to check out the source post — Ethics Guidelines for Public Media Employees — and related documents first. Got it? Then here are my comments.

I’m glad someone is thinking about this in the public media world, but I’m disappointed that traditional journalists got their hands so deeply into this document.

We don’t need a replication of existing “view from nowhere” positioning in journalism. We need fairness and disclosure, yes, but objectivity is not increasing public trust. NPR maintained traditional objectivity right through the right-wing attacks of the last few years and it neither illuminated those situation nor generated more trust in any corner. Objectivity-worship sucked the teachable moment right out of those manufactured controversies.

I could go on for a long time about the perils of objectivity, but Jay Rosen has that waterfront covered, so just read his stuff. Instead, I’ll focus on the real flaw I see at the heart of this document.

It’s related to the objectivity thing, but it’s much simpler. It’s right there in the Principles at the top of the list: “Seek public trust“. Three simple words.

Trust is good. We all want that. We need it. It makes the mission of public media organizations easier and more supportable. Trust is an unvarnished good.
Public is a pretty good word. I think we’ve lost touch with that word through its overuse; we don’t know what it means anymore. Does “public” mean upper-middle-class college whites? It certainly seems that way in public media. But let’s leave that old argument aside and assume the best around the word “public.”
Here’s the problem: “Seek“. You’re telling people to seek public trust. You’re advising that people angle for it, grasp for it, hope for it. By choosing the word “seek” you’re admitting that public media organizations must position themselves, marketing-style, as being trustworthy. They don’t have to BE trustworthy, they just have to seek the perception of trustworthiness. (It’s time to post more “PBS is #1 in public trust” press releases!)

When it comes to social media and real life — and I would argue when it comes to news — you either are trustworthy or you are not. You earn trust. You have trust. You can lose trust. But you don’t seek it. You don’t plan for it. “Seeking” to me sounds like someone who’s trying too hard to be my friend. It feels contrived. And contrivances are not trustworthy.

Those three words — “Seek public trust” — flow from a major problem public media organizations (and newspapers) face today: a collection of older executives that are working to protect an anachronistic empire, managers who’ve inherited a system that has a lot of trust built up from 30+ years of valuable public service, most of which was built before their time. They’re seeking public trust because they’re trying to preserve their own income and status.

Early public media leaders didn’t seek public trust. They just did trustworthy things. They were trustworthy people. Trust adhered to them over time based on the things they did. It wasn’t the color of their logos, it was the content of their characters that made a difference. Do you think Fred Rogers sought public trust? He schemed for it?

To take an unrelated example, look at Apple. Apple has tremendous levels of trust built up with millions of customers. They have a brand with worldwide respect. They’re the best at customer service. They have unparalleled product quality, design, and ease of use. People love Apple. Dis Apple “seek public trust” to get where they are? Did they market their trustworthiness? Or do they instead earn their trust with each well-executed product, each simple service, each box opening? Go look at the last 10 years of Steve Jobs’ presentations. Did he ever talk about trust? No. But he and the company earned it billions of times over.

In the case of social media, public media organizations should ask their employees to be trustworthy, be nice, deal in truth, share the spotlight, and promote — at least some of the time — a better world.

The long list of ethics rules should really be shortened to look like this:

Be trustworthy (e.g. think before you post, respect privacy, practice transparency, strive for accuracy and truthfulness, use your “real” voice, be nice, share)
Either maintain a healthy congruency between personal and professional behavior or at least recognize that your capacity for maintaining separate personal and private lives is inversely proportional to how public your professional position is
Keep in mind your public associations, even fleeting ones, may affect whether others are willing to trust you, so associate carefully for positive and negative returns

And that’s it.

The extra rules in the proposed document are designed for managers of an earlier era. I understand why they’re there. They’re all part of “seeking public trust” through manufactured objectivity and too-earnest striving for legitimacy. Which is a losing game in the long run.

Public media actors should be trustworthy, and let the rest take care of itself.

Share:

Products

Security

Business of Healthcare

Share:

Share:

Share:

Share:

Share:

Share:

Share:

Share:

Share: