Health IT for Health Centers: 2013-01-07

Here are my latest recommended links and comments on news items from the Health IT, community health center (CHC), nonprofit, and general IT sectors. I’d be delighted to hear your comments here, or chat me up on Twitter (@jmproffitt) and Google+.


Today in free-reports-you-might-like we have a new one from a group of major security and IT players at major multinational corporations. And though that may sound dull, the report itself: Information Security Shakeup: Disruptive Innovations to Test Security’s Mettle in 2013 (PDF) is well put together and clear enough even for your CEO (sorry CEOs!). The big trends that will affect security planning this year: cloud computing, social media, so-called “big data,” and — of course — mobile devices. Mitigation techniques are proposed for the growing risks, of course. A nice report, really.

When you’re done with the pretty report, here’s some conceptual thinking for you: Compliance strategies can be the enemy of security strategies. Why? “The downside of compliance initiatives is that achieving a minimum may not result in any real change in the security posture…” Of course, compliance with HIPAA security and privacy provisions does help with security, but there are problems with a HIPAA-compliance-only approach. Namely, advancements in the regulations can’t possibly keep up with security (or risk) developments, and if all you do is comply, you won’t be positioning yourself for real-world security. Sounds like a head-scratcher at first, but it’s definitely not. Aim for security, not compliance.


Healthcare Informatics has a nice profile of La Clinica de la Raza’s new CIO, Tina Buop. She started last May and since arriving she’s been dealing with classic Community Health Center (CHC) issues: data collection and reporting, an EHR deployment, and handling IT services across a sprawling 30-site, 1,200-employee organization.

Meanwhile, I gotta give a virtual high five to Dr. Lyle Berkowitz. He’s effectively addressed the “crisis” of too-few primary care providers with an intelligent crystal-ball look at what healthcare may look like in 2025:

Dashboards provide real-time analysis of the status of his panel of 5,000 patients. Patients in the Green Zone will be managed mainly by computerized systems which check on patients virtually to provide positive feedback and ensure they stay on track. Meanwhile, patients in the Yellow Zone will be visited by the physician’s care team at home or work, or perhaps have a virtual conference with the physician to answer their questions. Finally, those patients in the Red Zone will be seen in the office or home for longer sessions with the physician and his or her care team to help determine what is going on and how to get it under control.

And the title of his piece? “We Don’t Have a Shortage of PCPs, We Have a Shortage of Using Them Efficiently”. Yep. Nailed it.


Email is like Democracy: it’s the worst… except for every other system out there. But that may be changing, as companies discover and deploy new collaboration platforms. SharePoint got things started, but other platforms — especially simpler and more social platforms — are gaining traction, like Socialcast, Confluence, Yammer, Podio, SocialText, Chatter, and more. But here’s an idea: delete your email lists and force employees to use the new platform. Find out what one company learned when they went nuclear on email lists in a company of 17,000.


Clinicians and pharmacists in your health center might appreciate this list of 6 mobile apps and resources for information on drugs, diseases and more. Keep in mind you can always deploy iPod touch devices if you don’t want to deploy smartphones.

EHR Technology

Tell us how you really feel, competing software vendor! “I don’t believe healthcare can afford Epic and Cerner, and I doubt you do either.” Those of us in the Community Health Center (CHC) world will never buy Epic or Cerner, for the price tag alone, not to mention they’re really built for hospitals. Still, this guy, hawking an open source solution has a point. Though he only cites one example in detail, it’s a good one: $9 million to deploy OpenVista versus $92 million to deploy Epic in facilities of similar size. Go with the open source solution and then take everyone to Hawaii to celebrate!

Now think back to 2009 and the federal cash that burst onto the scene to help pay for increased digitization of health. Mmmmm… cash! Now imagine where we’d be today without that money and the pushes of the HITECH program and ARRA. This piece over at Healthcare IT News argues we’re a lot further along today than we’d otherwise be with EHRs and other tech. I tend to agree. Healthcare organizations are nothing if not slow to change.

Finally, get ready to move mental health records right into your EHR, or at least link them and make them available to your EHR users. The stigma of mental health care is fading, and the advantages of primary care and hospital care physicians having access to both the “medical” record and the “mental” record at once are substantial. With more and more CHCs covering mental health services alongside medical, we may very well be on the cutting edge here. Who knew?

Telemedicine / Telehealth

Everyone’s getting the telehealth bug, so be prepared to support it in your health center. Even the feds are willing to start spending on remote doctor visits, or at least new legislation was introduced in Congress just after the fiscal cliff mess was (sort of) cleaned up. And of course private payers are covering more of this kind of care, too. Aren’t sure how telemedicine licensing works in your state? Check out where the states stand as of December 2012.

Health IT Links: 2012-01-03

Here are my selected links, with commentary, from the Health IT, community health center (CHC), nonprofit, and general IT sectors today. Please pass me any recommendations you’ve got in the comments or hit me up on Twitter: @jmproffitt.


  • PhoneFactor (Mini-Review at SC Magazine)
    Add 2-factor authentication based on phone calls, SMS messages, and OATH to your web apps, Terminal Services, Citrix sessions, and RADIUS-backed VPN sessions on the cheap. Pretty cool. SC Magazine certainly liked it. (Another option would be to deploy an SSL VPN with 2-factor features built-in, but that’s a story for another day.)
  • Technologies to watch 2013: Windows Server 2012 cannot be ignored
    The Windows Server platform continues to march on, with some great additions in the 2012 edition. This article points to more than 9 advances that just might solve some problems for you, including the vastly-improved Hyper-V, and some fascinating storage pooling techniques blended with a faster SMB file transmission implementation. Of course, watch out for application hosting issues — your app vendors may not yet support Server 2012. I don’t know about you, but we’re still eliminating Windows Server 2003 servers.


Business of Healthcare

  • WellPoint to cover virtual doctor visits
    More payers are starting to cover telemedicine / telehealth costs. Do you do any telehealth in your clinic today? We don’t do it yet, but there’s a real future here, so I know I’m paying close attention.

Health IT Links and Notes: 2013-01-02

Here are my favorite news and commentary links from the Health IT, community health center (CHC), nonprofit, and general IT sectors today.

Are we headed toward the over-quantified self?
Answer: No (unless you’re talking about a tiny number of folks that have mental health issues). Basically the article suggests we’re already going too far with monitoring devices everywhere. But folks: Look at adoption and usage rates before going crazy while reading the flurry of product announcements. Let’s focus on making useful and better “quantified self” tools and techniques before starting a moral panic.

Infographic: Why are ACOs Necessary?
I have a love/hate relationship with infographics. Sometimes they entertainingly put together information that you really need. Sometimes it’s just graphics to make 3 points that everyone already knew. But I’m starting to think that I might use infographics to help educate our staff. Print them out really big, post them in common spaces, and at least get people talking and thinking. In this case, there’s a PDF version available. BONUS: If you’re willing to give up your email address, you can sign up for “Eye on Infographics” to get new infographics specific to healthcare every 2 weeks.

The 20 Most Insightful Healthcare Technology Infographics of 2012
While we’re talking infographics… here’s a nice collection of them. Consider printing out some of them (big) and posting them for staff to see and discuss. Be sure to pass around “How Patients Learn in the Digital Age” to everyone.

Fire The Head of Social Media And Make These 10 Wishes Come True
For Community Health Centers, this is a non-issue — we generally don’t have “heads of social media” to fire. But we may have marketing folks that should heed the warnings and advice in this piece, not to mention CEOs. Social Media needs to move out of the marketing office and into the broader company, both in public social media and internal social media. The best of the Top 10 list: “Make blogging a core way for how the company communicates to each other and the world. You will never need a social media director if a lot of people are blogging. People who write are forced to think. That’s a good thing. It’s actually nutritious for the mind.”
[Hat Tip: Linda Lia / @EMRAnswers on Twitter]

Ten stats to show we’re entering the post PC age
Whether it’s Apple’s device or someone else’s, the market has spoken: lots of folks don’t need full-blown Windows laptops to do what they do the most: email, social media, browsing, shopping. This article has tons of links embedded. If you need to make the case to upper management that it’s time to get iPads, this is your go-to resource. The best 3 stats and facts:

  • Mobile devices make up 13% of global Internet traffic today, up from just 4% in 2010.
  • Desktop and laptop sales dropped 2.6% in 2012, but tablets were up 50%
  • More than 50% of all memory chip manufacturing today is for mobile devices, not desktops, servers, or other systems

Oh, and make your company web site work on mobile devices for cryin’ out loud.

Compliance with HIPAA policies to take on greater prominence [this] year
Might as well start out the new year thinking about HIPAA policies and your own procedures, right? I know 2013 will be a big year for me as we really dig deep into new procedures, training, and so forth. Good to be reminded that the regulations are getting tighter and forgiveness of security sins will be harder to come by as we go along.

Health IT Links and Notes: 2012-12-31

Here are my favorite links from the Health IT and general IT sector today. Follow me on Twitter to get most of these links real-time, albeit with less commentary.

OCHIN awarded federal grant to help community health centers with HIT
OCHIN has scored a 3-year $775,000 annual grant to provide services to client clinics dealing with PCMH, MU, EHR implementations and so forth. Good for them. But I wonder whether the client clinics might be better off struggling with some or all of these issues directly. After all, they’ll have to change their cultures to really develop a viable PCMH program, and you can’t buy culture. Furthermore, if you think Health IT changes are going to stop after PCMH and MU, you’re dreaming. Plan to hire IT capacity in-house if you can, because you have got to have internal change and technical capacity.

Vampire data and 3 other cyber security threats for 2013
I’m always a little suspicious of a security services vendor trumpeting all the threats that will destroy your business if you don’t hire someone like them. But in truth the threats are real — it’s just a question of how much risk you’re really facing in your situation. Still, the threats and issues to consider here include:

  • Watch out for risks posed by data you aren’t aware of or can’t easily monitor or control (what they’re calling “vampire data”), including cloud-hosted stuff or old data stores you’ve forgotten about
  • If you don’t already have lawyers and others on retainer to help you in a breach situation, you really should because you don’t want to be scrambling to hire them after a breach
  • You really need to be logging stuff and reviewing the logs, folks (easier said than done)
  • Hackers are as much about disrupting your business as stealing your data these days
  • Just start publishing your breaches, even if it doesn’t involve ePHI

Analysis: Microsoft Is Squandering Its Hyper-V Opportunity
Critics love the Hyper-V included with Windows Server 2012. But it’s not taking off because of several strategic mistakes Microsoft has made and continues making. Meanwhile, VMware remains king of virtualization for most businesses.

How to Say ‘Yes’ to BYOD
Saying “no way in hell” to smartphones, tablets and other employee-owned gear in the enterprise strikes me as a bigger risk than saying “yes, but with controls” and this audio panel discusses how you can say yes and feel good about it. About 15 minutes long.

How MiGym plans to quantify the health club workout
Finally. Pretty soon you’ll be able to take your smartphone to the gym and capture workout data from the machines already there, then sling that data into an online PHR (like Microsoft’s almost-forgotten HealthVault). My own thinking is that there’s a future for CHCs in the health club space. I mean what are we doing, disease management or health promotion? Keep an eye on gyms, health data devices (the “quantified self” movement), PHRs, and developments in payer preferences for preventive care with results.