I just returned from the College of Healthcare Information Management Executives (CHIME)  Lead Forum held in Atlanta Georgia. This cyber security summit engaged leading healthcare chief investment officers in discussions related to cyber security. The form was followed by a two day conference sponsored by Institute for health technology transformation (IHT2).

During the CHIME cyber security Forum, I was able to discuss challenges common to the entire healthcare industry as well as evolving approaches to identifying cyber espionage and healthcare data mining attack fingerprints and security approaches. In summary, the traditional approach of perimeter protection was uniformly discussed as being ineffective for the more sophisticated cyber threats. Over one half of network encroachments have their etiology in internal human related security breaches. These could involve phishing emails where a staff is enticed to click on a infected email or content providing a initial pathway into a network. In other cases spear fishing targets specific executives and may utilize spoofing emails to trick internal users into giving up credentials for inadvertently providing access to secure network.

What is most interesting approaches was utilizing LinkedIn listing of company personnel. A hacker might then approach a junior level of the company using a spoofing email that appears to come from a superior in the same organization containing attached content containing executable application. When the unexpected junior staff click on the picture or Excel file containing executable code, hacker has a entrance into the enterprise. A typical course of events in a staged cyber attack were reviewed and with similar to the information presented by the Federal Bureau of investigation agents during a recent cyber security forum held in Dallas in November. One presenter commented that there are two categories of healthcare entities: 1. those that have discovered an ePHI breech and compromise of the enterprise; and 2. all the rest that have not yet discovered that they have already been breached.

Our organizations are actively engaged in HITRUST certification and I have been attending security conferences and I am pursuing Chief Information Security Officer training to enhance my understanding. It is sobering to hear how healthcare infrastructure is so vulnerable that we are considered very soft targets by cyber criminals.

During the next two days, I sat with healthcare innovators discussing future for US healthcare. These were an amazing group of payors, providers and vendors. Among the hottest topics were population health and how analytic tools could be used to mine important data form large population data sets. Most seemed to agree that one challenge was that EHR data acquisition models frequently did prompt for asking the questions that would gather the data requisite for answering important questions. We discussed how SMART applications leveraging the new HL7 FHIR (Fast Healthcare Interoperability Resources) could be leveraged to ask additional context specific questions that are not supported by the one-size-fits-all approach of most EHR/EMR data entry modules. Their was excitement of attendees for the future of healthcare and promises of more innovative interoperability methods. Most felt that more business alignment was required between EHR vendors and the business interests of medical providers.

Tomorrow I am headed to Orlando for the Institute for Healthcare Improvement Conference (IHI). I hope to learn more from healthcare innovators and I will update the Meaningful Collaboration BLOG from Orlando.

During CHIME Security Forum, fellow CHCIOs critically evaluated healthcare security risks and compared notes.

Meaningful Collaboration(SM) is a healthcare provider centric approach to information sharing. A proxy collaboration platform is utilized to bypass these information blocking practices.

Meaningful Collaboration emphasizes collaboration between medical provides to reduce duplication of efforts and increase synergies from collaboration.

As a Doc who has passions for both healthcare and innovative technology, I had high hopes for the HealthIT Act after decades of manual processes. I envisioned caregivers/providers with the ability collaborate far beyond our immediate circles, and be able to leverage data into not only enabling earlier disease identification and perhaps cures – but also the ability to get a 360 on both the disease or any health trend – but also be able to leverage health expertise nationally, and globally.

Unfortunately, despite all our efforts, with providers investing and billions of tax dollars spent…we missed the mark. Though Electronic Medical Records (EMR) systems were primarily designed as data repositories of independent recording of transactional patient encounters or diagnostic testing, the EMR systems are generally designed by and for the benefit of the EMR company and in response to both regulatory proprietary business interests.  The meaningful benefits were to actually be received by patients. EMRs are simply not “playing nice”….at the expense of our industry.

I read this article of which resonated with me, reflecting my views:

Implementing clinical information systems at healthcare organizations can be a jarring experience. And when those systems conflict with long-used work processes for accomplishing clinical tasks, it s more than annoying. It can make an IT project a long, uphill slog.

Source: July Feature: EHRs Going Against the Flow | HDM Top Stories

The Meaningful Use incentification program dramatically increased utilization program dramatically increased the number of medical providers using EMR systems in the past few years although the criteria achieving and documenting Meaningful Use of electronic medical records emphasizes recording public health information information of interest to the finding Federal government but not the information generally required by most healthcare providers. As a result the EMR companies have developed methods to adapt to the MU regulations rather than to the evolving clinical needs of medical providers.

A second issue has been the relative scarcity of Clinical Informatists or MDs with training and experience in the design and operations of EMR systems. The 10×10 program and the ABMPM Board Certification in Clinical Informatics has engaged myself any other physicians in designing more clinically oriented solutions emphasizing meaningful collaboration between all healthcare stakeholders including, patients, providers, payors and regulators.

Until the obstacles to data interoperability is achieved, there is a need for independent Collaboration Platforms that facilitate interactive sharing of information and shared vision of treatment plans and health maintenance plans by all stakeholders within disparate health information systems. Patients do not select their doctors by EMR system and medical providers in different EMR systems cannot collaborate about their mutual patients.

There is a pressing need for a collaboration method that places the needs of the patient first. There are health IT methods that could facilitate collaboration between medical providers is disparate EMR systems. It is time to leverage HIT to facilitate Meaningful Collaboration(TM) or interactive medical consultation and exchange rather than large data dumps utilizing CCD  files (Continuity of Care Documents).

In upcoming BLOG posts, I will discuss how a healthcare collaboration platform could enhance interoperability.

Healthcare information technology (HIT) collaboration platform could break through the current EMR information silos and facilitate Meaningful Collaboration between healthcare providers.

Meaningful Collaboration(SM) is a healthcare provider centric approach to information sharing. A proxy collaboration platform is utilized to bypass these information blocking practices.