Translate

Saturday, September 20, 2014

EHR AT WORK...P O Day 96

We went today to get our flu shots. It still seems strange to me that we can't get a flu shot, a pneumonia shot, or the shingles vaccine from our doctor. Instead , a pharmacist or could be a pharmacy helper, joins us at the end of aisle ten by the bandaids, adhesive tape and first aid ointment while a mother and little girl look for sunscreen nearby.

I thought it was okay when the Visiting Nurses set up a card table and we stood in a line that snaked down the candy aisle and around the magazine racks. . I guess having to wait made it seem more like the doctor's office. Now, if you time it right, you're the only one in the queue. Good thing, because the data entry takes forever! The young man who collected our cards and info seemed competent and a fast typist. (Do we still call it typing?) But it must have taken fifteen minutes per each of us to finally announce someone would be out in a moment.

Where is all that data going? Well, it is going into our Electronic Health Record. Our primary care doctor now knows we've had our flu shot this year. There is no sneaking around anymore. I would say this new system has solved the problem of people who would go to different doctors to get additional prescriptions for controlled substances. That's definitely a good thing. But I'm not sure the dermatologist who does your mole screening needs to know your birth control method. How is the information shared? Perhaps, too widely...

  From an article by Mariann McGee for Healthcare Info Security on August 6, 2014:

According to a just issued statement by the Office of the Inspector General of the Dept of Health and Human Services says the Office of the National Coordinator for Health IT's initial oversight of electronic health record testing and certification bodies did not fully ensure that patient data within EHRs is protected. At a minimum, certified EHRs must meet security requirements related to seven information technology areas: access control, emergency access, automatic log-off, audit log, integrity, authentication and general encryption.

Inaccurate testing and certification of EHRs could potentially leave healthcare providers vulnerable to security risks, the OIG says. "Certification assures healthcare providers that the EHR has the capabilities needed, including appropriate record security and protection, for providers to participate in the [HITECH] programs. If insecure systems have been certified, providers and patients may have a false sense of security and assurance."


Brian Evans, a senior managing consultant at IBM Security Services, says hospitals and physicians can take precautions if the OIG report makes them question whether the certified EHRs they've implemented are adequately protecting patient data.
"Healthcare entities are expected to already have conducted a risk analysis on their EHR and should be remediating issues identified through the process," he notes. Some examples of what they might identify include generic user accounts, inadequate audit logging and monitoring, outdated disaster recovery plans and a lack of encryption, he says.
I don't think doctors and hospitals are going to have time to see patients. They are going to be too busy monitoring their electronic health records systems!


Archive timeline: 2014: May and June - preparing for surgery, July - surgery and post op problems, August - recovery and physical therapy, September..




No comments:

Post a Comment