Submit your article of up to 500 words in length, subject to editing for clarity and brevity (please note: I run only original articles that have not appeared on any Web site or in any publication and I can’t use anything that looks like a commercial pitch). I’ll use a phony name for you unless you tell me otherwise. Thanks for sharing!

Walter Reed Medical Center to be Decommissioned this Week
By Orlando Portale

As part of the Base Realignment and Closure announcement on May 13, 2005, the Department of Defense proposed replacing Walter Reed Medical Center with a new Walter Reed National Military Medical Center (WRNMMC). The new center would be on the grounds of the National Naval Medical Center in Bethesda, Maryland, seven miles from its current location in Washington, DC. The proposal was part of a program to transform medical facilities into joint facilities, with staff including Army, Navy, and Air Force medical personnel.

At the same time, my own organization was in the design phase of our $1B “hospital of the future,” which is scheduled for a 2012 opening (our construction webcam is here.)

In the fall of 2007, I was asked by Congress and the Department of Defense to participate in an independent review of the design plans for the Walter Reed Replacement Project. My role was to identify potential technology and design shortcomings in the Walter Reed replacement facilities.

In May of 2008, our committee submitted a report, noting design and operational deficiencies, but nonetheless advising that the project proceed on schedule.

On Wednesday July 27, the Walter Reed Army Medical Center is closing its doors after more than a century. Hundreds of thousands have received treatment at Walter Reed, spanning World War I, World War II, Vietnam, and the Iraq and Afghanistan conflicts. The move to the new facilities is scheduled for the weekends of August 12 and August 19.

In case you have not been to the old Walter Reed Campus, there are many important pieces of history there. The original red brick hospital was named to honor Major Walter Reed, an Army physician who treated troops and American Indians on the frontier. Dr. Reed had numerous medical achievements, but his most important work involved research that proved yellow fever was spread by the mosquito. He died in 1902 at the age 51 of complications related to appendicitis.

There is a memorial chapel on campus where President Harry S Truman visited after taking office. General Pershing had his own suite on campus for many years. Vice President Richard Nixon was treated for a staph infection over a few days, and received an unexpected visitor one day, then-Senator Lyndon B. Johnson. President Calvin Coolidge’s teenage son died in the hospital from an infected blister he received while playing tennis at the White House. President Dwight Eisenhower and Generals John Pershing and Douglas MacArthur died at Walter Reed.

In 1977, a new addition to Walter Reed was dedicated. The new hospital was as tall as a 10-story building. There were 5,500 rooms covering some 28 acres of floor space. The distance around the top three floors stretched the length of six football fields.

As you can see, the new Walter Reed National Military Medical Center is a beautiful facility. My hope is that it brings comfort and healing to those who have put their lives on the line for this country for us every day.

While our report identified a number of shortcomings with the design plans for the Walter Reed replacement facilities, many of these have been addressed. In fact, recently the new hospital was granted LEED Gold certification, which was an area addressed in our report. Very few hospitals in the US have achieved this status.

More important than the design of the new facility, however, are the extraordinary and dedicated people there who care for our wounded warriors every day. Congratulations to the great team at Walter Reed for all of their hard work and continued dedication.

Orlando Portale is chief innovation officer at Palomar Pomerado Health, San Diego, CA.

Over the past year, we’ve been helping a hospital in New Orleans augment their data center operations to avoid a disaster when the next major hurricane grows out the Gulf of Mexico. Doing this work in the midst of other recent natural disasters across the Midwest and South has helped to reinforce my thoughts about the importance of detailed and actionable plans for disaster recovery and business continuity.

When catastrophic events occur, the concept of business continuity (BC) is really focused on continuity of patient care. This is the ability to continue to attend to those in immediate need and also assist patients who rely on their caregivers on a regular basis.

You would be amazed to know about the number of healthcare organizations with EMRs that have minimal disaster recovery (DR) and care continuity plans. Some hospitals do well in this regard; however, many others have inadequate DR plans that are infrequently revised or tested. Manual care processes for long-term systems outage also suffer from lack of definition or practice. When an organization without good plans faces a major disaster, they quickly learn about their planning deficiencies at the worst possible time.

St. John’s Regional Medical Center in Joplin, Missouri was damaged so badly by an EF-5 tornado on May 22, 2011 that all patients had to be evacuated to other hospitals in the area. When a catastrophic event occurs, the provision of care for patients can be easier and many adverse event risks avoided if some portion of the medical record is available. Recent procedures, conditions, medications, orders, lab results, and radiology reports are extremely helpful in care continuity.

Hospitals can prepare for many types of disasters. We have advance warning for hurricanes, tornadoes, and even floods. Of course, some of the less-frequent disasters such as earthquakes and fire are not preannounced. With knowledge of an impending disaster, the hospitals with an EMR can have a process for the IT department to take steps to assure that current pertinent patient information is available.

Simply printing information at each nurse station in the hospital for the admitted patients is not sufficient. The hard copy reports can be misplaced or damaged. Writing these reports to an encrypted file on a CD, DVD, and even a USB flash drive (a.k.a. memory stick or thumb drive) will assure that important patient data is immediately available after the disaster causing event has passed. When the risk of a disaster is high, write the reports to the disks and flash drive, and along with a laptop PC and spare laptop battery, seal them in a waterproof bag and lock them in a fireproof safe that is anchored to the floor, typically in the data center. If practical and time permitting, prepare a second flash drive with another copy of the data delivered to a key person as identified by the DR/BC plan.

These few simple steps can help you to continue delivering appropriate care for your patients and potentially even save lives in the aftermath of a major disaster.

Jeff White is a principal at Aspen Advisors of Pittsburgh, PA.

 View/Print Text Only

Last week, Inga mentioned that the results of the annual EHR User Satisfaction Survey have been published by the American Academy of Family Physicians. Unfortunately, AAFP has this content on a restricted members-only site, so I had to bribe my favorite cross-town family doc for a copy.

I don’t want the copyright police to come after my friend, so I won’t share the full article, but I’ll summarize some key thoughts here. It also gives me a chance to hone my “speech” because I’m sure I’ll have colleagues waving it in my face (just like they did the last time the survey was conducted) and wanting to talk about how “our” system did. Some key thoughts:

There were “far more” responses than previous surveys. However, I found the reasons for excluding some respondents pretty funny. They included:

• Not using an EHR
• Not naming the system they used
• Naming a practice management system rather than an HER
• Naming a “home-grown proprietary system or… something that we could not verify as an EHR”

There were 2,719 usable responses covering 205 systems. Only 30 systems had 13 or more respondents. Those that had over 100 respondents included:

• EpicCare Ambulatory – 392
• NextGen Ambulatory – 247
• eClinical Works – 244
• Centricity EMR – 209
• Allscripts Enterprise – 180
• Practice Partner – 123
• e-MDs – 120
• Allscripts Professional – 106

There was a broad distribution of practice sizes.

Detailed information on version and implemented features was not presented. Nearly half of respondents “apparently did not know their product’s version number.” My spidey senses always tingle when small practice users have issues with their EHR. I’ve worked with docs who are using versions that are up to three years outdated and are surprised at how well the “current” version works once it’s applied.

The version paradox isn’t unique to small practices, though. For example, how many different flavors of Epic are there depending on how it was implemented? One of my buddies complained that it was ridiculous that Epic doesn’t have e-prescribing. Turns out her organization hadn’t included it in the initial physician training for some unfathomable reason.

Duration of use of the system ranged from “weeks” to “20 years,” with the majority being up to three years and another chunk being in the three to 10 years category. I think time on the system might be a useful exclusion criteria for future surveys. From experience, even with the best implementation, it still takes some practices a minimum of six to eight weeks for users to settle in and for workflow to stabilize if not longer depending on the commitment of the users and the willingness (or resistance) to change.

Fourteen percent of respondents have switched systems at least once due to dissatisfaction with a previous EHR.

The authors recognize these limits, summarizing:

As we said to begin with, it’s probably best to consider the survey results as input you’d get from a large number of colleagues who volunteered informally to report on their EHR experience. That said, we believe that the results presented in this article and its online appendix can help any family medicine practice considering the purchase of an EHR system.

This is a really key point. The study was not randomized, but rather respondents self-reported. Bias could be toward either providers who have serious concerns about their system or those who are significantly satisfied. Although the numbers were much better this time around, it’s not a true cross-section of users and doesn’t account for variables that can truly make or break an end user’s experience. These include poor implementation, lack of commitment among providers and office staff, and failure to implement recommended best practices.

During the implementation of my first EHR, there was no “kickoff” to bring everyone in the practice to the same page. Nor was their a discussion of workflow changes or process redesign. The trainer showed up and started teaching the template builder without the users having any context to her lessons. Coupled with her training on a version that was different than what we had installed, it was an unqualified disaster.

On the client side, some providers feel entitled to behave badly. I’ve had providers refuse to show up for training, refuse to complete practice scenarios, and refuse to be part of the customization process, yet complain relentlessly that the EHR doesn’t meet their needs. Those of us that have been in this a while know that deploying an EHR on top of a dysfunctional practice will only make it more dysfunctional. Partners who have historically felt disadvantaged in the practice often use implementation as a time to lash out against their peers.

Users often go against what the vendor recommends. Sometimes this is justified, such as when there are defects in the software or specialty-specific or regional issues that the vendor isn’t addressing. But sometimes it’s not. I’m currently watching the equivalent of an EHR car crash as one of my closest colleagues is being forced onto a system that isn’t configured optimally. She’s part of a larger group and is a younger physician with little political power to counter the decisions being made higher up. As a user of the same system, I’m keenly aware that the choices they have made will lead to more work being placed on the physicians, less efficient charting, and potential patient safety and regulatory issues.

I’ve armed her with enough knowledge to try to steer them in the right direction, but so far she hasn’t been successful. Eventually they’ll learn, but at the price of user bitterness and potentially patient safety. I recommend that new users take advantage of all the training and information they can get their hands on, whether formal – training programs, client conferences, user symposia, webinars, and the like – or informally through Internet chat groups, informal user get-togethers, hospital colleagues, or blogs.

Many systems offer the ability to customize on a per-physician basis. Providers who are not fully educated on the risks and benefits of doing so can quickly customize themselves into a corner and out of the ability to achieve a decent workflow (not to mention loss of the ability to reach Meaningful Use). I strongly recommend users make an attempt to use the system as the vendor delivers it for at least a month before customizing (although if the system arrives with defects and bugs, often customization is needed to effectively deploy the system).

I encourage practices to consider using EHR implementation as a chance to look at all office policies and procedures, whether written or anecdotal. Automating bad workflow just allows bad workflow to happen more quickly on a greater scale. I encourage partners to think out of the box and consider whether it’s rational for each doc in the office to have his or her own process for handling phone messages and refills. Often there is one process that is more efficient that can be expanded to the entire office with a little effort, resulting ultimately in greater satisfaction for end users.

A survey such as this one can’t account for all these factors, so my advice to users (and those still shopping for an EHR or looking to replace what they have) is to take it with a grain of salt and do your research. Talk to current users and not just those references served up by the vendor sales team. Talk to your colleagues. Spend as much time hands-on with the application as you can, and carefully consider your choices during the build and implementation process.

And for those users who are dissatisfied with their systems or feel their needs aren’t being met, don’t just fillet your vendor in the next survey. Take a proactive stance. Review your contract and implementation documents and make sure you’ve taken advantage of all the training you were allowed, and if you need more, buy it. It amazes me that physicians who wouldn’t start performing a new surgical procedure if they didn’t feel fully trained are happy to jump into an EHR with only a few minutes of training.

Log defects with your vendor and keep records of any defect and enhancement submissions. Understand your support contract and how your vendor is required to respond to issues. Take advantage of any account management or client management services that your vendor offers. Even if you’ve been on a system for years, don’t be afraid to consider retraining, especially if you have to upgrade your software to qualify for Meaningful Use. It’s a great opportunity for a refresher, and CMIO types like myself can always use the Big Bad Wolf of MU to sneak in additional workflow coaching during “mandatory” training.

AAFP has conducted this survey three times before. The first had 408 responses, the next 422, and the 2009 survey had 2012 responses. It will be interesting to see what the results look like the next time it’s conducted and whether any conclusions can be drawn once Meaningful Use is in full swing.

E-mail Dr. Jayne.

 View/Print Text Only

From Give Me a Break: “Re: press releases. Do readers find it as annoying as I do when a vendor issues a press release congratulating its customers for making a list of some kind? The average health system has over 240 apps from 70 vendors.” I do indeed find that particular practice somewhere between pointless and annoying, right up there with those announcements that “applaud” some government decision that benefits the vendor directly. That’s especially true when the award the customer has won comes from a for-profit company looking for publicity (see: Most Wired, any company’s customer awards). I’m generally hostile toward press releases that contain no discernible news, even of the self-serving variety. They’re lucky that lazy magazines and sites are so desperate for free content that they’ll foist crap like that on their readers anyway, hoping that hyperventilating headlines and cutesy writing will keep readers from noticing the waste of their time.

From DeeDee: “Re: University of Missouri Health Care. The video with their being named HIMSS EMRAM Stage 6 has some marketing polish, but interesting. Buy-in of the Tiger public/private venture seems impressive.”

From Tooter: “Re: Webmedx. You didn’t mention that HIStalk ran the Nuance acquisition rumor before the announcement was made.” True enough: I ran MT Hammer’s rumor report on June 24, while Nuance announced the acquisition on July 14.

From Lucy Gucci: “Re: Epic new hire blog posting on WSJ. I remember feeling this way about starting at Epic, too – excited to be a business traveler and still glossy-eyed over the architecture. Also, I’ve heard that Judy is talking about the June new hire class making up a certain percentage of the national job growth for that month.” A 21-year-old new grad (business administration, Asian studies) gushes with enthusiasm about being hired as an Epic project manager, ready to “improve patient care, create better processes, and in general aid hospital systems” as she “moves rapidly toward adulthood.”

Most respondents say the government shouldn’t get involved with EMR usability, although not by a large margin. New poll to your right, from a reader’s comment: what will HITECH’s legacy be?

Listening: reader-recommended Big Head Todd and the Monsters, straight-head soulful rock with thoughtful lyrics and an unchanged member lineup (and relatively unchanged musical style) for 25 years.

Unrelated, but music again: singer Amy Winehouse is found dead at 27, joining other notoriously drug-abusing rock stars to expire at that age (off the top of my head, that list includes Jim Morrison, Janis Joplin, Jimi Hendrix, Kurt Cobain, and Brian Jones).

This week’s Time Capsule editorial from 2006: Your Co-Workers Are Your Biggest IT Security Problem. A snip: “A hospital’s internal documents and policies probably aren’t all that interesting to competitors, but you might reconsider storing Social Security and credit card numbers.”

I hung on every word of Vince Ciotti’s HIStory this week since it covers Compucare, IBAX, and other faded names from yesteryear that still seem recent to HIT long-timers (the notepad cover I use every day is a Compucare one, so I’m just realizing how long I’ve had it). He got help this time around from pioneers Ed Gavin, Sheldon Dorenfest, and David Pomerance. Given the great response Vince is getting, I’m thinking he should reprise his SMS reunion of a couple of years ago, except open it up to anybody who worked in HIT in the old days (before 1980, let’s say) and do it at the HIMSS conference. Then he could really tap into some first-person memories for future installments. Vince is willing to take his show on the road for interested classes or groups (like regional chapters of HIMSS or HFMA) – just e-mail him.

Dell confirms the rumor I ran Thursday from Jamie that healthcare VP Berk Smith, brought over in its Perot acquisition, is leaving to start a healthcare-related company.

Thanks to the folks at Preceptor Consulting of Fort Myers, FL, supporting both HIStalk and HIStalk Practice at the Platinum level. Preceptor offers design, build, testing, and training support for all the top clinical systems (Epic, Cerner, McKesson, etc.). Their name comes from what they do: provide licensed clinicians (physicians and nurses) to get those systems live, which they’ve done in more than 500 healthcare facilities over the past five years. Their motto will be familiar physicians: See IT. Do IT. Teach IT. You’ve spent a lot on that shiny new clinical system, so spend a little more to engage authoritative, experienced clinician experts who will make sure it’s built right, tested as safe, and accepted by well-trained users (think of it as cost-effective CIO/CMIO job security insurance). Find out why the largest health systems get clinical implementation support and healthcare IT expertise from Preceptor Consulting. Thanks to Preceptor for supporting HIStalk and HIStalk Practice.

Here’s a really well done video about Preceptor Consulting I found on YouTube, with some of the “preceptors” talking about working on site at hospitals and some of their clients talking about their experience. “Any time you had a question or an issue, they were right there to help. I don’t think you could make the transition without the preceptors. I don’t think it could be done.”

Athenahealth sues AdvancedMD, claiming the company violated an athenahealth patent. The patent number cited suggests that the suit is related to athenahealth’s centrally maintained insurance billing rules engine.

John Halamka will resign his part-time position as CIO of Harvard Medical School, saying it needs someone full time, but is staying on at BIDMC.

A former EVP and general counsel of Children’s Hospital of Philadelphia pleads guilty to charges related to his embezzlement of $1.7 million from the hospital, accomplished by submitting and approving fake invoices. He bought himself a yacht with its own captain.

CodeRyte will make some announcements this week about a new Natural Language Processing system for computer-assisted coding in hospitals, which a few customers have already signed up for. Fun executive team facts: CEO Andy Kapit taught autistic kindergarten children. Chairman and President Richard Toren invented the EpiPen, which has saved the lives of countless allergic patients. COO Glenn Tobin and Chief Revenue Officer Don Trigg are fairly recent hires from Cerner (COO and UK GM, respectively).

GE announces Q2 numbers: revenue down 4%, EPS $0.35 vs. $0.28. GE Healthcare revenue was up 10%, with profit up 8% to $711 million.

Hospital of St. Raphael (CT) fires three employees after one of them takes cellphone pictures of the fatal gunshot wounds of a 17-year-old ED patient and sends them to other employees.

A hospital in England, which pays the travel expenses of some family members visiting patients in its mental health units, suggests that the family members use Skype instead to save money.

Eighteen former employees of insurance company Molina Healthcare file a lawsuit against their former employer, its former CIO, and outsourcer Cognizant, claiming they were discriminated against as the IT department brought in increasing numbers of Indian workers to the point it was called “little India.” They say the department celebrated Indian holidays while making employees work Thanksgiving and Christmas, promoted only employees from India, and conducted meetings in Indian languages. They charge Molina with firing 40 technical workers the day after Cognizant was approved to bring in 40 H-1B employees. The former employees also claim that Molina regularly violated HIPAA requirements when the H1-B workers would send full, unencrypted patient files to their counterparts in India.

E-mail Mr. H.

 View/Print Text Only

J. Mark Debnam is founder and CEO of Quality IT Partners, Inc. of Mt. Airy, MD.

Give me a brief overview of yourself and the company.

I founded the company in 2000. My first partner, Marty Zola — he’s our chief technology officer – joined about three months later, followed in 2001 and in 2003 by our final two partners, who are with us still today — Carol Wheeler and Donna Eversole.

We are very family-oriented company here. We’re a small company, about 20-25 folks, and we specialize in healthcare IT. We cover just about everything out there. We have seven different application practice areas. We have eight management consulting-focused areas as well. We also do a lot of work in the hospital and medical office building architecture and construction work, in addition to infrastructure.

We just this year celebrated our tenth anniversary. We did it in Hershey Park, Pennsylvania, so it was a lot of fun. We just got back from that. Every year we do that — we fly everybody and their families and to enjoy time together and get to spend that time that we rarely get together.

The company’s been around for 11 years and clearly there have been some new shingles hung out here in the last couple. Do you think the barrier to entry is too low for consulting companies and should a prospect care about the company history when they’re trying to decide who to hire as a consulting firm?

That’s a great question. I think there’s always room for great companies to get into our market space. As time goes by, there’s less and less differentiators, so it becomes highly important to develop a strong differentiation between yourself as a small company.

When I started the company, it was intensely difficult to get in and be a player without good, solid qualifications and stories and references and all that. You have to really a compelling background and a compelling story about what you’re doing and why you’re doing it. You know, that really hasn’t stopped.

There’s a reason we’ve stayed small. As a company, we have always focused on the highest quality of delivery of service. We’ve grown steadily and we’ve had a profit every year since I’ve started the company. The key here is being able to really develop a strong sense of differentiation in the marketplace so that folks can see what they’re going to get in terms of value. People are very discriminating. Our clients are telling us they want more now than they ever have. 

There’s never poor time to get in if you have a compelling story. One of those compelling stories, particularly in the consulting field, is how you interact with and how you provide the best environment for your consultants and the folks that you have on board in terms of support and things like that. It’s a tough, tough business. That’s probably the main reason why we have such a family-type environment here at Quality.

A big company would say their size is a positive differentiator just as you would say your small size is a plus. But one thing that seems to stand out on your Web site is the value-based cost structure. Describe that.

We keep our overhead cost extremely low. By doing so, we are able to keep our rates low. We’re very cost-conscious in our investments, but we don’t shortchange the key investment areas in any way, shape, or form.

We’re very strong on education and benefits and so forth within the company, but we don’t go out and acquire things that are expensive in terms of overhead costs, like extraordinary office space or elaborate anything. We keep things here in a very modest way so that our staff can reap the benefits of their hard efforts. That’s a big, big part.

Our officers of the company don’t get exorbitant salaries or anything like this. We put our people first and our customers right behind that.

I think that as far as keeping the cost down for our customers, it’s been a big, big plus for us. When you are a small company, I think there’s an expectation that we’re not going to hit you with a high cost. On the flip side of that, there has to be a reason why a customer would be compelled to pay you anything to come do work for them.

We have a tremendous performance record and we’re very blessed to have that. We have just a wonderful team of folks that have a reputation for delivering very high-quality service. We have well over 85 to 90% of return customers to the company. We’re very, very proud of that, but you have to earn that every day. I think our customers see the value for sure in what we do.

The consulting company executives that I talk to say their phone’s ringing off the hook with people wanting to buy their business or buy into their business. Are you getting those calls, and why do you think companies want to buy consulting companies?

We get serious calls. There have been a lot of them I’ve received over the years. They know a little bit about what you do and what you’ve done and they’ve heard through the grapevine, etc. I think that they see that as an opportunity to get into the market or expand their current offerings that maybe they don’t have, and be instantly profitable.

If they can retain staff, that’s a huge plus for them to not have to go through a process of having to go and hire people. The time it takes to bring all new staff and build a staff versus the time it takes to acquire a consulting company are vastly different.  You can bring on a team in an acquisition very quickly. I think that would be one of the reasons why folks like getting into that business.

I’ve always wanted to ask this question after I’ve looked at the job ads. What does it take to hire an Epic consultant these days?

You ask a good question there. It takes reputation, it takes a very compelling story; and it takes a special match — let’s be realistic about it — between what the person’s desires are and what the company’s made of.

We’ve been very fortunate. Our largest team here is Epic. We have a very broad spectrum of folks of all ages and genders. I think mostly that they seek to expand their education. We see a lot of that — folks that want to continue and expand in their certifications. For Epic, that’s a big, big thing. They need to be with a company that will support that.

The folks that come from Epic tend to not want to live that lifestyle any more. We’re very, very different in the way we do things here. We don’t kill our people. We’re very, very cautious in watching out for the welfare of our people, and we find that in other consulting firms or Epic, this is maybe not so much the case in a lot of ways. 

When folks come here, it’s not that they want to take a relaxed lifestyle. They just want a strong work-life balance. The company’s committed and convicted to that philosophy. Not burning out the people. People also want to know that they’re going to be working with other folks that are of great caliber, and that they can learn from and grow with them.

Business continuity and disaster recovery are always in the news. What are the top two or three things you see clients doing wrong or not planning for?

It’s the last thing that folks want to pay for and it’s the first thing they want to have when it happens. We, fortunately, have been blessed with working with a lot of customers, like Ohio State University. The common thread is those organizations are committed to really doing it right and doing it thoroughly and have a good plan. Others that will try to do it internally and there’s sometimes a lot of struggles with that.

A business continuity plan is often best facilitated — and I don’t mean this as a consulting plug – by someone with an outside viewpoint. Folks don’t always really understand some of the ramifications of what can happen in a disaster. We’ve done a lot of work in California related to the earthquakes. We had a hospital in Florida hit by a large hurricane right after we had finished up our business impact analysis for them. Fortunately, they had some things to fall back on. These things happen and they’re real. There are some obvious and quick benefits that can come from even a cursory business impact analysis.

A lot of what the consulting companies are asked to do is fairly routine work. Have you seen anything really cool that hospitals are doing?

There’s a number of things that folks are taking on. You publish a number of exciting things that folks are doing with different types of media and hand-held devices.

We have a couple of neat projects that we’re working on. One of which is an imagery project for a large, California-based medical center, cutting edge in real-time capture of image retrieval and large-scale storage of things like sonograms, cardiology, and all these things. There’s really, really cool stuff. We’re leading and implementing a project out there and managing multiple vendors. It involves a lot of challenges. It involves a lot of hand-holding between the vendors, which sometimes you don’t get a lot of cooperation on.

Our customer is taking quite a risk and quite a position of conviction to invest in this technology and hospital doctors are loving it. It’s one of these things where if they get that kind of attention and they get these opportunities to work with those systems, they’re going to be attracted to stay in practice there. We’re working hand-to-hand with these physicians in delivering these technologies. It’s been wonderful, but it has not been trouble-free. It is absolutely bleeding edge technology in a lot of ways and we’ve been fortunate to be amidst that and be leading a project. We’re going live on it as we speak.

Hopefully you’re not getting a call waiting that says, “Uh, it’s not working.”

[Laughs] It’s been a challenge and a labor of love, let me tell you. But it’s great to see this kind of investment.

You offer interim management services. From your experience, is the most common reason that hospitals and CIOs part ways?

I think the most significant reasons are organizational direction and changing of the business ways. Hospitals operate as businesses. There are so many wonderful CIOs out there. A lot of times, though, when you have a change in business philosophy — whether that be through infusion of the business leaders or other means — you have a difference of opinion  that comes to bear. “Well we’ve done this a certain way, it’s been done this way successfully, why should we change it?”

Well, because the business is changing. The hospital is run like a business first. If a CIO is not able to put on their business cap before they put on their technology cap, that’s a concern for that CIO, unfortunately. They could be the brightest, the most brilliant of people and yet not have the ability to make it within that organization.

Projects fail. Sometimes they aren’t the fault of the CIO or any other leadership, and sometimes they are, but when you have a big failure of a project and things just don’t go well, that’s usually not a good marker for a CIO to make it. The higher the visibility, the higher the possibility that the CIO is going to be leaving.

Do you have any final thoughts?

I want to reflect on how great our relationship with HIStalk is and how grateful we are to be part of your family. 

One  the things we’ve taken on here as a very, very important endeavor is our investment and our commitment to charitable causes. If you look at our Facebook page, you’ll see a video that we captured to reflect our works and our investment and our time with the Cleveland Clinic. We have a very successful project going on there in oncology. We’ve written many of the protocols there for the oncology group at Cleveland Clinic, so we’re very highly connected with them.

I had the honor of being at their gala last year and being part of their big show and doing part of their private gala. I had the opportunity to meet all of the celebrities there, spent some time with Brad Paisley. It was wonderful. I was very inspired by that. I’m a musician — I’ve been playing guitar for about 32 years this year. I know you like music. 

I came back and wrote a song. We copyrighted that song and as part of the company, I dedicated it to the Cleveland Clinic. We posted it to our Facebook page and then you  guys published it as well, which was delightful. We’re very interested in helping to find a cure for cancer.  

This is a big thing, among other big things. You’ll see other charitable things. It’s a big, big part of what we want to be. We all go through various challenges in our lives. We really want to bring home the things in life that matter to this company in not just business, but things that affect us all when we’re trying to do business. I just want to leave you with that thought — that the company is very committed to that.

In addition to our appreciation for everything you’ve done for us and helping us get out there and inform the folks, we’re very blessed to have the clients we have, and in having this wonderful staff of folks here on our team and that we’ve had in the history of the company.

 View/Print Text Only

I wrote weekly editorials for a boutique industry newsletter for several years, anxious for both audience and income. I learned a lot about coming up with ideas for the weekly grind, trying to be simultaneously opinionated and entertaining in a few hundred words, and not sleeping much because I was working all the time. They’re fun to read as a look back at what was important then (and often still important now).

I wrote this piece in June 2006.

Your Co-Workers Are Your Biggest IT Security Problem
By Mr. HIStalk

I’ll bet that every hospital in the country has had sensitive information fall into unauthorized hands at least once. The VA, big banks, and universities have skilled security teams to prevent employees from exposing data, accidentally or otherwise. If those large organizations can’t control breaches, the average hospital doesn’t have a chance.

Health care organizations have spent years and hard-won dollars trying to catch up to the IT standards of other industries, where nearly all employees have enjoyed easy access to PCs, e-mail, and both wired and wireless networks. However, once the green-screen terminals went away, so did the last chance to keep confidential data secure. Data convenience is both a blessing and a curse.

CIOs and network engineers spend hours trying to out-think shadowy foreign Internet hackers when the real problem involves the co-workers they pass in the halls each day.

Employee security policies provide a false sense of security. The headlines scream that information on 26 million veterans has been breached, not that the VA had a great policy broken by a rogue employee who took data home without authorization, only to have it stolen.

Employees may drag laptops or USB drives home because their employer doesn’t have a good remote access solution to let them work from home. Perhaps backups are unreliable, leading cautious staff to create their own. Maybe software policies or budgets are so limited that common productivity tools aren’t available, making it tempting to load data onto the family PC. Whatever the reason, employees are breaking the rules.

Accidental data loss is bad enough, but one study found that 70 percent of employees have stolen electronic data from their employer, most often in the form of e-mail lists, databases, and documents. The most common reason: to help them get a new job. Three-fourths of those surveyed didn’t see anything wrong with that, especially if the employee helped create the information in the first place.

Security technology can help, but it requires tough decisions. Most hospitals don’t have the budget or organizational willpower to disable USB ports, remove CD-RW drives and floppies, buy encryption software, and install physical locks on laptops. Even if they did, web controls are inadequate to prevent using Hotmail accounts or online file storage that provides a non-hardware method of moving data to unauthorized locations. For that matter, there’s that old security hole called a “printer.”

Maybe the best security policy is to avoid storing anything that would be useful to someone else. People get paranoid about their medical information, but it has little monetary value (unless you’re a celebrity or political candidate). A hospital’s internal documents and policies probably aren’t all that interesting to competitors, but you might reconsider storing Social Security and credit card numbers.

The good news is that the recent health care-related breaches have been accidental, where well-meaning employees screwed up. For that reason, I’d put my IT security money into employee education, awareness, auditing, and protection tools for laptop users instead of obsessing over Boris and his hacking team. That’s the best hope of staying out of the headlines.

Even then, I’d develop a damage control plan for a breach. There’s a good chance it will get used.

 View/Print Text Only