Home » Advisory Panel » Recent Articles:

Advisory Panel: Data Breaches

April 15, 2013 Advisory Panel No Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a hospital or practice, you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This question this time: Has your facility learned lessons from an attempted or actual data breach? Describe your major concerns and what actions you’ve taken.

Some of our breaches have been the result of thefts of computers and storage media that contained unencrypted PHI. We have since encrypted everything we can identify that contains PHI and have instituted mandatory training for protection of PHI as well as incident response. While we continue to suffer equipment losses from theft, we are losing encrypted equipment that does not entail a breach of PHI.

We have been lucky as we have not had an attempted or actual breach. My biggest concern is the "innocent" breach — the resident who manages to copy PHI to a jump drive or cloud drive like Dropbox. We’ve either encrypted or virtualized all of our laptops, so the USB ports can’t be used for this purpose. But clever people can always find a way to defeat our measures. One resident with a smartphone and an Evernote account can do lots of damage.

We lost a home care worker’s tablet (stolen from her car even though the policy is to keep it with you at all times) and we were concerned about the status of the encryption on this department’s devices. The tablet was retrieved quickly and we did determine that the encryption was on and that no PHI was accessed. We then did a complete inventory of our mobile devices and added a new encryption product to ensure we did not have an issue in any of our settings.

Our facility has not identified any major data breaches. We have had violations where individuals have inappropriately accessed protected PHI. On the one hand, I find it frustrating that some people still take a casual attitude towards HIPAA privacy and security when they should know better. On the other hand, it shows me that we still have much education to do.

We’ve worked through a couple of breach scenarios – including what thankfully turned out to be a drill.  Some of our key responses included:

  • Escalating the priority and completing a system-wide encryption process
  • Updating our BAA to ensure our business associates are taking encryption steps
  • Changing policies for how consultants and vendors work with our data (like for conversions and analysis we need)
  • Overall our focus has been how can we eliminate the risk – so when/if a device is lost/stolen it’s not a breach.
  • Require our business associates to assume all liability for a PHI breach they cause – this can be an interesting negotiation point. I find myself regularly pointing out that as an organization we don’t see it as an effective partnership for us to be legally required to have unlimited liability related to the breach and the vendor partner who caused the issue to have a contractual cap to their liability.

As we work with vendors, it becomes obvious who has either been through a breach or seriously thought through the scenarios. Some of them apparently don’t understand how big of a deal a breach can be from a PR or monetary issue.

I’m somewhat hopeful the new HIPAA guidelines will help address vendor awareness and accountability for a breach they cause.

We have not had traditional breaches. The much bigger issue has been from legitimate employees doing illegal things, like calling in narcotic or other prescriptions for themselves or their friends. Not surprisingly, they are more likely to do this via phone call than via ePrescribing due to both tracking mechanisms and the current inability to send narcotics that way. It still boggles my mind that a pharmacy will accept a narcotic Rx via voice mail from anyone claiming to be a doctor’s assistant, but won’t accept an authorized eRx! If the FDA wants to minimize illegal narcotic prescriptions, they should ban printed and voice prescriptions and insist they should ONLY be done electronically – they literally have it backwards!

We had a potential breach. On investigation, we found no PHI was compromised. However, we were just lucky. The cell phone number of a new physician’s assistant was entered incorrectly into a call list and non-secure text messages were sent to the incorrect number. Luckily no PHI was included and the recipient notified us pretty quickly. We have subsequently identified a secure messaging platform and will be offering it to all community providers at no cost to the providers and requiring all employed providers to use it. In addition, we have used this as a specific example of the problems with insecure messaging in general to raise awareness.

While a secure perimeter is still important, you have to accept that bad guys are eventually going to get past it. One example is that we have seen a sharp rise in “spear” phishing attacks. Each month we are receiving thousands of phishing messages that are becoming more polished and sophisticated. It only takes one slipping through to potentially create a breach. As a result and as a lesson learned, we are focusing more on monitoring internal data traffic and, importantly, patterns. The idea being that if our network is compromised, we want to identify it and take corrective action as quickly as possible. 

Not from any actual event here. However, we have an annual white-hat audit/hack to expose where we are weak in order to stay ahead of potential breaches. I am pretty confident you cannot prevent all of them, but need to perform diligence against what is known and do this on at least an annual basis  We may switch to twice a year due to the security threats ever changing, which our Board and Audit team likes.

No data breach (thankfully) 🙂

No one ever — I mean ever — reports a laptop as stolen to the police. I think it’s the untold rule of HIT right now. You don’t want to be in the paper, so don’t file a public police report. It’s not like any government entity knew you owned that laptop and it is no longer in inventory. Even if you use encryption on the laptops, its still just better to not have the press. 

Other major concerns. The default database usernames and passwords for many of the McKesson Horizon products are still out there in production. Ccdev is normally still the same password and what was said in 2009 is still true — changing the defaults makes for a whole hell of a mess to fix. Also, database fields that aren’t encrypted for personal identifying information. Allscripts Enterprise. No use of encrypted fields at least not in how its implemented by their contractors. Same for McKesson — you get the database,  you get the data, and there are some pretty easy Oracle exploits out there if you are going for HCI. You’d have to do a ton of research to know the server names, but most places don’t block people from plugging into their physical LAN via Network Access Control or other means, so it’s possible. The article this week about HIT’s security situation is coming reminded me of all the easy ways to exploit system databases and installs.

Yes, have a pre-packaged response plan and practice it regularly. The plan needs to cover your organizational reaction, your public response, as well as your technical response and forensics. Establish relations with an identity protection service. Establish relations with a hardcore forensics analysis service that can also provide "white hat" attacks against your system, as a broader threat assessment service. For the sake of optics, provide NAC background checks on all employees that could reasonably present a risk as an insider threat. And for God’s sakes, encrypt every hard drive — desktop and laptop. Also, provide password-protected, encrypted thumb drives to employees. Put them in the cafeteria and hand them out like mints.

The only breaches that we have had are ones that would not have been preventable by any technology or policy prevention efforts. One was a paper breach by someone who was taking records for her defense in a lawsuit and the other was someone who compiled an Excel spreadsheet of research patients and sent it to an unsecured Gmail account. Both were actions by internal ‘bad actors’, so that is my biggest concern. We encrypt most everything possible here, even thumb drives, so the chances of a breach due to theft or negligence is pretty small.

A few years ago we had a virus of the keystroke variety. It basically infects the device, captures keystroke information, and sends data to China. The server in China attempts to create identity information from the keystroke data. Through some quick action by staff, we closed the perimeter before any packets of information were sent. At this time, I wasn’t too concerned since we looked up the type of virus on our virus protection vendor’s website and it said "minimal risk" to corporate users. What I failed to understand is that "minimal" meant minimal chance of getting the virus. Once you were infected, then risk went to "high."

The fun began at that moment. Luckily, the users were unaware of the virus since all applications were not affected. It was basically IS vs. Virus. By the time we started our remediation efforts, this bug had infected approximately 1,000 devices. Our virus protection vendor did not have a patch for this variant, so we were on our own for a while. We collected the packets created by the virus and sent them to the vendor. They quickly realized how nastiness of this virus and dispatched an engineer to assist in remediation efforts. He arrived the following day. In the mean time, the virus was able to deduce that it was being thwarted by our efforts and immediately phoned home for instructions. 

At this point, the virus mutated and we were now fighting two strains. We closed off the virus’s command and control link (port 80 for you geeks) and continued to remediate. After 24 hours, the vendor programmed the patch and eradication efforts accelerated. We realized at this point many of our newer PCs were not managed by the host virus protection software hub. They had virus protection, but it was out of date and could not be updated remotely. These devices (approximately 1,000 devices or 20 percent of total inventory) had to be identified, knocked off the network, and manually remediated. It took 20 minutes per device, so you can do the math.  We also had to contact all laptop users since many of those devices could have outdated virus protection. We set up a depot for laptop users to drop off and pick up. It was a very manual process. 

It took us a couple of weeks of concerted effort before we were out of the woods. I was up for 42 hours straight at one point and totally forgot what day it was and many of the names of my team. Fortunately, I didn’t have to drive home. One of our team members had just started that week (of course we blamed him). I found out later that during a break, he walked around the building, phoned his wife, and told her not to sell the house. Fortunately for us, she did, and he now oversees our infrastructure team. We heard a few weeks later that another healthcare facility contracted the same virus but did not discover it for a week. It took them over a month to eradicate the bug and they ended up in breach notification land.

From a lessons learned perspective, we started with our virus protection. We made sure that every device was being managed by the central server and updates going out daily to all devices. We also deployed Malwarebytes to all devices as a secondary precaution. We accelerated our recruitment of a CISO and centralized our security team dedicated to protecting our assets. As of today we have implemented many of technologies needed in a strong security program. Under the leadership of the CISO, we have encrypted all mobile devices, e-mail, and flash media. We have implemented a Security Information and Event Manager (SIEM) tool, Data Loss Protection (DLP), and soon will have an Intrusion Detection System (IDS). We have a top notch security company on retainer. They also perform audits, safe harbor workshops, penetration testing, assist in remediation efforts, staff education, and assist us in staying up to date on any HITECH security updates. Besides a solid security program, we assume a breach is inevitable and have prepared in advance. 

For my colleagues I understand the cost associated with this type of program can be daunting both in capital and operating. Outsourcing should be considered for some of the areas (e.g. SIEM) to reduce cost. One of the reasons we are seeing so many breaches is based on the costs associated with implementing a solid security program, especially at smaller organizations. It’s tough to get the program through the budget process. It’s akin to waiting to see how many accidents you have at an intersection before a traffic light is installed. Usually it takes a fatal one. My suggestion to colleagues is to walk leadership through a mock breach event using real examples. I used an article from a local newspaper in California. The hospital explained the breach and what they were doing about it. In the article comment section, a reader wrote, "How can you take good care of me when you can’t take care of my health information? Ouch! Also, besides the fine and ending up on HHS website, the CEO typically apologizes to the community. That usually gets his or her attention.

Sorry for the long-winded response, but it is an area of interest and fascination for me.

Two stories. Our clinic system, located at the vendor’s data center, would automatically forward reports to key individuals on a daily basis. These were primarily statistical reports. Using the same approach, reports were designed to include patient information (today’s schedule, etc.) While this was "known," what wasn’t known was that the e-mail path from the data center to the clinics changed e-mail domains, which meant that the reports were being sent unencrypted across the public domain. The resolution was fairly simple, but it came as a fairly big surprise to us.

Confidential data (a little of which was PHI) being on a phone that a disgruntled employee was slow in returning. Exposure was unknown (likely known), but it caused a change in our approach on how personal phone (vs. vendor provided) should be used.

We have not yet experienced a data breach. We did, however, experience a recent virus attack. First one of any significance for this organization. Lots of lessons learned in terms of adequacy of backups and response plan. Overall not a bad experience, though we have many things to correct.

To date, we have not experienced a data breach, but have been trying to learn from the lessons of other healthcare organizations that have in order to avoid their mistakes. Toward that end, we have had improvements in physical security and made strong efforts to assure device and portable media encryption.

Advisory Panel: Job Advice

February 11, 2013 Advisory Panel 1 Comment

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a hospital or practice, you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This question this time: As you look back on the education, experience, and effort that led you to your current position, what advice would you offer to others who aspire to a similar role?

My role is CIO and CMIO, and I used to think my path was pretty unique. But I had lunch last week with another doc trained in the same specialty who is now doing the same thing, so we’re starting a club. If we get another member, we’ll make it a professional society. As for advice, I think my path has much more to do with leadership ability than it does with specific IT training. Obviously, one has to have relevant knowledge and skills, but running an IT department isn’t that different from running an ICU.

Director of IT. Three pieces of advice. Best advice — education and experience outside of IT and/or outside of healthcare are invaluable. I have degrees in political science and foreign studies and graduate coursework in international relations. I went to work during summer break for a mortgage banking software company. Learned technology from the ground up, worked in basically every department, and eventually moved to a larger firms in manufacturing (pet care products), focusing on continuous improvement and project management. 

I found my current position volunteering for the hospital and was pulled in by the CEO. I remember facing a huge roadblock in the first group interview when they were concerned that I didn’t have a background specifically in healthcare IT. I had grown up in a family of nurses, so I spoke healthcare pretty well. But my response was, "I didn’t know how to make dog food until I went to work for Purina, either." The point I made, and which eventually got me the job, was that interpersonal skills and a solid understanding of information technology are completely transferable. Bringing to the table the knowledge of how other industries manage IT and its challenges can be a huge strength. Political science is essentially understanding how people work together (or not) in a group. I use every bit of that every day in my current role. 

Second piece of advice — stay connected, keep learning. There’s not a day that goes by that I am not exploring something new, even if it doesn’t seem to directly connect to healthcare IT (yet). Eventually, everything does. I’ve developed expertise in HVAC, low voltage systems, change management, public speaking, and many more areas that I’m sure all of my counterparts are also familiar with. 

Third piece of advice – love what you do. Find that place you can put your heart and soul into and do it. You and your employer will be well rewarded.

In a CTO role with a vendor organization, I’ve found it beneficial to have worked outside of healthcare previously and experience how technology and data systems are deployed and used in other industries. But in the transition to healthcare, do not underestimate the subtlety of relationships in HIS data. Ensure that healthcare data systems can remain healthy and recover when poor or unexpected data is encountered.

I am sure that coming from hospital clinical operations was the best and most significant experience that has lead me to the role of the highest ranking IS professional in the hospital. The CIO, or IS director if there is no CIO title, must first know the business. Not being a clinician, but having an in depth knowledge of clinical process and challenges was key, then learning the applications and helping adapt them to the workload has been critical to my success. Learning the business side is the second most important.

Spending time with Managed Care, Finance, and Coding was the next most important step. IT knowledge is important, but as my CEO has always said, the further up the chain you get, the less important the technical is and the more important the relationships get.

I chose healthcare as an industry after working in financial services and realizing that the organization’s mission matters to me. I serve as a CIO for an integrated delivery organization with 1,200 ambulatory physicians in 60+ clinics and four hospitals. Best education choice I made was to go for an MBA after getting my foot in the IT world. I applied business skills and knowledge to practical IT issues and communicated better with finance people. I’ve been laid off and otherwise dismissed twice and both times the moves to new positions, while scary and a bit challenging, turned out way better than staying in a situation lacking a solid fit. I’ve quit a couple of positions that didn’t fit to move to other, more challenging situations. I value the breadth of industry experience these changes have provided me. 

I’m a CIO and spend a disproportionate time on contracts and talking to lawyers. This time commitment has increased over the years. I’d strongly recommend a business law class or two. I came up on the application side of the IT department, as opposed to the technology side. I think the ability to explain and understand applications to C-suite, physicians, housekeepers, etc. will serve you better than the ability to explain or understand the underlying technology of a Cache’ data structure vs. a SQL Server database.

I’m  a managing director with an advisory company (an HIStalk sponsor, of course!)

Like it or not, credentials and degrees help, but they only open doors, not land the position. A varied but productive track record helps immensely. I think I am much more attractive having done a fair amount in multiple entirely different situations than if I had plugged away in the exact same position for the entire time. Plus, it lets me tell stories and derive lessons from several different backgrounds. Cross-pollination, connecting dots, etc. can often be the extra value that you can give to a prospective employer.

You create your own opportunities. It’s impossible to know what efforts will pay off. Will a meeting/conference be a waste of time or will you happen to meet that one critical contact? Get out there and find out. Sorta like investing: sometimes you lose, but you may very will win big. If you do the job you’re told to do and do it well, you’ll continue to do that job. Identify a need (ideally your boss’s pain points) and do that job and you’ll see your stock go up much higher.

Read, read, read. What’s going on in the industry? If you were introduced to a group at a conference, could you jump right into their conversation about the latest developments, chat about where things are headed, etc.? If not, get up to speed. Even if you feel it’s hard to know where to start, keep at it long enough and you’ll accumulate that background before you know it. 

I’m one of the minority of CMIOs with formal medical informatics training (masters’ degree from a very academic NLM Fellowship program ), but perhaps my best education came from the school of hard knocks working for major consulting firm.  Boy, did I learn a lot that they don’t teach you in the ivory tower — project management, change management, managing up and down, working on a team, presentations, client relationships, how big organizations function, etc. It was a tough couple of years, but it was like a mini-MBA.  There are plenty of ways to achieve a CMIO role, but it helps to either have solid preparation in a real-world informatics environment, or to be the right person at the right place at the right time (i.e., be the anointed physician champion during the CPOE implementation and get a battlefield promotion).

Role: CIO. Today’s healthcare CIO needs a combination of technical, administrative, and business skills. It is more important to have an understanding of healthcare and the rapidly changing role of information systems than an in-depth knowledge of a single vendor’s system. The CIO should be seen as understanding the overall mission of the organization and how IT can contribute to and support that mission. Vendor and contract management, astute use of financial resources, and quality of care are all primary aspects of the job. Being an enabler rather than a naysayer are traits the organization expects.

As a CIO, I would ask someone aspiring to this role the following (with long pauses at the commas): "What, exactly, are you thinking?" In general, I give career advice by first referencing a quote attributed to Dwight D. Eisenhower: "Plans are nothing; planning is everything." The process of figuring out what you want to do, what you want to become, and what you are willing to give up is vital in pursuing a career that you’ll find rewarding. But, you need to continuously reevaluate that plan as new opportunities arise and your life changes.

Some of the best career decisions I’ve made came from opportunities I did not have in my plan. I reevaluated and adjusted as I went. It’s good to focus on end goals and priorities, but there are many different paths you can take to reach that goal. On top of that, your priorities change over time that affect the balance you need in your life between career, personal, and family time.

I entered the CMIO role about nine years ago after 25 years of clinical practice. In my opinion, the best way to get here is to keep your ears open and learn everything that is put in front of you. I was very attentive to all of the IT presentations while I was in practice and had a good basis when I assumed this role. The other asset that this position requires is the ability to get along with everyone; you have to get used to physicians taking their frustrations out on you, even though it isn’t personal.

In my role as CMIO and medical director of performance improvement, I have the privilege of being on the front line of both technology and quality for our organization. This is truly the sweet spot of HIT. Blending the power of data with the power of information has the potential to provide great potential for improvement in near real time. I would encourage others to pursue educational and practical experience opportunities in wide reaching areas of both technology and quality. Focus on how to tie all your efforts back to the care of the individual patient.  In addition, study and apply Lean Six Sigma techniques in the myriad of processes you will encounter along your journey. 

My role is CTO. Recommended experience — multiple industries. I was in both banking and government before healthcare. Each industry has different priorities and different levels of IS maturity. Taking the best from each industry or not doing the things you see that don’t work allow you to help make your department or division more productive which in turn helps you progress your career.

Education. For healthcare, especially now, classes like finance or even something softer than that like management or marketing are key. Anyone can learn hard core technical skills, the ones who move forward are the ones who understand the business, how IS fits in it, and can interact with others.

Don’t be afraid of hard work or long hours. Remember IS is 7x24x forever. Be available, be involved, and most of all have fun with it.

As an academic attending physician with an interest in informatics, I would suggest getting the strongest possible clinical training as well as a formal solid foundation in the core areas of informatics, including a good understanding of clinical information systems, decision support, usability and interface design, human-computer interaction, computer databases, project management, and organizational behavior. It’s possible to learn about EHRs on the fly, through practical experience and by apprenticeship, especially with a strong background in clinical practice and in the use of technology. But formal training in each is a huge advantage. 

I benefitted a great deal from attending top programs for my clinical and informatics training due to the quality of the education, but also the people who I met and the lifelong connections that I made. Networking through professional organizations and meetings can be a big plus, as is staying up to date by reading great prose such as HIStalk.  🙂

I am the CIO/security officer of our organization. My path has been unique in that I started out as a nurses’ aide/unit clerk. I’ve spent over 30 years in hospitals and a couple of years on the vendor side. Knowing the business of my customers first hand has given me a perspective and credibility that CIOs coming from the technology side struggle to achieve. Advice to those striving for a similar role — know the business of the organization front to back. There isn’t any work process that is too insignificant for you to understand.  Also, I believe that a MHA or MBA is more valuable than an advanced degree in technology.

Just like mileage on a car, your actual results will vary. With that said, I think there are a few steps aspiring CIO’s would want to consider. First, a mental health evaluation would be in order, as this job is not for everyone and it rife with risk, stress, and the potential to develop bad habits one does not have currently.

More seriously, a graduate level degree is almost a requirement. PMP certification would be a nice add-on, as would Six Sigma or Lean certification at some level. Clinical experience is a plus, and for more and more organizations, those with a significant clinical background that have come over to IT have a leg up on the rest of us. Working as a consultant can help as it teaches you skills you would not get otherwise, from presentation and report writing (communications) to exposure to many more situations than if you stayed with a single employer (experience). Work in more than one of the IT disciplines also is helpful. 

You will have to move into a leadership role at some point or have already done this in your past. There is no substitute for this. Don’t be afraid to move for an opportunity or travel for a while,  but make sure your family, spouse, partner understand what this means as it is a big step. Have a career mentor if you can find one — I wish I had one in the past and serve as one today. Finally, you need to have a little luck. Sure, part of this is creating your own luck or maybe recognizing an opportunity when it presents itself and having the courage to act on it. But sometimes things line up just right and you have to act. 

Finally, humility is very important. Remember that nobody achieves success without help from others. I owe much of my success to those that I have worked with and dare say "led." I would be nothing professionally without investing in the people that really get the work done and the results that go with them. I cannot possibly overstate how important this last point is.

To be a successful CIO, you need to pay your dues. I started as a computer operator in a data center. I continued my education while looking for opportunities to move up. I volunteered for everything, even if it was outside of IT. I learned the business of healthcare, not just the business of healthcare IT. I became a supervisor then a manager then a director over a 10- year period. I can definitely empathize with my staff and leadership since I have held or managed most of their positions. 

The leap from director/VP to CIO is a little tougher. A director’s/VP’s job is 80 percent operational and 20 percent strategy. A CIO’s job is just the opposite. Strategic thinking and operational thinking are two very different disciplines. The healthcare IT field is littered with the remains of excellent directors/VPs who should have stayed as directors/VPs instead of reaching for the CIO brass ring. Assuming you make it to a director/VP level position, think long and hard before applying for the CIO position. Understand your strengths and weaknesses. Ending your career as a successful director/VP is more preferable than ending it as a failed CIO. Lastly, above all, BE NICE!

As a non-traditional CIO in an academic environment, I find my clinical, financial, and operational background in healthcare that occurred before my turn to the technical to be invaluable. I use it every day. I can converse fluently with just about anyone in any part of the organization regarding what they do on a daily basis. Understanding the business of healthcare, the issues that it is facing both now and in the foreseeable future, and how technology can both facilitate and support the changes that are occurring brings incredible value to my organization and to the senior management team that I am a part of.

My best advice — it is always about customer support. The best system in the world will be an implementation nightmare if the support is bad. The worst system in the world can still work if the support is superb. People will understand software shortfalls, hardware interruptions if they know you are behind them and will be there for them. Folks will  accept that you don’t know if you will tell them you will find out and get back to them in a realistic timeframe. But then you have to follow up every time. I guess what it boils down to is accountability and the relationships that you build. Always remember, it is all centered around the patient.

Head of a business unit within a HIT company. I think my diverse experience in HIT has prepared me in a unique way for my current role. I started my career as a phone support person helping clients with issues from technical problems to how-to questions. From there I moved on to training, implementation, sales, operations, and business development. Along the way I was promoted into various management roles and my responsibilities increased accordingly. I say all this because most of us work in very complex organizations with many functions across the span of control.

In my opinion, you will be better prepared to lead if you have had experience, or maybe exposure, across a broad set of functions. This is why many companies move their management through a number of different areas as they rise through the organization. Embrace those opportunities and take roles in departments that take you out of your comfort zone. Also, pursuing my masters degree really helped me in two ways. First it gave me confidence in the knowledge that I already had and filled in the gaps in areas that I didn’t have the necessary skills. Secondly, it made me more marketable for executive roles.

I am the CMIO, but effectively am the chief clinical Information system officer. My advice for new or aspiring CMIOs/CCIOs/CNIOs is to establish your core clinical competence first, so that you never feel like you are a hostage to keeping your informatics job (i.e., you have something to fall back to if it gets so bad that you have to quit.) Study the quality literature — Deming, Juran, others — and apply Deming’s 14 points as much as possible. Make sure that there is a single person responsible, directly or indirectly, for all aspects of clinical informatics at your organization. Make sure that you have clinical leaders and a boss (preferably not the CIO) who understands the importance of what you do.

Get some business background so that you have a good understanding of strategic planning, budgets, and accounting. Contribute to the national dialogue on HIT and try to help bring Washington to its senses. Examples include contributing comments on Meaningful Use through your state or national professional societies, supporting the movement for physicians to use SNOMED for coding instead of ICD-10 (which is outdated and bloated), belong to AMDIS (the listserv and Ojai meeting are wonderful things). 

Read HIStalk regularly. My knowledge of HIT issues went up immensely when I became a regular reader. You are a national treasure.

Get to know all the different stakeholders (internal and external) in healthcare for they are your constituents. Learn and understand their professional and personal challenges in the work they do. Caring for others is the culture of healthcare. Be sincere, humble, and transparent to establish and maintain trust. Once you lose trust and/or credibility in healthcare, your chances for success on individual projects / tasks and your career are very limited. Establish a personal goal or mantra of what you would like to accomplish in your healthcare career; not for your personal benefit, but for the benefit of the constituents you serve in healthcare. (i.e. patients, nurses, physicians, etc.)

I am an HL7 interface analyst with clinical experience. I have a long history of working with computers prior to going to nursing school. Coming out of nursing school, I knew I didn’t want to be a clinician. So while working as a nurse, I immediately returned to school and got my master’s in management information systems. I worked as a nurse, hoping that this experience would make me a better computer person. After a year of nursing and some very rude remarks from a thoracic surgeon, I left bedside nursing for a posting of clinical systems analyst that I found on our hospital job board.

As a clinical systems analyst, I observed the integration team in all their glory. Ours were all-powerful divas who drove the rest of the department crazy, so I made a note to self to try to remain kind and real. I went to my boss and asked her to send me to school for our HL7 engine. She said that she would if there were enough money in the budget, and in a happy coincidence (I had been partially responsible for the budget that year), we had plenty of money for education. She sent me to the vendor-led class. Meanwhile, the divas had all left and been replaced by a single consultant.

Later that same year, our hospital system joined a larger consortium and they created an integration team from those who were qualified and I applied. For the past 12 years I have enjoyed being the only clinician on the HL7 team for them and then a subsequent hospital that wanted to pay me what I was worth. I really enjoy working with clinical systems integration because I feel that I bring unique qualities to each project. When people ask me how I got here, I tell them to grab the brass ring and don’t let go. You need to see the future, make a step-by-step plan, and go for it. Hold yourself accountable and make it happen. Ignore everyone who tells you that you can’t. I encountered several of those, and most are still doing what they were doing when I started. Read inspiring books. My favorite was Why Good Girls Don’t Get Ahead, But Gutsy Girls Do. Watch inspiring movies — my favorite was “Working Girl.” You can do this!

Role: IT manager. First years of my career were in nursing, and have an MSN. Also had teaching and supervisory experience. Always loved the software application stuff, though. Started volunteering for testing/other IT projects whenever nursing input was needed.  Became the IT liaison, working with them on any software upgrades/issues. When ambulatory EMRs starting being introduced, found a position with an organization who was looking for someone with nursing expertise and some basic software skills. Now the ambulatory EMR world is red-hot — jobs all over the place. It’s a good time to get into this field.  So volunteer, work with IT, learn the language, the testing, and the processes needed to be successful in IT. Then look for that great job — they are out there now.

Professor: (but also corporate researcher in the past). Try to get an internship or at least try to see how people doing the job you aspire to, actually work on a day-to-day basis.

My role now is jokingly referred to as the garbage pail. If you don’t know what else to do with it, give it to me, and I’ll figure out who should take care of it. Any given day, I could be working on a security risk assessment, a patient data report, Medicare medical necessity, and administrative strategic planning. I don’t do hardware work or OS troubleshooting as much any more, but that is mostly because it has been a long time since I’ve needed to, and both have become more specialized over the years. I’ve done everything from cleaning out printers to educational presentations at international conferences. 

Education-wise, I have a college degree that bears no relationship to what I do (social sciences, with an emphasis in geography & history). Its only purpose is to prove that I could stick it out and get the degree. I am living proof (or was 20+ years ago) that it was possible to be on academic probation and still graduate college.

The effort? Never be afraid to accept a new challenge. I "do HIPAA" because my boss in 2001 was looking for something to get me re-engaged and not lose me to another job. I’m glad I did, because it has given me a lot of opportunities I wouldn’t have had otherwise. 
Don’t be afraid of "tall poppy syndrome." Be willing to go above & beyond, even though you may risk alienating people who don’t want to expend the effort. Give your best. Develop your writing & speaking skills. All the technical skills in the world can’t help you if you can’t communicate the information. A major piece of the failure of the space shuttle Challenger goes back to an inability of the engineers to make everyone else understand what was wrong. An extreme example, but it can be no less vital in healthcare. Lives may be on the line if you can’t make yourself understood.

I love what I do, and I can’t imagine doing anything else. Every day, I get to have an impact on the direction the industry we work in is moving. I can help people who have lives in their hands get the information they need to make those lives better. How many people outside of healthcare get to say that?

Do what you love, love what you do — there are no absolutes. For example, I am a physician in HIT who still very much enjoys seeing patients part-time because I love doing that and because it helps me with my job. But if you don’t love seeing patients, or your job simply is too all-consuming for patient care, then it does not make you a bad CMIO if you can’t do it. With that said, there are some things you don’t know unless you try them, and to be a truly great CMIO, I do think you need to have at least 5-10 years of clinical experience to understand how you really feel about it and to see enough to have both the credibility and experience to speak and represent on the topics of clinical IT.

I am currently an interim Corporate CIO for a multi-hospital system. I spent 10+ years as a CIO prior to this interim contract. As a healthcare CIO, I think it is very important to develop a business acumen and understand the healthcare industry as well as the healthcare IT industry. My career path began in operations and then as an analyst/DBA/web developer.

Once I moved into IT management, my technical skills were diminished. The first CIO position I interviewed for was difficult as I knew that I would be giving up all of my technical skills if I was hired. Not only did I transition to a business leadership position, but I had to learn how to work with clinicians and understand their needs. In my opinion, if a CIO is not a clinician, they should partner with one (or more) to be successful. That is the strategy that has been most successful for me.

My career always progresses best when I help the careers of those around me first. 

Success = Q x P x V, where Q = quality of your work,  P = the productivity levels of your work, and V = the visibility of your work. Someone has to see and appreciate the work that you perform, and they have to attribute that work to you. If any one of these three variables — QPV –  falls to zero, so does your professional success. 

The Power of Pure Motives

The only two metrics that really matter are employee satisfaction and customer satisfaction. Every other metric is a means to those ends. And employee satisfaction must come first.

HIStalk Advisory Panel: HIPAA Concerns and Priorities

January 30, 2013 Advisory Panel 4 Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a hospital or practice, you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This question this time: When you think of potential HIPAA isses, what parts of your health system’s operation give you the most concern? What are your top HIPAA-related priorities?

Our top HIPAA concerns relate to the use of personal devices such as smartphones to transmit pictures and unsecured text. While we can and do provide secure alternatives, there is really nothing we can do to prevent a medical student from snapping a picture of a patient or patient data and sending it to several hundred of his closest friends.

HIPAA is an interesting concept. How do you balance providing sufficient access to critical information that can impact a patient’s health and still protect their privacy? It’s not easy. For many of the children we care for, privacy is not just a regulation to follow, it’s life and death – for children in custody disputes and victims of violence. The most significant challenges we face involve the fact that both the rules and technology are changing at an ever-increasing pace. The people writing the rules aren’t always the ones with the most knowledge about how (and even if it’s possible) to implement.

It’s ironic that we are both demanding healthcare costs go down and simultaneously creating new and unfunded mandates that require enormous amounts of time and money to implement. The two things I worry about most: mobility of devices and data  and staying current on vastly complex laws. Small hospitals outside of a larger system are still required to adhere to the same rules and regulations even if they have a fraction of the resources with which to do so.

Top HIPAA-related priorities and concern for us center around secure communication between our staff with clients and providers. Ensuring that the proper processes and technologies are used to secure communications via e-mail, instant message, or any channel is paramount.

When it comes to protecting PHI, my biggest concern is the data that goes to our physicians’ offices for billing. There are many concerns, but how the practice and the billing services treat this data is my greatest. We have no way to audit how this data is used and disposed of. Practice adherence to HIPAA security and privacy is very minimal, as an independent practice has little knowledge or resources to dedicate to this requirement. 

HIPAA security requires complete control of PHI storage. There is so much distributed data acquisition going on that it’s difficult to ensure complete control. Example: digital photos taken in the clinic stored on memory cards. Clinical staff don’t see these cards as containing PHI, but they do. Thieves see the cameras as easy to pawn theft targets. When stolen, we have a privacy breach on our hands. In retrospect, we learned we lack procedures to wipe the cards of data once the images are stored in the EHR. These novel data stores continue to pop up and represent control risks.

I lay awake at night thinking about unencrypted laptops. With all the other projects, this one keeps sliding down the priority list. The CFO all but refuses to fund this. We have a policy against keeping PHI on the PC, but I know no one follows this policy.

I’m glad you’re running my comments anonymously because I don’t want to advertise how many potential HIPAA vulnerabilities we have in our organization, ranging from PHI routinely sent via insecure text messages (and the Web-based paging system), workstations that are visible to the outside world that don’t secure properly, shared common windows passwords, shared common remote login passwords, EHR printouts that aren’t shredded in a timely manner, etc. I’ll stop now before I trigger a subpoena coming your way.

Mobile device security and BYOD are probably our biggest concerns. We have a number of clinicians using their own devices, communicating and coordinating patient care. We are putting in place comprehensive mobile device management system that will provide secure communications options. We are in the process of encrypting laptops and securing USB ports.

General staff knowledge and awareness would be the first thing that comes to mind. We can write policy and implement all the controls we want, but people will find ways to circumvent if they don’t understand the whys. Our top priorities in the coming year include establish ongoing staff education, conduct annual policy review, create mobile device management strategies, and evaluate data loss prevention solutions.

We do a good job of educating our employees on HIPAA. We don’t see too many concerns with patients. We do get the occasional employee who looks at a relative’s records. Our greater concern is office staff of independent providers who have access to our patient database by necessity. We rely on the physicians in their office to provide initial and ongoing HIPAA training and this breaks down. We also have the issue of those employees leaving employment in the physician office and the office not informing us to cancel their access. We do a manual audit every 90 days.

There are really four classes of data we are charged with protecting. First, our current data, which may be stored locally or remotely. Second, the data we push out to others (patients, providers and organizations). Third, the data we receive from others and is received in various formats. Fourth, our archived data which might be scanned, paper, or legacy digital formats. The diversity of data itself poses its own challenges.

We often think of securing data through protection from security breaches such as device theft or hackers. Encryption has become the standard in this regard. However, the more common occurrence would be in the form of end user error — leaving devices without logging out or the dreaded exposed password. While much of our effort has to be on prevention of the "big event," we must still focus on end user HIPAA training and routine auditing as the first line deterrent to loss of PHI.

My biggest technical concerns are with mobile devices. We are pushing quite a bit of data to them in e-mail alone, and even with security policy in place, it is still a huge exposure. While internal threats like staff inappropriately accessing someone’s records may be larger, technical solutions to a threat like that are harder to address. Our privacy officer gets to lose sleep over those.

The inability to control what disgruntled employees can do with sensitive health information. Overly curious individuals are also a problem in terms of celebrities or people they know, but they typically would not compromise the sizable amounts of information that could be breached by someone with a grudge and/or desire to sell information for money. Carelessness is also a major problem when people are working with large data sets or spreadsheets as part of their job and leaving it on laptops or sending it in unencrypted files via e-mail. 

The use of workarounds to data security initiatives. The tighter the security lockdown, the greater the impingement on ordinary work and productivity, especially in comparison what people are used to doing in other realms of life. Rather than helping with data security, the workarounds just seem to make matters a whole lot worse because then people exchange info surreptitiously by cell phone images, Gmail, and the like. 

Since I’m not in management, my top priority is making sure that I keep the data of my own patients secure. Another goal is to educate residents and medical students about the importance of patient privacy. I also advocate for more enlightened approaches at a local and national level for protecting confidential information and for giving patients more say in the way their sensitive information is stored and shared with others.

Where to start? My biggest concern is not knowing what I don’t know. Our customers are doing all kinds of things that I can’t control. I’m sure that data is leaking like crazy and we’re doing all we can to contain it. I am hopeful that in the next 60 days we will have a much better understanding of what is occurring and that we will have better control. Our biggest HIPAA priorities are data loss protection and then preparing for the inevitable audits.

With the increasing use of clinical and other data (read PHI), our concerns are growing around mobility and continued violations of our use policies. We are moving to our second mobile security platform/tool, but are not convinced that even after best efforts that we are "safe." There will always be threats and we have to continuously evaluate what those threats are and how to prioritize the work to protect our data.

Our organization has finally realized we are not impervious to breaches or attacks and is supporting new efforts to ensure we are doing what is appropriate to secure the environment. In addition, we are trying to play more "hard ball" with violators of policy on data use and access. I am afraid a few examples will have to occur before the majority of our users realize we are serious about this as an organization.

The biggest HIPAA issue would be a breach > 500 which triggers a multitude of bad events  We do take the approach of "when" not "if" so we are prepared, but we are implementing technology and procedures to reduce the risk of occurrence. The biggest risk is related to PHI leaving the organization. That can happen in many ways (e.g. mobile devices, mobile media, viruses and e-mail). We have implemented encryption in these areas to reduce this risk. We also have virus protection and a SEIM tool to monitor network attacks.

Our next effort is implementation of a data loss protection (DLP) tool. This tool maps the location of all PHI in your domain. Strict rules can then be applied to govern the movement of that PHI. Besides encryption, my feeling is that DLP will have the biggest impact in protecting an organization from a breach.

We had two significant reportable breaks last year, but neither were related to the electronic medical record or other electronic systems here. The first was a physician who e-mailed an Excel spreadsheet which contained PHI to an external unsecured e-mail server. The other was a resident who took home paper copies of patient records for the purposes of a lawsuit they were gathering potential evidence for. In neither case was the patient information actually exposed, but they were reportable breaches nonetheless.

We are in the process of implementing a new clinical platform, so my focus is creating one balancing the new robust functionality with the safeguards that are needed to protect the information. Not an easy task.

Laptops. No matter what we do or what we say, folks will still copy and past information and manage to store PHI on their laptops. We lock down the laptop as much as possible, train, and continuously educate and inform, but the laptop is still our weakest link in the chain.

New phones. With new phones and applications for them, I believe there is more opportunity to access PHI. If you can clone someone’s phone by walking by them and picking up their information, what happens if someone is sending them e-mails, updates, or questions via e-mail, etc.?  I am not very informed in this area, but very concerned.

Top concerns: access controls within older non-core EHR systems, such as radiology, lab, and custom systems that we have developed. Providing appropriate levels of adolescent confidentiality. Opening access to psychiatric care visit information as much as legally possible. 

Top priorities: dealing with the above. Getting lawyers and others to understand that data-sharing across legal entities for ongoing and potential future care is the same as "treatment" and therefore allowed by HIPAA. Physicians who are members of different legal entities who practice together (e.g., in an ACO) often need to use the same EMR database and that having two or more separate records in a system for a single patient (which is their idea how to do this) is just dangerous.

Vulnerabilities that are rooted in human behavior or misbehavior concern me the most: apathy, naiveté, curiosity, theft, and vengeance. Continual education and empowering employees and physicians with scenario techniques on how to appropriately deal with common situations is helpful. Not intending to scare or intimidate people into compliance, we share media stories of fines and prosecutions of healthcare systems who have had incidents of security or privacy breaches.

The proliferation of personal devices where clinical information can be accessed (smartphones, tablets). We’re working on how to best encourage provider access / patient engagement while still ensuring appropriate security and privacy. 

Many vendors, including our eClinicalWorks vendor, are increasingly utilizing cloud technology. We’re working to be able to make best use of the new products while managing security.

The people. Information technology systems are relatively easy to secure, but people have this aggravating habit of not doing what you tell them or expect them to do. I’m functionally the assistant security officer, although my title doesn’t reflect it.  I did about half of the facility education in 2003 for the Privacy Rule implementation and it still amazes me how many people don’t make basic information security and patient privacy a part of their day-to-day existence in healthcare.

In 2003, there were three groups of people: those who lived privacy, those who had heard of privacy but for whom it was an add-on to their daily life, and those who had never heard of privacy or the Privacy Rule. In 10 years, we’ve pretty much stamped out the "never heard of it" problem, but there are a lot of people who still treat patient privacy as something to think about when everything else is done. A text message to a friend here, a social media message to a friend there (even a private one) and you have opened yourself up to serious problems. Somehow we still have to convert those folks over to people whose lives include patient privacy. I’m still working on how.

Not misspelling HIPAA :) 

The use of HIPAA as a way to make life harder for physicians, such as CIOs and lawyers creating inane password policies or medical record clerks denying access to results of study I ordered without a written consent "because of HIPAA.”

Stupid mistakes (e.g. having patient info on an unprotected medium which gets stolen). Interestingly, while this may result in embarrassment and financial penalties, it rarely actually compromises a patient’s medical information.

The reality is that HIPAA is simply a mandate of common sense (i.e. only share patient info with someone who should be able to see it for obvious clinical, operations, or payment reasons), and yet ironically it actually winds up making people lose their common sense in how to deal with data and potentially hurts the quality of care by denying access to data needed by caregivers.

Downloading PHI to personal laptops or other mobile storage devices that are not encrypted and not secured with a strong password. All of our corporate laptops and portable storage devices (e.g., thumb drives) are encrypted and password protected, but that’s not the case with personal laptops which inevitably are used by employees for work-related tasks. I’m also constantly concerned about insiders and trusted agents who engage in for-profit identity theft.

In our organization, a chief privacy officer has virtually shut down all research in the name of HIPAA and patient privacy. She has even begun to question the utility of quality improvement efforts and their need to review patient records.

Our health system is most vulnerable with the new culture of real-time information, which means that caregivers are texting, e-mailing, taking photos, etc. as part of the normal practice of patient care. Our EMS and cardiology service line had a great process in place to get information to cardiologist on the patient prior to arrival by using a smartphone to take a picture of the EKG and text it to the physician. Great idea, but not vetted for patient privacy and security.

It is up to us to stay in front of this new culture and put the appropriate privacy and security measures into place. Our health system is developing its updated security program now and I’m concerned that some of these things are going on without our knowledge or preparation.

HIStalk Advisory Panel: Vendors at the HIMSS Conference

December 26, 2012 Advisory Panel 2 Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a hospital or practice, you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This question: Vendors are finalizing their preparations for the HIMSS conference. What are some things they should and shouldn’t do to get decision-makers into their booths and then present their company and products effectively?

Pricing is a touchy topic and I understand the sales logic that you don’t want to share the dollars too soon. However, I may need to understand ballpark pricing to even know if it’s worth my time to talk with you. We’ve all been talking about reimbursement cuts.  Those cuts directly impact how much we can spend for essential and cool tools. If I go to pricing early in the conversation, I’m probably trying to determine if it’s worth my time and your time to continue the discussion. At a recent conference, we encountered a vendor with a unique solution to challenge we were facing. However, my enthusiasm to continue discussions was notably less after multiple conversations that led to a summary of, "It’s really hard to give you an idea of how much it will cost" and "My price will be less than whatever you currently pay." Instead of being on the top of my follow-up pile, this vendor is a much lower priority, in part because I don’t know if my work will all be for naught because the price is more than we consider reasonable.

Coffee works. I don’t care what you say, at every trade show and conference I attend, the longest line is always where the espresso machine is. Cisco usually has a magic show — that makes me leery. Have ample seating available — people are tired of walking around all day. I think that pre-conference mail-outs have minimal success. When I know I am going to a show, I tend to pay more attention to e-mail, but not any more attention to traditional mail.

They should avoid e-mail spam, phone call spam, and otherwise being overly aggressive prior to the conference. I personally tend to avoid those who pre-annoy me like the plague. Likewise, avoid post-conference harassment. The key is to be accessible without nagging or arm twisting. There is no such thing as successful nagging or successful arm twisting – attendees might passively pay attention or pay lip service in response to such tactics, but they have zero chance of landing a "sale" or cementing a meaningful relationship.

Having and being generous with high quality giveaways never hurts. Often these may be collected by attendees to distribute to team members who cannot attend, so it’s almost like viral marketing in terms of who ends up with these and who sees them. Having edible or drinkable enticements to visit a booth is also not a bad idea, but don’t be cheap or stingy with the stuff (it is far better to have nothing than to appear cheap or to be stingy with this type of thing). Throw nice meal meetings and parties – breakfast, lunch, dinner, snack, after dinner, whatever (be creative). The quality with these events is of paramount importance, though. Going cheap on such an event delivers an obvious and lasting message of how important the attendees are to the vendor and reflect also on what an attendee can expect from the vendor’s customer service and support. Also, realize you are competing against places, restaurants, etc. the attendee might want to experience in the host city. Don’t make them feel like they wasted an opportunity to enjoy something else by giving you their time. A memorable positive experience will always create a favorable impression and build some relationship capital. Put yourself on HIStalk’s Bingo or "recommended" list – people pay attention even if they don’t overtly participate.

Don’t monopolize my time with long meetings. I go to HIMSS to get a "broad brush" on available products and technologies for later investigation. Instead, give me the "elevator speech" (what can you tell me while I’m trapped in the elevator with you) answer my questions, and plan to follow up with me later.

Have a crisp, compelling elevator pitch that all of your salespeople know. Tell us why we should invest our time to see you. Make it simple, clear, and easy to understand.

Quite frankly, HIMSS is so large that my senses are on overload when I hit the vendor booth area. They see CIO on your badge and you become raw meat. I have two official titles. One year I tried to have HIMSS put non-CIO title on badge. They refused. I schedule meetings with vendors weeks in advance so as to use my time more efficiently. I also try to visit the major vendors we have contracts with. Lastly, there is a vendor booth that is an actual bar. It’s a must stop.

Focus on the power of three and stories. Everybody in the booth needs to have a library of stories that show the impact of their solutions. Have the customers in the booth if possible. Secondly, everyone in the booth needs to know the three reasons to spend five minutes in the booth, the three reasons why their product has an impact, the three reasons why they are better than competitor, the three reasons customers buy from them.

I cynically assume that whatever I see on the floor is vapor-ware and do not use it in the decision making process. I am able to get 3-6 months of meetings with my current vendors into 1-2 days, which is a great time saver.

Skip the expensive direct mail pieces – most wind up in the trash.  I can’t think of any vendor who has done anything memorable… I suppose that tells a lot of the story.

Don’t send me postcards with the same old prose ("Find out why we are the best / fastest / cheapest / lightest / prettiest… at booth #4321). Do send me something that is tailored to my role (e.g. physician, nurse, pharmacist, IT professional, executive) and tell me how what you do can make life easier for my role or bring real value to my organization (e.g. how does it decrease cost or increase revenue while maintaining or increasing quality.) And of course let me know if you are an HIStalk sponsor, and about any cool giveaways!

The only thing that has worked with me in the past is a special invitation from someone who had researched me and my position and offered a good proposition and a quiet audience. Made me feel special and above the clamoring crowds. Didn’t use the product, but they were in the running.

Send info that is not gimmicky ahead of time. I rarely just pop into a booth, but I will if it looks like something we are interested in. Last year, I was looking for Humedica and had a booth number. When I got there, it was Allscripts and I did not see anything for Humedica. Colocation for a vendor can be a big mistake. I felt like a dolt going all the way around the booth looking for anything with the company name and even asked a booth zombie, but they had no clue. As it turned out, they were there, but not everyone knew it at the booth. Odd and not to be repeated, I hope. On the other hand, I went to the SAS booth, and what made it a great visit is that I had access to all of the right people right away. I was to the point of what I wanted to learn and so were they. Not sales-y at all.

Vendor should bring decision makers to HIMSS. Feedback I am consistently hearing from CIOs and other organizational decision makers is that HIMSS is turning into too much of a sales pitch. Customers don’t feel like they can have meaningful conversations with the vendors. Make sure those people are there. The sales personnel are important to build relationships, heck many of them can have these meaningful conversations, but make sure that you have the right resources available to engage in these conversations, along with the correct non-threatening environment to encourage such conversation. For goodness sake, don’t hire professional talent to deliver a scripted pitch – have the thought leaders in the organization that understand the topic give the presentations and engage their audience in a conversation. It should be two way — listen, challenge, exchange ideas.

HIStalk Advisory Panel: Working with Startups

December 19, 2012 Advisory Panel 1 Comment

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a hospital or practice, you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This question: Let’s say you are mentoring the founder of a startup that has developed a creative software application for hospitals. What advice would you give that founder about developing a working relationship with a hospital to validate and improve their product to make it marketable?

First, it is important to develop a beneficial relationship with a hospital to, ideally, test out the application in the trenches and provide feedback for improvement. There’s huge value of working with a hospital as a beta user to run the application through the day-to-day uses. It’s important to establish a relationship with the key managers and staff in the area to provide the best feedback. It’s valuable to determine the right relationship scope so that the hospital staff are motivated and willing to provide feedback, in addition to their usual daily tasks.

[from a vendor employee] The main thing is the solution needs to provide enough value for hospital that they would even want to use and collaborate with the vendor.  Assuming it’s a great concept and the founder has gained access to hospital decision-makers who are interested in the solution (I think we’ve touched base on this before on the Advisory Panel), the next step is positioning the partnership in a way that’s mutually beneficial for both organizations. 

In our early stages, we honed our solution by offering discounted “beta” prices to multiple key sites in exchange for collaborative feedback and a tolerance for a beta product in development. This really was an invaluable process for us to hone both the solution as well as the company for widespread market expansion later. These need to be win-win partnerships to really work. The beta site got a groundbreaking solution that improved their organizations and a vendor relationship that allowed them to play a significant role in its development to fit their own needs. We obviously got early clients, market traction, and an awesome cauldron for rapid improvement of the solution. One drawback is that once a site thinks it’s a beta site and a beta product with beta prices, you’ll have a much harder time moving things to non-beta mentality and normal retail pricing. It was worth it to us, however.

I’ve seen other startups invite early clients to be part of their boards or to actively participate as advisors. Many startups get offered funding by potential hospital clients – I’m torn on whether that’s a good or bad thing. We never did it. It really depends on the hospital client, the deal, and where the startup is financially. 

All vendors started somewhere. I like what Voalte did. They consulted with several CIO/CTOs in the industry. They found a local hospital that needed that product and worked with them until they got their product fully tested and implemented. Since then, they have gone on to be successful.

To create a strong working relationship with a hospital like this, the startup should expect to shoulder all associated costs unless they are offering an equity stake (and obviously, shouldering the costs by the startup is the better financial option for the startup). Subsequent to getting that relationship off the ground, the quality of support provided, and responsiveness to hospital feedback on the part of the startup will dictate the quality of the relationship they build and maintain.

We have done this a couple of times. There needs to be a symbiotic relationship. The hospital cannot just take the free or reduced cost software or services. They need to give back in terms of recognition that what is developed must be flexible enough for the marketplace and not driven strictly by the way the individual organization would like it to work. The CIO, clinical leadership, and others need to be ready to be partners through reference calls, site visits, demonstrations etc. The vendor needs to recognize that the hospital is looking for a return on their investment (of time and resources) and also recognize that the relationship needs some form of "cost recovery" be it free or reduced price software and support, site visit credits to use with other products, or other.

[from a vendor employee] GET EVERYTHING IN WRITING!!! Finding a hospital champion is already difficult, much less finding one that wants to partner. Find a facility close to your companies office that you think would be willing to work with you. Look at the background of the person you are trying to work with. Did they work for a vendor in the past or have they done consulting? Are they a consultant on the side? Are they a programmer by trade? Is the facility outsourced and your contact works for the vendor? You need to find someone that understands the entrepreneurial spirit and wants to be a part of building something from the beginning.

Be careful of your selection. Some hospitals will tell you they use mobile products, but I haven’t seen very many do it very well. Clinicians are not always as ready to commit their time as they say they are. They need to make the commitment time very definite up front.

Make an offer they can’t refuse. Most of the offers I hear are weak and not worth my time investment.

Risk-sharing. Don’t charge me an arm and a leg for a pilot. Put your system in for low or no cost if you are confident of its efficacy. The positive reference for a startup is more important than making money on the first sale.

[from a vendor employee] I would take a three-pronged approach. First, make sure my top-level executive/CEO/founder can create a connection with someone at CxO level of hospital. Their focus should not be on technology, but on business issues, pain points, what is getting in the way of the provider hitting their numbers, growing, delivering high quality care, attracting employees. Second, have developers/product management people sit shoulder to shoulder with end users inside the hospital to see the workflow with their own eyes. Roam the halls if possible, interact with employees. Third, have the sales/account manager develop a relationship so that when prospects call or visit, the salespeople have a relationship with key people inside the hospital.

One thing I appreciated about Voalte was the ability for all end users to send text messages to the company. These included use questions and, more importantly, suggestions for product improvement, which were actually implemented quickly. Their service model of putting a rep on site and roaming the halls every week has been a big hit as well. Other vendors haven’t reacted too well to these ideas when I suggested they do the same.

Work with the CIO, CMIO and Quality in combination so that you’ve got all the players you need to get started. Find a physician champion who is committed not overly “salesish.”

Find a physician champion, start small – pilot in one area, and then work on spreading it. Be prepared to answer the usual bureaucratic/legal questions about HIPAA, server info, etc. If it’s the first customer, consider making them a partner (e.g. give it for free/cheap, and give equity) rather than trying to extract a little money — will align both sides better to win long term.

it needs to be an inside job. The current buzzwords are "champion" and "executive sponsor." Someone in the organization, as opposed to someone knocking on the door, has to be so excited by your product that they push for adoption of your software solution. How to get that champion? Bribes with money or sex will probably backfire eventually; specialty society meetings (physicians) and introductions by a friend of a friend (CIO) would seem the best bet. E-mail, snail mail, cold calls probably aren’t worth the time. Professional publications would be good, but they would have to have actual scientific validity.

We are actually in the middle of that situation. The company made connections with our for-profit arm and we are an investor. We continue to work with them to help with the development. My advice would be to create a very strong value proposition and it has to be pitched to the right C-level person first. I would suggest into the CIO / CTO as the idea would have the best chance that route if it is a good idea. The first few are the hardest as many places won’t take the risk if they are first, even if it is free. But if there is real potential, I am happy to take some risk to get to something that is good.

[from a vendor employee] I’m fortunate to have been able to participate in a startup as well live in a startup mode for many years as we both developed the products, but also the market in which we serve. One of the most important lessons that I learned is that people buy from people. This, of course, can touch many aspects of how to be successful. One of the most important is clearly in how we listen to our customers, focus on developing the relationship with our customers, but don’t just blindly listen – challenge, make sure you understand why it is important then work together on how it will be delivered.

I’d also strongly contend that this relationship building isn’t just something a startup should focus on. This should be at the foundation or core values of any company that wants to be successful in delivering products, especially healthcare products. Develop relationships, listen to your customers, challenge each other with new ideas, and deliver great solutions!

In a hospital there are several constituencies and you have to go after one.  You have to sell it to the doc, the nurses, IT, or one of the other areas that would find it useful. If it is a timesaver for the physician or nursing, sell it to them and they will pull IT into it. If it is an IT sell, then you can try the senior folks if you have connections. If not, try to find at least a project manager or primary support person for the area that will benefit most from your product. The CIO is bombarded with the latest gadget sales and the latest sales brochures. If you can find a way to market it from inside the organization, you will be more likely to get CIO time.

HIStalk Advisory Panel: Use of Mobile Devices

December 17, 2012 Advisory Panel No Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a hospital or practice, you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This month’s question: What interesting uses of mobile devices are you seeing by hospital employees and physicians?

We have very limited use of mobile devices in our organization due to security-driven policies. We are hoping that once we complete a virtual desktop infrastructure install we’ll be able to be more flexible.

Jordan Hospital in Plymouth, MA has a terrific mobility approach. They had a serious noise problem on the patient floors. They decided to implement a "quiet hospital" program. They banned the use of the PA system for any reason on penalty of being fired. They bought a large number of iPhone 4s (at a great discount since the 5s have debuted).  They disabled their cellular functionality, making them usable only on a WiFi network (the hospital’s). At the beginning of each shift, the nursing staff picks up a phone from a large charging bay. He or she types in a code and that phone automatically rings to his or her personal extension during the shift. In addition, when the nurse logs in, he or she has immediate access to all of the patient EHRs (Meditech) that have been assigned to him or her for that shift. The charge nurses can assign patients individually or take a single nurse’s entire patient load and assign it to another nurse on the next shift with only a few keystrokes. Patient calls to the nursing station are automatically forwarded to the iPhone of that patient’s nurse. If the nurse doesn’t respond in 15 seconds, the call is automatically forwarded to the charge nurse. Doctors affiliated with the hospital also get iPhones, but theirs have their cellular functionality left intact, so he or she can be reached whether or not they are in the hospital. Individual extensions never change, and the on-call physicians in each specialty can be dialed or texted with a single keystroke. Jordan has not lost a single iPhone since the nurses’ units don’t work outside the four walls of the hospital. They were very surprised when they analyzed what functionality was being used by the nurses most frequently. It turned out to be texting, which was not expected since the average nurse’s age is 54. Within two weeks of implementation of the program, patient satisfaction scores went from the low 70s to the mid 90s.

We are using Clinical Expert to do some clinical surveillance relative to sepsis. These alerts are sent to response team via iTouch and iPad app.

[from a vendor employee] We’re definitely seeing increased uses of mobile devices by the people we connect with in revenue cycle, finance, and department heads. They’re relying on their mobile devices to have up-to-date information, dashboards, and reports on the overall financial status of their facility or system. These reports range from AR, productivity, and charge capture for revenue cycle. Department heads are moving toward utilizing mobile devices for up-to-date reports on physician performance and relative ranking within their department. Upper management likes to have this information "at their fingertips" during meetings or ad-hoc discussions. Properly designing these reports and dashboards for viewing and interaction on mobile devices hits the spot.

On the positive side, many hospital employees and clinicians continue to use their mobile devices as a reference tool to assure they properly understand diagnoses, medications, etc. We continue to see good use of these devices for continuing education and various other apps in that regard. One tremendous use of mobile devices done by our IT staff recently was to utilize FaceTime to allow a seriously ill patient to virtual attend their daughter’s wedding. On the dark side, hopefully everyone in the industry is aware that unsecure, unencrypted texting between staff and clinicians continues to be a risk that will not be eliminated without a secure texting solution. The lure of convenient, asynchronous communication is considerable and individuals will disregard policy and use available means to do so if we are not providing them with an appropriate and approved tool.

Nothing out of the ordinary. They are proving to be great for quick communications and coordination. Many providers are very HIPAA security aware and asking that we provide secure messaging apps. We do see responsiveness and coordination to be better than using pagers or other means for contacting individuals.

[from a vendor employee] At a recent visit to see a family member in the hospital, I noticed that all of the staff had a phone that they had clipped to their pockets. It wasn’t the size of a cell phone, but was a little smaller than cordless phone you would have at home (back when people had home phones). I asked one of the nurses what they used them for and she said, "I don’t know, but I hate it." Another nurse said that she loved it because it gave her all of the "notifications" she needed without having them broadcast over the intercom. She did say however, that it was very heavy and that it pulls on the her clothes (scrubs aren’t stiff enough to hold it). I noticed the staff checking theses phone constantly – like my teenager does when he’s texting his girlfriend.

Nothing good. Right now I’m fighting the battle of nurses using their personal cell phones to take pictures of EKG strips (PHI is blacked out) and sending them via unencrypted text to the physician. Evaluating our options right now.

Secure e-mail/calendar access. Texting between providers.

[from a vendor employee] I talk a lot about how the market niche we serve (enterprise clinical content management) has become much more than about how data is managed through its lifetime but rather now how data is accessed within a patient context. I believe the unprecedented demand for clinical data drives a greater need for data liquidity across healthcare IT applications. That said, as we continue to achieve a higher level of data liquidity, we will see clinical content accessed through many mobile devices. Heck, I’d argue that the platform becomes unimportant, data should just be available. Therefore we should be able to access the internal EMR, external EHR, even the HIE, though any device. On top of this, these devices are becoming the portal to multiple types of high definition content – be it pictures, movies, or other Internet-elivered content – why can’t clinical content be just as rich. As we move towards what I like to refer to as the High Definition EMR, I believe all clinical content will be accessed through any device, including mobile devices – especially by hospital employees and physicians.

We have rolled out Epic’s Haiku and Canto for our clinicians using iPhones/droids and iPads. The early response has been very positive. It’s read-only, but we will be adding Dragon functionality soon. We also have over 300 wireless mobile carts roaming the units using virtual desktop (VDI), thin clients, and Imprivata single sign-on with proximity access. Also a big satisfier.

Airstrip OB for fetal heart monitoring. Residents and younger attendings are using lots of apps for providing care instead of textbooks.

Communication! They are doing it now with all sorts of devices, so we are exploring a way to make it (1) integrated with the EMR (e.g. choose from a patient list), (2) more secure, but easy to use, and (3) widely adopted, but we recognize there may be more than one use case scenario (e.g. one use case might be about confirming orders, another about relaying a lab value, another about sending a photo, and another about getting a quick consult). We’ll see if one solution can solve all, or if more than one is needed.

Naturally, mobile devices on the public WiFi (as opposed to the hospital firewall) are not censored like the hospital intranet. So when you can’t get to the breast cancer walk site (because the hospital thinks it might be porn), you whip out your portable device. Same for ESPN.

While we use UpToDate Mobile and Epic’s Haiku and Canto, the cool thing we use today we developed and patients use is called WebAhead. Allows access to our urgent care locations and clinics and you can pick your appointment time on the fly… we call it WebAhead. There may be others being used by staff, but we don’t control the mobile aps nor are we pushing any right now as we are coming our Epic install.

Not seeing a lot. We are throwing new laptops and Dragon with PowerMics at our docs and for most of them that is plenty of technology at one time. We have also upgraded their desktops if they were very old. We have had a couple of request for the iPhone app for our EMR, but since interest is low key, we will add it later.

HIStalk Advisory Panel: Recent Vendor Experiences 11/12/12

November 12, 2012 Advisory Panel 5 Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a hospital or practice, you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This month’s question: Have you had notably good or bad experiences with a vendor lately or worked successfully with a small or little-known vendor that deserves exposure?


11-10-2012 5-48-44 PM

Notably bad experience:  we do pay considerable software and maintenance fees to Allscripts. Typically, software and maintenance fees include either "free upgrades" or minimal costs. We’ve just been told by Allscripts that to move from their MU product (11.2) to MU stage 2/ICD10 functionality (11.4), the cost for the upgrade will be six figures! Not sure if any other vendor in the ambulatory space is priced like this, but it seems pretty steep!

Aspen Advisors

11-10-2012 6-27-19 PM

Aspen Advisors is not a household name in HIT consulting and has also done great work for us. Outstanding practice leadership, strategic advice, senior PMs and analysts, and high integrity. Not a body shop.

The Breakaway Group

11-10-2012 5-55-04 PM

The Breakaway Group.  They have come in and provided a very measurable training methodology that focuses on end user adoption.


11-10-2012 6-22-34 PM

Cerner deserves enormous credit for working creatively with me to reduce our Cerner TCO, as well as modifying their products to meet some very unique aspects of care in our environment. In the eight years that I’ve worked with Cerner across two different organizations, Cerner has dramatically improved their culture of customer support and commitment. At one time, I thought my Epic customer service would never be surpassed, but in the last three years, Cerner met it and blew right past it, especially in terms of willingness to help optimize our current products and co-develop new functionality that was critical to my environment.

I’ve been working with Cerner for a few years now, and it’s looking like the competition from Judy has forced them to up their game quite a bit. They are headed in the right direction, albeit slowly and expensively.

My primary experience lately has been with our hospital’s EHR vendor, which is Cerner. On the software side, the product is still poorly designed and clunky with some clear flaws that impact safety and clinical decision making. But those things have been fairly constant for years so not really notable. However, I assume that "notably good or bad experiences" refers to the relationship to the vendor’s personnel and not to the experience with the product per se. The vendor sales group, mid-level and high-level liaisons have been very attentive recently. Our high-level administrators (as well as the entire clinical staff) was quite distressed with the vendor a few months ago when the remote hosting service had several lengthy unanticipated downtimes. Also, the vendor has been working with our administration on developing a rather significant ($$$) new contract. Based on past experience, I suspect that the level of attention will revert to baseline as the ink dries on the contract and the memory of the downtime disaster becomes distant.

Computers Unlimited

11-10-2012 6-20-42 PM

Had a nice experience on disputed after hours extra charges with the small vendor Computers Unlimited, related to their CPR+ product in the home medical, durable medical equipment space. We are starting to look more and more at vendors that want to charge extra to do support or maintenance work ‘after hours’, since in the healthcare systems, this should be the norm and not the exception for change management windows.


11-10-2012 6-24-30 PM

The folks at Craneware produce an awesome suite of revenue cycle management products for a very reasonable price, backed by a great culture. They are quietly one of the best software vendors I’ve ever worked with and will become an increasingly important product line on the CIO’s radar screen as the industry transitions into P4P and value based purchasing.

DFB Consulting

11-10-2012 5-53-19 PM

We recently contracted with a firm called DFB Consulting to convert clinical data out of Allscripts Enterprise into Epic. They have quite a cottage industry in this area with so many customers switching. They did an outstanding job of something I thought was going to be a nightmare. 


11-10-2012 5-34-50 PM

We have had a very difficult time with our medical oncology vendor Elekta recently. As a niche vendor in this space, there was hope that they would provide a strong clinician-focused product. However, they show a lack of change control that results in upgrades being very painful with many session crashes and system response time problems.


11-10-2012 5-32-52 PM

Emdat, who I noticed recently became a sponsor. I’d give them a thumbs up even though we didn’t go with them. We decided it was too disruptive of a change for the physicians with everything else we’ve thrown at them recently.


11-10-2012 6-25-56 PM

We went live recently with Epic. They delivered what they promised and more, which I found refreshing and unique when compared to past experiences with Cerner, Allscripts, and Meditech.


11-10-2012 5-26-20 PM

Explorys. We are in the implementation phase, but so far, wow. Best vendor experience I have ever had during an implementation.


11-10-2012 5-27-28 PM

One vendor that I worked with and I have grown to love and respect as they have never stirred me wrong is Hielix. They have a plethora of experience under their belt and they like to think  of themselves as " the healthcare aggregator!" They deserve your attention and maybe even an interview.


11-10-2012 5-39-47 PM

MModal and iSirona are two companies we’ve been working with lately. Both have been very positive experiences.

Make Solutions, Inc.

11-10-2012 5-58-09 PM

Make Solutions Inc. They supply tools and services geared to improve the transitions that end users go through with each new implementation. The tools assist with process-based testing and role-based curricula development.


11-10-2012 5-36-26 PM

MModal and iSirona are two companies we’ve been working with lately. Both have been very positive experiences.


11-10-2012 5-46-57 PM

I have used Phreesia as a consumer/patient in my MD’s office. They put Phreesia on the front end in the waiting room on top of their Allscripts system. They hand you an iPad and a stylus and you zip through updating any new
info, demographic, insurance info, medical changes, etc. As I walked up to the front desk to hand the front desk clerk my iPad, the door opened to the back and the nurse called me. I literally sat in the chair only for the time it took me to tap away on the iPad, probably 5 minutes, and then I was in the back getting my physical. Very easy to use, quick, and great integration to the EMR.


11-10-2012 6-28-58 PM

Vitalize (now SAIC) supplied 20 Epic-experienced physicians mostly from Allina for at-the-elbow support for two weeks round the clock at our hospitals’ big bang. Wasn’t inexpensive, but the white glove treatment was well worth the investment.


11-10-2012 6-17-38 PM

We’ve had some pretty positive interactions over the past few years with the company Sayers which would likely qualify as a "little known vendor." We have utilized their services to assist in our tech refresh for end user devices and a few other areas. They seem to provide a high value (low cost vs. services rendered) and their management has always been extremely responsive with rapid and satisfactory resolution to even the smallest of issues brought to their attention. I have particularly had positive experiences with John Kasser, Chris Martinez, and Joe Martinez at the management level in their organization.


11-10-2012 6-36-51 PM

Siemens has shown great flexibility and willingness to work together, nice surprise

Siemens MobileMD

11-10-2012 6-33-02 PM

We are extremely impressed with MobileMD. First rate and affordable private HIE. They are highly ranked in KLAS and now that they have Siemens behind them the future looks even better.


11-10-2012 5-42-32 PM

TheraDoc has continued to deliver for our infection control staff. Our organization has continued to exceed goals in the reduction of healthcare-acquired conditions. At some point we see this potentially moving to our overall EMR vendor suite, but TheraDoc continues to work very well and is a very mature solution compared to the enterprise vendor in this particular area.

Virtual Procurement Services

11-10-2012 5-50-52 PM

The only small and little known vendor that I’ve been so impressed with is the one I mentioned above who helps me with our maintenance and other purchasing negotiations, Virtual Procurement Services.


11-10-2012 5-30-23 PM 

We are in the process of evaluating ambulatory EHR vendors for primary care clinics owned and operated by our organization. Vitera has been slow to respond throughout the entire process. I’ve expressed my disappointment in their lack of response but haven’t seen much change. They have a number of existing implementations in this area and the customers I’ve spoken with have expressed a decrease in service levels over the last year. They are obviously experiencing management issues, either from the surge
of sales due to MU payments or integration issues from their string of acquisitions (or a combination I guess).  Either way, I’m concerned about their ability to keep up with the rest of the pack. 

Zynx Health

11-10-2012 6-31-26 PM

After a somewhat rocky initial relationship, Zynx has really stepped up to the plate. They’ve taken a hand-on approach to getting our order set maintenance process back on track, committing a lot of consulting hours gratis to help compensate for our own lack of resources. We’ve been impressed with their willingness to go the extra mile on our behalf as they become more of a business partner rather than just a purveyor of content.

HIStalk Advisory Panel: Reducing Annual Maintenance Fees for Software

November 7, 2012 Advisory Panel 6 Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a hospital or practice, you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This month’s question: Are you feeling pressure to reduce your software maintenance fees?

  • Yes. We are talking to our large vendors about reducing or limiting increases. Many have stayed flat, which is helpful. In addition, we are looking at utilization of niche products and determining if we can turn them off.
  • Overall, yes. As we increase products and functionality to meet Meaningful Use, IS is under pressure to control our operating spend. We’re trying to smooth out our maintenance fees by either negotiating fixed fees for a time period, evaluating longer support contracts (when appropriate) to get further reduced pricing, or taking advantage of timing opportunities where both new product licensing and support renewal agreements are all on the table. I have three situations where our support contracts are up for renewal with vendors that have capital projects in consideration for next year. Not surprisingly, they seem to be more malleable in price discussions.
  • Haven’t been asked yet. We’re a revenue department with MU. We’re getting most of what we want right now.
  • I have been asked to assess what applications can go to time and materials vs. annual maintenance. Which is a problem, as most software vendors do not offer T&M for software. In addition, I have negotiated lower maintenance fees.
  • (from a vendor employee) We are being asked by 90 percent of our customers to reduce our software maintenance fees due to increased pressure on their end from administration.
  • All or the management team has been asked to push back on our vendors. We cannot continue to see expenses grow as revenues decline. There is no formula mandated, but we have looked at eliminating contracts that we feel we can get by without, and I have continued to negotiate on maintenance more than ever before. In addition to maintenance, I have looked at the many clinical support services like UpToDate and Micromedex. Utilization of these is high, but so is the price. These subscription vendors also need to stop the skyrocketing increases in their renewals or we will need to move to lower cost providers of clinical content.
  • No particular pressure, but we certainly are looking harder at them to determine if we are getting value for our investment.
  • There will always be pressure and it is our responsibility to maintain or reduce cost run rates for same store application support and maintenance. Cost creep is unacceptable.
  • Yes, though pressure is not coming from our organization, but rather simply as we look to align the value of the solutions — what we’re paying and incremental value we obtain each year as we continue to pay maintenance. Essentially we repurchase the software every five years or so given maintenance dollars, but the most value to the organization came upon initial installation, the "first" time we purchased the solution. Continue to reduce our maintenance amounts through standard term renewals, additional purchases and scope expansions, maintenance holidays on new purchases, etc.
  • Yes, we are feeling pressure to reduce our software maintenance fees. We are handling this in two ways:  consolidating functionality where possible on our large vendor systems if the module they offer satisfies our requirements. Additionally, we are working to take advantage of any discounts offered by the vendors where possible.
  • No pressure thus far.
  • Yes, and we have become quite successful in doing that. I also use a third-party negotiator to help to secure better deals. I’ve actually saved about $2 million on maintenance and equipment purchases since changing my approach and doing this. (That’s over and above our initial discounts.)
  • Not per se. We are replacing our best-of-breed platform with an enterprise vendor and will actually have about a $2M reduction in my operating expense in maintenance. Of course I hope to keep those savings in IT because I need it for other things. We are a ridiculously low 2 percent of the operating budget and most academics are about 3.5 percent.
  • (from a vendor employee) We are not feeling this pressure, but I think that is because we have a pretty satisfied client base and have been able to show the value and return of our service. 
  • Yes. However, the pressure is coming from me rather than outside of IT. I am aware of the organization’s finances, so I’m always looking for ways to positively impact the bottom line. I’m aware that there are duplications of coverage in our applications. I’m also aware that some of our applications are not being used to provide the maximum benefit to the organization, and in some cases, barely at all.  One of my personal goals over the next 18 months is to reduce our costs by identifying and targeting those applications for removal.
  • We are trying to reduce maintenance fees by reducing the number of niche vendors and getting to a core vendor strategy.
  • Between Medicare and Medicaid reductions (about $20M) the pressure on IT was about $2M, so yes, we asked long-time vendor partners for stated fee reductions, which they conceded in return for commitments to act in their behalf with new sales opportunities and existing customers. This is something new. It will be interesting to see how they use us (me and my CEO).
  • A huge initiative for us is application rationalization. We are enforcing selection of standard systems and partner vendors for each functional area to drive out variation and have assessed our portfolio of applications for those we are developing
    active retirement and decommission plans. We are also actively negotiating with existing strategic partner vendors to freeze maintenance increases or actually reduce future maintenance costs – not an easy task with vendors such as McKesson, however we have had some success.
  • This has been a very very big deal for us over the past five years. We are becoming aggressive negotiators (and we are re-negotiating contracts) to ensure we get lower-than-market maintenance fees. I am somewhat suspect that it’s a “zero sum game,” and if we push the balloon at one spot, it will bulge elsewhere. My CFO doesn’t agree. He remains focused on reducing maintenance and support fees independent of the impact it may cause on other costs or relationships.
  • No one on our executive team or board is asking me to cut software maintenance fees, so I’m not necessarily feeling any pressure. I’m taking on that responsibility myself and welcome the chance to squeeze our vendors for price reductions. Having been a vendor, I totally understand the need for vendors to make a decent living and stay financially viable themselves, so I don’t squeeze harshly or unfairly. The reality is, it’s the right thing to do because, speaking from first-hand experience, vendors need to feel the pressure of price reductions or they will never be motivated to be internally efficient or innovative themselves. Also, every dollar overspent on IT is one dollar less that we can pay a nurse, hospice, pharmacist, respiratory tech, or savings passed to patients and employers. I handled this by simply adding up the total cost of ownership for my major software products (including internal costs of labor), shared those details and numbers openly with my vendors, and asked, "What are you going to do to help me reduce these numbers?" If vendors push back, I ask them to "show me your numbers" and be transparent, too. If they still don’t open up the books, I re-compete their contracts. At the end of this process, we will reduce our IT TCO by 25-30 percent over three years without any reductions in service levels, and in some areas, our service levels and capacity will actually improve.
  • The pressure is to develop a long-term support model that delivers increased value and innovation at an affordable cost while continuously improving price/performance. Not just software maintenance — everything we do.
  • We pay outrageous software maintenance fees that seem to escalate regularly for no good reason. However, it’s the CIO currently paying most of the bills, not me, and I’m not hearing about any specific pressure to reduce them (as opposed to just cost-cutting pressure in general).
  • We are under enormous pressure to "get to break-even with Medicare rates." We are looking at cutting back on systems and renegotiating fees with vendors. We have not stopped paying fees.
  • Yes, resisting where we can. So far are cuts have been more on the hardware side, where we’re able to use third parties.
  • We are under pressure to reduce all costs. Software maintenance fees seem to be less emphasized in discussion than the fees for new software modules and features (even when needed for Meaningful Use or for enhancing the workflow and efficiencies for clinicians) and the need for ongoing personnel for production support, which is always under-budgeted. Clinical informatics resources are another group of personnel who are absolutely essential to maintaining a usable software product for a large hospital but they are also underestimated in their value and need for sufficient manpower. [Disclaimer: I am not a member of hospital IT or clinical informatics and am not even paid by our hospital — just a front-line doc and academician.]
  • Yes, we are working on this in addition to our Supply Chain department working non-software expense reduction. Overall, we are working to reduce spend by 5 percent across IT (to the degree possible). We are focused on the elimination of the annual increases in maintenance and hosting fees for next year (generally 3-4 percent average increase across vendors). Back in 2008/2009 we made a pass at maintenance reduction and had some success. With our major contracts, we were not able to reduce existing contractually committed fees, but several big vendors did waive their annual fee increases, which in total saved significantly more than $200K. We are making a pass at doing that again, not sure if we will get it again, but worth trying for. Also, we are extending the refresh life cycle of some our hardware and networking components. Instead of purchasing maintenance on hardware (Kronos time clocks), we are buying replacement hardware and becoming our own depot (estimated $75K savings). We are going off-contract for Microsoft support for some technology and going to time and materials support calls (estimated $100K savings).

HIStalk Advisory Panel: How Do You Use Information from KLAS?

November 4, 2012 Advisory Panel 2 Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a hospital or practice, you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This month’s question: How do you use KLAS reports or scores to choose and monitor your vendors?

Generally Negative Comments

  • I place almost no value in the KLAS scores. Years ago I took a class on research methods and the professor used them as an example of bad methodology. What is great about them is they know all the products from all the vendors, so when I’m looking for that niche departmental system, I can go to them for a list of vendors.
  • (from a vendor employee) I believe that KLAS has a very flawed system, which has been brought to their attention time and time again with no changes. There is inaccurate information, and when brought to their attention, no changes are made. We are a vendor, and the information they continue to have on us is actually so inaccurate that it’s ridiculous. They list us as "small volumes" and every company but two on the list that is ranked (we are not because of this "small volumes" designation) is much smaller than we are. They will not correct it, so we have decided that it is not worth the hassle to continue to correct them, only to have them continue on as previous. On speaking with customers, we have been told that they have run into the same things in all categories and no longer give any weight to the rankings. A few even think that it is possible to pay for your ranking and rating.
  • We use KLAS reports (if available) to supplement MAJOR capital purchases. Most of the reports are too expensive to justify unless the expected purchase is one in which we have no experience and is a major capital purchase.
  • I review KLAS reports, but I do not have a clear sense of the validity of their review or ethics of their process.
  • Sometimes KLAS is helpful for decision makers who know nothing about the vendor/product landscape. Otherwise, I never use it.
  • I rarely if ever use it.

Generally Positive Comments

  • We use KLAS as a data point in selecting a new vendor, but it is not the primary driver unless there are a significant number of negative comments or scores. We also monitor our current vendors to ensure they are keeping up with the market.
  • I am using KLAS with a grain of salt and not as a gospel. For lack of a better reference frame, we all go to it, but I would not make decisions on KLAS alone. It is pretty much like the board certification for physicians: we all know that it may not reflect the best quality in a physician, but we all look it up and diligently go and take it to stay current.
  • I view KLAS as just being one gauge on a dashboard when evaluating vendors.  For new vendor selections, KLAS is used to populate the initial list of potential vendors. Through the selection process, their rankings are used as a single data point, primarily as a reflection of market penetration, customer service, and overall satisfaction. I have to admit that I rarely refer to KLAS for vendor products we’ve implemented unless we’re experiencing issues or entertaining a product switch.
  • I have used KLAS as a data point when evaluating vendors. For me, it represents a general standing in the marketplace and the comments are valuable in identifying areas to question.
  • I view KLAS as a consolidated reference check. I provide feedback to KLAS on products and services once or twice a year and I know that how I replay can vary depending upon the most recent encounter with the vendor in question. As with any reference check, you get a good picture of how one or many are currently viewing the company. KLAS will never be the final word, but is a good place to go to get a consolidated view of how customers are feeling about the vendor.
  • We use the KLAS scores as a starting place. We also use them as a resource to understand what other hospitals are doing. Adam Gale and his team are great about answering questions. They obviously have a great network of contacts and can often point us to other organizations who have addressed similar challenges.
  • When private physician practices contact me for advice on EMR vendors that they are reviewing, I share with them the publically available KLAS reports as well as other industry reports on EMR metrics. I also use these reports to see if there is correlation between what is being reported and what is said in private and on HIStalk about the vendors.
  • We incorporate the results as part of our customer communication and status updates. Specifically, we ask the leaders of our IS teams over each area (e.g., surgical services) to routinely incorporate market feedback from KLAS during their standing customer meetings. This is typically only done twice per year, not at each monthly discussion. It also helps us confirm/deny trends that we may or may not be seeing locally at our organization.
  • I’ve used KLAS to identify competing products in a space if we are looking to meet a need. We’ve referenced some of the reports when going through vendor selection, but it has not been the deciding factor. I’ve also found the reports to be an encouragement that we’re in the same boat as others.
  • I routinely review KLAS reports on all current vendors and ones we are looking at. It’s helpful to get updated information. Because I participate in KLAS reviews, I am able to get detailed reports related to vendors and trends. I’m usually looking for details on satisfaction with implementation and ongoing support. Love their question: would you buy from this vendor again?
  • I review KLAS findings and typically drill down into the individual comments from other users to find information or concerns that I use with the vendors in order to get more specific information. For example, if a number of users complain about some aspect, then I may spend more time than I might otherwise have done drilling the vendor about that aspect. I can also occasionally find out what the vendor has problems with, and if I’m convinced it won’t be a problem for us (and that we want to go forward with them), I can occasionally use that to negotiate a better deal.
  • I use KLAS primarily in the selection process for software and services and in that regard I find them very valuable, especially the user comments both pro and con. They give me some good direction in term of things I make sure I follow up on in the selection process. Recently they have also created some additional functionality around the creation of affinity group and other functional that gives me a platform to share directly with other organizations who have similar products or are similar to me in structure (academic, for example) that I have found some good utility in.
  • (from a vendor employee) As a vendor, we do yearly, in-depth, anonymous, customer surveys to see how we truly stand in all areas of our solution, service, and support. That said, KLAS is incredibly helpful for us to get even further information on our performance. I find KLAS gets better executive level feedback than we get on our own (our surveys usually get more responses from managers/directors/end-users). It’s a great way for vendors to see objectively where they’re doing well and where they might have opportunities for improvement. I always tell folks, I love hearing all the great stuff about our company and solution but I’d much rather hear the “tough” stuff as that’s the gold that helps you become better and better.
  • I use the KLAS reports to come up with a short list of vendors before the application/service search. The reports provide information that I use to educate my customers as to what is available, what others use in similar markets (e.g. practice EMR pool is different for 1-6 providers as compared to a practice of over 100 providers), as well as what applications others are moving from (always good to show there are no perfect vendors). I do peruse the vendor alerts as they come in but to this point I’ve not seen anything that was news to me.
  • I use KLAS for independent ambulatory physicians who are looking for a system — it is excellent for them and they often do not know it exists. I also use it to go to battle when an operations person wants to buy a niche vendor system that I don’t want. (of course that only works if the KLAS scores are bad). Occasionally use it for our own purchases that I am trying to investigate, but unfortunately many of the systems we are looking to buy are not rated in KLAS (population health, analytics etc.)
  • Used as one of the tools as part of vendor and system selection or standardization efforts. Also use Gartner info such as magic quadrant and we now ask IT vendors to register on VendorMate and pull reports on financial and sanction info from that resource and use Gartner for contract negotiation market analysis.
  • I use KLAS infrequently, but it has served as a way to educate and inform our leadership about specific vendor offerings and their comparative value to the market. 
  • KLAS scores and reports are critically important to me in my decision making process. They are my single most influential source of external advice and insight, followed by The Advisory Board and Gartner. KLAS’s integrity is unshakeable and their influence on the industry is invaluable.
  • I review KLAS to identify top vendors meriting consideration and to yield additional insights into strengths and weaknesses when selecting vendors.
  • Flawed, but extremely valuable given there’s no better alternatives in many cases. We used it a year ago to help determine whether we should go with a particular vendor on the outpatient side (we didn’t as their product was rated in the bottom of the rankings). The one area where KLAS is lacking is in specialty-specific EMR evaluations, as the niche products that are great don’t show up on the KLAS radar because of lower volumes. 
  • I participate in KLAS surveys because the lady who calls used to work for me and I like her style and that of the company. I find the reports insightful and they help confirm our assessments and sometimes point out weaknesses. I am aware of some of the criticisms of KLAS and certainly recognize their limitations. It is also helpful in working with the senior team, who may see only the glitz. It helps when I show our own vendor’s ratings, with which they usually agree, as a means to establish a level of credibility in KLAS reports.
  • I don’t have real decision-making power (e.g., authority, monetary control) over HIT purchases. However, as a physician end-user and member of our institutional EHR committees, I have used the KLAS reports as a "reality check" when my personal impression of a particular product is dramatically different from the party line that’s being perpetuated by our hospital IT group and C-suite. They say "This software’s perfectly reasonable, but the doctors are being resistant." It’s nice to be able to say, "I don’t think it’s just our doctors who view this software as having problems…." I would say that the KLAS reports are helpful in encouraging greater honesty and reality checking when too many folks are drinking a LOT of Kool-Aid.
  • Use it on a limited basis for specialty systems and needs. Good reference point to check and confirm which vendors we should consider for a selection

Key Themes

  • KLAS uses questionable and non-transparent methodology.
  • KLAS is far from perfect, but has little competition.
  • The negative comments and scores are more meaningful than the positive ones.
  • It’s good for a quick check on what customers think.
  • KLAS reports can help determine if a trend you’re seeing locally is broad.
  • It’s a good starting point for researching a vendor or product type, but is not the deciding factor.
  • New service to allow members to contact each other is useful.
  • Use KLAS reports to identify available products of a particular type.
  • Review the scores of IT-recommended systems to make sure they are being considered on merit and not IT department convenience.
  • Use the reports to educate and influence users involved in selection.
  • Show negative reports to users who are convinced that they want a particular system or to remind users that all systems have negatives and that implementing them is hard work.

HIStalk Advisory Panel: Increasing Physician Involvement

September 24, 2012 Advisory Panel 1 Comment

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a hospital or practice, you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This month’s question: What successful actions have you taken to improve the involvement and satisfaction of physicians with IT projects and services?

  • We ask physicians what kind of IT solutions they believe would be beneficial to our service, quality, and affordability objectives. Physicians help us evaluate proposed solutions. Project teams are partly staffed by physicians, and in some roles, we pay them for their subject matter expertise. CIO meets directly with CMIO to ensure alignment on priorities and clarity regarding improvement opportunities.
  • We strive to find ways to use HIT to make it easy for our physicians to do the right thing. We obsess over how many clicks each action takes, and whether someone else on the team should be doing it instead of the doctor. We are not perfect, but we’ve stumbled into a few things based on these principles which are unique ways to use our EMR, but which result in improved efficiency and quality.
  • We formed a physician group called the PIT (Physician Information Technology) group that meets every other week. We do this so frequently because we are in the middle of a large EMR project. We run all decisions impacting docs through this group, from order sets to clinical notes design. Another thing we have done is launched a physician portal that has a blog manned by our CMIO and CIO, but I will have to tell you it does not get much traffic.
  • The single most important tool for physician engagement has been shoe leather (OK, shoe rubber?) Getting out and making face-to-face contact with them in the hospital and in the clinics. Asking what works and what we can do better. Optimizing the EMR is an ongoing task and the first step is to convince them that we’re committed to it. Also, recognizing that one size does not fit all, whether it is the interface or the device or the software tools, has been critically important. Be flexible wherever possible about the tools we provide.
  • I think this follows the classical thought process today: First, have a physician in a key leadership area seen as the owner of the project. I like to have a VPMA or Medical Director leading the charge depending on the scope of the project. (IMO, depending on this roles relationships with physicians and the physician model of the organization, this may or may not have any impact on the project.) Another key is having the right type of person in a Physician/IT role (CMIO, Med Dir of Informatics, etc.) Someone that can earn the trust and respect of the other Docs, translate clinical needs between IT and business workflow, and "prep the battlefield" for major decisions by meeting with groups or individuals off-line. Having key physician champions attend discussions with other clinical areas is a must. This is where workflows overlapping various areas (physicians and nursing, for example) come to a head. For ongoing support, maintenance, and optimization, having IT topics on MEC, division meetings, physician steering/champion groups, etc is a key strategy. And as a last resort, free meals are always appreciated. 
  • We’ve taken a new approach to engaging physicians with our EMR via an online collaboration / community. Our "MyEMR" secure intranet site is unique and now has almost 500 physician members. Physician IT champions moderate discussion forums, answer questions for their peers. Education ‘tips and tricks’ videos. Design drafts are posted for review on new content and development items. New information (e.g., Stage 2 Meaningful Use information) also posted for review and education. Project status documents posted so that all can see progress on important efforts. This site was conceived by our physicians and now co-managed with them.
  • Defining specific roles for physicians and using physicians to recruit other physicians has been a successful approach that I have used. Whether it is software implementation work or ICD-10 implementation or anything in between, physicians need to have clarify on the expectations and time commitments that they will be signing up for.
  • We created a steering committee for them that reports to the medical staff executive committee. The only person from the hospital who is there routinely is the IT director (no CIO here). It is their chance to blow off steam about issues, and they do. If they gripe to the hospital administration about IT, they’re told that they have a channel for those complaints, and they are asked to use it. Once they recognized that we do listen and that within the strictures of the software and legalities, we’ll accommodate them if we know there are problems, they started using the committee. Now, it is more about moving forward than about fighting the battles of the last 20 years.
  • With any change, you need executive leadership support (administration and physician), evidence-based metrics, peer-to-peer pressure, and a system’s level continuous process improvement culture that is combined with a comprehensive, multi-pronged communication plan that reaches all levels of your organization. You have to include physicians (champions and high-volume user representatives) at the table from the very beginning and recognize that they are key stakeholders, and not just barriers to IT implementation. Physicians, like us all, are slow to adopt new, disruptive technologies. Active involvement and an active communication plan are critical to getting them involved.  If they feel like they are part of the solution, then it will work. The solutions themselves also have to be designed for the user (the physician). They need to here "what is in it for them." Perhaps it is a reduction in time, errors, callbacks, etc. The more specific the better.
  • We created a CITAC (Clinical Informatics Technology Advisory Council) made up of physicians representing most of the sections of the hospital(s) and we take them all of the new things we look at, get their input, get advice as to how to communicate with the entire medical staff, or to introduce new systems or technologies, etc. They also bring us suggestions from their respective sections on order sets, CPOE screens, prompts, core measure attributes to build in, etc. It’s really been helpful. In addition to the docs, we also include some nursing staff, my IT clinical informatics staff, and our vendor representative. We air some dirty laundry, and deal with some turf issues, some of which can be awkward but the end result is pretty positive. In addition to this, we have made trips to each of the major provider clinics to meet with those physicians to discuss issues and desires related to CPOE screens, prompts, processes, etc. But, one of the biggest things that I feel contributes to better adoption of new technologies, is that we use a lot of hospitalists in our organization, and once we get them to use technology and make some changes based on their feedback, we’re finding the other physicians are more prone to try it (since they see the hospitalists using it).
  • We’ve worked very hard to partner with and develop Physician Champions. Physicians in this role are more in tune with current projects and services, and enjoy being involved in the decision making process. For many of our physician champions, we have regularly scheduled meetings with them and their Practice Administrators to prioritize projects and discuss options, which is beneficial for all of us. We are expecting to roll out a full Physician Governance program this next year.
  • Physician IT committee, physician champion for certain projects, specific physician IT ‘helpline’ to facilitate quick resolution of their issues.
  • The key to physician satisfaction and engagement in health IT efforts is definitely having them involved. It is not enough for them to just be invited to receive information about the project. They need a seat at the decision making table and a voice that is heard and listened to. The level of their involvement in decision making and governance can vary depending on the project/program at hand, but having as many thought and action leaders from the medical staff in active roles in the project/program as feasible pays dividends with the entire medical staff. The opposite situation (zero physician involvement) yields highly negative results in terms of medical staff satisfaction, engagement, and adoption. However, it is also absolutely vital to choose wisely those physicians that are selected for involvement. We naturally want to involve those who have "connectedness" with their peers and thus high influence, but we also must select for traits such as "collaborativeness", ability to understand and explain the "vision" and rationale of what we are doing to peers, and flexibility (as plans necessarily change while in progress more often than not).
  • Most success has been to not just involve the docs, but have them lead initiatives. For example, we have three MDs that have had tasks and expanding roles in our Epic project. In addition, when you can have the docs be decision makers in projects, and those docs have the respect of most of the medical staff, per se, then things seem to go better. Having docs sit on a committee and updating them or asking for opinion is clearly not enough. They have to be like the pig at a breakfast of bacon, sausage, and eggs. Not like the chicken. 
  • When we went through the process of choosing an EMR we intentionally set up a steering committee made up largely of our physicians. We had representatives from all of our clinic types and almost one from each clinic. These docs were an integral part of the process. Once our selection process was down to three, we did demonstrations of several days with each vendor and asked all of our clinicians docs and staff to sit in. We required a survey upon exiting even if it was just a check mark on a few basic questions. After demos, site visits, and analysis was completed, the only folks who voted were the physicians. We have tweaked the system we purchased to make it as useful to the docs as we can. When we have a live date planned, we make sure the physician has someone within hearing distance to answer all questions and concerns. It is all about the support.
  • This is a long story, but something for which we are proud.  Many years ago (1993, in fact) we created a Clinical Systems Advisory Committee. It came to be because there was significant dissatisfaction among members of the user agreement. It started as a very small group of physicians who would meet with us weekly, then ultimately bi-weekly, to discuss our work. We provided dinner and (cheap) wine. We would always meeting in the evening; we would always make it a comfortable, and somewhat informal meeting. Over the years, it grew, and grew, and grew. And now, we meet monthly. The room is full with doctors, nurses and IT professionals. There are often more than 50 people in the room. Sometimes there are 75 or 80 people in the room. It is open to anyone who wishes to attend, although there is a membership list. Lots of great folks participate, and we all genuinely look forward to the meeting. It’s a social event as well as a work event. Lots of time to network and catch up. The meeting typically lasts for about two hours, but many folks stick around late into the evening. We serve great dessert. We have learned so much, made important decisions, and used the output as a way to advise our executive team. It has been a real joy. Additionally, now that we have embraced Epic as our enterprise-wide solution, we have added a Physician Council and a Nursing Council. In this case, we have ensured that we have a representative from every department or division. It is equally effective, equally active, much more focused and a bit more formal.
  • Use of "Tech Rounds" at one of our hospitals, conducted by the local CMIO; done monthly and showing latest technology applications, use of system, etc.
  • We have a mature CPOE implementation and a lot of community docs and contracted hospitalists (in many disciplines). It has been challenging to maintain physician involvement and enthusiasm for continuous improvement of order sets, decision support, etc. On the satisfaction front, hiring a CMIO (me) has been very helpful, and having a crew of dedicated physician educators / support specialists has been essential. Most of our physicians don’t bother with the IT Help Desk any more.
  • Lots of one on one discussion; open conversations with physicians in various meeting formats, informal lunches, working  to provide prebuilt documentation screens by specialty, demonstrating the improvements in outcomes using computer associated protocols agreed to by provider groups.
  • As part of our Epic implementation, we formed a Physician Advisory Group chaired by our CMIO consisting of physicians representing every discipline across our health system. This group has been key to driving significantly increased engagement by physicians in the requirements, design, implementation, testing, training, go-live, and ongoing improvement of our new EMR. The core advisory group has been meeting weekly for a year and has been very successful. We also invite other physicians, outside the core group, to participate in requirements and design sessions when needed, which extends our reach further into the community. These, and other supporting, actions have been effective in improving involvement and satisfaction of our physicians with IT projects and services. 

HIStalk Advisory Panel: Patient-Facing Technologies

September 19, 2012 Advisory Panel 4 Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a provider organization (hospital, practice, etc.), you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This month’s question: What patient-facing technologies (portals, PHRs, kiosks, patient education, etc.) have you implemented that have had the most positive impact on patient satisfaction?

Patient Portal

  • We’re in the early stages of a portal deployment. Too early to tell what kind of impact it will have on patients, although our CEO sees it as a Kaiser killer. I’m not so certain.  
  • We are in transition with our Epic implementation. We have an existing patient portal and also a failed attempt to use kiosks. With Epic, we have already signed up 20,000 new users to MyChart and the reviews have been very positive. In addition, we will most likely move away from kiosks as they just don’t seem to generate much interest in spite of widespread adoption in banking (ATMs) and airlines.
  • Patient access to their health records has had the most positive impact on patient satisfaction so they can access their own information or schedule on their own time.
  • None, and "therein lies the rub!” Some doctors in my group have tried Phytel, but not with a lot of enthusiasm, and I did not hear that they had an earth-shattering experience. I chose instead to test drive on my patient population the actual need and demand for such tools before I invested time and staff effort into a technology that may as well go nowhere because my older patients are simply not ready for it. All of that while the company as a whole was looking for a more integrated solution/EMR that would offer a patient portal along with practice management and other tools all in one as opposed to having a piecemeal approach.We did find one after a long and arduous process and I hope that it will prove to be worth the wait. However the patient’s response and demand for such technology remains to be seen as many of them are not computer savvy, nor do they even have a computer.
  • Nothing yet. We are still trying to get the Stage 1 criteria met for Meaningful Use, but I’m very much looking forward to the patient portal. We’re among the last facilities in our state to allow our employees to look at their own records within our hospital information system. I want to get them moved over to the portal as soon as we can so we can close that loophole!
  • Undoubtedly it is the patient portal that has had the most impact on satisfaction. People who want to take individual control of their health appreciate and utilize the opportunities to review their test results, communicate with their caregivers, and make their own appointments, among other things. Promotion of this kind of ownership over one’s health is also a key to improving health outcomes for patients and a critical component of realizing the kinds of outcomes that will help determine our payments in the near future.
  • Many of our physicians indicate that access to a patient portal has been the most significant change in terms of patient satisfaction that they have seen in a dozen-plus years of medical practice. A physician example: for the first six months, about a third of the messages I received were just to say, "Thanks for this new system – it’s awesome." Now I have good stories to tell — the case of an elderly heart failure patient that we have interacted with regularly (via daughter and home care) using the patient portal. She was in the hospital or ED every 2-6 weeks for the year prior to the portal and (knock wood) has not been admitted in >6 months since our more frequent touch points and monitoring.
  • I have yet to work at an organization where we’ve implemented any of these with a verifiable increase in patient satisfaction. Not saying that the technologies aren’t useful, just that there was not a reliable way to verify the impact. As a side note, the implementations with the greatest impact are those where patients wait less and answer questions the fewest number of times. Implementing portals and kiosks can help support this experience, but only if the organization changes workflows to support activities such as pre-registration.
  • Most successful patient-facing tool has been Epic’s MyChart, especially on the primary care side. They have been very diligent about getting patients signed up while they are in the office using cheap netbooks. Adoption has been very strong and feedback has been very positive. The key was to go live with a fairly robust set of features enabled on day one rather than trying to ramp up over time.
  • We’re still working on implementing the patient-facing technologies. Previously as a patient, I was thrilled about patient portal. One of the cool things we’re working with our EHR vendor on is a tool that will help us proactively reach out to patients to remind them of wellness activities specific to them.
  • The area of patient portals has been a problem area for me. I struggle with how a patient should engage with a community hospital directly as opposed to a primary care physician. The fact that MU is driving both hospitals and physicians to have portals is going to create a larger issue in my opinion. This opinion is shared by patients in a recent focus group we did. Two patients in the group had recently connected to their PCPs athena portal. Their question for me and my hospital colleagues was, "What would I go to you if I have this with my PCP?" Because of MU S2, we will be implementing a patient portal and spending close to $400k to do so. This to me is another example of how MU is gone awry. A Patient Portal in an IDN make sense. In a community setting with an independent hospital and small independent providers, a portal aggregation strategy makes more sense – a single sign-on to the hospital, PCP, and specialists in a community but three separate systems. I wish such a solution existed, but we have not found one (but still looking).
  • Patient Portal. We are a large group which has over 60 percent of our patients signed up, giving patients what they want and need – actionable transactions (e.g. messaging the office or doctor, refill requests, appointment requests), not fluffy marketing material or even PHR info. We will add in more PHR info over time, but we have seen the demand for actionable items be what drives their use of the system. They LOVE it, and most of our docs now love it also, as it is an easy way to communicate in a non-synchronous manner, which allows for better explanations and web links, as well as better documentation for the chart.
  • Portals work very well. We use MyChart and have hundreds of thousands of patients using it for lab result lookup, appointment scheduling, bill review and payment, after visit summaries, etc. Public PHRs have gotten no traction. Kiosks we haven’t deployed due to ADA concerns.


  • Patient check-in kiosks associated with patient portals, allowing the patient or caregiver to fill out visit information in advance of office visit and/or in waiting area of office.
  • Kiosks. If done well, can facilitate the registration process, which starts the whole care process on a positive note.

Interactive Patient Systems

  • GREAT question.. Not sure any of them have really “delighted” our patients. If I had to pick one technology that seems to be pleasing SOME of our patients, I would suggest the kiosk, in the ambulatory environment, seems to be perceived as a good thing. We also recently developed an application that runs on our interactive television system. It allows a patient (or a family member) to view photos of all members of their care team. In a large academic medical center, this can be important. A member of the clinical team is added to the system if they order something or view something in the patient’s record. When they interact with the system, their photo, their name, and their title are added to the patient’s profile. The patient can then view the entire care team. A photo and name stay active on the profile for four days and drop off if no interaction. It’s very new, but patients seem to like it.

WiFi Access

  • The single patient satisfier most raved about by our patients was WiFi in the waiting rooms. It took many patients asking for it and some persuading of the clinical and admin folks. We had to assure them that this would not affect any of our patient care systems. We did have to add a disclaimer page that there was no support and that folks should not be going to certain sites — all of the legal jargon that admin wanted. From a technical side, we carved out some bandwidth that always uses a lessor priority and will reduce itself to almost nothing if the bandwidth is needed for patient care. We impressed on our patients that once called to an exam room, all electronics were to be powered down and turned off. We have about the same acceptance rate as the airlines or your local movie theater. Some of our more technical folks (like me) make use of any spare time to keep up on emails and issues. We got a lot of positive feedback.

Social Media

  • I think the jury is still out on our patient-facing technologies and their impact on patient satisfaction. However, it is well worth noting that our endeavors with social media (Twitter and Facebook, particularly), even though our efforts are in their infancies and perhaps relatively minor when compared to others, have yielded great increase in patient and community engagement and affinity for our health system.

Patient Messaging

  • Delivering engaging communications via text messaging (confirming appointments, medication refills, etc). They like this proactive approach versus the passive communications on the portal. My internal medicine physician practices in a fairly large group affiliated with an academic medical center. Getting anyone on the phone is a miracle. It is like they are in the Get Smart cone of silence. However, they have finally implemented a secure messaging system (they use an old flavor of Allscripts) and I recently had a positive experience using it to have a prescription refilled. Worked nicely. They do not, however, have online scheduling and I don’t think I could actually "talk" to my physician
    on line.

Printed Patient Documentation

  • In general, we are not there yet. Still getting physicians implemented on EMRs. However, we have had some very positive comments from patients who receive their clinical visit summaries at the end of their office visit. They love having their visit information printed out for them so they can share with families. This coming year, we will be implementing Patient Portal and integrating Healthwise Patient Education with eClinicalWorks.
  • So far Thomson Reuters CareNotes for patient education has had an huge impact on our patient satisfaction. The patients really appreciate have clear documentation they can take home. However, we are in the process of implementing a patient portal that I think will really increase our patient satisfaction scores.

HIStalk Advisory Panel: IT in Patient Harm, Patient Outcomes

August 22, 2012 Advisory Panel 2 Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a provider organization (hospital, practice, etc.), you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

What are the biggest lessons we’ve learned from cases where IT contributed to patient harm?

Common Themes Expressed

  • System redundancy is sometimes poorly planned.
  • Systems and system changes (especially those involving upgrades and application setup) are not adequately tested.
  • IT systems management needs to be more formalized (change management, communication, quality assurance).
  • System design should be user-centered and should make it easy for clinicians to do the right thing.
  • User application training needs to be not only more comprehensive, but also tied to the workflow and job role changes that are involved.
  • Clinicians are not represented in the IT governance process for changes that are seen by IT as purely infrastructure related.
  • Clinicians need to take ownership of workflow analysis and get involved in IT projects that affect them and their patients.
  • IT is specifically related to patient harm or patient safety – it’s an enabler of management and processes, whether good or bad. Technology is not a panacea.
  • Clinicians can’t let the computer override their critical thinking, yet computer systems encourage them to.

Individual Comments

  • Need for better and more effective education; misuse and system workarounds for the sake of saving time, catching up, or general lack of change; poor IT change management (including maintenance, communication, etc. – all the ITIL stuff) – inadequate QA, communication of changes, poor / under maintenance.
  • Testing, testing, testing.
  • Redundancy (or lack thereof). Cerner’s recent cloud issues are a great learning lesson. I think that wireless is also an important lesson. Done right, it can save lives. Done cheaply, it can be deadly.
  • Patient care and their flow through a hospital is so complex that no healthcare IT solution can completely avoid the unforeseen design flaw, non-intuitive workflow mistake, or inadvertent bug that ultimately harms a patient. Despite the overwhelming benefits of HIT solutions, they’re just as good as the humans that programmed them, and unfortunately, humans can err. Thankfully, with strong clinician input and deep “real world” testing, you can minimize the chances of these occurrences. One big difference with HIT solutions is that when something unforeseen and detrimental does happen, humans can quickly adapt and self-correct. Technology solutions are limited to whatever potential issues the developers and users have foreseen. This has the potential to lead to mistakes of wider consequence. Knight Capital’s near-bankruptcy due to its recent loss of $440M over two days due to a glitch in its trading software is an extreme example of this. Healthcare organizations need make sure their HIT vendors have strong clinician input into their solutions, ensure any solution is vetted thoroughly with “real-world” testing, and processes need to be in place to minimize the breadth of negative patient impact when the unforeseen finally does happen.
  • There is a need for interoperability and data standards so that information collected across the patient care spectrum can be safely and securely made available to the proper healthcare providers. There is momentum on this front as groups form HIEs. There is still work to be done to ensure that a doctor or nurse treating a patient has all relevant information to help the patient, not harm them. From patient allergy and drug interaction data to proper condition diagnosis, the underlying up-to-date information and data needs to be made available at the point of care.
  • No matter how much you think you’ve trained physicians on a system, they will figure out a way to circumvent the standard processes if they are hard to perform. We need to always make it "easy to do the right thing"… because if we make it easy to do the wrong thing, it will invariably happen.
  • Lousy interfaces can and do kill patients. Hopefully not much, but it probably happens more than we realize. The system has to make it easy to recognize problems and, quite importantly, provide a feedback loop for providers to realize what they’ve done e.g. order entry feedback / confirmation / review.
  • Assuming here that the harm can be directly attributed to IT and not to clinical practice, the biggest lessons learned from my experience relate specifically to how IT is integrated with clinical departments. I have seen IT make changes to a system that were not properly communicated, documented, and trained on; this led to a compromise in patient safety. I have seen changes in infrastructure, servers virtualized without communication, and suddenly the drug-to-drug allergy checking was not happening in the background unbeknownst to the clinician. These types of things can be catastrophic, and without proper governance in place, can lead to an increase in patient safety or patient harm issues.
  • The biggest factors in IT contributions to patient harm are a lack of provider workflow analysis, a lack of proper training and support (could be related to either the trainer or trainee or both), and, rarely, improper testing and configuration of the system. Depending on your philosophy of ownership of these particular issues, IT contribution to the problem could be minimal or significant.
  • There are very few documented cases in which problems with the technology specifically (e.g., software bugs) were linked to patient harm. In fact, the few studies that have been done do not separate the technology from the processes in which the technology was used, so in most cases we really don’t know whether the problem was with the technology, the processes, or how the technology was used in a particular set of processes. One might say that where there is significant unscheduled downtime and clinical processes have become dependent on electronic capabilities, that the down time might have the potential to contribute to patient harm. On the other hand, if there are inadequate downtime procedures and a hope that systems will never fail, is this a technology issue or a management issue?
  • Similar to the reports we have learned from pilots of crashes or near misses on technically advanced aircraft, the information provided by their systems should be used to help guide decisions and monitor / verify expected outcomes. However, the information provided by systems should not override the learned skills and experiences of aviators. If they do, bad things can happen, as was the case in the Air France Flight 447 disaster.
  • I’m not sure we’ve truly "learned" anything. What we should have learned is that you cannot put technology in place and expect it to eliminate patient harm. The process must be fixed before you add technology or you’ve just created another set of issues.  Technology does what we program it to do, so if we (humans) don’t validate the technology that goes in place and provide (and execute) quality checks, we’ll continue to harm our patients. This isn’t news to the technology crowd, but we’re having a hard time communicating it to the clinicians. I have frequent conversations with clinicians that think technology is the panacea for our patient safety issues. They are not very happy with me when I point out the other potential issues or insist that workflows are done both pre- and post- conversion. They are even less happy when I insist that we (IT) don’t own these projects and must have significant engagement from the clinical area in order to be successful. 
  • Safety must be job one no matter what we do. Deploying a new healthcare IT solution requires a significant investment of time and energy on the part of many many people — including physicians, nurses, and all members of the care team, along with their administrative partners — to ensure we are making the environment as safe as it can be. It is critically important that we invest appropriately in testing and training in the spirit of this safety-focused partnership. Everyone in the equation should have an opportunity to "pull the cord" at any point if the product isn’t safe. But training is no longer enough. "Training" is no longer even accurate. We must focus our energy on workforce development. We must ensure that every member of the care team has every opportunity to learn how to perform their job in a new way in the presence of our new and emerging technologies. It isn’t enough to learn how to use a new system. It is critical that we learn how to do our work differently, in a way that is more efficient, more effective, more collaborative and more safe in the context of our new systems. 
  • To quote former Defense Secretary Donald Rumsfeld, "There are unknown unknowns." The shortcomings of health IT only come to light when someone has been harmed and then we generally create some sort of electronic or paper work around to make sure it doesn’t happen again.  I think there will always be "unknown unknowns" when it comes to health IT. Hopefully, the number of these unknowns will decrease with time. Then there will be an acquisition that will create more unknown unknowns.
  • Processes and Human Factors (training, effort on the end-user’s part, etc.) are the most important to "get right" with any new technology implementation. The technology is just a tool and is only as good as the people using it and the situation / processes in which it is used. An analogous situation would be a surgical scalpel – used appropriately in the right situation and the result is good, while used incorrectly or in the wrong situation and the result may be dire (e.g. wrong side or wrong site surgery).
  • Certainly the recent Cerner system down experience–where one IT person made many hospitals’ data inaccessible, due to independently correcting something in production with no checks and balances. Users getting so used to computer systems providing information that they don’t question if the information is valid. Users who previously knew how to do drug calculations / titrations now relying on computer systems (once again, not checking the validity of data). Data conversions, especially EMR conversions– really still dependent on manual data abstraction in most instances. No one has really done a great job of electronically converting all data correctly.
  • Healthcare is human. We need to provide tools that help clinicians provide better, more consistent care and provide them ‘actionable data’ to help avoid mistakes.
  • Analysts assume that doctors will override anything that is wrong, and doctors assume that clinicians created the implied logic in the EHR. At our hospital, the model production system of our brand name EHR including a default route of IM for Lasix. This was promptly noticed and fixed. The far more subtle error of diltiazem IV dosing went unnoticed, and diltiazem was routinely then given in much lower doses than previously, until one of the physician champions went "hmm, that’s funny."

Which hospital uses of IT have driven the biggest improvement in patient outcomes?

Common Themes Expressed

  • Hospitals need to define their quality goals, track their baseline quality, and then go after improvements.
  • Real-time alerts and notifications can affect patient outcomes dramatically.
  • Population health analytics can drive some of the biggest improvements beyond systems that just affect inpatient stays.
  • Well-defined and closed areas have the most impressive IT-driven improvements: ED, pharmacy, and OR.
  • Pharmacy-related IT has driven major patient care improvements: electronic medication administration record, barcode checking of drugs at the bedside, alerts for drug-drug interactions and other patient-specific problems.
  • Telemedicine makes it possible to use hard to find expertise more broadly.
  • PACS has dramatically changed how clinicians use diagnostic images and how radiologists work.
  • Data analysis can pinpoint areas of potential improvement and allow ongoing monitoring.
  • Technologies, even simple ones, that allow clinicians to communicate more effectively can have a significant patient impact.

Individual Comments

  • I would look to the bigger, more sophisticated systems – Trinity and Kaiser come to mind – for the success stories.  These system have invested in “benefits realization” and track quality and benefits.  All the improvements and benefits are there for mid-size and smaller providers, but they do not even baseline current performance and most don’t adequately go after actually tracking quality and benefits. Hence it becomes a big subjective conversation.
  • While not yet a contributor to the biggest improvements in outcomes, Rothman Healthcare’s product is impressive as one that directly affects outcomes. By pulling from nursing notes and vital signs, it has a strong predictive capability of a patient’s impending state of health. It alerts caregivers to a potential change in status hours before they might otherwise pick up on it. The implications for quality of care, and therefore outcomes, are significant.
  • Those organizations that are data driven and create actions around the work. They also are fearless in holding clinical staff accountable for their practice. Some organizations won’t fire clinical staff due to the notion of not being able to find replacements.
  • Alerting, communication, and messaging is at the forefront of what HIT can do to improve outcomes. Access to data-driven alerting allows clinicians to be informed, combined with the interaction of a communication workflow solution, allows care team members to collaborate to provide a more informed response. Delivering information based on changes in data and allowing users to interact with those data and with other care givers — those two things improve outcomes in big ways.
  • Some of the biggest improvements in healthcare come when patient outcomes are relatively improved across a population. Population Health Management (PHM) has become an important topic as providers and payers are moving toward compensation for outcomes. A key pillar to effectively managing and improving the healthcare outcomes of a population is predictive analytics — the ability to leverage historical data and care patterns to be able to rationally intervene in cases when a patient’s health may be
    deteriorating. For example, by being able to predict the likelihood that a patient will develop Type II Diabetes based on historic and current clinical, pharmacy, and lab data allows a care coordinator to be alerted when the likelihood reaches a high threshold.  The care coordinator may then work with the patient and other care providers (doctors, nurses) to develop a plan to properly manage or even delay the diabetes onset.
  • Defined and somewhat closed settings (e.g. ED, pharmacy, OR) can produce very simple and dramatic data, but it’s hard to judge the potentially much broader and long-term effects of patient-centered medical homes + disease registries and population health management.  I can say that "we" have seen incredible reductions in length of stay within the ED due to complete transparency/visibility of patient flow within the department.
  • Bar coded administration of pharmaceuticals. Drug interaction alerts. Alerts from abnormal lab values. 
  • In my experience, I would say the pharmacy department. One of the best immediate workflow improvements related to pharmacy was when we went live with eMAR. A patient wait time for meds decreasing by at times over 20 minutes or more is substantial. This may not lead directly to outcomes, but it leads to a significant increase in patient satisfaction.
  • Unquestionably, I have seen pharmacy usage as the biggest benefit producer – significantly shortened turnaround times improve patient clinical outcomes, better decision support alerts result in drastic reductions in adverse drug events (ADEs) which improve patient safety – you can see immediate results in these areas when technology is properly deployed.
  • Reporting from the data collected that have allowed us to identify trends and opportunities for improvement.
  • Ironically, I would guess that the biggest improvements in patient outcomes where technology can be linked have come from the simplest capabilities that IT brings: improved communications among providers. These are not very sophisticated improvements, but rather represent areas in which the technology itself can be said to have contributed to (enabled?) the potential for better outcomes. The question of how the data is actually used in decision making is not a technology issue but a cognitive one, and I would be suspicious of any study that claimed a primary contribution by IT to patient outcomes without a clear understanding as to how IT is actually used. from electronic notifications, and requirements to “sign off”; ability to actually read what someone wrote due to the elimination of handwritten notes (although dictation / transcription processes probably had a lot to do with this); ability to view electronic data from anywhere at any time, rather than hunt for a paper medical record.
  • Even though it has been around for several years, electronic medication administration and recording (eMAR) at the bedside has by far had the biggest patient safety impact. It is the single most consistent (not anecdotal) source for improved outcomes with patients on a grand scale.
  • This is often truly difficult to quantify or qualify, often because we are (or are forced to) utilize surrogate endpoints for patient outcomes rather than the outcomes themselves. An example would be core measures compliance – greater compliance is seen as success and benefit, although the actual outcomes of those patients may or may not be effected at all. However, one example that does seem to have fairly provable positive benefit for patients would be telemedicine-enabled neurologist evaluation for emergency department patients suffering possible stroke. Obviously such situations are not an ideal replacement for a neurologist being on site to perform the evaluation in person, but in reality that is not a possibility in many areas across the country (even some that are not that "rural"). In such cases, the telemedicine encounter / consultation replaces the only existing timely alternative – a consultative conversation over the phone between an ED physician and neurologist. In such cases, the technology allows for an appropriately trained specialist in the care of stroke to perform a more detailed "eyes-on" evaluation of the patient and provide improved medical decision making as a result of more and better patient information (e.g. stroke or no stroke, to give or not to give TPA). Due to the high risks associated with giving TPA in general, those cases where the TPA is NOT given when it otherwise might have been were it not for the direct telemedicine video evaluation are probably even more important than those cases where the decision is made to give the TPA.
  • Laboratory systems have been around longer than many others, so often have more maturity re how data is processed and used. Clinical flowsheets for lab results are pretty standard now. Pharmacy systems also are fairly sophisticated, especially:  drug / allergy checking, dosage calculations, and alerts.
  • A good friend of mine is the chief of anesthesia and also the surgical suites medical director at a major health system in my home state. He is excited about the possibilities of having rich information available to him for analysis. He believes using tools such as regression analysis will allow his organization to target specific data points that will enable them to improve patient care. The ability to review surgery types, preparation processes, material usage and other important elements will enable them to adjust how, when, where and why adverse patient experiences happen. Without the use of information technology this type of analysis would be almost impossible in a meaningful timeframe. Now they will be able to complete analysis and create change in a fraction of the time it would take in the past. This reduction in reaction time will improve the outcomes for many patients.
  • At MUSC and Indiana Heart Hospital, they are leveraging health IT to prepare heart failure patients more effectively prior to discharge — and they are seeing outstanding outcomes improvements in readmissions.
  • PACS, without a doubt. Over the last 20 years, having images immediately available to clinicians has completely demystified radiology (to their detriment), and given bedside clinicians access to more information in a more visceral way (sorry). Can’t prove it, but I got anecdotes…

HIStalk Advisory Panel: IT and Patient Outcomes 8/15/12

August 15, 2012 Advisory Panel 2 Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a provider organization (hospital, practice, etc.), you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This month’s question: Why has healthcare IT not uniformly improved patient outcomes?

Vendors and Products Don’t Align with Clinical Needs

  • Doctors don’t see technology as an ally in helping them take care of patients. Please see the article recently published on Medscape. The default mode of healthcare practice in the US is to practice defensive medicine (defense against lawsuits). Examples like those given in the article above don’t raise a healthcare provider’s confidence in technology. Notice how the article specifically gives the example of vendor contracts that say if something goes wrong using our technology, it’s not our fault.
  • We have focused on a computer fixing a workflow problem while at the same time becoming more dependent on computers to tell staff what to do.
  • With few exceptions, the vendor community supports our efforts to enhance and embellish the product with each deployment. In some cases, neither the vendor nor the client has an incentive to collaborate with other vendors, or other clients, to ensure that every deployment of IT is better than the previous one. This is getting better, but we still have much to do in this regard.
  • Some outcomes take a long time to improve, longer than the HC IT has been in use. Some HC IT focuses too much on documentation without a balanced approach to deriving outcomes information let alone being integrated into the care process sufficiently to affect outcomes.
  • The answer is in part within the question: IT implementation has not really been uniform across the care spectrum. As most realize, systems are often if not usually built from a developer / programmer standpoint, reaching out to address a problem rather than starting with a problem (or "job to be done") and working back to develop the necessary system to perform that job. This has lead to numerous issues of usability, human-computer interface problems. More importantly, and more fundamentally, many systems simply aren’t designed to improve patient outcomes. They’re built from the start to support billing, financial management, documentation, etc. As a corollary to the above, rarely is the clinical environment placed at the center of the system. This is evident in the approach vendors generally take with deals: focus on administrative and IT needs (decision-makers) with lesser attention devoted towards those who both use and see the actual patient effects.
  • The Jurassic Park line, “Just because we could does not mean we should"says it all. Not every EMR or HIT app needs to be adopted or will prove to be of value. Not all of them are created equal. In many instances, it has been the technology that drove the cost with very little benefit.
  • Clinical decision support that follows the rights (right clinician, right intervention, right time, right level of alert logic, right ease of use ) is almost non-existent, except for the simplest medication alerts. Apologies to Jerry Osheroff, I don’t think he gets this quite right. Until the biggest EHR players improve their CDS functionality, and there are good guidelines for turning structured knowledge into CDS, I don’t think we will get very far. We will, but I am waiting for the ability to use a general purpose programming language on data in the EHR to create new levels of CDS that are actionable. Further, I bet not much of this happens locally until the EHR players are forced to have some "skin in the game", some liability for the CDS that is already baked into their model install. It is just silly that each of 5,000 hospital CDS committees have to decide whether an aspirin after an MI is a good thing, or whether you ought to check a cholesterol every couple of years on a statin.
  • There are many factors that contribute to uniformly improving patient outcomes. But one issue that is still a work in progress is developing and deploying a system to provide the right information to the right people in the right place at the right time. Integrating data on previous care that a patient receives from their primary care physician during regular clinic appointments, with emergency encounters, possible inpatient episodes, care provided at an ambulatory care organization, etc. pose a unique challenge to collect all of these disparate encounters and the data generated. While EHR systems bring together some of these important data elements, there are still gaps (for example — data on an emergency room visit while a patient is out-of-state on vacation). Additionally, even if data is integrated together, all of these indicators and data points need to be filtered and targeted to improve upon a specific outcome (e.g. reducing the likelihood of myocardial infarction readmission). Recommendations on improving outcome and supporting information need to be concisely delivered to the proper places when care is provided, to the physician when a patient presents at the emergency room with chest pain to the care coordinator prior to discharge.
  • While there has been considerable time spent integrating healthcare IT into related systems of care, there needs to be a more systematic approach, time and resources spent integrating into the process of care – specifically clinician workflow so the tools are optimized.

Usability/Integration Issues

  • I think Dr. Rick’s excellent articles have shed light on the usability issues of EHRs. He mentioned some data on how short-lived human working memory is. EHRs can take 5-10 seconds to respond to every mouse click.  These long delay times make it difficult to keep a coherent stream of thought going when documenting, especially when providers get interrupted (appropriately) by office staff who need something or the other. In the end, what gets produced are long canned narratives about generic patients. When the note is read a few days later by the provider or someone else, they see a generic note that tells them little about the patient. Our EHR would take 45 seconds to a minute to open a chart in the mornings. By the late afternoon, it was five minutes to open a chart. That’s typically caused by memory leaks. We (a medical clinic) had to call a technology firm that says its been in business for 20 years to tell them they had memory leaks! Now all charts take about 45 seconds to open.
  • The main problem is usability, which involves both design and implementation. Many HIT systems are simply not designed well. They are often trying to "replicate the current way of doing things" with the idea that this will improve adoption. However, it turns out that computers are lousy at being paper, and so can never match up. However, computers are really good at being computers, and so the best HIT software takes advantage of the unique properties (e.g. complex data analysis, data visualization) and enables a better experience. Additionally, good design should start with observing the real needs of the end user (not just listening to what a user thinks they need), and most importantly should involve an iterative process which acknowledges that the programmer and physician should work closely for months to fine tune a system. However, the second problem may be even more worrisome. The same EMR system can be implemented in so many ways that the results can range dramatically. A recent editorial talked about how EMRs cost a lot, and slow down doctors, and introduce new errors, and are thus not ready for prime time. But the fact is that while this is a reasonable conclusion based on many experiences, it is a short-sighted view of the potential of what can happen when a good EMR is implemented well. I think the best use of an EMR is to allow for automation and delegation of various parts of the workflow to empower a team to do more care and to do it consistently – thus resulting in both higher quality outcomes as well as less work for physicians.
  • Technology in and of itself is useless and even detrimental unless built and used correctly. In order to have a positive patient outcome, in my mind, a technology theoretically should be easy to use, be actually useful (for the user or the patient), and have minimal negative impact (on workflow or patient care). A breakdown of any single one can result in a subpar result. Patient outcomes may not have improved universally because current healthcare initiatives don’t necessarily encourage focus on all items. Also things like “usability” can be oftentimes extremely difficult to create.
  • The hodgepodge of company acquisitions that has created a market where products have never been integrated. One of the reasons Allscripts is collapsing is because of an inability to integrate Eclipsys products. I find it hard to believe that companies that size, with the resources they have, can’t integrate two products. Clinicians have to sign onto several products multiple times a day to get information they need. It is guaranteed that in such a system there will be conflicting data in different databases increasing the risk of patient harm. Maybe this makes systems like Epic better, but that also stifles innovation. EHRs aren’t going to improve with markets dominated by companies like Epic as is being demonstrated everyday right now.
  • Too many disparate systems that don’t talk to one another. Even with HL7 messages, there is still a lot of variance. All it takes is sending something in the wrong HL7 field to cause a problem.

It’s the User, Not Just the Technology

  • A dependency on the skill and performance of the user related to the IT solution in question. The use of the word "uniformly" makes me consider that every user will create a different outcome. As an example, an electronic health record relies on inputs from various sources in order to aggregate the patient history and then present a user with information to make decisions. The term "decision support" is bandied about with great import these days but as the term implies the tool is there to simply support the clinician’s capability to make a decision. Almost all technology is just that, a support system to assist the clinician or user. The same can be said of a technology such as the Da Vinci Robotic Surgical System. In the hands of a great surgeon, the outcomes can be outstanding. In the hands of a first year surgical resident, the outcomes probably will not be the same.
  • That is like asking why the carpenter’s apprentice who was recently trained on how to use a hammer, router, etc. (insert your specialized tool or technique of choice) hasn’t improved his/her ability to create beautifully crafted cabinets or furniture. It takes time to become competent, proficient, and then the master of skills with the usage of newly introduced and evolving tools. This describes skills improvement for the individual. To obtain uniformly improved skills and thereby products / outcomes, it takes even more time to build an organization or industry of skill masters. Our digital society that expects instant gratification and results has forgotten that it takes time and commitment to master skills and provide high quality products and services. This obviously is an oversimplification, but I think an appropriate analogy to the usage of a healthcare IT to improve outcomes.
  • While this question is understandable given all of the federal government’s promises and expectations of what HIT will do to improve patient outcomes, the question reveals a lack of understanding of what IT in general can and cannot do. Healthcare IT (and in fact any IT investment) on its own can do nothing; it is only when used in conjunction with improved workflow and processes that patient outcomes can be improved. That is what we should be measuring. There is a reason why IT is called an “enabler”, and a “complementary” technology (like electricity). On its own, IT (like electricity!) has no value, and therefore won’t (can’t) improve anything. It has to be used in conjunction with changes in workflows and processes in order to improve outcomes.
  • The effective deployment of technology has a number of requirements, of which the actual technology may be the smallest piece of the puzzle. At the end of the day, improved patient outcomes are a combination of provider decisions and judgment, patient compliance, adequate monitoring of efficacy of treatments and the use of technology to support all of those. The last item on that list is dependent upon the provider learning and adopting the technology to its full (not necessarily fullest) capabilities. Any one of these factors has the potential to derail the process, so if we don’t look at the process holistically, we shouldn’t expect uniform improvement.
  • Lack of leadership on the provider side and lack of appreciation and understanding of HIT on the hospital executive side (one executive in charge of 11 hospitals did not know who Todd Park is).
  • Ultimately it is not HIT by itself that will change outcomes, but what people do with it and how providers use it. Even HIT left unchecked can be harmful. I made more mistakes with electronic prescribing than I ever made on paper. I do not believe that we should stay on paper at all, but until we are all connected out there on the Medical Internet and the information flows freely, we will not reap the benefits of technology. One article in the Economist called "When the carpet calls the doctor" failed to explain how a device attached to the carpet that sends a signal to the doctor when the patient is about to fall is going to prevent that fall. Is the doctor or nurse supposed to get in the car or fly to the rescue? How about the apps that would monitor the patient’s weight or glucose — what will one do if the patient will not use it? Who is going to sit in a tower 24/7 to monitor all this and who pays for it? Not much is being said about that. As excited as I am about HIT, I do realize that our bigger-than-life expectations may not be materialized — not soon enough, anyway. Hope this helps, as it is written in between rounds at three hospitals, two of which are still on paper.
  • Because IT alone won’t accomplish anything.  If you take a bad process and simply duplicate it with IT solutions, you still have a bad process.
  • I would be mildly surprised if it had. In my view, outcomes will improve with decreased variability (with the most likely shapes of the outcome curve you can prove this mathematically) and clinical decision support. Theoretically, EHRs reduce variability with templates and order sets, but I have seen few real world examples of templates standardizing care, except in very limited areas, like DVT prophy. Clinicians still go off and do their own thing after the initial orders are in, and the templated H+P is done.

Variations in Implementation

  • Probably the top reasons would include: variability in the technology itself, variability with the implementation, and variability of the adoption/use of the technology by the end users. All of those areas of variability exist at every hospital (even those within larger health systems who attempt to "standardize" their efforts). It should surprise no one, then, that "Healthcare IT" does not have uniform results. A poor implementation of even a very good technology solution will not have the same results as a good implementation. Similarly, poor adoption will not yield results from the effort to implement the technology (or may yield negative results directly due to the hybrid environment created by poor adoption where some are using and others not using the technology). Additionally, any negative outcome will be blamed on the new technology being implemented even if something else is actually to blame. However, I would posit that a good implementation with good adoption and engaged end-users with even a mediocre technology solution has the potential of generating positive results for patients.
  • There is nothing uniform about the way we deploy healthcare IT solutions. We are often inwardly focused and insular as we define, design, and deploy the solutions that we must implement. We are often working very hard to leverage the technology we have acquired so that we can make the best use of scarce resources. We seldom take the time to measure our own local progress. We surely struggle to make time to share lessons learned with others. Our local efforts often limit the extent of our reach, while also limiting our ability to measure what impact we may have had.
  • Just because your facility has implemented an EMR system, regardless of how mature the model is, it doesn’t mean the facility is using that technology to improve outcomes. Case in point: our facility is in the last stages of an EMR implementation. We are incorporating what our clinical team believes is industry best practices and evidenced based care i.e. Elsevier and Zynx, and we are going to reduce the variation in care that not only drives cost up but produces varying outcomes. We went on a site visit to a hospital who has already implemented this system but are using terrible practices. That is not the fist place we went where we saw this. It takes real leadership to stand up and say we are going to do it a specific way that uses evidenced based/best practice care. The IT systems can readily support an organization who is trying to do this with real time clinical behavior reporting. This will start to drive outcomes.
  • Healthcare IT has not been uniformly distributed. The inequity among hospitals will be even deeper. Hospitals that are EMRAM level 6 or 7 and hospitals in rural areas that could benefit the most from health IT but cannot afford it.
  • Lack of consistent adoption. Lack of understanding on how some technology can impact outcomes. Lack of discipline in organizations to use what they have. Poor BI use that would help isolate areas of improvement.

Lack of IT Support

  • The CIO/IT Director doesn’t always get it. If we don’t understand the business of our organization, there is no way that we will provide the tools necessary to analyze / improve our business. A good example is that of business intelligence. My organization doesn’t think it is necessary or quite frankly, even understands what it is. I know that we have to have better analysis, and that in order to do that, I have to provide the appropriate tools. If I wait till the organization gets behind BI, it won’t happen for another 2-3 years and then it will be too late. I’ve searched out a solution that makes sense in our environment and began the implementation 12 months ago. The next step is to push it out to the organization and educate the management team on its value.

Meaningful Use has Distracted Clinicians and Vendors

  • The emphasis on Meaningful Use metrics over the past years has led to a significant percentage of adopters to be focused almost exclusively on meeting those criteria that would allow for bonus attainment. These tools have the possibility to bring focus to a singular patient’s health issues and treating that patient as a unique individual with unique needs. This can be done efficiently and effectively when the clinician is able to utilize the tool as they see fit. Instead the clinicians become distracted by unnecessary hurdles mandated by someone sitting on Capitol Hill. The emphasis on evidence-based medicine and population health also distracts somewhat from the unique physician / patient experience by moving the focus up a layer or two from the primary interaction. Eric Topol has written a great deal about this.

The Healthcare Business Model Stands in the Way

  • Our supply driven healthcare system and culture that needs to change. For-profit HIT, hospitals, and so on that has made us pursue the highly profitable but not always the most cost effective or valuable course of action.The only one whom I saw commenting on that was Peter Orszag, who said that it will be difficult to reconcile years of marketing in healthcare and direct-to-consumer advertising with customer satisfaction and reducing costs. We want to retire on 401(k) plans that invest heavily on healthcare companies and we want them to be profitable, but squirm when it comes to paying for it and attempting to cut cost. We cannot have it both ways.

Benefits Will Be Realized Only when Quality can be Measured

  • Most providers / clinical entities are still trying to get past the data entry hurdles. Not yet at a point where most are focused on measuring quality. No defined quality standards that most agree on. Multiple groups with multiple standards, and these are not aligned with EMR companies.
  • There is nothing stable about the environment into which we are implementing systems. The regulatory climate, the scientific environment, and the relentless pursuit of discovery creates a dynamic setting into which we are deploying systems. Collectively, this often prevents us  from thoughtfully, comprehensively, and accurately measuring the impact of our implementations. So to some degree, we don’t really know if we are making a difference. We don’t always measure the things that matter, and sometimes we aren’t certain of the aggregate benefit of our collective actions.
  • Healthcare IT has not uniformly improved patient outcomes because we have few clinicians with sufficient vision and understanding of the potential that can, in turn, influence the change. The CIO/Clinical IT employees cannot produce the level of influence needed and it will take a lot longer to move from a world of data collection to a world of data analysis. In addition, we still take too much of an individualistic approach to patient treatment. Evidence-based medicine has not been accepted in any of the organizations with which I’ve been affiliated.
  • There have not been enough in-roads in the establishment of systems where data has been uniformly stored and then shared. Taking those outcomes and running them through statistical engines is the holy grail to improve outcomes. It takes time to build the foundation to support this future endeavor.
  • Patient outcomes have not been well defined and continue to elude us. A patient who does well after open heart surgery may do so because he has a supportive family as opposed to one who lives alone. HIT cannot alter that; it can only help measure it.
  • Our litigation-crazy society has made it almost impossible to share and be transparent about mistakes and medical errors,HIT induced or not.
  • I do not believe we learned any lessons yet. Someone should interview those hospitals that spent in the $100 million range IT budgets or the ones that made mistakes so we can all be enlightened.
  • The most obvious answer is that healthcare IT has been used in different ways, and to different degrees, from one provider to another and from one department to another. Now that healthcare IT is becoming more broadly adopted, and as advanced analytics are developed to empower caregivers more, patient outcomes are expected to improve. Any discussion of outcomes should recognize its limitations. For example, some medical conditions lend themselves to objective measurements of improvement, while others don’t. Despite the extreme complexity of healthcare, there’s a natural desire to measure the end result, the output of the process, in objective and simple terms. Did the patient get better? If so, how much? Did the patient population get healthier? If so, how much? But not every patient with the same diagnosis(es) will get better in the same way. Can an objective measurement adequately convey the difference? Some patients won’t get better at all. For a terminal patient released to hospice, for example, shouldn’t we instead be asking whether the patient and loved ones feel they were treated with respect, dignity, and compassion? For them, that is an outcome. Acute care hospitals should follow the lead of the subacute sector, which focuses heavily on such measurements. For non-terminal cases – those that indeed may be expected to get better – were they and their loved ones kept informed throughout the stay, or did they feel frustrated by a disjointed, piecemeal system of specialists, which mostly kept them in the dark? Were they informed and guided through decisions? These considerations should be incorporated into any meaningful discussion of "outcomes."

HIStalk Advisory Panel: Wrap-Up 7/25/12

July 25, 2012 Advisory Panel 1 Comment

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a provider organization (hospital, practice, etc.), you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

Budget Expectations for the Next Fiscal Year – Which Initiatives Will Get Funding?

  • I think HIE-like or lite type of activities will begin to take place requiring new funding in this area. The scope of engagements / integration will be limited to only strategic business and patient care partners in order to fully understand the care benefits, risks, value to our organization in investing and sharing more patient care data than what we already do. MU stage 2 efforts will require additional funding.
  • Big data (clinical and business analytics), IT security, support for ICD-10 and MU Stage 2, EHR optimization and rollout to affiliates.
  • Disaster recovery / business continuity will get significant funding. High availability is part of that, so it will be infrastructure spend.
  • Decreased:  anything discretionary. Increased (or at least not cut):  anything required to meet MU (1 or 2).
  • Data security and protection will require significant funding, as will software upgrades for MU2 and ICD-10. Capital will go to increased virtualization, significant expansion of wireless capability for clinical equipment, and a shift from COWs to fixed (multi-purpose?) workstations in patient rooms.
  • We will probably be spending more than average on contracted help next year. We in the midst of replacing core systems and need help. The next capital wave for us will be another year down the road when we have to buy some niche system to address an issue in the core system that isn’t working as we thought / sales demonstrated.
  • Because of the large number of new software applications we installed this year, we will see a significant increase in maintenance contracts in our operational budget. Capital budget requests for next year include a new OR system, additional pieces for MU Stage 2, and disaster recovery.
  • Disaster recovery and data warehousing seem to be increasing for us.
  • Optimization, quality-improvement related IT projects that enhance our EMR investment. With Meaningful Use, we’ve just laid the foundation. Much opportunity to optimize the EMR around specific quality goals. Beginning to look beyond the EMR towards revenue cycle solutions. How can we better integrate inpatient, outpatient revenue cycle (along with home care) within an IDN and see value from clinical-revenue cycle alignment?
  • We will be embarking in two main areas. We will be piloting an ACO, so that means a significant investment in data exchange, storage, and portal access. We will also be investing in a enterprise data warehouse.
  • Small niche projects. After paying for Epic, that’s all the money we got.
  • We’ll be spending money on VDI and a Windows 7 upgrade in the latter half of 12 and into 13. We’ll be deploying a lot more PCs (almost all VDI) in patient rooms and adjoining clinical areas. And virtualizing everything in the data center that we can. Other than that, it’s all Epic, all the time.
  • BI/analytics: increased. HIE: increased. ICD 10: more. All else: less.
  • As far as our application projects, our budget requests and approvals will be driven by MU, namely patient portals and quality reporting solutions. We’ve attained Stage 1 and need to stay on course. I’d like to say ICD-10 was going to be a priority this coming year, but the delays have caused folks to take their eye off the ball on this one for now. Our technology requests will be weighted toward technology refreshes that have been neglected over the last few years to free up dollars for our EHR and MU initiatives.
  • Infrastructure will be a slight uptick due to our acquiring practices and hospitals. So may staffing. Coming off of an Epic install, the CFO does not want to entertain too much in IT capital. BI may also get funded.
  • We are focusing on outpatient MU. Next year will probably be a retrenchment year, focusing on optimization and backlogged maintenance. 
  • Increasing funding: analytics, implementation of decision support. Capital budget requests: platform to integrate physician mobile devices to EMR, integration of hospital medical devices to EMR.
  • Continued emphasis  on funding data sharing around ACOs, medical homes, continued rollout of advanced clinical systems, and keeping up with Meaningful Use. More emphasis on eliminating redundant functionality and standardizing applications.
  • We have a big increase of completion of CPOM (we use "M" for "management" instead of "E" for "entry", as anyone can enter orders, but only docs/APs can manage them) and our custom physician documentation and inpatient problem list tools which docs are really liking. Other increases: HIE linkages to additional in-house system and to other HIEs, big data systems in support of accountable care. FY14: barcoding, optimization. Decreased: legacy systems,ICD-10 (because I predict that either CMS is going to make it optional – a real mess if this happens – or Congress will legislate against it).
  • I don’t think we will see a decrease in IT spending, but a decrease in overall spending to try and cut costs. For example, less money for clinical support staff (e.g. RNs, medical assistants), especially as HIT starts to automate their jobs. More funding for quality, decision support, analytics, BI. Hopefully balanced by more revenue from gain sharing and other value-based reimbursement supported by and proven by  HIT. If not next year, coming soon.

Good Experiences with Vendors

  • Iatric is one of the vendors that provide “clothes” for our “pig” (Meditech Magic). They have been a wonderful vendor, though at the moment they are a little stretched and having difficulty delivering on a couple of their applications. They have a proven track record and I believe that they will deliver as promised.
  • eClinicalWorks has a good product and their support has improved, but the communication barriers are still serious.
  • We recently has an engagement with Encore. They came in here and did a Meaningful Use assessment, focused on the quality components. They were thorough, very professional, and left us with a very clear list of items to address with a full understanding of what we need to do to address them. It was a great engagement and they are a very strong organization.
  • Working with Iatric Systems and Intuitive Technical Solutions on interface development. Both firms doing well.
  • I want to suggest that other vendors take Voalte’s lead and put a “contact us” button directly in their application. The Voalte people did that as part of product development with our team. They also responded by text message back to the users about their individual suggestions as they came in. As a vendor, you may not be able to handle the volume of suggestions that come in from every individual user point, but I know our IT department would appreciate a way to get direct feedback from users from a “we care” button in the application.
  • If I did not mention Zanett, I should have. We use them for PeopleSoft help and they are quite good – knowledge, price, and flexibility.
  • Allscripts. Trying hard to provide a better medication / orders reconciliation system. They showed an understanding that it really does need significant improvement. 

Bad Experiences with Vendors

  • Meditech still doesn’t get it. Their recent Physician Forum offered physician representatives “choices” such as “which is better, A or B”, where the real best choice was “C”, neither of the above. Specifics to that were, “Our existing lab display is hard coded to have oldest displayed on left, newest result on right; in a new report for one thing (only), we are considering letting the user chose to have it oldest on the right, newest on left next to the label. Which is better?” Correct choice (not offered), is to let user pick left>right or right>left chronology, not hard code it. Usability (and safety) can be addressed with icography, user-centered design, etc. Many other examples exist.
  • Siemens. New physician documentation application is another (separate) application, won’t pull data from (existing) nursing documentation into templates, users cannot create/edit templates for another year, requires separate user IDs that must be synchronized with the three other separate Siemens apps (pharmacy, Soarian, med rec).

Small or Little-Known Vendors


7-20-2012 6-50-07 PM

“We contracted with Aceso Patient Interactive solution as part of our Patient Engagement initiative. It’s inpatient-focused initially and uses the HDTV in the room.  We have linked it to the Epic EHR so the system knows all the problems with a particular patient and can push the appropriate patent education to the bedside. For example, if the patient had a hip replacement but also has diabetes, Aceso system knows to push education on both conditions. Patients can also manage their own pain assessments through the system. The plan is to extend to the home system through our patient portal. This also satisfies a stage 2 MU requirement.”


7-20-2012 7-00-55 PM


7-20-2012 6-59-37 PM

“Isabel is a small/little-known vendor with a nice product and professional support.”

Philips eICU

7-20-2012 7-08-27 PM

“The Visicu e-ICU division of Philips is still relatively small and still relatively unknown. Philips is clearly not small and unknown, but the e-ICU group is — Visicu out of Baltimore. Very cool product, great ROI, great success stories with customers, big positive impact on patient care and quality of care.”


7-20-2012 7-05-09 PM

“I use Tableau (data visualization software) and love how easy it is to work with and management likes how it presents complicated information in an easy fashion.”

HIStalk Advisory Panel: Best Ways for Vendors to Engage Hospital Leadership 7/18/12

July 18, 2012 Advisory Panel 5 Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news development and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a provider organization (hospital, practice, etc.), you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This report involves these questions, submitted by a vendor CEO. What are the most effective ways you learn about products and companies? What advice would you give that CEO about using his salespeople and other resources effectively to explore areas of mutual interest with hospital IT decision-makers?

What are the most effective ways you learn about products and companies?

  • HIStalk for one. HIMSS is another.
  • HIMSS national and local chapter meetings. Peer suggestions. Company website review. Google searches. Healthcare system / physician leader blogs. If I am still interested in learning more, then, and only then will I contact the vendor.
  • #1 HIStalk (kudos to you and your team – indispensable!) #2 HIMSS and other more specialized expos. #3 Occasionally through listservs and other blogs I follow.
  • Internet research if I am looking for a particular service or product. Trade shows if I am interested in what’s new on the market.
  • I read a lot. As problems arise or as I see something that piques my interest, I will contact a local partner to see how we get more info. White papers are a good thing and healthcare-specific press is good, too.
  • HIStalk, of course! Really, nice capsule summaries from blogs are more effective than glossy brochures, webinars, or other such efforts to snag my time.
  • CHIME’S CIO Fall Forum offers vendor access to many CIOs and other key resources through their program to engage through small groups forums. These sessions often are around how to market a new or different service or how to package a product. They are also good lead generation tools. Similarly, regional HIMSS and similar meetings, relationships with other vendors to offer a solution to a problem that crosses disciplines, can be effective. Sales cold calls either in person or by telemarketing are at best an irritation and at worst a total turn-off. E-mail is little better. I do look at sponsorship of HIStalk as a positive. The absolute best is a CIO acquaintance testimonial.
  • This is tough. There is so much noise you have to figure out a way to rise above it. A box in the mail always attracts my attention – I know it’s shallow, but it works. I get 100 junk e-mails (that get through my filters) every day — e-mail doesn’t work any more.
  • Honestly, I find out about companies through your blog. Not through the ads, but through the notice of implementation. I’m a buyer rather than a shopper, so I’m more likely to look at a product that has mentioned several times. Also, I don’t go looking for something until I need it – again, a buyer mentality rather than that of a shopper.
  • From my staff. Vendors often want to get right to the CIO or the CEO, but mostly we block these cold calls. Get someone on my staff excited about something and they can get to me.
  • Several recommendations. First, ensure you take time to learn about the provider organization… key clinical / business challenges as well as the current landscape of IT priorities. Nothing more annoying than a vendor who shows up and asks, “What are your challenges?” Second, ensure proposed / new product / service has a fit – innovative ideas that create real value for patients, offer a true opportunity to enhance operating margin. We’ve heard the other  pitches before and are overwhelmed with folks offering EMR skills, offering to “outsource” our data center or application teams. Nothing new there. We want to hear the new, innovative ideas, and don’t be shy about telling us where in the development cycle something is. If it’s new and we’d be the first to implement, just let us know upfront that you’re proposing more of a partnership. 
  • I pay attention to CHIME and HIMSS updates. I read all updates from Advisory Board and Healthcare IT News. The problem comes when I need a specific solution and have nowhere to turn. I know it is out there somewhere, but where? It is kind of like the red car syndrome — when you buy a red car, you suddenly see them everywhere. When I need a solution, all of a sudden I pay attention to the direct mail campaigns that bombard me. Most of the time they are irritating and quickly discarded, but always at least looked at from a cursory perspective.
  • Beside HIStalk? Word of mouth, other CMIOs.
  • CHIME sessions, introductory 1:1 meetings, regional seminars.
  • By researching on my own, speaking with peers, or working with my colleagues. Have to start with a business issue or need realized throughout the organization first.
  • Whatever they do, don’t cold call me. Trade shows are not bad as long as there is an introductory e-mail or mail piece sent ahead of time. I also like the vendor speed dating events, as I can learn more in 15 minutes of focused time with a company than any other way (effectively).
  • Often word of mouth from colleagues. Occasionally at a show like HIMSS. I do like HIStalk’s interviews and reviews on HIStalk Mobile because they seem to be more candor than fluff.
  • Websites such as HIStalk, Information Management Direct, Data Governance Institute, etc. White papers, with real case scenarios not fluff, distributed via websites.
  • I learn from reading blogs like HIStalk and in talking to friends at other practices (most of those opinions are very negative).
  • Throwaway magazines. Word of mouth from other CMIOs. News articles. Meetings (e.g., AMDIS). This is obviously not a great system, but it’s true.
  • Trade shows and conferences. The exhibit floor is a great resource, as are the networking events. 
  • Reading stories about their success. Conferences.

What advice would you give that CEO about using his salespeople and other resources effectively to explore areas of mutual interest with hospital IT decision-makers?

  • We have a local HIMSS meeting once a month that is always looking for a sponsor. A local EMR user group is always looking for a sponsor also. Another way is to figure out a way to get to the IT staff and have them sell it to the boss. Instead of trying to get on that CIO calendar or get through that CMIO door, network until you find the lead tech or application person and sell them first. The "C" folks have people beating down their doors and free lunches galore. A little attention to the folks in the trenches can go a long ways.
  • I have to go back to HIMSS and other ways of getting in the door without taking time out of their busy schedule. It is not easy and it is getting harder, so you have to be open to thinking outside the box. A "lunch for the IT staff" like the clinicians get every day. How about free education combined with selling?
  • Get to the point. What exactly does your system do and how does it avoid my pain? And Dear Lord, skip the buzzwords of industry-leading, complete platform solution, etc. I can’t tell you how many product descriptions I’ve read in entirety and still had no
    idea what they did. Videos take too much time – don’t bother. The message has to be something that can be delivered in a quickie pitch, single e-mail, single web page, etc. Provide more info if desired, but any extra required steps puts off that many more execs. Possibly ask for a simple e-mail address but not much more.
  • First, understand our business and local relationships. Second, DO NOT cold call or e-mail requesting to introduce yourself. I rarely read or listen to the entire message and immediately delete. I do not have time to participate in “fishing expeditions.” Third, get involved with local tertiary organizations (sponsorships) and events. You first have to establish a relationship, then understand us before we will then seek to understand you or your company.
  • Fairly simple: ask what problems they want to solve. Don’t offer a solution and try to find a problem it can solve. Be prepared to not see an immediate ROI or anything and at the same time be ready to experiment with a few new areas where you might not see the payoff.
  • As someone in the same shoes as this CEO (i.e., a vendor), we’ve been lucky in that we can typically get in the door for a brief conversation based on our benefits of revenue enhancement and similar “hot button” issues that are top of mind for them. That said, given they are incredibly busy and operate at broader stroke level, once you’re in, your team will need to deliver your message very clearly and succinctly in a way that they can grasp the concept and benefits quickly and basically make the decision your solution is worth pursuing or at least exploring further to get it to the next step or person who’ll dive deeper. We’ve been very successful with this model.  a. Internet research if I am looking for a particular service or product. Trade shows if I am interested in what’s new on the market.
  • I could write a book on this topic. It’s more about what not to do. Here are a few suggestions. (a) Respect the CIO’s time. Whether its voicemail or e-mail, get to the point quickly and tell me how you are going to solve my problems and intrigue me enough to contact you. Of course to do that you need to know something about my organization, so do your homework on me and my organization before contacting. If you can find out what keeps me up at night and provide a solution, I’m all in. We constantly live in fear of something. Find out what that is or convince me I should be afraid. (b) Find someone who knows me. You’ll have a better chance if a trusted colleague introduces you. (c) Do not sell to users or go over the CIO’s head. Most CIOs have big egos, so this is a non-starter and will only tick them off. (d) Try starting lower down in the IS organization. Most CIOs will listen if a subordinate leader feels that CIO should meet a particular vendor. (e) Offer a free trial or some sort of risk-sharing proposal. If I know you are offering to put skin in the game, I am more likely to listen.
  • I know I don’t meet with new vendors often. I don’t listen to cold call voice mails and don’t really read spam e-mail. It has to be through a mutual contact or something I am looking for if I am going to talk to a new vendor. The best way in is through partners or resellers. All IT departments have them and they work closely with the management team. That is the best inroad to the department. Local HIMSS groups or industry groups like that would be a great way in also.
  • The cold call approach will not work. The cold e-mail approach won’t either. Finding a method that can present a forum for general questions, before any specifics are identified for commonalities, is most productive, and lets me weed out those with whom I can find no area(s) worth pursuing.
  • No hard sell. Solve a problem for me and be respectful of my time and the organization’s limited resources.
  • From a vendor perspective, direct access to the C-suite is difficult. In many cases when you do get access, you have a very small window of time to make an impression. If that C-level doesn’t have what you are pitching on her radar at that particular moment, your chances of progress are greatly diminished. What I have always tried to do, and coach our sales people to do, is become part of the community in which we sell. Participate (not just join) in organizations that support the local medical delivery area. Attend meetings and offer to speak about subjects (not a sales pitch) that interest the participants. Help make connections with other executives. Get to know the executives and let them get to know you as a person who is helpful and a thought leader. Once something appears on their radar that you can help with, the chances are pretty good they will remember you and reach out. It sounds like a really slow way to build a pipeline, but that is not the point. Opportunities happen every day, and if you are connected, you will find them by being a known quantity. Executives in any market leverage their network of contacts and associates to get things done when they need it. Healthcare is no different. The best sales people I know are those that build the best relationships. Nobody really sells ice to Eskimos.
  • We almost all participate in some kind of association. HIMSS is obviously the big one, but there are local organizations that offer more meaningful networking opportunities. This is where the vendor needs to hire experienced people. They already have the relationships established.
  • Offer white papers and case studies. Please don’t call me or send me e-mail because I will just delete it. Don’t call, because I won’t call you back. Partnering with a customer to present a Webex of a business problem that they solved together is appealing.
  • Google. So much about our organization is in the public domain. Look at a map—see what hospitals are close to us and then investigate what they are doing. Chance are good that we know and care about our competitors.
  • Set up a focused briefing with multiple decision-makers in the room. Nothing is going to happen without CIO insight, consent, alignment. We have found, however that briefing sessions, if well-coordinated and with the right IT and clinical resources in the room, are a good use of time. Education for the provider team plus exposure to the right audience for the vendor. In a large provider organization, what’s not effective is having lots of one-off conversations with local hospital folks. Understand the provider’s governance and decision-making process.
  • Make the investment to attend conferences. At these small conferences (IHT2 ,for example, in Fort Lauderdale a few weeks ago) I spoke to every vendor there. It was a good event.
  • I would see it as an iterative process. You get one customer, give them a good deal, use their story (and people) to get the next, larger, bigger name customer, and repeat. Write articles for blogs, "throwaway" journals, newsletters. If your niche is small, a well-titled article in a throwaway will catch my eye. I can delete about 100 unsolicited e-mails a minute and my secretary doesn’t take cold calls. It would be sneaky, but you could get your first CMIO (your first customer) to go to the appropriate meetings and shill.
  • The least-effective way is the cold call—can’t delete those fast enough. HIMSS has lost its charm for me, so a booth in the nether regions of the exhibit hall is not a good use of limited funds IMHO. A short, well-written e-mail that clearly identifies the problem the vendor is seeking to solve with a link to a web site/demo video is often an effective first encounter. An article in one of the trades can be a good route too. Obviously, the best answer is to network and know the potential customer’s situation and needs. AKA, targeted marketing.
  • Work with someone in the industry such as an ex-CIO who can open doors for 1:1 intro meetings or small group events in local markets with a select group of CIOs to discuss the product offering in an intimate, non-high pressure environment.
  • It is not easy for salespeople to reach me – that is by design. I get more cold calls than I can care to listen to and delete voicemails as soon as I realize it’s an unsolicited call. As much as it can be irritating to me and the rest of the IS department, it’s best for vendors to connect with the business units that may benefit from their offering. I look at the IT role as one of guidance and support. We can run a project, crunch numbers, negotiate contracts, evaluate technology, etc. We aren’t the ones to evaluate the true business need, but we can lead our internal customers through the process of evaluation.
  • There needs to be a compelling reason for me to become educated on the product and to see if it fits a need that we have. Sales is tough. Getting in front of a CIO is tougher. And going around IT to get the message out if it is a tech play is the kiss of death. Companies have to be patient, too. Just because you have the greatest thing since single malt scotch does not mean we are ready to consider it.
  • Every CMIO and CIO these days is totally deluged with requests from all kinds of vendors, large and small. It’s overwhelming, and almost impossible to determine who is selling a useful product. To be honest, I rarely make time for salespeople any more. I’m more likely to talk to a company CMO or clinical resource if they reach out to me.
  • We are busy and don’t have time for drop-in or sales calls. Sending information i.e. white papers is an easy way to generate interest. Have one or two current users present when you attend or present product at local / state / national meetings- they can give real life examples of why the product is good.
  • Cold calls are never good – best to leverage if some kind of relationship to the company already exists or leverage a conference where leaders are there to be looking at other vendors and technologies. Larger health systems are increasingly placing emphasis on ‘vendor management’ departments within IT and working through this groups can be useful since they are usually involved in determining partner vendors and vendor selection processes.
  • Acknowledge to me that you understand that I’m busy and that I may already have the equivalent of what you are selling (at least I think so). Offer to look at what I already have to see if there’s ways that you can help me. If no, say so, retreat and fight another day. Don’t ask the CMIO about things that are the CIO’s realm and vice versa – nothing I hate more than when a vendor has talked to my CIO about systems that impact clinicians without talking to me first or talking with us together. If you’re talking to a CMIO or CIO in a hospital system, don’t go directly to the docs or to individual hospitals – that’s a real no-no.
  • My number one rule is that all messaging from sales to CXO level needs to be focused on the business issues of the CXO and their organization in their market. Not focused on me, the vendor, my cool product, my cool customer base, my cool technology. Cut out all the buzz talk, marketing speak, tech speak, and really study the provider and their town. Who are their competitors? What is their market share? What are their financials like? What do their physician customers and patient customers think of them?They need to open their conversations with a provocative message that shows they have done their homework and know the business. Let that conversation flow until the customer says, “Hey, can you help me with that issue?” Salespeople need to be customer experts, not product experts.
  • This is an interesting question in that the answer has changed drastically in the last five years. It used to be easier to engage with management, no matter how busy, because it could be done after hours – dinner, a sporting event, drinks. Now, however, more and more facilities have purchasing guidelines in place that prevent employees from taking anything from vendors, including meals. This means that all meetings have to take place during already jam-packed days, resulting in fewer opportunities to build relationships. It has become more of a 15-minute elevator speech opportunity rather than a relationship-building opportunity. Because of that, an effective plan seems to be: e-mail contact, phone contact, correspondence through e-mail with questions and answers, in-person meeting, follow-up information through e-mail and calls. Much less personal, but still effective.
  • His salespeople better know his clients really well.

HIStalk Advisory Panel: When to Join an HIE 7/16/12

July 14, 2012 Advisory Panel 6 Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news development and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a provider organization (hospital, practice, etc.), you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This report involves a question submitted by a health system’s VP of physician systems. When is the right time for a provider to participate in a new HIE initiative: when it first launches, when it reaches financial stability, or when physicians and/or patients demand participation?

At Launch

  • Probably upon launch or shortly thereafter. It could easily become chicken-and-egg and never reach the latter two without significant participation at the onset. If there’s never critical mass, financial stability and public awareness will likely never happen.
  • If everyone waits until the HIE reaches financial stability, very few will get off the ground. It is important to support these as soon as they are available IF they can show a reasonable path to sustainability (if they can’t they shouldn’t be supported.) Limited term funding guarantees, a fair sharing of costs among providers, hospitals, and insurers (the major beneficiaries) should all be considered.
  • Our hospitals is an HIE founding member, but our providers derive almost zero benefit from it. There are a number of reasons for this, but workflow is probably the most important. So, any advice I have about when to engage providers in an HIE must be taken with a very large grain of salt—it could reasonably be argued that I don’t know what I’m talking about. That said, I would say when it is first launched. If you wait until it is financially stable, it may fail because you are waiting.
  • Excellent question, and one that we’re wrestling with as a nascent HIE is forming on our doorstep. Our health system has chosen to be a charter member (long before financial stability or patient and physician demand) in order to ensure this thing evolves in a way that matches our business interests. However, having previously been involved with a failed statewide HIE, I know all this effort may come to nothing.
  • When it first launches, especially if vendor has a significant share of the market.
  • Having been involved back in the early 2000s when we called them RHIOs and everyone loved  the idea but didn’t participate, I would say that getting in early and driving the direction and focus is better than jumping in late and playing catch-up. I think an early aggressive stance is better than sitting on the sidelines. I understand that there are cost issues to play in an HIE, but I would rather try and make the rules than have to follow the rules built by others.
  • I believe that getting in at the ground level, when it first launches, is important. The provider will have some voice in necessary changes, will probably get in for a lower cost, and will not have to wait in line down the road when everyone jumps on the bandwagon.
  • The right time is at the beginning so they can be involved in functionality and governance. But the more pragmatic time is when there is a definite need and business model to support it.

When Other Providers are Jumping On

  • You definitely don’t want to be in early. Too many bugs and no real benefit because there are no other providers to collaborate with within the system. You also don’t want to be last in. There is too much risk of losing patients to providers who offer the service from an HIE with a patient portal. As an MD, I would start publicizing that I will be joining and when patient demand reaches a level that ensures interest and benefit start the process.
  • For most providers, the right time is when the local hospitals start using the HIE. The real benefit for the independent providers is to exchange data with hospitals. Unless there are hospitals signed up, it does not make much sense to invest time and money into this fairly resource-intensive process. Alternatively, there are several incentives (state or federal outside of MU) that help the providers sign up to HIE. Independent providers should seriously consider joining the HIE if one of the financial incentives is strong enough.
  • When the health system the provider affiliates or partners with is actively engaged – makes the individual provider’s efforts more worthwhile and helps to ensure that patient information useful to the provider is going to be available via the HIE.                          

When the HIE Achieves Financial Stability

  • When it reaches financial stability. We have three that we could hitch our wagon to, but two of them probably cannot sustain their current financial model. I’m glad that we waited a year before making a decision. Our physicians and patients are still not demanding it, but it’s the right thing to do. If we wait for them, it might not happen for another three years.
  • We have providers who fall into each of these categories. However, in the spirit of what is best for the patient regarding continuity of care and cost reduction, I would argue that once an HIE is established (assuming early adopters have technically proved it out) and sustainable, that would be the best time. Once patients start demanding, you are already behind the curve and have suffered from a customer service perspective.
  • After it reaches financial stability, but before physicians and patients demand participation. In that window, you should move when you are almost but not completely comfortable that it will be *the* platform.

When Benefits Are Compelling

  • Only when the benefit outweighs the risk. Only when the information offered by the HIE is worth something to your clinicians. We have yet to reach that point.
  • When the participant (physician, nurse, care coordinator, etc.) feels that there is something useful being offered by the HIE, they will join. There must be utility in the service or potential participants won’t be bothered. What is utility? The answer depends on the person offering and receiving the information. Some physicians may want a simple hospital discharge or something as detailed as a complete CCD. Some may find a PDF that can be attached to the patient record useful; others may find utility only in data being stored in fields within their EHR. I just sat in a think tank meeting yesterday (my friends would find irony in that statement!) where a similar topic was discussed for hours among various stakeholders with no clear consensus. All that being said, sustainability is also a concern. Maybe some participants will operate under the “I’ll take what I can get while I can get it” mode, but many others will be more cautious and wait to see if this new service will be around for the long haul. In a pay-to-play model, I would imagine that participants would become hyper-sensitive to both of these points.
  • I’m not sure there’s a magic answer here. The right time should be when any benefit can be realized for providers and/or patients. Ideally, you want a guarantee that an HIE will be financially stable and provide some benefit to the community. However, if someone doesn’t take risks to be the first, then you don’t make progress.  My experience to date is as follows:  our state HIE has wonderful presentations on their technology architecture, but no answer to how they will sustain the solution once the grant dollars dry up. It’s hard to create executive support for any initiative if you can’t tell them how much it’s going to cost. Creating a regional HIE would be an alternative solution, but the competitive environment between the practices and hospitals in the area may make this a pipe dream. Instead we have one-off integration attempts between select hospitals and practices. I think it’s a shame for the patient – most families will end up having their data compartmentalized throughout the community, and if MU Stage 2 continues with the proposed rule, patients will have to utilize multiple portals to gain access to their information. This is not progress.

When Physicians or Patients Express Interest

  • I would say when physicians and/or patients are interested. HIEs are fee based, so value needs to be identified before committing. Stage 2 MU has some specific criteria regarding electronic exchange, so timing could be a moot point.
  • Generally I would say when others demand your participation, but that is not what we are doing. We got involved right at the beginning, assisted with vendor selection etc. It is more expensive to be involved at the beginning, but you can impact the direction more that way. If you miss the beginning and have no input, then wait until physicians demand it. All of these are being funded on the backs of hospitals, so spend only when you need to.
  • This question sounds like it comes from someone at a large organization. From the small practice perspective, not many providers really think about this. Most providers in private practice probably don’t know what HIE stands for. We have 10 providers (doctors and physician assistants). Of them, I know of one who might know what an HIE is. If the demand comes from providers, it will start at large organizations like Kaiser and hospital systems and then spread to communities. 

Depends on the Organization or Area

  • There is no right answer here:  much like any other “bleeding edge” vs. mainstream vs. laggard discussion, jumping in too early can have more pain (growing pains, financial pains, failure) it also can be a marketing tool for patient engagement and connectivity. What is the value of that? Clearly, it depends on the locale, competition, etc. Understanding the dynamics of the local market and needs is more important, and having realistic expectations for all is a necessity.
  • I think this depends on the size of your organization. Larger institutions are typically the earlier adopters and have the resources to get the HIE launched. Smaller institutions will join as it becomes more stable.
  • The timing decision to participate in a new HIE depends on the culture of the provider organization. There are the early adopter benefits of participating at the beginning. You may be viewed as a thought leader and innovator. Additionally, your organization may shift faster to leverage and benefit from the exchange. There may also be early adopter risks of sharing without clear guidelines for exchange participants. Organizational support tends to be key regarding timing along the HIE maturity curve.
  • It depends upon your broader competitive and clinical integration strategy. The more strategic, get in early. The less strategic, fit it in when you can, if it makes sense at all to do.
  • This is really a chicken and egg question. If a provider does not start early, then the chance of the HIE being sustainable — and more importantly, set up in the best interest of all stakeholders — is greatly reduced. However, if the ante to be at the table early is too risky for an organization, then they should stay on the sidelines until the HIE is proven functional and sustainable. The issue across the country, of course, is one of sustainability… and politics.  In our state, an insurer/provider conglomerate tried to convince the state to run on their infrastructure. It took great effort to derail that thought (imagine you are a provider and the insurer side of this company has a deep dive or this kind of data to potentially use against you in contract negotiations) AND as soon as a new direction was set, the state then pushed the provider consortium aside for another politically-driven organization. At that point, the providers exited.
  • HIE participation depends on multiple aspects, and requires frank assessment of both the HIE and the participating provider. If the HIE is inadequately funded, its leadership does not have a proven track record, and questions arise about its stability, then a provider organization should not devote resources to what may turn out to be a failing proposition. The converse is also true: if the participating provider is inadequately funded and dealing with its own internal problems (either staffing or trying to meet government and more pressing internal organizational goals,) then it should not try to devote scarce resources even if the HIE is a stellar player. The character and experience of the participating provider also should determine time of enrollment: if the provider is tech-savvy, at the forefront of the implementation curve, and has both time and resources to deal with startup issues, then they should be a first-launch participant. However, if the provider expects smooth sailing or a plug-and-play experience, then waiting for maturity of the HIE is in order. Looking back on historical ease of implementation and rollout of EMR to individual physicians may provide a template for which providers should go up first on an HIE and which should wait.
  • Depends upon (a) the provider’s tolerance for ambiguity and willingness to shape the HIE. If high, get involved when it first launches and be among the first to participate. You can always use it as a marketing tool with your patients to show how advanced you are. If low, wait until there is demand. If you wait until it reaches financial stability, you’ll grow old and die first in most cases. (b) the cost of participation. There will be limited value at first, sort of like those who had the first telephones when their neighbors didn’t , but there may be discounts (temporary or permanent) that could be negotiated for early participation.

HIStalk Advisory Panel: Wrap-Up 5/28/12

May 28, 2012 Advisory Panel 5 Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news development and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a provider organization (hospital, practice, etc.), you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

I previously ran the panel’s recommendations to Allscripts and a list of the innovative companies they’re working with. These are their remaining comments.

General Comments

”The coming wave of BI use that will be required for any healthcare organization to be profitable, especially if they get involved in ACO or population health management. There was such a void of these companies at HIMSS it was shocking.”

”CMS and AHIMA are pushing ICD-10, a 30-year-old coding system. Like forcing us all to buy Betamaxes.”

”We have an internal debate ongoing within our parent organization whether EHRs will become a commodity purchase in the next few years. The implication is that you would be able to buy the EHR in pieces from best-of-breed vendors and then meld them together. I would be interested in what HIStalk readers, and of course yourself, feel about this prediction. Big organizations with lots of R&D dollars haven’t been able to pull it off even with just to products to integrate. I don’t think we have the standards to pull this off for at least a decade.”

”I think the platforms being developed by Allscripts and Greenway are an important harbinger of where the industry is going — the idea of the EMR as a platform and companies building apps to sit on top of them to help fill gaps and expand functionality. Other companies talk about it, but are not ready technically. Epic says they won’t do it, but I think they all eventually will.”


5-27-2012 3-21-58 PM

”We are getting excellent results with Cerner PowerChart on both the ambulatory and acute sides. The newer mPage technology has let us develop specific apps within PowerChart that address Meaningful Use and quality goals while also improving physician experience and adoption with the EMR. Examples include a physician-designed ED CPOE template (that only an ED doc could love) and an app for admission med rec that better ties in nursing, physician, and pharmacy workflow (for example, the physician hands off therapeutic substitution task to the pharmacy). Cerner’s tools let us optimize workflow.”


5-27-2012 3-36-36 PM

Entrada is an interesting little dictation and transcription service that is partnering to bring voice to data services along. They are making some noise in the ortho markets.”


5-27-2012 3-22-37 PM

Epic is good and not great. The install methodology is good, but they rely too much on their UserWeb to send customers for information. They also do a poor job of preparing CIOs for what life will be like after the install. We don’t have time to figure out which classes we should attend so we can get an idea of how the suite works and what it takes to support it. I have asked repeatedly for guidance and am still waiting.”

GE Healthcare

5-27-2012 3-23-20 PM

”What’s up with the GE Healthcare product suite? I haven’t heard much. I fear that their ambulatory PM/billing system formerly known as IDX has seen better days. They have been historically strong products.”

”I haven’t heard much lately about what GE is doing with their ‘new product’ or how the new joint venture is going with Microsoft.”

Hyland Software

5-27-2012 3-20-18 PM

Hyland is doing a great job for us. On time, on budget. Can’t ask for more than that.”


5-27-2012 3-25-06 PM

”We’re vendor shopping and you get to see many products and talk to a lot of sales reps. InterSystems gave us their sales pitch, but didn’t even pitch us their correct product. We had met with them at HIMSS and clearly they didn’t take any of that conversation into account.”


5-27-2012 3-29-02 PM

”It was painful that McKesson announced in December that they are going to sunset Horizon Clinicals. Having stopped developing their emergency and ambulatory solutions (HEC and HAC) puts lots of things into question. We don’t use HAC, but we do have HEC in all our facilities. Moving to Paragon – really?!?!? They have been unable to execute over the last five years on what they said they would deliver on. Who would believe they could do it with this neophyte product?” 

“It might be interesting to ask of those healthcare organizations using Horizon Clinicals as their primary EHR solution how many are currently considering moving on from McKesson and not waiting on transitioning to Paragon.This question would also be interesting for those organizations utilizing Meditech 5.6 and whether they are going to move to Meditech 6.x or will be selecting another vendor.”


5-27-2012 3-38-47 PM

Oberd is an outcomes research company targeting ortho.”


5-27-2012 3-31-10 PM

”We’re opening a new hospital. An interesting EHR vendor they liked is Prognosis of Houston, TX. I haven’t seen the product, but the selection team has raved about it.”


5-27-2012 3-42-01 PM

”We installed SYSTOC (now part of PureSafety), the market leader in occupational medicine. It was a very expensive mistake that destroyed productivity. They told us they supported voice recognition several years ago, and are now promising that it will come out in the fall. They have promised improvements with every upgrade and the system just deteriorates more with every release.”


5-27-2012 3-13-19 PM

”I have worked a lot with Vocera. Great company, very focused, recent IPO is doing well. Smart guys running it. It’s a good product that works and happy customers.”

Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Vince Ciotti’s HIS-tory of Healthcare IT

Founding Sponsors


Platinum Sponsors






















































Gold Sponsors
















Reader Comments

  • FRANK POGGIO: "Medicare for all", which implies a 'single payor' system is a total ruse. In fact several of the proponents are already...
  • Jess: “Re: mobile apps. I’m looking for companies that offer an app that’s a mixture of patient portal, scheduling, and ...
  • FormerCIO: Without getting too political, I am curious how the 'Medicare for All' types will compensate providers (i.e., what recor...
  • FRANK POGGIO: Mike, I agree w Mr. H. Your example of network management is just one application not a full business operational syste...
  • Eyes Wide Open: Re: "Has anyone ever analyzed the number of retread healthcare sales roles? It seem a bunch of folks just flit from comp...
  • AC: "323 hospital and clinic visits and 13 major surgeries" How do you get surgeons to perform 13 unnecessary operations?...
  • Desperado: "The vast majority of us conduct our business with integrity and understand that the more we give, we get back tenfold i...
  • Long time HIT salesman: Teri, I couldn't agree more. The vast majority of us conduct our business with integrity and understand that the more we...
  • Supporting good decisions: Mike, I read the original and I read your comments. You make some sweeping assertions without any basis in fact....
  • Teri Thomas: As a former vendor salesperson, I genuinely like lots of CIOs and would consider them friends. I was in my role a long t...

Sponsor Quick Links