Spending on security of health data breaches to hit $70B by 2015 - FierceHealthIT

Spending on security of health data breaches to hit $70B by 2015 - FierceHealthIT:
March 29, 2012 — 3:24pm ET | By Dan Bowman 

With the cost of healthcare data breaches continuing to rise year after year, it shouldn't come as a surprise that spending on the security of that information is estimated to hit $40 billion this year, and balloon to $70 billion three years from now, according to a recently published report from Princeton, N.J.-based consulting firm The Boyd Company.

Specifically, investments in electronic health records and mobile technology to meet government compliance standards are cited as key to the expected spending splurge. Because of the inevitable increase in medical records sharing, new and improved efforts will be mandatory to keeping health data safe.

The report breaks down current data security costs in the U.S. by city, with New York ($32.6 million), San Francisco ($27.8 million) and Los Angeles ($25.7 million) spending the most annually on such protection.

"In an industry whose cost structures are under constant scrutiny by patients, insurance companies and government agencies, comparative economics are ruling investment and location decisions for new facilities," the authors wrote. "In today's difficult economy, improving the bottom line on the cost side of the ledger is often easier than on the revenue side for many healthcare services companies."

Read more: Spending on security of health data breaches to hit $70B by 2015 - FierceHealthIT http://www.fiercehealthit.com/story/healthcare-data-breaches-hit-70b-2015/2012-03-29?utm_medium=rss&utm_source=rss#ixzz1qtWl0H8w

SaaS EHR Down Time vs. In House EHR Down Time

Posted: 09 Aug 2011 03:26 PM PDT on www.emrandehr.com

As part of my continuing series of posts about EHR Down time (see my previous Cost of EHR Down Time and Reasons Your EHR Will Go Down posts), I thought it would be interesting to look at how a SaaS EHR down time is different from an in house EHR down time.

I’ll use the list of reasons your EHR go down as my discussion points for how it’s different with a SaaS EHR versus an in house EHR. On each point, I’ll see if either approach has an advantage over the other.

Power Outage – Certainly a power outage will impact both types of EHR implementations. If your computer or router doesn’t have power, then it doesn’t matter where your EHR is hosted. However, many clinics use laptops which can run for quite a while without being plugged in. Plus, a small UPS for your network equipment is pretty cheap and easy to implement.

However, a good UPS for your own server will cost a bit more to implement. Plus, the UPS won’t likely last very long. Most UPS are there to give you enough time to power down your system properly or to handle a short power outage. Of course, in this case we’re talking about a small clinic implementation. I have done an EMR implementation where we had some nice UPS and even a backup generator. However, this is the exception.

Conclusion: Slight Advantage for the SaaS EHR

Hard Drive Failure – Certainly the failure of a hard drive in your desktop machine will affect both types of EHR install equally. So, that part is a wash. However, the hard drive failure on your local server is much more of an issue than a SaaS EHR vendor. At least, I’ve never heard of a hard drive failure causing an issue for any SaaS software vendor of any type. Both in house and SaaS EHR implementations can implement redundant hard drives, but SaaS EHR vendors have to implement redundant servers.

Conclusion: Advantage SaaS EHR

Power Supply Failure – This one is similar to the Hard Drive failure. I know a lot of EHR vendors that have their clinics buy an in house server that doesn’t have redundant power supplies. I can’t imagine a SaaS EHR vendor buying a server without redundant power supplies even if the redundancy is across servers.

Conclusion: Advantage SaaS EHR

Network Cable – Cables can get pulled out of switches just as easily as servers. So, I conclude that it will affect SaaS EHR and in house EHR the same.

Conclusion: Tie

Switch/Router – Loss of a switch/router will cause either a SaaS EHR or in house EHR to go down.

Conclusion: Tie

Motherboard Failure – An in house server only has one motherboard. If that motherboard fails, you better hope you have a great tech support contract to get a motherboard to you quickly (For example, Dell has a 4 hour support contract which is amazing, but pricey). Certainly a motherboard can fail for a SaaS EHR as well, but since they likely have multiple servers, they can just roll the users over to another server while they replace the motherboard.

Conclusion: Advantage SaaS EHR

EHR Software Issue – This is a hard one to analyze since a software issue like this could happen on either type of EHR install. It really has more to do with the EHR vendor’s development and testing process than it has to do with the way the EHR software is delivered.

You could argue that because the SaaS EHR is all hosted by he company, they will be able to see the issues you’re having first hand and will have tested on the hardware they have in place. A client server/in house EHR install could be on a variety of EHR systems that the EHR vendor didn’t know about and couldn’t test as they developed and deployed the system. So, I could see a slight benefit for the SaaS EHR system.

However, one disadvantage to the SaaS EHR system is that they are hosting it across dozens of servers and so when something goes wrong on a server it’s sometimes hard to figure out what’s going wrong since all the servers are the same. Maybe that’s a bit of a stretch, but we’ve all seen times when certain users of a service are down, but not others.

Conclusion: Maybe a slight advantage to SaaS EHR

Internet Outage – This one is the most clear cut benefit to an in house server. When your internet connection goes down, the in house server keeps plugging along no problem. Loss of your internet connection with a SaaS EHR is terrible. No doubt that’s often the greatest weakness of a SaaS EHR. Although, it can be partially mitigated with multiple internet connections (ie. wired internet and wireless broadband internet).

Conclusion: Advantage In House EHR

I have to admit that I didn’t realize going into this analysis that it was going to be a landslide for the SaaS EHR. Although, that’s quite clear from this analysis. When it comes to EHR down time, the SaaS EHR is much better. Unless, you live in an area where the internet connection is unreliable and slow. Then, you don’t really have much choice since SaaS EHR needs a reliable internet connection.

It’s also worth noting that this article only talks about how EHR down time relates to SaaS EHR versus in house EHR. There are certainly plenty of other arguments that could be made for and against either implementation method such as: speed, privacy, security, cost, etc.

Thoughts about Meaningful Use Regulations

From EHRscope blog

The widespread adoption of electronic health records (EHRs) throughout the healthcare system received another boost last week when the Centers for Medicare & Medicaid Services (CMS) announced its final criteria for the meaningful use of EHRs within the incentive program established by the American Recovery and Reinvestment Act. After releasing preliminary meaningful use regulations back in January, the agency spent the past several months collecting the thoughts and opinions of anyone and everyone in healthcare who took the time to submit one. CMS has said these factored into the finished product quite heavily, so score one for transparency.

The final meaningful use regulations haven’t diminished the EHR incentive program’s impact on health plans, and its effect on health reform remains the same. If anything, they offer more flexibility than those proposed in January, which should increase EHR adoption within the plan’s first few years. The bottom line is that greater usage of EHRs will get electronic medical data flowing throughout the system. We’ll see more integration and sharing of information among payers, providers and even patients, which is a major step in the path to reform.

-Eric Demers

VP of Health and Life Sciences,MEDecision

Survey: Healthcare organizations' security not up to HITECH standards

Molly Merrill, Associate Editor at Healthcare IT News

CHICAGO – Healthcare organizations aren't prepared to meet privacy and security standards associated with the American Recovery and Reinvestment Act, according to a new survey.

The survey of 196 healthcare information technology and security professionals, conducted by the Healthcare Information and Management Systems Society and sponsored by Symantec Corp., a Mountain View, Calif.-based developer of security, storage and systems management solutions, indicated healthcare organizations aren't using available security technologies to keep patient data safe. Reasons given include stretched budgets and lack of a chief security officer (CSO) or chief information security officer (CISO).

Approximately 60 percent of respondents said their organization spends 3 percent or less of their organization's IT budget on information security. This is consistent to the level of spending identified in the 2008 HIMSS study. And fewer than half of the respondents said their organization has a formally designated CISO or CSO. [Continue Reading]

First Lady Michelle Obama Announces Release of $851 Million from Recovery Act to Upgrade & Expand Community Health Centers, To Serve More Patients

Grants Will Support Centers that Provide Care to Millions of Americans

Washington, DC – First Lady Michelle Obama today visited Unity’s Upper Cardozo Health Center and announced the release of $851 million in grants to address immediate and pressing health center facility and equipment needs and increase access to health care for millions of Americans The money was made available by the American Recovery and Reinvestment Act and comes as more Americans join the ranks of the uninsured due to the economic downturn and skyrocketing health costs.

"Community Health Centers provide care to the Americans who need it most and their work has never been more important," said Obama. "These grants will help Unity’s Upper Cardozo and thousands of centers across the country expand and serve more Americans who simply can’t afford insurance coverage anymore. ."

The Recovery Act Capital Improvement Program (CIP) grants will support the construction, repair and renovation of over 1,500 health center sites nationwide. More than 650 centers will use the funds to purchase new equipment or health information technology (HIT) systems, and nearly 400 health centers will adopt and expand the use of electronic health records.

To see a list of Recovery Act CIP grantees by state, go to www.hhs.gov/recovery.]

Continue Reading Article [HERE]

HIMSS Publishes Its Definitions of 'Meaningful Use'

CHICAGO (April 27, 2009) - On Monday, April 27, HIMSS published its definitions of ‘meaningful use of certified EHR technologies,’ as outlined in the American Recovery and Reinvestment Act of 2009 (ARRA). HIMSS sent a cover letter, plus two definitions: 1) meaningful users of certified EHR technologies and 2) meaningful use for hospitals, to the National Coordinator of Health IT and the Acting CMS Commissioner, within the Department of Health and Human Services (HHS).

ARRA calls for multiple years of Medicare incentive payments to hospitals and physicians who meet the requirements of “meaningful use of certified EHR technology” (an electronic health record). To be eligible for the incentive payments, hospitals and physicians must use the technology in a meaningful manner; to exchange electronic health information to improve the quality of care; and, submit clinical quality measures – and other measures – as selected by the Secretary of HHS. Further, hospitals and physicians must meet the definition within a specified time frame, which as described in ARRA, must be made increasingly stringent over time by the Secretary.

Read the full article HERE>

What the Economic Stimulus Package Means for Healthcare

I was digging around last night and found an informative webcast which spells out the American Recovery and Reinvestment Act of 2009. It does not answer every question but it certainly helped make sense of the act.

The webcast was presented by Harry Greenspun, M.D., Executive Vice President and Chief Medical Officer of Perot Systems Healthcare Services. Click HERE to go to the webcast.

Perot Systems also has several other abstracts available that may help make sense of the stimulus package.