More docs gravitating to cloud-based EHRs

May 15, 2012 — 2:41pm ET | By Marla Durben Hirsch via FierceEMR.com

Physician practices are turning to Software as a Service (SaaS) electronic health record systems--and have several good options to choose from, according to a new report from Orem, Utah-based healthcare research firm KLAS.

The study, in which more than 290 providers using SaaS ambulatory EHR systems were interviewed, reported that SaaS EHRs are becoming increasingly popular. "These systems appeal to small organizations that want low maintenance, a quick go live, and small up-front investment," the report noted. "Providers must also be comfortable with clinical and patient data being stored off-site and limited flexibility in the system."

• EHR response time, such as the loading time between clicks
• Customer support, such as frequent updating and enhancements
• Product quality/usability
• "Bang for the buck", i.e. attractive pricing

The top ranked SaaS vendor/product was CureMD EMR, followed closely by Practice Fusion, athenahealth athenaClinics, MIE WebChart EMR, MedPlus/Quest Diagnostics Care 360 EMR, and Sevocity EMR.

One downside to SaaS EHR products, according to the report, is that many of them do not also offer practice management solutions. Of the top six products, only CureMD and athena sell practice management products in tandem with their EHR systems.

The report corroborates trends in hospitals, which also are embracing cloud computing for their EHR and HIE use.  Gartner recently predicted that cloud computing will take center stage by 2014.

Read more: More docs gravitating to cloud-based EHRs - FierceEMR http://www.fierceemr.com/story/more-docs-gravitating-cloud-based-ehrs/2012-05-15?utm_campaign=twitter-Share-NL#ixzz1v9ZesuL2
Subscribe: http://www.fierceemr.com/signup?sourceform=Viral-Tynt-FierceEMR-FierceEMR

amednews: Small medical practices greatly at risk for data breaches :: Jan. 16, 2012 ... American Medical News

from amednews: Small medical practices greatly at risk for data breaches :: Jan. 16, 2012 ... American Medical News:

Data breach experts are issuing a warning to small practices -- don't be the vulnerable target that data thieves assume you are.

The Top Cyber Security Trends for 2012, as compiled by Kroll's Cyber Security and Information Assurance, reported that small practices are more susceptible to security vulnerabilities because they are "the path of least resistance." Many rely on outdated technology. Basic security protections, such as proper use of encryption, often are overlooked as practices focus on meeting regulatory requirements, such as those related to meaningful use. (See correction)

• Links
• See correction
• See related content

Small practices often lack the technical sophistication to know what tools to put in place to avoid attacks, said Jason Straight, managing director of Kroll's Cyber Security and Information Assurance unit. Or they have the right tools, but the tools are not implemented or monitored correctly, he said. One example is having incorrectly installed data encryption.

Large organizations have become more "hardened," meaning they spend more money to safeguard their data, said Beth Givens, founder and director of the Privacy Rights Clearinghouse, an education and advocacy group that has tracked publicly reported data-breach trends across all industries since 2005. "It only stands to reason [that data thieves] would go after small practices," she said.

Breach experts have long said medical data are among the most valuable because of the depth of the information. To thieves, small organizations are often the easiest source of this data because they lack the sophisticated security measures used by their larger counterparts. Because nearly three-quarters of practices are one- or two-doctor operations, there are simply more of them to target compared with large organizations. The advice given to practices is to take steps to ensure they aren't the victims of a breach.

The costs of a breach

Three of the six most significant data breaches in 2011 occurred at health care organizations, resulting in 11 million patient records being put at risk, according to a year in review report published in December 2011 by the Privacy Rights Clearinghouse.

Givens said medical data are valuable to thieves because of "the triple whammy" -- sensitive medical information, financial data and other identifying data that can be used for identity theft.

3 of the 6 biggest data breaches of 2011 were at health care organizations, putting 11 million patient records at risk.

When a breach occurs, the practices are faced with the cost of notifying all of the affected patients and usually paying for identity theft and credit monitoring for them. The per-patient costs associated with a breach have risen to more than $200 in 2011 for notification and loss of income, according to the Ponemon Institute, a privacy research center based in Traverse City, Mich.

Many breaches also bring to light deficient IT systems that the practice must replace immediately. In addition, the practices could face fines from the Dept. of Health and Human Services.

Although breaches at large medical organizations often get more media attention because of the sheer number of records involved, that shouldn't be an indication that small practice owners are in the clear, experts say.

It's hard to put an exact number on small practice breaches because breaches generally are categorized by industry and not broken down by practice size, Givens said. There's also a good chance many of the breaches in small practices aren't reported because they don't fall under the state or federal reporting requirements. For example, California doesn't require the reporting of paper breaches, and HHS doesn't require the reporting of breaches affecting fewer than 500 people.

A query of the HHS breach database and the Privacy Rights Clearinghouse's database shows dozens of cases involving individual physicians and small medical practices that were victims of cyber attacks in 2011. Cases include the hacking of network servers, office burglaries, inside data thefts, and incidents caused by information technology problems that may have been malicious attacks or errors that resulted in data exposure. Givens said she is sure there are "a lot more breaches than are posted on our website."

[Continue Reading]

Security Spending Up at Rural Hospital

Ron Kloewer

Breach Prevention, Compliance Lead to Investments

December 20, 2010 - Howard Anderson, Managing Editor, HealthcareInfoSecurity.com


[Original Article at Healthinfosecurity.com]
Ron Kloewer, CIO at 25-bed Montgomery County Memorial Hospital, explains why the critical access facility's spending on information security will grow in 2011.

The rural Iowa hospital will spend more on information security because of its efforts to prevent health information breaches and comply with HIPAA and the HITECH Act, Kloewer says.

In an interview, Kloewer describes:

• Top security projects for 2010, including network infrastructure upgrades, encryption of backup media and continuation of business continuity and disaster recovery improvements;
• How plans to apply for HITECH electronic health record incentive payments are influencing security strategies, including plans for a gap analysis;
• Why the hospital does not allow patient information to be stored on desktops, mobile devices or thumb drives;
• Why the hospital won't hire more IT staff next year, instead focusing on providing technical training to staff members in various departments.

Kloewer wears many hats in his executive role at Montgomery County Memorial Hospital, a critical access facility in Red Oak, Iowa. He serves as CIO, risk manager, privacy and security officer and director of planning and development.