Why HHS Needs a Privacy Leader and a Cybersecurity Leader

By Nam Nguyen and Sayee Balaji Chandrasekaran, Chair and Vice Chair, EHRA Privacy & Security Workgroup

_Security and Privacy are not the same. A Security leader_s primary concern is protecting and securing data. A Privacy leader_s primary concern is who can access certain data and whaCyber-threats are all over the news, including attempts to hack elections, steal corporate trade secrets, and hold medical records for ransom. Phishing is rampant, and is the way most hackers ultimately get into secure systems. The U.S. government has, of course, taken notice, and is taking action on several fronts.

One of those fronts is healthcare, with the release by HHS of the Health Care Industry Cybersecurity Task Force’s “Report on Improving Cybersecurity in the Health Care Industry,” which was delivered to Congress in June 2017.  The task force wrote, “Our nation must find a way to prevent our patients from being forced to choose between connectivity and security.”

EHRA welcomes this report, which we view as a path forward for increasing security in the healthcare sector.  The report directly aligns with two of EHRA’s privacy and security positions: (more…)

HIMSS18: Listening, Learning, Leading

IMG_6591EHRA member companies were out in force at HIMSS18 in Las Vegas, and not just in booths on the exhibit floor.

In a small conference room on the 4th floor of the Sands Convention Center, EHRA volunteer executives were meeting with stakeholder groups to discuss how EHRs can be optimized to improve usability, interoperability, and patient safety. We listened, we asked questions, and we shared our perspectives on the challenges and what the next steps could be.

(more…)

Draft TEFCA Needs A Lot More Work

TEFCASince the release of the Draft Trusted Exchange Framework and Common Agreement (TEFCA) on January 5th, EHRA volunteers from the Standards and Interoperability, Privacy and Security, and Public Policy Leadership Workgroups have been reviewing and discussing the document. Together, they drafted EHRA’s comments, which were submitted this week to the Office of the National Coordinator for Health IT (ONC).

As EHR developers, we support the goal to provide nationwide interoperability using networks as important building blocks, and believe TEFCA has the potential to dramatically improve interoperability.

However, the draft TEFCA overreaches, neglects important details, and doesn’t consider the practicality or potential unintended consequences of the policy. We strongly recommend that ONC review stakeholder feedback and publish a revised proposed draft for another round of feedback, before finalizing the policy.

(more…)

Reflections on EHRA, Past and Future

By Mark Segal, PhD, FHIMSS

Mark Segal Morocco

Mark Segal welcomed ‘retirement’ by exploring Morocco with his son.

Late in 2017, I left GE Healthcare via an early “retirement” opportunity. Retirement is in quotes but that is a story for another day; suffice it to say that I intend to remain active in the digital health policy world.

One of the biggest changes with my departure from GE is that I also left the EHRA Executive Committee, on which I had served in both elected and ex officio capacity for years. This was a double whammy of many fewer conference calls per day.

My involvement with EHRA, wearing many hats, has been one of the most important and satisfying aspects of my professional life. (more…)

Don’t Create a Certification Ceiling

By Sasha TerMaat


Certification blog quoteAt the end of November 2017, JAMIA published the article,
“Are all certified EHRs created equal? Assessing the relationship between EHR vendor and hospital meaningful use performance.” The authors, A Jay Holmgren, Julia Adler-Milstein, and Jeffrey McCullough, performed a statistical analysis of publicly available data sets on Meaningful Use EHR Incentive Program performance, stratifying based on the developer of the EHR product used by the Meaningful Use participant.

It’s wonderful to see the data sets published by CMS and ONC used for insightful research. I know from personal experience doing data analysis of CMS and ONC published data sets that a lot of effort goes into data normalization, and the authors took a thoughtful and careful approach.

However, I was surprised by the authors’ conclusions and policy recommendations at the close of the article. Having found EHR developer-correlated variability in performance on certain activities measured in the Meaningful Use incentive program, the authors state that is undesirable, and write recommendations to standardize. The authors say, “Our results suggest that policy-makers should pursue modifications to the EHR certification process to decrease such variation across EHR vendors and improve EHR systems.” (more…)

FDA Health IT Guidance Is A Good Start, But More Clarity Is Needed

By Shari Medina, MD

This month, the FDA issued long-awaited guidelines EHR tablet graphicon the agency’s implementation of the 21st Century Cures Act in regards to Clinical Decision Support and the FDA’s intent to exercise enforcement discretion for many types of patient-facing software, mobile applications, and software which have not obtained ONC certification.
(more…)