Well, not quite, but as a physicist working on the grand unified theory would say: The arrows are pointing into the right direction.
While patient care is not delivered virtually quite yet, the experts in the field of Health Information Management and Systems will have their annual gathering in Atlanta in early March (http://www.himss.org) to ensure we’ll get there in the future. If you haven’t been to the HIMSS show yet – it is an exciting conference with well over 20,000 attendees.
Questions on health record portability, privacy, interoperability, and the plain old task to get physicians to warm up to the idea of using a computer as the primary means of documenting clinical information will be at the center of the discussions, while musings on whether the federal government is going to pay for your healthcare IT initiative are sure to be overheard as well.
I myself will make my way up to Atlanta to find out what’s going on in the industry and I seek to speak to many attendees and presenters on application delivery challenges in this unique field. Stay tuned on these pages for regular updates and follow me on twitter for a play by play of my HIMSS journey.
Before I pack my bags and decide whether or not to include foul weather gear and snow shoes, please let me know what specific topics around healthcare IT you are interested in.

Twitter: @florianbecker

Florian

The American Recovery and Reinvestment Act of 2009 (ARRA) contains a whole chapter called HITECH. This catchy acronym stands for Health Information Technology for Economic and Clinical Health and makes you wonder if “they” construct the acronym before deciding on what information to convey. It basically mandates a number of fairly stringent disclosure requirements for HIPAA covered entities and their business associates  in the case of privacy  breaches leading to the disclosure of patient data. The act is intentionally aggressive in order to entice health care providers and insurance companies to be really cautious about patient privacy and record security.
I am at HIMSS in Atlanta this week and I notice that ARRA, HITECH, HIPAA and other related topics are front and center in many sessions and for many vendors on the floor.
Under HITECH, the burden of proof is on the side of the covered entity to prevent a breach, discover the breach, and then disclose the breach to the patients and – in some cases – to the secretary of health and human services. If the breach is affecting 500 or more patients in a state or region, the covered entity must notify the patients via public media and notify HHS immediately. 
So, let’s define what a breach really is, and then what you can do to never having to call your local newspaper for the disclosure ad.

Under HITECH, a breach is an “unauthorized acquisition, use, or disclosure that compromises the security or privacy of the health record”. There’s also something in the language that this must pose a significant risk of financial, reputational, or other harm to the individual. Note that I am not a lawyer, but I did stay in a holiday….. tonight. Kidding aside, I did listen to Gerry Hinkley and Deven KcGraw during their HIMSS session this week – both are legal experts in this field.

So, having a laptop with unencrypted, and personally identifiable patient information stolen would be a breach. If, however, the data is secured with federally accepted levels of encryption (and the security of the key is not compromised), OR the data does not include certain items such as DOB or the patient’s ZIP code, it’s not a breach.
As you can see, the devil is in the detail. So, how can you take steps to avoid that painful disclosure? For one, ensure that the patient information never leaves your data center. Leverage desktop or application virtualization and disable clipboard and local disk access on the client device. Many electronic health applications can only print through the server, so that client connected printers are not needed and can also turned off without compromising functionality. If mobile access to the data is needed, consider the Citrix Receiver for the iPhone or mobile access platform of your choice to deliver the information without delivering the data.
Even without HITECH, these are important considerations for any Electronic Medical Records (EMR) rollout. When done correctly, you could allow your doctors, nurses, and staffers to use the laptop, netbook, tablet, iPad of their choice without having to worry about IT managing the myriad of devices or any of them leaving the premises.

Now, unfortunately, this is only one aspect of HITECH. The other aspect involves the unauthorized access  of patient records by employees who have legitimate access to the systems, but are basically snooping around. HITECH covers privacy breaches, not just security breaches.  Looking up your own lab results, or the chart of your friend’s sick kid is an example of a well intentioned, but illegal breach. Looking up the local football player’s records to determine if that hamstring injury has healed before Sunday’s game is also an illegal breach, but not an innocent one.  Identifying those scenarios actually requires intelligent data mining to assess whether access was justified for a person to do their job or constitutes a breach. While you can’t fix the latter category through application or desktop virtualization, you can confidently use virtualization technology to prevent breaches through the loss of devices or data without restricting mobility. One less thing to worry about in the complex world of healthcare regulation.

Questions? Comments?
Follow me on twitter: @florianbecker

No doubt you have heard about the iPad by now and you may be already pondering whether or not you will be buying one. Chances are you have a Laptop or PC and a Smartphone already so you need to rationalize how you will use it beyond e-books and browsing. Well if your company has XenDesktop or XenApp you will be happy to know you will be able to use your iPad for real work as well. It turns out the 9.7 inch display on the iPad with a 1024×768 screen resolution works great for a full VDI XenDesktop. Windows applications run unmodified and securely in the data center, and even multiple applications at once. The advancements that were made for the Citrix Receiver for iPhone will carry over to the iPad, however the iPhone restrictions of screen size and small keyboards are overcome with the iPad. It’s a beautiful thing ! The iPad looks to be an ideal end point device that can empower users to be productive were ever they are and IT will be able to safely deliver company hosted virtual desktops and apps without worry.

So tell us if you want Citrix Receiver for the iPad and let us know how your going to put it to work. ( even it’s just to rationalize buying another gadget )

Learn how to make the iPad work for your organization at Citrix Synergy. 

http://twitter.com/chrisfleck

While most discussions on successful Electronic Medical Record (EMR) implementation and adoption circle around the proper implementation of clinical workflows, standard order sets, diagnostic codes, and the all important CPOE (Computerized Provider Order Entry), little time is spent on thinking about how the applications actually make it to the users. I have talked to CMIOs this week at HIMSS who mentioned that the improper application delivery actually constituted a significant roadblock or bottleneck towards adoption.
Healthcare organizations have tried anything from Computer’s on Wheels (COWs) to tablets to smart phones and iPhones. Each modality has its own merits and risks. Let’s have a look:

COWs: With large screens and full keyboards, using the system is as easy as using a desktop computer in the office. However, there are some distinct challenges associated with COWs: They are used by many different people. Although the carts are adjustable, users don’t adjust them in the interest of time on the floor and are therefore experiencing ergonomic problems. COWs are wireless, so the 802.11x infrastructure must be 100% reliable with good signal strength. Map out every patient room using the all familiar “Can you hear me now?” method of assessing signal strength in every place the COW might be used. Check with your facilities manager whether the COWs in the hallways would violate any fire security.

Tablets: Overcome some of the bulkiness of COWs. Same challenges with wireless networks though. Check with your users first. Doctors carrying the tablet in one hand and the stylus in the other hand don’t have a hand left to touch the patient. The success of tablets also depends on the specific EMR application you are running. Entering data via the virtual keyboard of the tablet is very time consuming and therefore prone to error. Applications that let users click through selection lists are much more tablet friendly. Consider specialized tablets for the healthcare industry that include scanners and interfaces to diagnostic equipment while maintaining the mobility.

iPhones, SmartPhones: Awesome. Barely larger than a pager with a user interface made for the device. Can’t replace a full application though as many apps are just for vitals, bedside monitor virtualization, results review etc. Smart phones are complimentary to other access modalities – not a full replacement.

iPad: It’s coming. I talked to several EMR vendors at HiMSS 2010 in Atlanta this year, who are already working on their user interfaces to make them friendly for user interaction sans keyboard. Of course, the Citrix Receiver will be able to deliver any windows app or desktop directly to the iPad.

Finally, there are the good old thin clients. These units combine the best of all worlds: Large screen, yet small form factor. Don’t require wireless networks and several incorporate a smart card reader to facilitate two factor authentication. Have one in each patient room, nursing station and several in the hallways (neatly wall mounted and tucked away while not in use) and you have a solution that allows doctors to use both hands on the patient and use a familiar keyboard for data entry. Use desktop and/or application virtualization so that you can eliminate the end point support team. Depending on the EMR application, consider generic windows logon and light or no profiles to speed up logon times to the windows environment. Authentication happens on the application itself in this case. Smooth Roaming capabilities are essential to cut logon time down to a few seconds and provides full mobility on the floor without carrying a device.

Some of the access modalities in your healthcare facility depend on provider preference (yes, doctors do prefer some devices over others and yes, please make your doctors and nurses happy). Use application or desktop virtualization wherever possible to avoid end-point support. Citrix XenDesktop can deliver remarkably high quality application fidelity and image resolution even over longer distances thanks to the bundle of HDX technologies.

What is your experience with EMR implementations and application delivery?

Follow me on twitter @florianbecker