{"id":1326,"date":"2017-08-21T10:00:54","date_gmt":"2017-08-21T02:00:54","guid":{"rendered":"https:\/\/seriousmd.com\/blog\/?p=1326"},"modified":"2017-08-21T12:44:57","modified_gmt":"2017-08-21T04:44:57","slug":"hybrid-emr","status":"publish","type":"post","link":"https:\/\/seriousmd.com\/blog\/hybrid-emr\/","title":{"rendered":"What the Philippines Needs in Healthcare Data Security"},"content":{"rendered":"<p class=\"p1\">We normally publish <a href=\"https:\/\/seriousmd.com\/blog\/emr-academy\/\">informative pieces on medicine in the digital age<\/a> or <a href=\"https:\/\/seriousmd.com\/blog\/roadmap\/\">news about app updates<\/a> here. But to shake things up, I\u2019ve decided to write about something I realized during a recent visit to Cebu. Consider this an opinion piece with a little story thrown in.<\/p>\n<h2 class=\"p1\">The Story<\/h2>\n<p class=\"p1\">We were invited to Cebu by a couple doctors who had experienced some trouble with their existing EMR (let\u2019s just call it <strong><em>Hybrid\u00a0<\/em><\/strong>for now). These troubles caused them to sign up with <a href=\"https:\/\/seriousmd.com\/\">SeriousMD<\/a>.<\/p>\n<p class=\"p1\">Now they needed help. The doctors mentioned that they&#8217;d been having trouble getting support from Hybrid&#8217;s company. Among other things, it was painfully hard to get their data exported.<\/p>\n<p class=\"p1\"><strong>After talking with them, we realized these things:<\/strong><\/p>\n<ul>\n<li class=\"p1\">They personally knew that they wanted to move away from the Hybrid EMR software for some time already but they just couldn\u2019t because they\u2019d built up years and years of patient data into their database.<\/li>\n<li class=\"p1\">They thought it was going to be almost impossible to find a way to move their data.<\/li>\n<li>They had no real concept of how secure (or\u00a0<em>not\u00a0<\/em>secure) their data was in the EHR.<\/li>\n<li class=\"p1\">They didn\u2019t have time to just pause, sit down and think about how to deal with it.<\/li>\n<\/ul>\n<p class=\"p1\">I eventually found out that it was the same situation for many doctors over there. That amounts to dozens, perhaps even hundreds of doctors in that area ready to make the leap into the digital age but unable to.<\/p>\n<p>All because they had started out with the wrong EHR for them.<\/p>\n<p class=\"p1\">The irony of it too is that they&#8217;d already covered the hard part. In other words, they&#8217;d converted most of their paper files to digital ones.<\/p>\n<p class=\"p1\">Yet those digital files weren&#8217;t properly &#8220;theirs&#8221;, were they? After all, they couldn&#8217;t even export them from the Hybrid EHR when they wanted. At the same time, given the lax security of that same EHR, the said files weren&#8217;t truly protected from third parties.<\/p>\n<p class=\"p1\">So who, really, was in control of all this data?<\/p>\n<h2 class=\"p1\">My Gripe<\/h2>\n<p class=\"p1\">I\u2019ve had a nagging thought in my mind for a while. That visit to Cebu really just reinforced my suspicion.<\/p>\n<p class=\"p1\">You see, I\u2019ve been going around the Philippines and I\u2019ve probably personally visited over 500 doctors\/clinics already. And what&#8217;s the situation?<\/p>\n<ul>\n<li class=\"p1\">Doctors use insecure Android apps on their phones,<\/li>\n<li class=\"p1\">some use free apps that some dude uploaded on the Internet that is just spyware,<\/li>\n<li class=\"p1\">some use shared patient lists with other doctors who shouldn&#8217;t really be privy to that data,<\/li>\n<li class=\"p1\">some use freelancers&#8217; software without data security features and, believe it or not,<\/li>\n<li class=\"p1\">many even use MS Word and Excel software (sometimes pirated copies) that\u2019s most likely infected with some sort of malware.<\/li>\n<\/ul>\n<p class=\"p1\">I was even shown software for a hospital that didn&#8217;t have an iota of security. Even a 6-year-old kid could transfer actual readable data into a USB stick.<\/p>\n<p class=\"p1\">Many don\u2019t even have backups for their data. I literally just received an email now while I\u2019m writing this, this time from a new doctor who signed up for our app. She told me about her experience with a local developer who created some EMR software.<\/p>\n<p class=\"p1\">Here&#8217;s her experience in a nutshell: things started out peachy. But then the developer couldn\u2019t be contacted anymore. Then her hard disk crashed on her. And now? Now the data can\u2019t be retrieved.<\/p>\n<p>Again I have to ask: who was really in control of the data there?<\/p>\n<p class=\"p1\">When going the digital route, data security will <em>always <\/em>be an issue. It should be. We regularly get objections or comments about data privacy\/security and I\u2019m totally fine with it. We\u2019re happy to answer questions about security because it\u2019s perfectly normal to be concerned.<\/p>\n<p>We want our users to know that we take the topic seriously. But here&#8217;s the sad truth: a lot of people still don&#8217;t take it as seriously as they should. Or, if they do, don&#8217;t quite grasp how digital security works yet.<\/p>\n<h2 class=\"p1\">What We Need<\/h2>\n<p>We need some things badly if we&#8217;re to discuss the security question in healthcare data intelligently. Among other things, we need smart regulation. We need\u00a0<strong>standards.<\/strong><\/p>\n<p class=\"p1\">In other countries, they\u2019ve tried to implement security standards. We&#8217;ve talked about HIPAA before, for example. Governments and other key stakeholders should step up and work towards creating a set of rules for treating healthcare data with the respect its owners are due.<\/p>\n<p class=\"p1\"><strong>Education<\/strong> is another important requirement. Too few medical professionals understand what data security means in software. Shamefully, too few program developers are willing to devote resources to it as well.<\/p>\n<p>Does security really matter here? Definitely. It&#8217;s not just about respecting your patients&#8217; right to privacy either. <a href=\"https:\/\/cynergistek.com\/cynergistek-resources\/ponemon-privacy-security-healthcare-data\/\" target=\"_blank\" rel=\"noopener\">It affects even your bottom line<\/a>.<\/p>\n<p><img loading=\"lazy\" class=\"size-full wp-image-1345 aligncenter\" src=\"https:\/\/seriousmd.com\/blog\/wp-content\/uploads\/2017\/08\/Ponemon-Report-Infographic-Copy.jpg\" alt=\"Ponemon Institute data on healthcare data breach costs\" width=\"600\" height=\"532\" srcset=\"https:\/\/seriousmd.com\/blog\/wp-content\/uploads\/2017\/08\/Ponemon-Report-Infographic-Copy.jpg 600w, https:\/\/seriousmd.com\/blog\/wp-content\/uploads\/2017\/08\/Ponemon-Report-Infographic-Copy-300x266.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>Then there&#8217;s this: I&#8217;ve learned that no introduction\/training is offered in medical schools for basic software, so many turn out to be scared with technology until forced to face it during their time practicing outside the country or by the consultant they are working with.<\/p>\n<p>That&#8217;s a lot of missed educational opportunities for something (digital tech) that has every appearance of being a big part of medicine&#8217;s future.<\/p>\n<p>With proper information would come more intelligent consumer demand and selection. The more doctors who understand what to look for in <a href=\"https:\/\/seriousmd.com\/blog\/doctor\">an EHR in the Philippines<\/a>, the more doctors who choose programs that fit their needs. They&#8217;ll be less likely to end up in the situation I mentioned at the beginning of this post: that of being stuck with software they don&#8217;t really like or can&#8217;t really trust.<\/p>\n<h2 class=\"p1\">Back to Cebu<\/h2>\n<p class=\"p1\">Going back to the story, we landed in Cebu, took an uber and got stuck in traffic for 2 hours on the way over to the clinic.<\/p>\n<p class=\"p1\">Once we arrived, we were shown the computer. It was our first look at the software. Then we basically got years of data in 3 minutes. <span class=\"s1\">&#x1f613;\u00a0<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">The doctors had thought it impossible to export their data easily from the Hybrid EHR. The truth? It wasn&#8217;t impossible. <\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">It just seemed like it because of unhelpful user design (there was no button or tool showing them how to do it) and poor customer support (they had asked the other company to help them do it, but it took 3 weeks and was incomplete when Support finally deigned to assist).<\/span><\/p>\n<p>But for anyone with time to tinker about a little with the software or with a good bit of techno-savvy? Piece of cake. And not in a good way.<\/p>\n<p>There were hardly any security mechanisms protecting their data. We took it so easily that they were shocked. We had to admit we were a little alarmed too.<\/p>\n<p class=\"p1\">Anyway, the data was then imported to the doctor\u2019s SeriousMD account and there, it was finally secured and usable with their own accounts. And finally under (their) control.<\/p>\n<p class=\"p1\">Now think about this for a moment.\u00a0This is the type of software being used in many clinics, yet it was considered secure simply <em>because this style of software stores data on a computer<\/em>.<\/p>\n<p>But computers aren&#8217;t intrinsically secure machines by themselves.<\/p>\n<p class=\"p1\">The Cebu doctors were horrified when they saw how easily we took the data from the program. It wasn&#8217;t hard to imagine myriad hypothetical scenarios where other third parties did it too. Anybody could have gone there, started reading the patient details directly from the database or just taken the whole thing.\u00a0Technically, it\u2019s just as secure as an old (and unlocked) file cabinet.<\/p>\n<p class=\"p1\">Where\u2019s the \u201cdata privacy\u201d there?<\/p>\n<h2 class=\"p1\">Conclusion<\/h2>\n<p class=\"p1\">I am by no means saying that everything we do is perfect.<\/p>\n<p class=\"p1\">In fact, we have a bug now that stops you from creating one type of note. We\u2019ve fixed it and we\u2019re just waiting for Apple to finish reviewing it.<\/p>\n<p class=\"p1\">What I\u2019m trying to get at with this post is that when using and recording digital data, the software is not always the same quality and that definitely includes the level of security.<\/p>\n<p class=\"p1\">Please don&#8217;t assume all EMR software will be secure. Don&#8217;t assume either that ads for a particular EHR are telling the truth if they claim it&#8217;s secure. Find out\u00a0<em>exactly how it manages to be secure.<\/em><\/p>\n<p class=\"p1\">Look for things like data encryption and backup. Look for the things that protect you from third-party intrusions and data crashes.<\/p>\n<p><strong>Look for software that empowers you<\/strong>.<\/p>\n<p>An EHR should put control of your data at your fingertips, yet free you from fears of data theft or loss by providing security measures and fail-safe mechanisms. Look for developers who are totally invested in their product and willing to answer all questions you might have for them regarding security.<\/p>\n<p><a href=\"https:\/\/cpnow.me\/d\/5x5o\">Ask\u00a0<em>us<\/em> questions if you need answers!<\/a> We&#8217;re committed to your data&#8217;s security too. Whether you do choose to use SeriousMD or something else, never settle for less than that&#8230; both for your patients&#8217; sake and your own.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We normally publish informative pieces on medicine in the digital age or news about app updates here. But to shake things up, I\u2019ve decided to write about something I realized during a recent visit to Cebu. Consider this an opinion piece with a little story thrown in. The Story We were invited to Cebu by [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1348,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false},"categories":[3],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/seriousmd.com\/blog\/wp-json\/wp\/v2\/posts\/1326"}],"collection":[{"href":"https:\/\/seriousmd.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/seriousmd.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/seriousmd.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/seriousmd.com\/blog\/wp-json\/wp\/v2\/comments?post=1326"}],"version-history":[{"count":15,"href":"https:\/\/seriousmd.com\/blog\/wp-json\/wp\/v2\/posts\/1326\/revisions"}],"predecessor-version":[{"id":1350,"href":"https:\/\/seriousmd.com\/blog\/wp-json\/wp\/v2\/posts\/1326\/revisions\/1350"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/seriousmd.com\/blog\/wp-json\/wp\/v2\/media\/1348"}],"wp:attachment":[{"href":"https:\/\/seriousmd.com\/blog\/wp-json\/wp\/v2\/media?parent=1326"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/seriousmd.com\/blog\/wp-json\/wp\/v2\/categories?post=1326"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/seriousmd.com\/blog\/wp-json\/wp\/v2\/tags?post=1326"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}