Source: Apple

Have you ever looked over a doctor’s shoulder when they are using an EMR?  What you see is hard to describe. Picture a crowded screen with fields, data,  buttons and menus that fill up the entire screen.  Picture a screen so crowded that if you wanted to add another data field you would be hard pressed to find some real estate on the already crowded screen. But if you keep watching you would be even more amazed.  If a doctors wants to send an electronic prescription to a pharmacy for the patient she might have to click on 4 or 5 pages to accomplish the task. The amount of options and choices that the doctor has to navigate through is truly daunting. What I just described is not true for every EMR.  With over 300 EMRs on the market, and growing, some of the EMR vendors have figured out usability and design.  But unfortunately many of the vendors have not.

Up until about 5 months ago I have been a dedicated and devoted user of Windows based applications.  My time on Apple computers was very rare.  And I admit that I have engaged in the typical technology driven arguments that the Windows operating system was superior to the Apple operating system.  In fact, I always failed to understand the cult based Apple loving mindset.

Fast forward to the present and after purchasing an Apple iPad my perspective has changed.  I won’t go into details about the iPad because by now you would have to be living under a rock to not know about the smashing success that Apple has had with the iPad.  The one thing that I will point out is how good the interface and usability is on the iPad.  I am amazed that without a keyboard and with only one button on the front of the device, how easy it is to use and navigate iPad (iOS) applications.  And I totally understand your doubt if you have not used an iPad but I ask that you trust me on this one.

iPad EMRs

So can the usability of the iPad be leveraged for EMRs?  Clearly an iPad strategy is a must for most of the EMR vendors. Will they take their existing user interface and shoehorn it into the iPad or will they totally redesign the interface and focus on usability?

For more insight into how some of the EMR vendors have approached the iPad check out this post over at Software Advice.  They go into the booming demand for iPads and tablets as well as review some of the existing iPad EMRs and applications.

Source: Cisco 2010 Annual Security Report

Cisco released it’s 2010 Annual Security Report (pdf).  Some of the findings and trends are very interesting. Cisco found that Microsoft’s improvements in Windows 7 and more aggressive patching of vulnerabilities are making it more difficult for hackers. In response, hackers are moving their target to mobile devices.

Hackers are also taking advantage of new opportunities to make money. In response to vulnerability exploits in various Windows PC operating systems, Microsoft has improved security in Windows 7 and taken a more aggressive approach to patching vulnerabilities. This makes it tougher for scammers to infiltrate Windows 7 effectively; having reached the Windows vulnerability “tipping point” (see page 30), they have moved on to other operating systems, applications, software services, and devices such as smartphones, iPads, and iPods. Apple and its products, including iPhones, iPads, and the iTunes media service, have all experienced upticks in exploits. Just as important in driving this trend is the embrace of mobile devices and applications by consumers and enterprises.

The worldwide adoption of mobile devices presents even more opportunities for intrusions and theft. While security researchers have identified many focused scams that target mobile devices, a widespread incident is almost certainly on its way. To date, scams have targeted select groups of mobile users, such as customers of a specific bank. The massive and relatively new market for mobile applications also offers new markets for criminals. Researchers have detected exploits in which wallpaper apps for Android Market, the app store for the Android mobile operating system, have been collecting mobile subscriber information and sending it to a website owned by a scammer.

Cisco points out the emerging problem associated with Social Networks as well:

Criminals continue to take advantage of the high levels of trust that users place in social networking services. They often exploit this trust by masquerading as someone the user knows.

One noticeable shift in social engineering is that criminals are spending more time figuring out how to assume someone’s identity, perhaps by generating emails from an individual’s computer or social networking account. A malware-laden email or scam sent by a “trusted person” is more likely to elicit a clickthrough response than the same message sent by a stranger.

Spammers are not only spoofing social networking messages to persuade targets to click on links in emails—they are taking advantage of users’ trust of their social networking connections to attract new victims. As communications shift from traditional email and toward the messaging features used in social networks, such as those provided by Facebook and LinkedIn, criminals follow closely behind.

Weak passwords continue to be a problem:

In spite of pleading from IT professionals to choose tough-to-guess security passwords, workers are still disconcertingly likely to come up with something like “password1!”—or simply attach a few numbers, like “123,” to the end of a word. The problem of weak, guessable passwords is not a new one, but it isn’t going away—in fact, it’s getting worse, as users are forced to create several passwords for different systems and change them every 60 or 90 days.

There is a very sad article out today about how a cancer researcher had a laptop stolen from her car that possibly had a cure for prostate cancer.  The researcher at Oklahoma University, Sook Shin, had her laptop stolen from her car while she was at a local restaurant.  When she came out of the restaurant she found her window smashed and the laptop gone.  What is worse is that the data was not backed up.   Her and her husband are offering up a $1,000 reward for the return of the laptop.

Sook said that some of the data could take 2 years to recreate but some of the data could never be replicated.  The loss of this data could push back a cure for prostate cancer.

As unfortunate as this story is, it is a very good example of the importance of protecting data on portable media including laptops and USB drives.  Many people don’t think about it until the laptop or drive is lost or stolen.  So whether it is your personal laptop with priceless pictures of your family or vacations, or whether it is a work related computer; make sure you protect the data.

For personal computers I found that services like Dropbox, Mozy or Carbonite work very well.  These low priced backup solutions are perfect for protecting your valuable data.

For business, I recommend the following:

• Laptops and portable media are very likely to be lost or stolen, as this story shows.  Make sure you encrypt any and all portable media devices to protect the contents of the data.
• Ensure that you are backing up your data to a network share that is included in the network backup routine.  (make sure your network administrator is encrypting the backup tapes or drives as well).
• Laptops that are transported from the office to home might contain data that has not been backed up since the last time it was in the office.  If you are going to save the data periodically at home, make sure you use an encrypted drive as well.

Finally, let’s hope that the researcher’s lost laptop is returned with it’s valuable data intact.

In the movie The Perfect Storm, all the forces had to come together to cause the perfect storm.  A storm so big and so powerful, well you know,  the Andrea Gail had no chance against the storm.

If I was to think of a scenario where everything came together to cause an environment where there were a huge amount of data breaches affecting patient data, this is what I would come up with:

1. The government would encourage health organizations to switch from paper records to electronic records by giving away billions of dollars to provide incentives.
2. The government would not give these organizations the money upfront but would slowly pay them over a few years.
3. The health organizations would spend an enormous amount of money implementing electronic medical record systems.
4. The large outlay of money would leave these organizations financially strapped with minimal resources for training and security of the new EMR systems.
5. A severe economic recession would cut down on the amount of patients that these health organizations would provide services to.  This would add to the financial burden already being felt by the organizations.
6. A shortage of skilled IT workers would make it difficult for health organizations to find workers to help secure these new EMRs.
7. Computer viruses and malware would become more sophisticated and harder to prevent.  The malware would steal data and leak patient information to external parties.
8. Portable devices, laptops, tablets and smartphones would become cheap and ubiquitous.  These portable devices could easily hold  a lot of patient data.
9. A large number of portable devices would be lost and/or stolen.
10. Patient medical data would become valuable and would be in high demand by criminals looking to utilize the data for identity theft and other crimes.
11. The government’s regulations protecting patient medical data would largely be ignored due to a lack of resources and a lack of government enforcement.

Altogether these forces would cause the perfect storm of patient data breaches.  Hundreds of health organizations would have data breaches.  Millions of patients would have their information compromised.  And while this was occurring the government would sit back and watch.

The scenario is very frightening.  Good thing stories like this only happen in the movies.