INSIDE THE OCTOBER 2006 ISSUE:
Log on and take
Are you tired of reminding your patients to take their medications and
eat wisely? You may want to consider some of the new computer
applications that physicians are using. This software, some of it
web-based, is designed to help patients with chronic health conditions
such as diabetes, high blood pressure, and high cholesterol levels to
take increased responsibility for their own care.
Security tips for
For the readers of Technology for Doctors, few subjects are more
important than computer and network security. Security is an issue for
doctors, whether or not they are using EMR solutions. Physicians who
continue to use their paper-based record keeping methods are interested
because they often cite security concerns as their major reason for not
Editor's note: Through thick and thin.
News: B.C. helps doctors accelerate shift to EMR;
Gaming console in memory clinic; Wireless wound care set to go national;
Over 20% of physicians use EHR.
Tech: Benefits of HP flat panel monitor are clear; Vonage USB
flash drive is also a VoIP phone; Fujitsu LifeBook Tablet PC is light
and versatile; HP xw9400 workstation is more than a PC; Xerox 4118
outperforms alternative products.
Chatroom: An information-poor heritage industry –
that’s Canadian healthcare.
Log on and take your meds
Chronic Disease Management software is designed to help patients with
chronic health conditions take increased responsibility for their own care.
Are you tired of reminding your
patients to take their medications and eat wisely? You may want to consider
some of the new computer applications that physicians are using. This
software, some of it web-based, is designed to help patients with chronic
health conditions such as diabetes, high blood pressure, and high
cholesterol levels to take increased responsibility for their own care.
Chronic illnesses present a unique challenge. They can progress in silent,
significant ways, yet care is often self-administered at home, outside the
supervision of healthcare professionals. Patients can be undisciplined about
taking medication, following special diets or doing what they otherwise
might to prevent potentially-serious flare-ups. Physicians aren’t as able to
pay strict attention as they are in a hospital setting.
Province-wide patient databases and electronic medical record systems will
eventually link physicians, other healthcare providers, and patients in
unprecedented ways which will strengthen the relationship between all
parties. For now, however, electronic offerings are piecemeal. Web-based
chronic disease management tools are no exception.
High blood pressure is a classic example of a chronic health problem.
According to the Canadian Heart and Stroke Foundation, five million
Canadians have high blood pressure. Yet, Dr. Claude Laroche, a Montreal
general practitioner, says many patients don’t take medication when
prescribed, or follow physician advice.
“People aren’t generally aware of their blood pressure,” Laroche says,
expressing a view common in the medical establishment. “When we tell them
it’s high they don’t necessarily stick to their medication or make any
changes to the management of their lifestyle. They don’t take it seriously.”
Pharmacists can help educate patients about prescription drugs, yet this is
often not sufficient.
Laroche says Novartis, the drug company behind Diovan-brand high blood
pressure medication, offers a comprehensive patient support program with
access to a web site, www.Diovan.ca,
where patients can enter and track their own blood pressure readings over a
period of time and print ongoing results for their physicians.
“Patients enter their data on the site, using an identification code, and
then see exactly what’s going on,” says Laroche. “They can also chart when
they take their pills. Ultimately, this helps the counseling I give my
patients – it helps them be compliant about taking the medication I
Aside from letting patients record their blood pressure readings,
www.Diovan.ca is largely educational,
covering everything from risk factors to the benefits of exercise and diet.
“It tries to give a complete picture to the patient so that they can take
care of themselves,” Laroche says.
Novartis isn’t the only drug company offering an online adjunct to
prescribed medication. Pfizer maintains lipitor.ca for patients taking its
drug of the same name, which helps control cholesterol, while Astra-Zeneca,
which markets Crestor, maintains a site where patients can track their data
and chat online with dieticians, pharmacists, and other professionals.
The pharmaceutical company sites tend to be more patient-oriented than
doctor-oriented, though there are exceptions. Laroche cannot access patient
information online because the data is password-protected by the patient. “I
simply prescribe the medication when it’s appropriate, tell my patients
about it, and get any information they print for me.”
Laroche says he sees the services as a valuable adjunct. “There’s lots of
choice for good high blood pressure medication, so if you get more service
from a particular company – either for the doctor or for the patient – then
you’ll prescribe that medication. For me it’s a good incentive to prescribe
the brand name.”
Many companies offering hand-held blood-glucose meters offer software that
either doctors or their patients can download and install on their computers
and, with a USB cable, transfer data from the meter to their PC.
“Once you put a test strip into the meter, the system turns itself on
automatically, does the reading and stores the data in memory,” says Russ
Newsome, a Bayer vice-president who oversees his company’s Ascensia-branded
diabetes products in Canada. “The user can then write the reading down in a
(paper) notebook or transfer it to a computer using the software.”
Newsome says patients have access to information about diabetes and a
password-protected area to track their blood-glucose levels over time.
Patients can provide the information to their physician or bring in the
meter and cable if the physician has the proper software.
Dr. Ira Bernstein, a Toronto family doctor with a substantial diabetes
practice, says he has software compatible with several glucometers and
generally prefers to let his office handle the data transfer. “A lot of
diabetics are older and do not use computers, and many of my patients do not
speak English as their first language. Patients can get the software and
hardware if they want to do it themselves, but this particular software (Ascensia’s
WinGLUCOFACTS Professional) has a lot of information that I think is beyond
the reach for many patients.”
Bernstein says the data is downloaded immediately and he can review it with
each patient during their visit. “It only takes seconds. I can tell right
away if their glycemic control is good, and I can spot trends – say, where
changes in diet or medication management are making a change. For patients
who are on insulin, it’s particularly helpful in dosing because you have to
know glucose responses based on time-of-day. There are a lot of parameters
involved in adjusting insulin.”
Bill Pascal, chief technology officer with the Canadian Medical Association,
says web-based tools can help patients maintain regimes governing
pill-taking, diet, weight loss or blood pressure levels. He adds, however,
that physicians should be careful about relying on companies providing
medication to also provide educational information for patients.
“We should try to put a wall between the product-providing companies and the
provision of care and care advice,” Pascal says. “The doctor may have the
patient on some type of drug regime, but the service that the patient gets
access to should not be tied to a company selling some kind of product. We
need to ensure that this doesn’t influence the type of healthcare paths we
put people on.”
These concerns notwithstanding, Pascal sees online chronic disease
management tools heading in a new direction, away from individual companies
and more under the scope of regional healthcare providers and provincial
“There’s experimentation going on in a few places in Canada that isn’t tied
to any kind of medication or institution. Most healthcare initiatives are
being driven at the regional level, where they’re doing all the really heavy
lifting of IT systems, and most provinces are starting down the road of
building the connectivity layer, the connections between all the points of
care. This is becoming web-enabled, and people will be able to log on and
send information back and forth.”
As Pascal sees it, patients with chronic conditions would have monitoring
kits at home and be able to log into a common area and, with privacy
measures in place, enter readings and other data for access by authorized
members of their care team. It’s entirely possible, Pascal says, that
governments will purchase rights to the systems and technologies some drug
companies have put into place, or simply implement similar monitoring
systems. “A province could even buy the rights to use the product, cut ties
with the drug provider, and develop the system province-wide.”
British Columbia and several other western provinces have taken initial
steps in this direction. In 2003, a group of 65 primary-care physicians on
Vancouver Island teamed up to address quality improvement in chronic care
management. With the Vancouver Island Health Authority, the B.C. health
ministry, IBM and other partners, they developed a prototype patient
database and toolkit for chronic disease management.
“We rapidly figured out that it was bigger than this group of 65 doctors, so
we turned it into a provincial initiative,” explains Rosemary Gray of
Greymartin Consulting, a project partner specializing in healthcare
With 800 primary-care physicians using the system, along with close to 500
nurses, specialists and other healthcare providers, the toolkit features a
database organized by patient, with one-page clinical flow-sheets that track
and simplify data for individual chronic conditions.
“It provides a personalized computer print-out of the most recent data and
all the key medical and clinical elements that need to be tracked,” Grey
says. “Patients love it when their doctors give it to them – it brings
patients to the point where they’re partners in their own care.”
Dr. George Wray, a general practitioner in Saanichton, B.C. who has been
active around the provincial database and toolkit since their inception,
says the toolkit helps him help his patients. “With the average patient with
a chronic disease, the information was scattered throughout a paper file
that was two inches thick. Now everything I usually need to know for each
condition is on just one page. It’s the nuts and bolts of what I need to pay
Each time a patient visits, Wray updates the data and charts everything on
graphs. “It gives me feedback on how my patients are doing, individually and
as a group. I can find out if I’m doing a good job. If I have a patient who
is really at risk or hasn’t been in for awhile, I can call them for a visit
and review everything.”
One of the key responsibilities in chronic disease management, Wray says, is
continuity of care and keeping patients on track, educated and managing
their own conditions. “If you can do all that you’re going to prevent a lot
of trouble for the patient down the road.”
B.C.’s chronic disease management strategy, including the Toolkit, has
attracted attention from other provinces. Under the Western Health
Information Collaborative, Canada’s four western provinces are creating
technical standards for managing data pertaining to chronic disease
management. Separately, B.C., Saskatchewan and Manitoba are upgrading the
Toolkit to implement standards across a wider geographical area.
Project partners anticipate that standardization will bring benefits,
including the ability to move patient data across provincial lines –
necessary if a patient travels or moves. As Rosemary Gray sees it, toolkit
functionality will eventually end up as part of larger-scale electronic
health records. “There will no longer be the need for a separate application
like this because it will be available at the healthcare provider’s
fingertips through the EMR in their practice, and any comparative reporting
that integrates data from multiple healthcare providers in multiple
locations will be available through the larger electronic health record.”
How soon? “It depends on how you define EHR and how far you go, but you’ll
start to see this kind of movement within a year or two.” •
THE CONTENTS LISTING
Security tips for EMR
EMR vendors give common sense suggestions to improve
security on EMR systems.
By Issie Rabinovitch
For the readers of Technology for
Doctors, few subjects are more important than computer and network security.
Security is an issue for doctors, whether or not they are using EMR
solutions. Physicians who continue to use their paper-based record keeping
methods are interested because they often cite security concerns as their
major reason for not computerizing.
We turned to several respected providers of EMR systems in Canada to get
their latest thoughts on how doctors can best protect their data and systems
and also to get a better feel for industry trends in security. We spoke with
representatives of Wolf Medical Systems, Nightingale, Healthscreen, and
Clinicare as well as a noted security expert at Hewlett Packard.
It seems that 2006 has already featured more major security breaches in
healthcare than a typical year. No incident has attracted more attention
than the temporary loss of a laptop and an external hard drive with 26.5
million patient records belonging to the Veterans Administration in the
United States. That in no way diminishes the importance of the cases in
Canada that have involved mere tens of thousands of records. The theft or
loss of even a few records containing private and sensitive data is an
All of the interviews were conducted independently of each other and no one
was aware of which other companies were being approached. There was general
agreement on the major issues, but some of the experts chose to stress
particular topics that the others did not. A large amount of valuable
information was generated, more than can be reported here.
Everyone I spoke with said that most users of EMR software, from single
doctor offices to large clinics, are sloppy in their implementation of
security measures. In some cases, I was told, it was due to a lack of
knowledge but often doctors and clinics knowingly lower their security in
the name of convenience and saving time.
There is no “silver bullet” to combat all security threats. Good procedures,
informed users, good security products implemented properly, and continued
vigilance are the best that can be done. No data is ever totally safe, but
everyone should strive for an acceptable level of security.
Nightingale Informatix is primarily an ASP EMR provider, the first in
Canada, but also produces software which can be run on local servers. It’s
the ASP version of Nightingale’s software that is typically used in doctor’s
offices and clinics.
Alia Mourtada, Vice President, Product Strategy believes that the burden to
ensure that data is secure shouldn’t fall on the vendor only. As she put it,
“A system may be HIPAA or PIPEDA-compliant, but that doesn’t stop someone
from printing patient data and leaving it in the waiting room.”
Like almost everyone else approached for this article, she mentioned the
importance of encrypted backups, stored off-site in a secure facility. She
recommended that a service that provides secure vehicles be used to
transport the backups on a daily basis. She admitted that the percentage of
clinics that do this is very small.
In Mourtada’s opinion, ASP solutions are more secure than solutions that run
locally, at least for smaller institutions. “The ASP environment that
Nightingale creates can’t be replicated by doctors in their offices. No data
is stored locally and nothing is cached.”
Wes Stonos, Sales and Marketing Manager of Healthscreen, was very blunt in
stating some of his opinions.
“Regardless of procedures in place, no data is totally secure. If someone
really wants to get at something, they’ll find a way.” He also said,
“Smaller practices don’t understand data security issues.” He referred to
the problem of multiple users logging on with the same user name and
password, which he called a bad practice and one of the biggest
vulnerabilities, both to the EMR data and the network.
Healthscreen tries to educate users about this and other elements of basic
security but, like the rest of the industry, it is hoping for doctors to
become computer literate.
Stonos cited wireless networking as another serious vulnerability. He has
sat in his car in many customer parking lots and noted that their wireless
networks had no security or encryption.
Encouraging doctors to back up data daily is still a problem. In answer to
the question “What do they do in the case of a system crash?” he replied,
“They reconstruct the data from their paper trail.”
Stonos continued by saying, “Contrary to what some believe, computer data is
more secure than paper data, provided that proper backups are in place. If
someone steals your paper files you’re not able to function since there are
no copies. With digital data you have a backup and you are only slightly
Devin Nate is Clinicare’s manager of network architecture. Their software,
which runs on a local server, is protected by many layers of security.
However, he admitted that there was nothing to stop someone with
administrative logon privileges from downloading the data onto an external
drive and walking out of the clinic with it. It appears that no system can
prevent what happened in the infamous VA affair in the U.S.
He compared the pros and cons of an ASP model with running software from a
locally housed server. On the ASP side of things, there’s excellent ongoing
monitoring by security specialists but your data becomes a bigger target to
hackers around the world. With a local server, it is possible to reduce
exposure to the outside to a minimal level but difficult to maintain a high,
professional level of monitoring.
According to Nate, the biggest security concern is user error, such as using
a weak password. He can break into many systems in seconds by making
intelligent guesses about passwords. Strong passwords may be less convenient
for the user but they offer much greater security. Using strong passwords is
even more important, in Nate’s opinion, than changing passwords on a regular
Clinicare performs periodic audits of customers systems and notifies users
of weak passwords. Customers who want to continue to use weak passwords,
despite the risks, are asked to sign-off on this. Amazingly, a substantial
number of clinics choose to stick with their simple password “strategy”.
Just using strong passwords is not enough. Nate has often noticed passwords
left on sticky notes placed on desks or monitors, which defeats whatever is
gained by using strong passwords in the first place.
Nate raised an issue about laptop security that no one else brought up. He
believes that clinics should not allow laptops to go home. Once the kids
play with a laptop, it is likely to develop vulnerabilities. Like many good
security practices, this makes a lot of sense but it is very hard to
Vali Ali of Hewlett Packard works full time in security, although healthcare
is just one of the industries he is concerned with. His specialty is
security issues involving mobile computers, and he has the fascinating job
title of Distinguished Technologist. He is based in Houston.
According to Ali, security breaches on networks and applications are often
related to lost or stolen notebooks. “Criminals are moving faster than we
are,” he said and offered some surprising numbers: 60% of sensitive
information loss stems from lost or stolen laptops versus 25% being related
to network intrusion. 50% of network intrusion cases are based on
information recovered from lost or stolen laptops.
The implication is obvious. Laptops need to be protected.
“There is no silver bullet to deal with all security concerns. Smart cards
with biometrics are the best you can do right now, but people leave their
smart cards in their notebooks – which get stolen.”
In his experience, biometrics can work well but it isn’t always a popular
approach with users. “No one wants to poke his eye in a camera 10 times a
day to be authenticated. Seamless challenge response with something you
have, such as a wireless smartphone containing your certificate, can be a
better solution. Seamless multi factor authentication is even better.”
According to Ali, the best level of security is attained when authentication
rooted in hardware is required. Unfortunately, that technology is not found
in many clinics. •
THE CONTENTS LISTING
SUBSCRIBE - ADVERTISE -
ARCHIVES - CONTACT US