HMT: HIMMS award, data breaches, cloud compatibility, who has what it takes to be considered tech savvy, and more
To view this email in your browser, please click here.
HMT on Facebook HMT on Twitter   HMT on LinkedIn 
January 2, 2014

In this issue:

HIMSS Analytics honors Hilo Medical Center with Stage 7 award

Target confirms PIN data was stolen in breach

Is your HIT system cloud-ready? 3 key factors for assessing compatibility

A Snapchat security breach affects 4.6 million users. Did Snapchat drag its feet on a fix?

Who has what it takes to be considered “tech savvy?”

HIMSS Analytics honors Hilo Medical Center with Stage 7 award

HIMSS Analytics announced that Hilo Medical Center, located in Hilo, HI., has received the acute care Stage 7 award. The award represents attainment of the highest level on the Electronic Medical Records Adoption Model (EMRAM), which is used to track EMR progress at hospitals and health systems.

HIMSS Analytics developed the EMR Adoption Model in 2005 as a methodology for evaluating the progress and impact of electronic medical record systems for hospitals in the HIMSS Analytics™ Database. There are eight stages (0-7) that measure a hospital’s implementation and utilization of information technology applications. The final stage, Stage 7, represents an advanced patient record environment. The validation process to confirm a hospital has reached Stage 7 includes a site visit by an executive from HIMSS Analytics and former or current chief information officers to ensure an unbiased evaluation of the Stage 7 environments.

During the third quarter of 2013, 2.2 percent, of the more than 5,400 U.S. hospitals in the HIMSS Analytics® Database, received the HIMSS Analytics Stage 7 Award, “I applaud Hilo Medical Center’s HealthConnect team, our staff and physicians for achieving Stage 7, the highest level in the quality assurance process for the East Hawaii Region’s electronic medical record system,” said Howard Ainsley, East Hawaii Regional CEO of Hawaii Health Systems Corporation. “This accomplishment puts our hospital at the highest level of EMR adoption and implementation, which means we have a well-tested system to care for our patients with the highest level of safety, privacy and functionality. We would also like to thank our EMR partners, MEDITECH and Health Systems Informatics, Inc. for their continued support and guidance through the ever-changing Healthcare IT landscape. Their partnership with our organization has been critical to achieving this national recognition for our community.”

Read the full news release here

Return to the table of contents >

Target confirms PIN data was stolen in breach

Target confirmed Friday that debit card PIN data was stolen in its recent massive breach, reversing its earlier stance that the codes were not part of the hack.

However, the retailer believes the PINs remain "safe and secure." In a statement, Target (TGT, Fortune 500) spokeswoman Molly Snyder said the PINs are "strongly encrypted" and were never stored on Target's systems in plain text.

In other words, from the moment a customer entered a PIN after swiping a debit card, Target's payment system translated that number into an indecipherable string of code. Target claims that the PINs remained encrypted after they were stolen.

Not only are the PINs encrypted, Target says the numbers can only be decrypted by the independent payment processor, which holds the decryption key. That key is necessary to translate the unintelligible code back into the PIN. Target said the key was not stolen as part of the breach, because it never existed within the company's systems.

Target says it uses the Triple Data Encryption Standard to encrypt its PIN codes. Per Thorsheim, an Independent password security consultant, said the PINs encrypted with the Triple DES algorithm would be "difficult or impossible to decrypt," if the payment processor's decryption key was robust enough. Target declined to comment on the identity of its payments processor.

That means it is very unlikely that thieves would be able to withdraw money from ATMs using stolen debit card information. Consumers are protected from certain instances of debit card fraud, but cash withdrawals and purchases made with a PIN can be tricky to reverse.

Read the full CNN article here

Return to the table of contents >

Is your HIT system cloud-ready? 3 key factors for assessing compatibility

While a mere 4 percent of the healthcare industry currently takes advantage of cloud computing, a recent MarketsandMarkets study forecasts this trend will soar within a few years, equating to nearly $5.4 billion by 2017. In a market now inundated with software and infrastructure options, more healthcare organizations are strategically moving their existing legacy systems to the cloud to achieve potential cost-savings as well as improved HIT system performance, future scalability (performance and storage), increased productivity and higher security.

Though the cloud's many benefits often allow healthcare organizations to better focus their resources on patient care, not every health information technology system is cloud-ready. Before hospitals or healthcare systems transition to the cloud, leaders must take a holistic approach to determining whether HIT systems are compatible. Three key factors to evaluate are connectivity, data security and the system’s architecture.


If an organization's HIT system is located offsite, there must be a very high performing and highly reliable connection to the system — including built-in redundancies — so it can always be accessed even under disastrous conditions. Whether an HIT system is local or remote, losing access to essential information like medication lists or health histories contained in patient electronic health records could be detrimental to patient safety and care.

First, hospital executives and health information management professionals need to determine the service levels they must have to safely and reliably maintain access to their systems. These include performance (speed of individual transactions), bandwidth (how many transactions can be accommodated at one time), reliability (what is sent is what is received), and availability (percentage of time available). Then, working with network service providers, they must evaluate and balance the costs associated with the desired service level. For example, 99.99 percent availability may be possible, but might be cost prohibitive. Redundancy is the most important part of achieving connectivity because the hospital needs to ensure that if the utility backhoe on the west side cuts the network line, the line on the east side will provide continuity. If the current network does not meet the desired service levels, it must be upgraded or replaced.

Data security

Healthcare executives understand the importance of data security and the implications of potential breaches, which is why ensuring patient data remains secure and private is a top priority for healthcare organizations. Moving to the cloud and using secure data centers provides many safeguards that do not exist with traditional environments.

Two important factors are the physical security of the systems and the processes used to monitor and maintain security. Consider cloud services hosted in data centers assessed and certified through federal programs such as the Federal Risk and Authorization Management Program that meet standards set in the Federal Information Security Management Act. These certified cloud services providers have already gone through hundreds of physical security and process validations so that healthcare providers don't have to. However, before moving to the cloud, organizations should take the time to evaluate the security of their applications, reviewing standardized guidelines and regulations for protecting patient data (such as HIPAA), and ensuring they meet requirements for storing and processing this information.

Read the full Becker’s Hospital Review article here

Return to the table of contents >

A Snapchat security breach affects 4.6 million users. Did Snapchat drag its feet on a fix?

Snapchat users are waking up to troubling news: Thanks to a gap in the service's security, the phone numbers and usernames for as many as 4.6 million accounts have been downloaded by a Web site calling itself

The hack appears to be real, affecting at least one member of the TechCrunch editorial team and possibly Snapchat founder Evan Spiegel himself.

To see whether your account is among the compromised, you can use this basic Web site, whipped up by a couple of developers named Robbie Trencheny and Will Smidlein, that simply checks the list for your details.

SnapchatDB reportedly gained access to the Snapchat data through a vulnerability disclosed by a group of security researchers last week. In a report posted on Christmas Day, Australia-based Gibson Security explained how the app's Android and iOS API could be hacked to expose user information.

Two days later, Snapchat wrote a blog post saying it was no big deal -- that it had put in place some obstacles to "make it more difficult to do."

"We are grateful for the assistance of professionals who practice responsible disclosure," Snapchat said, "and we’ve generally worked well with those who have contacted us."

Read the full Washington Post article here

Return to the table of contents >

Who has what it takes to be considered “tech savvy?”

For the last 34 years, Health Management Technology has been exploring and chronicling the growth and development of computers and other technologies used in healthcare organizations to provide high-quality patient care.

This year we’d like to shine a klieg light on those hospitals, hospital systems and integrated delivery networks (IDNs) that make optimal decisions about the tech they need and want (in that order). We’re not just looking to recognize those organizations with deep pockets and a fiscal war chest that allows them to stock up on all the latest tools and toys. Instead, we’re looking to recognize those facilities that make optimal use of the tech they have – leaving few capabilities untouched – whether large or small, cash-full or cash-strapped.

Here’s where we need your help. Within your organization or within your customer base, who’s using technology to perform top-notch, innovative work? How do they excel in being cost-conscious, efficiency-driven, clinically motivated and patient-centered? What are their ideas and special activities that generate quality outcomes? We plan to publish mini-profiles of these organizations in HMT’s March 2014 edition, relying on your recommendations.

1. If you were to look at your current customer/membership roster, what are the top five hospital, hospital system and/or IDN organizations you’d recommend we consider for this list? (Please provide the organization name, city, state and proper contact information, including name, title, email and telephone number, for each of the five organizations you recommend.)


2. For each of the suggestions above, please highlight in a few bullet points and/or sentences why you believe this organization’s operation measures up to being “tech savvy.”

Recommendations should be submitted to HMT via email,, no later than Monday, January 20. Please note that you or your company will not be identified as recommending any organization. At the end of the “official” recommendation list, we will ask our readers to submit organization names that they feel should have been included and that HMT should consider for the 2015 compilation.

Feel free to pool as many folks as you’d like within your organization for recommendations. As always, we appreciate your help and insights and we look forward to sharing them with our valued readers.

Return to the table of contents >


View the NEW exciting White Papers and Webinars on HMT!

Surviving value-based purchasing in healthcare

Late-binding: Why you DON'T need a comprehensive data warehouse model

Click here to read these white papers. >

January 2014  HMT digital book

Industry News

HIMSS annual call for committee volunteers now open
HIMSS announces its Annual Call for Committee Volunteers for the 2014-2015 fiscal year. Serving on a HIMSS...
Read more>>
23 states receive over $307 million in bonuses for enrolling children in health coverage
The Centers for Medicare & Medicaid Services (CMS) has awarded over $307 million in performance bonuses to 23 states for...
Read more>>
HIMSS Analytics honors Hilo Medical Center with Stage 7 award
HIMSS Analytics announced that Hilo Medical Center, located in Hilo, HI., has received the acute care Stage 7 award. The award...
Read more>>
2013 HIMSS compensation survey finds two-thirds of respondents received a salary increase
No matter what the job setting, at some point, every health information technology professional ponders, “Am I really being...
Read more>>
Federal health market surpasses 1 million signups
A December surge propelled health care sign-ups through the government’s rehabilitated website past the 1 million...
Read more>>




Subscribe to the
HMT newsletter



Subscribe to HMT

Resource Guide

Media Kit


Career Builder

White Papers

Advertising Inquiries

Editorial Inquiries

Website and Newsletter Inquiries

Subscription Inquiries

HMT Online Only features

Subscribe to Health Management Technology | Contact the Publisher | Advertise With Us  |   Privacy Statement

Copyright 2014 NP Communications LLC, 2477 Stickney Point Rd, Suite 221B, Sarasota, FL 34231