Binary Message Carrier

HL7 & Pneumatic Tubes

As a child I remember asking my Father what he did for a living and as an engineer he gave me a vivid description of the intricate network of tubes that his firm designed so that the clients could deliver documents throughout their organizations. Just a simple press of a button and the contents of inside the plastic carrier tube would be whisked away from one point to the next. Reports, checks, and documents all transported at the speed that the compressed air could push them around the pneumatic tubes. Even though old technology, pneumatic tube systems can still be seen in many banks today at the drive-in lanes. As I have reflected on those conversations with my Father, I have realized that in some funny kind of way I ended up in a career very much like him, only a technology generation later.

Modems and Pneumatic Tubes

Dozens of recruiters call me monthly and while some have become friendly voices, most of the callers typically do not have any idea of what we do as consultants. I find that I frequently have to explain what healthcare IT consultants do so that the recruiter understands what sort of jobs that would be of interest to technologists like myself.

My early healthcare career was with a medical transcription firm that employed remote transcriptionists. Dial-up modems were used to download dictation files to the employees’ workstation and the typed reports were uploaded at speeds of up to 2400 baud (if you don’t know how slow that is, don’t ask – it will make me feel really old!). I have fond memories of the modem screech indicating the end of a productive shift as documents slowly made their way to remote servers via FTP.

What Does an HL7 Interface/Engine Do?

The HL7 Interface is the virtual “pneumatic tube system” of our time, much like the physical systems my Father designed with the biggest exception being the electronic “tubes” extend far beyond the physical walls of the organization.

HL7 has evolved even further along as the modern day cloud-based architecture has arrived. HL7 bridges the gap and allows disparate healthcare systems to communicate patient data between the hospitals, payers and other interested parties. Every Electronic Medical Record (EHR) system uses HL7 as the standardized protocol for information exchange – HL7 is the “international language” for healthcare data.

Every single facet of a healthcare organization is affected by an HL7 engine:

  • Registration
  • Orders (clinical and other)
  • Reslits and observations
  • Queries
  • Finance
  • Master files and indexes
  • Document control
  • Schedliing and logistics
  • Personnel administration
  • Patient care planning
  • Network synchronization
  • Laboratory automation

HL7 enables software from different companies to reliably exchange information thereby improving hospital workflow, increasing revenue and most importantly of all improving patient safety and care. The definitions in HL7 concentrate on the logical arrangement of data and what is meant by information in various parts of the message. HL7 is secure and is encrypted during transmission between systems.

Why HL7? What happened to HL1, HL2, HL3, HL4, HL5 and HL6?

The Internet is built on a set of technology specifications that detail computing at different levels. Historically, the application level has been a the 7th layer and as the data exchange described by HL7 is between healthcare applications (not, for example, between the computer’s network hardware), the HL7 non-profit organization named the standard “HL7”, reflecting is technology fact.

Medarcus is one of many consulting firms expert in delivering HL7 systems to the healthcare industry. We focus on the technology so the clinicians can focus on what is most important that is Patient care.

For more information, feel free to contact me:

Varna Kadambari, CEO and Principal Consultant Medarcus
https://www.linkedin.com/pub/varna-kadambari/17/308/199 | www.medarcus.com

Padlock hanging from metal cable

Computer Security In Healthcare - A Very Real Concern

The Healthcare industry has unique data security concerns given HIPAA privacy and security regulations. Our industry must take great care to protect patient data, but how can we do this given the daily news of cyber crime and data theft from even the biggest and most successful companies in this country? There is no escaping the fact that the responsibility belongs to all of us for patient data security. Healthcare professionals across the entire spectrum of services we provide from clinical staff, administrators, to the IT staff itself – all must be aware of the security threats that face our facilities daily. The human element tends to create the biggest opportunities for exploitation and penetration of our IT systems.

Why Our Facility?

Many healthcare facilities might wonder why would anyone target our IT infrastructure. The answer may surprise you, but many times cyber criminals are interested in the computing infrastructure itself for use in other illegal activities such as storing data (for example stolen movies, pornography, hacked user data from other systems and so forth) or using the computing cycles to attack other networks. One fairly common usage of hacked machines is for hackers to controls dozens to hundreds of machines (“bots”) to overwhelm target networks with connection requests. Of course the cyber criminals might also seek credit card numbers from your patients or your corporate financials or even worse, your patient data for identify theft purposes.

Do not be lulled into a false sense of security if you think your facility it too small to be a target – small businesses, in fact with limited IT staff and small cyber security budgets are well-known and easy targets for hackers. No matter what the reason for an attack might be, it is imperative that all healthcare facilities periodically perform security audits to ensure the systems are as secure as possible – the risk is simply too high not to do this verify your systems are secure.

Recently Community Health Systems (CHS), the largest non-urban provider of general hospital healthcare services in terms of number of acute care facilities, experienced a massive breach resulting in the exposure of 4.5 million patient records, making it the second largest breach in HHS’ records dating to 1997. Foreign hackers, believed to be from China, struck in April and June of this year and the long-term repercussions could be devastating. If one of the largest health systems in the country is not secure, what does this mean for your office or healthcare facilities?

The Human Element

Effective “security awareness” is essential to ensure the healthcare staff can how security risks while operating any computing device that can access your healthcare network, to include mobile devices which carry unique security & privacy concerns in and of themselves.

Managing the security risks for your organization requires policy and procedures with periodic security training. An example of an enforceable security policy would be “Acceptable Use” of information systems effectively limiting the connection only to external networks or websites related to the business of the healthcare system or practice while other policies might be the restriction of personal devices connecting to the internal network. An obvious, but often ignored policy is that corporate owned hardware should never leave the premise with patient data on them. Cedars-Sinai Health Systems experienced a data breach when a password-protected laptop with 500+ patients’ private information was stolen during an in-home burglary according to Health Data Management. A security policy only allowing data to reside on private clouds might mitigate data losses such as Cedars-Sinai suffered.

Security Awareness Training

An effective way to reduce the likelihood of successful attacks on your computing systems is to conduct periodic security training for all of your healthcare staff. A recent study by The IT Industry Trade Association CompTIA of its members cited human error as the most common cause of information security breaches, with some 80 percent of respondents believing this human error was caused by a lack of security knowledge, proper training or failure to follow security procedures.

Proper training is cost effective, helps in protecting important data and engages a computer security-mindset among staff by weaving security into the operational fabric of your practice or healthcare system.

The Internet

Your computers are not necessarily safe from Internet hackers even though they are likely behind a firewall. A basic question that is rarely asked is do your computer systems need to be online 24×7. If you cannot answer this question as a yes, then make it part of your business operations (and security policy) to unplug computers with sensitive data from the network during non-working hours.

Preventative Medicine – Conduct Periodic Checkups

All healthcare systems and medical practices should take a preventative medicine approach to security by conducting periodic security audits via a trusted outsourced consulting firm. The objective of these security audits is to examine the internal processes and policies to prevent intrusion into your IT systems and your healthcare organization’s plan if a hacker has penetrated your machines. In addition to reviewing these security policies and practices, your organization might elect to have your systems “attacked” by trained “white hat” hackers who can provide recommendations on how to secure your network from the vulnerabilities they uncover.