IT Support and Hardware for Clinics
36.3K views | +5 today
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...!

Tips, Hacks, and Hope for a Better EHR System 

Tips, Hacks, and Hope for a Better EHR System  | IT Support and Hardware for Clinics |

All conversations about physician burnout eventually come around to the topic of EHR systems. The ongoing struggle with EHR systems is a chronic complaint, and physicians can feel that they are held hostage to their software. "If you're using a particular system, you have to go along with the flow," says Ron Sterling, president of Sterling Solutions, a healthcare information technology consulting firm in Silver Spring, Md., "even if that's not that way you would have done it yourself." However, there are ways to make the arrangement a little more comfortable. And there is reason to hope that things may soon improve.



"My system had the option of voice recognition software, and that saves a ton of time," says Peter Basch, MD, a general internal medicine physician in Washington, DC, and medical director of EHR and IT policy at Medstar Health. Even if voice recognition costs a little more at the outset, it generally saves money in the long run because it increases efficiency. If you've tried voice recognition before and weren't pleased, it may be worth a second look. "These programs have become much better, in the past few years" says Janis Orlowski, chief Health Care Officer for the Association of American Medical Colleges (AAMC).


You can also improve your relationship with your software by getting personal. "Medical language is a constricted vocabulary," says Basch. "Depending on your specialty or your practice, you tend to say the same things over and over." Basch recommends taking the time to personalize your software with macros and templates. "It takes a little time up front, but saves a huge amount of time in the long run," he says.


Power in Numbers

Of course, some of the problems must be addressed by vendors. "Many EHRs are put together without thinking of the user," says Basch. He describes such systems as being like a scalpel, but with the physician holding the blade end— "painful and not very efficient," he says. "EHRs are cluttered with redundant information," Orlowski points out. "Why are we including past surgeries, allergies, and so on every time? EHR's need to be smarter about displaying data," she says. You can no doubt add your own list of inefficiencies. But how to get software companies to listen?


"Vendors do listen to customer complaints," says Sterling. "But they wait for a general consensus before making changes." The best way to get the ear of your vendor is approach them as a group. If many doctors—particularly ones from the same specialty—have similar complaints, they're more likely to get results an individual grumbler here and there. Sterling also says that your chances of success are greater the more specific you can be. Rather than saying "I don't like the way this system handles orders," say something like, "I don't like that I have to cancel an order for a patient who is refusing care. I'd like to be able to leave the order as a recommended medication."


If your EHR is contributing to your burnout, it might be worth the time effort to try to improve your relationship with the software.

Technical Dr. Inc.'s insight:
Contact Details : or 877-910-0004

No comment yet.!

The 5 Most Dangerous Software Bugs of 2014 | WIRED

The 5 Most Dangerous Software Bugs of 2014 | WIRED | IT Support and Hardware for Clinics |

Dealing with the discovery of new software flaws, even those that leave users open to serious security exploits, has long been a part of everyday life online. But few years have seen quite so many bugs, or ones quite so massive. Throughout 2014, one Mothra-sized megabug after another sent systems administrators and users scrambling to remediate security crises that affected millions of machines.

Several of the bugs that shook the Internet this year blindsided the security community in part because they weren’t found in new software, the usual place to find hackable flaws. Instead, they were often in code that’s years or even decades old. In several cases the phenomenon was a kind of perverse tragedy of the commons: Major vulnerabilities in software used for so long by so many people that it was assumed they had long ago been audited it for vulnerabilities.

“The sentiment was that if something is so widely deployed by companies that have huge security budgets, it must have been checked a million times before,” says Karsten Nohl, a Berlin-based security researcher with SR Labs who has repeatedly found critical bugs in major software. “Everyone was relying on someone else to do the testing.”

Each of those major bug finds in commonly used tool, he says, inspired more hackers to start combing through legacy code for more long-dormant flaws. And in many cases, the results were chilling. Here’s a look at the biggest hacker exploits that spread through the research community and the world’s networks in 2014.


When encryption software fails, the worst that usually happens is that some communications are left vulnerable. What makes the hacker exploit known as Heartbleed so dangerous is that it goes further. When Heartbleed was first exposed in April, it allowed a hacker to attack any of the two-thirds of Web servers that used the open source software OpenSSL and not merely strip its encryption, but force it to cough random data from its memory. That could allow the direct theft of passwords, private cryptographic keys, and other sensitive user data. Even after systems administrators implemented the patch created by Google engineer Neal Mehta and the security Codenomicon—who together discovered the flaw—users couldn’t be sure that their passwords hadn’t been stolen. As a result, Heartbleed also required one of the biggest mass password resets of all time.

Even today, many vulnerable OpenSSL devices still haven’t been patched: An analysis by John Matherly, the creator of the scanning tool Shodan, found that 300,000 machines remain unpatched. Many of them are likely so-called “embedded devices” like webcams, printers, storage servers, routers and firewalls.


The flaw in OpenSSL that made Heartbleed possible existed for more than two years. But the bug in Unix’s “bash” feature may win the prize for the oldest megabug to plague the world’s computers: It went undiscovered, at least in public, for 25 years. Any Linux or Mac server that included that shell tool could be tricked into obeying commands sent after a certain series of characters in an HTTP request. The result, within hours of the bug being revealed by the US Computer Emergency Readiness Team in September, was that thousands of machines were infected with malware that made them part of botnets used for denial of service attacks. And if that weren’t enough of a security debacle, US CERT’s initial patch was quickly found to have a bug itself that allowed it to be circumvented. Security researcher Robert David Graham, who first scanned the Internet to find vulnerable Shellshock devices, called it “slightly worse than Heartbleed.”


Six months after Heartbleed hit encrypted servers around the world, another encryption bug found by a team of Google researchers struck at the other side of those protected connections: the PCs and phones that connect to those servers. The bug in SSL version 3 allowed an attacker to hijack a user’s session, intercepting all the data that traveled between their computer and a supposedly encrypted online service. Unlike Heartbleed, a hacker exploiting POODLE would have to be on the same network as his or her victim; the vulnerability mostly threatened users of open Wifi networks—Starbucks customers, not systems administrators.


Heartbleed and Shellshock shook the security community so deeply that it may have almost forgotten the first mega-bug of 2014, one that affected exclusively Apple users. In February, Apple revealed that users were vulnerable to having their encrypted Internet traffic intercepted by anyone on their local network. The flaw, known as Gotofail, was caused by a single misplaced “goto” command in the code that governs how OSX and iOS implement SSL and TLS encryption. Compounding the problem, Apple released a patch for iOS without having one ready for OSX, in essence publicizing the bug while leaving its desktop users vulnerable. That dubious decision even prompted a profanity-laden blog post from one of Apple’s own former security engineers. “Did you seriously just use one of your platforms to drop an SSL [vulnerability] on your other platform? As I sit here on my Mac I’m vulnerable to this and there’s nothing I can do,” wrote Kristin Paget. “WHAT THE EVER LOVING F**K, APPLE??!?!!”


One of the most insidious hacks revealed in 2014 doesn’t exactly take advantage of any particular security flaw in a piece of software’s code—and that makes it practically impossible to patch. The attack, known as BadUSB, debuted by researcher Karsten Nohl at the Black Hat security conference in August, takes advantage of an inherent insecurity in USB devices. Because their firmware is rewritable, a hacker can created malware that invisibly infects the USB controller chip itself, rather than the Flash memory that’s typically scanned for viruses. A thumb drive, for instance, could contain undetectable malware that corrupts the files on it or causes it to impersonate a keyboard, secretly injecting commands on the user’s machine.

Only about half of USB chips are rewritable and thus vulnerable to BadUSB. But because USB device makers don’t reveal whose chips they use and often switch suppliers on a whim, it’s impossible for users to know which devices are susceptible to a BadUSB attack and which aren’t. The only real protection against the attack, according to Nohl, is to treat USB devices like “syringes,” never sharing them or plugging them into an untrusted machine.

Nohl considered his attack so serious that he declined to publish the proof-of-concept code that demonstrated it. But just a month later, another group of researchers released their own reverse-engineered version of the attack in order to pressure chip makers to fix the problem. Though it’s tough to say whether anyone has made use of that code, that means millions of USB devices in pockets around the world can no longer be trusted.

No comment yet.