Best of Blogs

June 24, 2011
The following commentaries are the most read postings from HCI's Blogosphere. To read other postings and leave your comments and questions, visit

The following commentaries are the most read postings from HCI's Blogosphere. To read other postings and leave your comments and questions, visit, register with a username and password, and blog away.

EMRs, Data Mining and HIPAAPosted on: 3.27.2008 6:59:52 PM Posted by Reece Hirsch

The current Healthcare Informatics online poll asks whether you would contract with an electronic medical record vendor that had an arrangement with a third party to mine EMR data for research or other purposes. It's important to remember in these situations that an EMR vendor will typically be a business associate of a healthcare provider within the meaning of HIPAA. A compliant business associate agreement must “establish the permitted and required uses and disclosures” of protected health information (PHI) by the business associate. In short, an EMR vendor can share information only to the extent that it has been permitted to do so under the terms of its business associate (BA) agreement.

BA agreements may contain optional provisions permitting “data aggregation” services, “de-identification” of PHI and use for the “proper management and administration” of the business associate. “Data aggregation” and “de-identification” have defined meanings under the HIPAA Privacy Rule. It's a little more unclear how far a vendor may go in using PHI for its own “proper management and administration” purposes. HIPAA covered entities should never sign a BA agreement with an EMR vendor (or any other vendor, for that matter) without watching for these key phrases and understanding fully how the vendor intends to use and disclose their PHI.

The Next CIO Challenge: Articulating Vision and Strategy at the Board LevelPosted on: 4.8.2008 3:45:57 PM Posted by Mark Hagland

The world is changing quickly. Think about it: just 15 years ago, newly minted CIOs were having to explain and justify to the industry what they did for a living; and CEOs and other senior executives were having to explain why they were hiring CIOs for the first time in their organizations.

Since then, the landscape has shifted dramatically. Few doubt any longer the need for buck-stops-here senior executives to help lead the information technology revolution needed to facilitate the vast leaps in hospital efficiency, quality, patient safety and transparency being demanded by purchasers and payers. As a result, CIOs, who just a decade and a half ago were explaining to many in health care what they were and how they spent their days, are now in the position of having their jobs and careers on the line as they lead the implementation of vast EMR, CPOE, clinical data repository, data warehouse, pharmacy, eMAR, wireless point-of-care, and other clinical information systems costing many millions of dollars. In many hospitals and health systems, IT has either tied with or even surpassed the previously unchallenged most-expensive budget item for those organizations, facility construction and improvement. In short, IT, especially core clinical IT, implementation is now a challenge/opportunity that can make or break CIO careers.

The good news is that industry-leading CIOs are getting smart about the governance aspect of their jobs. More and more hospitals are creating board-level committees to oversee IT strategy, and asking CIOs to explain far more regularly and thoroughly how the absolutely crucial investments in IT their organizations are making are linked closely to overall organizational success, and how well they're coming along. This new board-level committee type of a governance is a completely different animal from the old-style steering committee composed of department managers and a token physician, the CIOs and industry experts I interviewed for my May cover story on IT governance tell me. Instead, this is about integrating strategies at the highest level, and giving CIOs the chance to articulate what they do to a critical — and highly-placed — audience.

“For CIOs as strategic leaders,” says Tim Zoph, vice-president and CIO of the 897-bed Northwestern Memorial Hospital in Chicago, “you want the opportunity to be able to communicate directly to the board, on some regular basis, about the technology strategy.” Zoph, who co-leads a CIO Boot Camp session at least once a year at events sponsored by CHIME (the Ann Arbor, Mich.-based College of Healthcare Information Management Executives), says that being seen — and heard — regularly articulating strategy and vision for IT, at the board level, is an opportunity not to be missed. And the elevation of CIOs' profile, he adds, symbolizes very clearly the shift in CIOs' priorities these days.

The bottom line? All those I interviewed for our May cover story agreed — the days are over when a CIO could be a competent technology operations manager and be a successful CIO. For most CIOs going forward, it will all be about leadership as organization-wide change agents. Are today's CIOs ready to step up to the plate and make the “vision thing” real? I invite you to read our upcoming May cover story on IT governance to find out.

Sponsored Recommendations

A Cyber Shield for Healthcare: Exploring HHS's $1.3 Billion Security Initiative

Unlock the Future of Healthcare Cybersecurity with Erik Decker, Co-Chair of the HHS 405(d) workgroup! Don't miss this opportunity to gain invaluable knowledge from a seasoned ...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...