Patient Portals: 3 Hot-Button Items

As we start the fourth quarter, we enter the final 3-month reporting period for Meaningful Use (MU) Stage 2 in 2014.  Many healthcare organizations will be working feverishly this quarter to ensure that their eligible providers (and supporting staff) are performing all of the necessary tasks in order to successfully attest to MU Stage 2 in 2014.  Stage 2 has three core objectives that require patients to interact with their health information and communicate with their provider electronically.  All three of these objectives can be satisfied by the use of a patient portal.

Recently, Galen Healthcare forged a partnership with MedfusionTM to help expand their portfolio of EHR’s that integrate with the MedfusionTM Patient Portal.  This project got me thinking about some of the bigger picture issues with patient portals.

Organizational Benefits.  By now, most healthcare organizations have selected a patient portal allowing them to achieve the MU objectives.  While MU was likely the driver for many providers to implement patient portals in their organization, there are many other reasons to integrate a patient portal with the organization’s EHR solution.  Secure communications between providers and patients, appointment requests, prescription renewal requests, and automated delivery of visit summaries are a few examples of office workflows that can be made more efficient when using a patient portal, freeing up time for office staff.  What are the next wave of patient portal features that will help optimize the healthcare organization?  Will e-visits gain traction amongst providers, patients, and payers?  Is there a place in the patient portal for e-visits and will they benefit the healthcare organization?

Patient Adoption.  Not only does the patient portal provide many benefits for the healthcare organization and its staff, but patients also benefit from the features and functionalities added by the portal.  Patient portals provide patients with innovative functionalities that are not only new and exciting (smart phone apps, cloud services, etc.), but also provide services that yield streamlined and improved healthcare outcomes.  And while a patient portal can reduce the amount of effort required of the patient to get the needed healthcare, and even result in healthier patient care, portal adoption is still a big struggle.  How can adoption be increased?  Most of the burden falls on the organization to get the message out to their patients to join in many different ways, but can patient portal vendors create a user-interface that is simple to use while also including trendy and exciting features (possibly including some element of gamification) to attract younger generations, enhance the patient experience, and motivate individuals to live healthier lives?

EHR-Tethered Patient Portals.  Does the tight relationship between EHR vendors and patient portals reduce the adoption of patient portals by patients?  Each vendor has their own patient portal solution, creating the need for patients to possibly maintain multiple portal accounts.  As much as providers don’t want to be required to login to multiple applications to see a patient’s full clinical record, a patient doesn’t want to have to login to multiple portals in order to see their full health record.  Much like HIE was the next step for getting data out of EHR silos, what is next for providing patients with a way to combine their data across multiple portal “silos?”  Is the best solution to tether patient portals to HIE’s, which already aggregate data across multiple providers in a community, rather than EHR’s?  There are definitely some design costs associated with this type of solution, but is it more sustainable and desirable in the long-term?

Patient portals have been developed and deployed for many years, but the adoption still seems relatively low.  Meaningful Use Stage 2 is trying to increase their usage, but there need to be more benefits (for both the healthcare organization and the patient) in order to sustain and augment their utilization.

Feel free to provide your thoughts and comments, including your own experiences, on patient portals below.  What current features are most useful?  What features are still needed?  What is the future of patient portals?

Ebola? What to do??

In this handout from the Center for Disease Control, a colorized transmission electron micrograph of a Ebola virus virion is seen

Ebola is here. As healthcare facilities across the nation scramble to define policies and procedures let’s look at some of the lessons learned thus far and determine what can be done and perhaps done better:
• Every organization is different and has different needs. As Compliance/Infection Control departments are gathering information to create effective protocols, having a 3rd party such as Galen review current policy and assist in documentation for future policies and procedures is prudent.
• As seen in Texas, even if there are procedures to follow in place, it is vitally important to have proper documentation.
• Note templates/noteforms specifically documenting the information needed to determine possible Ebola exposure/infection and to ensure patient and healthcare worker safety have to be in place and easily accessible.
• Workflows need to be assessed to identify areas of deficiency and to determine when/if the providers are seeing the support staff documentation in a timely manner.
For assistance in review of policies, procedures and workflows, as well as documentation for Ebola screening, please contact >

Upcoming Webcasts – October 2014



Be sure to register for these upcoming webcasts during the month of October:

October 3rd SSMT and CMT: This webcast will review and demonstrate the basics of SSMT and CMT functionality. In addition, special considerations will be reviewed in regards to formatting spreadsheets and basic troubleshooting of commonly seen errors

October 8th TouchWorks Architecture Overview: This webcast will provide an overview of the Allscripts TouchWorks EHR server architecture including newer components such as Allscripts Terminology Platform and Communication Sub-System Servers.

October 17theReferrals: Are you ready?: Considerations, configuration, testing, & demo from Galen SMEs who have implemented eReferrals.

October 22ndPatient Portal Functionality and EMR Integration Demonstration: This purpose of this webcast is to present a demonstration to show how the Patient Portal integrates with EMR, as well as discuss how this integration helps to meet MU requirements.

October 31stSystem Admin Workspaces: This webcast will review the basic functionalities associated with the TWAdmin, Admin and PhysAdmin workspaces.

Click here for a list of all upcoming webcasts. If you are interested in viewing of any past webcasts, please reach out to for a link to the recording.

3 Presentation Impressions from Day 1 of the 2014 Healthcare Analytics Summit powered by Health Catalyst


1. Billy Beane, General Manager of the Oakland Athletics: Moneyball: Lessons for Life & Business from Baseball’s Best GM

  • He has faith in the process and if the process is correct, it will lead to better outcomes. As a society, we romanticize and celebrate the luck of a decision or a gut feel (a football coach goes for it on 4th down on their own 40 yard line with :50 to play down by a field goal)
  • We should be celebrating and striving for consistency, discipline and making decision based upon data.
  • The end game is to eliminate subjectivity until the data is totally pure.
  • Billy typically doesn’t watch any of the games as he feels like sitting there and living it is no way to run a baseball team. Noise affects decision makers.

2. Jim Adams, Executive Director, The Advisory Board: Overview of the Healthcare Analytics Market

  • Whereas Billy Beane had cultural issues to overcome old school scouts, healthcare has a data governance issue. In baseball, there is only one definition for OBP or ERA. In healthcare, there are many different standards and vocabularies. What defines a diabetic?
  • The #1 request Jim gets from clients is for assistance with data governance
  • Healthcare will follow other retail and move to a model of dynamic pricing such as airlines employ – you pay more to see your doctor at a less convenient time.

3. Ray Kurzweil, Director of Engineering, Google and Leading Futurist: The Acceleration of Technology in the 21st Century: Impacts on Healthcare and Medicine

  • IBM’s Watson makes up for the fact that it is a weak reader (a human can better interpret and make inferences from a Wikipedia page for instance) by reading more volume than the human can.There will come a time where humans will be able to “plug-in” their brains for more horsepower much as adding more RAM to a computer.
  • When we started mapping the human genome we thought that it would take decades to map the entire genome. With the law of accelerating returns, it happened in 7 years.
  • By 2020, we will witness 3D printing of clothing and potentially housing.
  • Humans have a linear intuition about the future, however technologies like computers, genetics, nanotechnology, robotics and artificial intelligence have proven to have exponential growth.

What is your Information Security Framework?

As the healthcare industry depends more and more on information technology for storing and handling our nation’s patient health information, hospitals and health organizations need to adapt with proper security measures. Breach alerts have been flooding recent news, and only one month ago, the second largest HIPAA breach in history was reported compromising 4.5 million patient records. Combating cyber-crime and preserving the integrity of patient data is certainly not a trivial task in the world of Healthcare IT today. As the accountability of project managers and security personnel increase with an accumulation of greater threats to patient health information, so must security measures. It is important to understand that your organization needs more than a strong HIPAA compliance policy; to protect your system and your patients, adequate security policies must be established.

The National Security Telecommunications and Information Systems Security Committee (NSTISSC) captures information security concepts with a basic model called The C.I.A. Triangle. The C.I.A. model uses ideas of Confidentiality, Integrity, and Availability to explain how to design a successful architecture for your organization’s Information Security department.

CIA Triangle

  • “C” – Confidentiality: Maintaining confidentiality means keeping any unauthorized users who may disclose private information out of your database and out of your system. The second piece to this key principle is to classify your information so that you can disclose the data to only certain authorized users based on classification.
  • “I” – Integrity: In order to achieve full integrity of your database, all data must be fully protected from intentional and accidental updates that produce inaccurate data. It is important to use a normalized database design process to reduce any inconsistencies or data anomalies.
  • “A” – Availability: Providing availability means to provide access to all authorized users and personnel at all times. The system needs to be protected from possible threats that could result in downtime.

This framework for protecting information can be used as a base for creating and implementing security processes within your organization. It is important to understand that risks are inherent, and unfortunately, sharing files will naturally lead to threats and security risks. Therefore, understanding how and when to take precautions to ensure that these three aspects of security are met for your organization is paramount. When implementing your database security methodology be mindful of these four primary causes for network security threats:

 1. Technology weakness: predictable network and computing issues
2. Configuration weakness: misconfiguration of your databases
3. Policy Weakness: ill-defined and poorly managed security policies
4. Human error: inherent issues from users; i.e. sharing passwords or failing to lock computers

Password policies and email protection are assumed to be the easiest form of PHI exploitation in Healthcare IT. Developing a strong password policy should be your organization’s first priority in defending against unwanted access and data breaches. Password aging is a great example of how data breaches are made simple for system hackers; a great clause to add to your password policy, for example, may be to address and reduce the expiration settings for admin and user passwords. Email is another target easily exploited for extracting patient information. Exchanging emails is the most commonly used form of communication in most organizations, and in conjunction, it is one of the most vulnerable tools for hackers to exploit – deploying bugs, worms, and other forms of malware to attack your system.

Security Framework

Here at Galen, we find our clients adapting to an increased focus on security measures with higher insurance requirements, background checks, and even security audits of their vendors/business associates. As information technology helps us to become more productive and efficient over time, we must continue to develop and maintain strong database security policies. Strong enforcement of your organization’s methodology will ensure that patient health information is securely stored, confidential, accessible, and accurate.

To learn more about the structure of your Electronic Health Record and reporting systems, make sure to register for our upcoming educational webcasts at



Security+ Guide to Network Security Fundamentals. (2005) Thomson Course Technology.

Afyouni, H. (2006) Database Security and Auditing. Boston, MA: Thomson.

Kanabar, D. and Kanabar, V. (2003). A quick guide to basic network security terms. Computers in Libraries 23, no. 5: 24-25.

Next Page »