The inaugural Forrester Research Workforce Technographics survey, designed to show the technology adoption habits of information workers (iWorkers), determined that while email and desktop computers are ubiquitous, few other applications or devices are, and that more experienced employees -- not Generation Y -- are the leading users of social technology on the job.

The findings, released at Forrester's recent Business Technology Forum, are contained in the report, "The State of Workforce Technology Adoption: U.S. Benchmark 2009," which is based on a survey of more than 2,000 iWorkers in the U.S. at companies with 100 or more employees. Forrester's Workforce Technographics data enables information and knowledge management professionals and other IT leaders to benchmark their organization's technology adoption and attitudes to drive investments and prioritize initiatives.

Forrester surveyed respondents on workplace adoption of technologies such as devices -- PCs and laptops -- productivity tools, mobility, collaboration software, intranet portals and Web 2.0 technologies.

The survey found that three out of four iWorkers still use a desktop, and 63 percent of desktop users spend four or more hours per day on it. However, more than one-third of respondents use more than one device at least weekly.

Email, word processing and spreadsheets are the top three productivity tools used by iWorkers, but even the use of those applications fluctuates greatly. Email is used by 57 percent of iWorkers hourly. However, word processing and spreadsheets are not used as frequently. Only 16 percent and 14 percent, respectively, of iWorkers use these applications every hour.

Only one in 10 iWorkers has a smartphone for work, but almost one in three iWorkers agree that they use a personal mobile phone for work purposes. There is demand among iWorkers for smartphones.

With collaboration tools going widely untapped by companies -- only one in four iWorkers use Web conferencing and one in five use team sites -- email remains the de facto collaboration tool for most professionals, with an 87 percent adoption rate.

Seventy percent of all iWorkers visit the employee portal and 43 percent do so at least daily. Search is the most commonly used resource on the portal, followed by information related to performance reviews and personal goals.

Even though 59 percent of the 18-to-29-year-old professionals use social technologies at home, only 14 percent use them in the workplace -- the same percentage as Gen X employees, ages 30 to 43. Instead of social technologies, mobile texting is Gen Y's communication method of choice: 51 percent are using their personal mobile for texting at work.

A new report from KLAS explores the landscape for document management and imaging (DMI) applications, and finds that many hospitals use DMI to help ease the transition from paper records to electronic medical records (EMRs).

The KLAS report, "Enterprise DMI: Finding the Right Stepping Stone to Full EMR," evaluated the DMI technology of 14 vendors, based on the feedback of their customers. While the study acknowledges that DMI -- which provides scanning, indexing and archiving of paper records -- is becoming less critical in advanced organizations, the vast majority of hospitals are still crossing the chasm between paper and a full EMR, and many are using a DMI solution to ease the jump, according to the report.

Unlike many clinical software markets, the DMI segment is dominated by best-of-breed vendors and not the traditional large EMR companies. Among those large core clinical vendors, only McKesson's DMI application was rated above average by providers, although Siemens' DMI technology was also praised for strong functionality and workflow features. Other enterprise vendors, such as Cerner, Eclipsys and MEDITECH, have been criticized for offering DMI applications that have functional deficiencies and inconsistent support.

According to the KLAS report, best-of-breed vendors MedPlus and Hyland are the clear leaders in DMI. "Both Hyland and MedPlus provide successful solutions for almost any size organization," said Steve Van Wagenen, KLAS research director and author of the DMI study. "And their customer satisfaction scores remain strong regardless of the organization's EMR."

Among the DMI vendor products highlighted in the KLAS report, MedPlus ChartMaxx earned the highest KLAS performance score (88.2 out of 100), followed by Hyland Software OnBase (86.8) and Perceptive Software ImageNow (83.3). Overall, the DMI market segment features some of the highest satisfaction scores of any of the categories KLAS tracks. In the company's "2008 Top 20 Best in KLAS Awards: Software & Professional Services" report, DMI was the second highest-rated market segment for customer satisfaction, behind only enterprise scheduling software.

Other vendors highlighted in the KLAS report include 3M, Alpha Systems, BlueWare, Cerner, CGI, DB Technology, McKesson, MEDITECH, QuadraMed, Siemens and Streamline Health.

Smartphones with consumer-oriented functionality scored the highest marks in a recent customer satisfaction study released by CFI Group.

Smartphones, led by Apple's iPhone and including Google's Android and Palm Pre, are bringing in new customers no longer dominated by business users, according to "The CFI Group Smartphone Satisfaction Study." Based on a survey of more than 1,000 users, the study also found little relationship between smartphone satisfaction and satisfaction with the provider.

Moreover, exclusivity contracts may have drawbacks for carriers if they invite customers drawn to the device and not the provider. Using the methodology of the American Customer Satisfaction Index to compare smartphone platforms, the iPhone led in customer satisfaction, scoring 83 on a 100-point scale, 8 percent higher than its nearest competitors, Android and the Pre (77 percent). Smartphones, popular among business users, like Research in Motion's BlackBerry (73 percent) and Palm's Treo (70 percent), trail in customer satisfaction, while the "others" category, which includes Symbian and Windows Mobile, scores 66, CFI said.

The majority of new smartphone owners are using them mostly for personal use, a departure from the early adopters that originally used smartphones primarily for business.

This new customer has higher expectations of the smartphone, and platforms that satisfy these needs rate the highest.

NTT Docomo Inc., NEC Corp., Panasonic Mobile Communications and Fujitsu Ltd. announced recently that they are making progress in developing the Long Term Evolution Platform (LTE-PF), a mobile-terminal platform based on Long Term Evolution, a new mobile communication standard for fast downlinks above 100 Mbps and uplinks above 50 Mbps.

The four companies have completed the development of an LTE-PF chipset engineering sample and are now evaluating its functionality. The sample was exhibited in October at both the NTT Group at ITU Telecom World 2009 in Geneva, Switzerland and the Docomo CEATEC Japan 2009 at Makuhari Messe in Japan.

LTE-PF is a core system baseband processing and other basic functions in mobile communication devices. The platform's technology is expected to be licensed in mobile phone markets worldwide, where its adoption as a common platform will free manufacturers of mobile phones and chipsets from having to develop proprietary technologies for basic functions. As a result, manufacturers will get products to market faster and at lower costs, and will be able to concentrate more resources on the development of enhanced lineups of unique products.

The LTE protocol on which LTE-PF is based is currently being standardized by the 3rd Generation Partnership Project (3GPP). Seamless hand-off is possible between LTE and the current third-generation (3G) standards W-CDMA and GSM, meaning that users would be unaware of switching networks even while using their phones.

NTT Docomo is a mobile operator and provider of advanced mobile services. The company serves more than 55 million customers in Japan, including 48 million using i-mode, the popular mobile e-mail/Internet platform, and 50 million users of FOMA, the original 3G mobile service based on W-CDMA.

The Payment Card Industry Data Security Standard (PCI DSS) and HIPAA are driving encryption projects across industries, according to the 2009 Encryption and Key Management Benchmark Survey, conducted by research firm Trust Catalyst on behalf of Thales.

In the survey, which polled 655 IT professionals around the world, 53 percent of the U.S. companies responding said they are planning encryption projects to comply with HIPAA. Fifty-two percent of the European companies surveyed are planning encryption projects to comply with PCI DSS. Continuing a trend from the 2008 report, however, organizations continue to be at risk, with only 43 percent using database encryption and 41 percent using tape encryption.

As organizations plan to tackle compliance with encryption, they are spending more time and effort on key management planning. Thirty-four percent of respondents have now spent one year or more planning for key management issues, up from 26 percent last year. Driven by demands for business continuity and availability, 49 percent of organizations indicated they must be able to recover an encrypted database in one hour or less, up from 37 percent in 2008.

The study also found that 5 percent of organizations have experienced problems with a lost or compromised encryption key over the last two years. Key management errors or breaches resulted in 39 percent of these organizations losing data permanently or disrupting business operations.

"These results show clearly that two of the most important pieces of data -- a person's credit card details and their health records -- and the regulations designed to safeguard this data are the major drivers for companies to encrypt data," said Franck Greverie, vice president and managing director for the information systems security activities of Thales.

"The impact of a data breach is one of the main security headaches for CEOs and IT specialists alike, and regulation is already playing a role in terms of tightening data security," Greverie said. "The very nature of encryption means that data is secure even if many of the other enterprise security mechanisms fail, and regulators and industry will therefore grow to depend on encryption."

The first site in CalRHIO's statewide health information exchange (HIE) system is live in Orange County at Coastal Communities Hospital. As a result of collaboration between CalRHIO and the local HIE effort, the Orange County Partnership Regional Health Information Organization (OCPRHIO), 23 hospital emergency departments over the next five months will have secure electronic access to critical medical information.

HIE is a major piece of the Obama Administration's health reform initiative, and the focus of California is to develop a plan to apply for HIE federal stimulus funds. Initially, data will be provided on 380,000 patients enrolled in CalOptima, which covers people in Medi-Cal, Medicare and Healthy Kids. During 2010, more data sources will be added to the CalRHIO HIE, including prescription history, lab results and additional clinical claims information. Also, Orange County providers will have access to the data as well, in support of OCPRHIO and State of California strategic plans.

By leveraging CalRHIO's technology platform, provided by its technology partner Medicity, OCPRHIO chose not to incur the time and expense of building its own data exchange. Orange County physicians will be able to communicate with other doctors and hospitals across the state, as well as the national network.

"Our physicians and nurses are excited about having this new source of information," said Nova Stewart, OCPRHIO chair and CIO of Integrated Healthcare Holdings. Four Integrated Healthcare Holdings hospitals are the first to begin using the HIE system -- Coastal Communities Hospital, Western Medical Center Anaheim, Western Medical Center Santa Ana, and Chapman Medical Center.

"We believe that having access to patient data in the emergency department will enable us to better serve our patients," Stewart said.

The International Serious Adverse Events Consortium (SAEC), based in Chicago, will collaborate with the HMO Research Network (HMORN) to improve the safe use of drugs by exploring why the genetic makeup of some individuals makes them more likely to experience serious drug-related adverse events (SAEs). The SAEC is a non-profit international research consortium. HMORN is a resource for population-based health care outcomes research.

The collaboration will diversify the SAEC methods for developing SAE research, which is essential to furthering research goals of the organization. It will determine the feasibility of using the HMORN's centralized clinical data warehouse to research the genetics of drug-induced serious adverse events. This warehouse includes data related to inpatient admissions and emergency room and outpatient visits representing 14 million unique patients. The research collaboration will initially focus on three drug-induced SAEs: hepatotoxicity, serious skin rashes and extreme weight gain in users of atypical antipsychotic medications.

Initially, the collaboration will include six HMORN members: Geisinger Center for Health Research, Group Health Research Institute, HealthPartners Research Foundation, Kaiser Permanente Center for Health Research-Southeast, Kaiser Permanente Center for Health Research-Hawaii and Marshfield Clinic Research Foundation. Each HMO will use detailed clinical profiles to search for potential subjects to enroll into current and future SAE research projects. Accuracy and completeness of the data will be assessed, as well as methods to ensure that the data is robust. The first phase is expected to take 12 months.

The collaborators hope to derive "cases" from electronic medical records (EMRs) and eventually compare their genetic and clinical data with those of healthy control groups. The goal is to identify genetic mutations associated with the SAE. Through this initial research, the Consortium hopes to provide a foundation for the next generation of studies that will validate the role of these genetic variations in the development of drug-related SAEs. In this phase of the collaboration, no individual health records or health information will be released by any of the participating institutions in connection with this research. To date, the SAEC has already made significant genetic discoveries in support of its mission. The HMORN-SAEC collaboration is expected to facilitate the discovery of additional genetic findings.

Health care providers realize that new technologies have to be adopted to improve business, but the medical benefits of technology are also in their sights, according to CompTIA's "Healthcare IT Market: Insights and Opportunities" study.

In the study, 59 percent of responding health care providers said they are somewhat to very excited about the prospect of telemedicine, and 79 percent are interested in portable tablet PCs for point-of-patient care. The survey was conducted in two parts, polling 200 IT firms doing business in the health care market and 300 health care providers.

According to the study, 74 percent of responding IT firms believe their health care clients are eager to incorporate new technologies into their practices, and 67 percent believe that better care for patients is a major factor in their health care clients' decision to adopt new technologies.

"As business owners, it comes as no surprise that health care providers are interested in the time savings and improved efficiencies offered by advanced IT," said Tim Herbert, vice president of research at CompTIA. "However, among the study's more significant findings is that both the health care and health care IT industries expect emerging technologies, such as electronic medical records [EMRs], to better serve patients."

The largest annual study of patient outcomes at each of the nation's 5,000 non-federal hospitals found a wide gap in quality between the nation's best hospitals and others.

According to the study recently issued by independent health care ratings organization HealthGrades, patients at highly rated hospitals have a 52 percent lower chance of dying as compared with the U.S. hospital average, a quality chasm that has persisted for the last decade even as mortality rates in general have declined.

The study also found that hospitals certified as a Center of Excellence in Stroke Care by The Joint Commission had an 8 percent lower risk-adjusted mortality rate than hospitals that are not stroke-certified.

The 12th annual HealthGrades Hospital Quality in America Study examined nearly 40 million Medicare hospitalization records from 2006, 2007 and 2008. The study looked at trends in mortality and complication rates and also provides the foundation for HealthGrades' quality ratings of procedures and diagnoses at each individual hospital.

The new 2010 ratings for individual hospitals are available at www.healthgrades.com.

"The fact is patients are twice as likely to die at low-rated hospitals than at highly rated hospitals for the same diagnoses and procedures," said Rick May, MD, author of the HealthGrades study. "With Washington focusing on rewarding high-quality hospitals and empowering patients to make more informed health care choices, this information comes at a turning point in the health care debate. For patients, sites like HealthGrades.com already provide the objective information needed to choose a high-quality hospital. And for hospitals themselves, such hospital ratings provide the benchmarking data that can help them reach the benchmarks set by top performers."

As the nation continues its journey toward adoption of an electronic medical record (EMR), hospitals must understand and meet the funding requirements established by the American Recovery and Reinvestment Act (ARRA). A new HIMSS Analytics white paper, "The State of US Hospitals Relative to Achieving Meaningful Use Measurements," offers an overview of market gaps that must addressed to achieve ARRA compliance.

"We created the mapping to provide insights for hospitals to help assess their EMR environments and strategies relative to current ARRA meaningful use measurements for 2011, 2013 and 2015," said Mike Davis, author of the white paper, executive vice president at HIMSS Analytics and a member of the ADVANCE for Health Information Executives editorial advisory board. "It provides a market assessment of adoption of some of the more sophisticated EMR applications related to where we believe these applications will impact 2011, 2013, and 2015 measurements."

The reference guide on ARRA compliance and EMR applications looks at each of the three years coupled with the specific meaningful use goal. The meaningful use goals with specific metrics are to:

·                    Improve quality, safety, efficiency and reduce health disparities;

·                    engage patients and families;

·                    improve care coordination;

·                    improve population and public health; and

·                    ensure adequate privacy and security protection for personal health information.

What's ahead for hospitals to comply with ARRA and meaningful use? Here are a few conclusions that appear in the white paper.

·        Hospitals that have achieved a Stage 3 on the EMR Adoption Model are well- positioned to meet the majority of the 2011 measures if they have implemented the applications at this stage across all inpatient nursing services.

·        By 2013, hospitals must have CPOE implemented with a majority of physicians using the systems, and hospitals will need to report physician usage; hospitals will need to be at Stage 4 to meet this year's requirements.

·        The measurements in 2015 will require the majority of clinicians and physicians to be using documentation systems, and have the ability to document using structured templates to collect discrete data in real time to interact with clinical decision support systems applications to improve outcomes and patient safety. The ability to share patient data with all care delivery stakeholders will also be required, which is consistent with Stage 6 and Stage 7 functions.

Respondents to a study of Medical Group Management Association (MGMA) member satisfaction with major health plans indicated they were most satisfied with the disclosure of payers' fee schedules and prompt payment of claims. Administrative processes that were standardized and transparent also produced high satisfaction scores. The study reflected several common themes, as well as wide variation in performance among plans on a number of questions related to administrative transactions. The study did not address payment levels.

MGMA members expressed a high level of satisfaction with the major private health plans regarding their provider credentialing processes, but cited dissatisfaction with this process for Medicare. "We believe this is a result of Medicare's refusal to participate in the standardized physician credentialing system [CAQH Universal Provider Datasource] that is widely used in the private sector," said William F. Jessee, MD, FACMPE, MGMA president and CEO. "Our members appreciate payers that provide clear, consistent processes, especially processes that are based on industry-wide standards."

MGMA members gave Medicare Part B highest marks on questions related to responsiveness, transparency, prompt payment and overall satisfaction with general administrative functions. "Despite the fact that Medicare consistently underpays and places member practices in an increasingly difficult financial situation -- with a looming 21 percent cut to physician payments -- MGMA members were positive about the standardized and predicable nature of how the program is administered," said Dr. Jessee.

"What makes this study unique is the direct interaction MGMA members and their staffs have with health plans on a daily basis," he continued. "MGMA's diverse membership comprises practice administrators, CEOs, physicians in management, board members and numerous other practice management professionals. They work in medical practices and ambulatory care organizations of all sizes and types, including integrated systems and hospital- and medical school-affiliated practices.

"MGMA represents group practices that are major suppliers of physician services for these health plans. As such, we look forward to payers reflecting on these results and working with us to create solutions in areas identified as needing improvement. The results speak for themselves. It is our goal that all plans -- public and private -- achieve positive satisfaction scores from MGMA members on all of these key administrative functions."

The Certification Commission for Health Information Technology (CCHIT) has opened applications for new certification programs as planned. In addition to an updated comprehensive electronic health record (EHR) certification program called CCHIT Certified 2011, the Commission is offering a modular certification program called Preliminary ARRA 2011 that is limited to the standards for qualifying EHR technology under the American Recovery and Reinvestment Act (ARRA).

The Commission is also introducing a new label called Certification Facts to help physicians and hospitals understand the differences in the EHR technology certified under these two separate programs. Each certified product or technology listed at the Commission's Web site, www.cchit.org, will have a link to a page describing its qualifications.

For EHRs in the CCHIT Certified 2011 comprehensive program, the Certification Facts label will indicate the domain -- ambulatory, inpatient, emergency department or e-prescribing -- along with options such as cardiovascular medicine, child health and advanced operability. The label will also indicate the meaningful-use objectives supported by the product.

In addition to the Certification Facts label, the CCHIT Web site will include an optional usability rating for CCHIT-certified products only, as well as detailed information about the product and company. These product information features will also become searchable in November or December, as EHR products complete the 2011 inspection process and are announced.

For technology certified in the Preliminary ARRA 2011 program, the Certification Facts label will only indicate which of the meaningful-use objectives are supported by the technology. The label will allow eligible providers and hospitals to understand which product, or products in combination, can support all the necessary objectives to qualify for ARRA incentive funding.

ICSA Labs, an independent division of Verizon Business, based in Mechanicsburg, Pa., has introduced a program to help enterprises safeguard against intrusions through network-connected devices such as printers, faxes and point-of-sale systems, as well as help device manufacturers ensure their products are secure.

The capabilities offered by ICSA Labs -- a vendor certification program and an enterprise assessment -- are designed to protect these typical stand-alone, unattended devices, which connect directly to a network but are not part of the network infrastructure. Also included in this product class of network-attached devices are copiers, ATM machines, digital signs, proximity readers, security cameras and facility management systems for power, lighting and HVAC systems.

ICSA Labs found that unprotected devices such as these can allow hackers access to corporate networks. According to the Verizon Business 2009 Data Breach Investigations Report, many security breaches occur through what is called "unknown, unknowns," which can involve systems such as printers and faxes. The report also noted that attackers choose the path of least resistance, targeting vulnerable systems.

ICSA Labs' Network Attached Peripheral Security (NAPS) certification provides manufacturers an opportunity to work with ICSA Labs to identify and remediate existing and potential vulnerabilities in the devices the manufacturers sell. The NAPS certification program also applies to manufacturers whose products are still under development and are seeking recommendations to make their products safer.

The NAPS certification program includes tests that examine several different aspects of a device and how each impacts its overall security, including its core functionality, administrative interface and logging capabilities. In a NAPS assessment, the network devices are tested and evaluated to help ensure they are installed securely and protected from exploitation. 

Cyber security attacks against public and private IT and networks are escalating in occurrence and complexity. A cyber security exercise is a hands-on training event to test how an organization detects and responds to information security threats in real time. These threats include unauthorized disclosure, transfer and accidental or intentional modification or destruction of information, including security breaches, stolen information and inability to provide Internet services during an extended systems outage.

"Organizations need to continually prepare for the worst, and to do that they should test the validity of their plan," said Jim Grogan, vice president of consulting at SunGard Availability Services in Wayne, Pa. "Cyber security incident management exercises are validation initiatives to determine cyber attack training effectiveness and identify any gaps in your cyber security program."

In conducting cyber security exercises, Grogan said that organizations should focus on achieving five important objectives:

1. Test cyber security policy adherence. Thorough and regular testing of cyber security plans is essential for verifying a plan's clarity, practicality and ability to achieve desired results. While organizations need firewalls, anti-virus software and other technical tools, having security policies that monitor and report on intrusions and other suspicious activities is equally important.
2. Establish working relationships. Cyber security exercises need to bring together people from business and IT operations to generate an understanding of roles and responsibilities -- covering each individual's role and also building knowledge of co-workers' roles so everyone can function as a team.
3. Elevate forensic awareness. A typical user response to a problem at a desktop computer is to "reboot" the computer. During a cyber attack, this seemingly harmless action may overwrite valuable forensic evidence that is crucial to identify and prosecute the source of the attack. Exercises should include education sessions on how law enforcement organizations and other forensic investigation firms conduct computer forensic investigations and a walk-through on steps all participants should take to minimize incidents of data loss.
4. Improve senior executive understanding of threats. A cyber security attack can be a brand risk - and that demands the attention of senior management. Communication is one of the most common reasons organizations fail to respond effectively to an incident. The exercise should test the chain of communications for how internal and external crisis communications messages are developed and articulated. It also provides the opportunity to validate and adjust information security programs that are part of corporate and government regulatory compliance initiatives.
5. Gain greater organizational credibility. Cyber attacks have the potential to be disruptive beyond internal operations. Organizations regularly conducting cyber security exercises increase their standing with other companies and customers by demonstrating a commitment to being a reliable business partner and vendor. External parties should be included in the exercise as appropriate.

The U.S. Departments of Health and Human Services (HHS), Labor and the Treasury have issued new regulations designed to provide greater protection for individual patients' genetic information.

The interim final rule will help ensure that genetic information is not used adversely in determining health care coverage and will encourage more individuals to participate in genetic testing, which can help better identify and prevent certain illnesses.

The interim final rule with request for comments and the notice of proposed rulemaking implement Title 1 of the Genetic Information Nondiscrimination Act of 2008 (GINA). Under GINA, and the interim final rule, group health plans and issuers in the group market cannot:

·        increase premiums for the group based on the results of one enrollee's genetic information;

·        deny enrollment;

·        impose pre-existing condition exclusions; or

·        do other forms of underwriting based on genetic information.

In the individual health insurance market, GINA prohibits issuers from using genetic information to deny coverage, raise premiums or impose pre-existing condition exclusions.

Further, under GINA and the new interim final regulations, group health plans and health insurance issuers in both the group and individual markets cannot request, require or buy genetic information for underwriting purposes or prior to and in connection with enrollment. Finally, plans and issuers are generally prohibited from asking individuals or family members to undergo a genetic test.

HHS, through its Office for Civil Rights, also issued a notice of proposed rulemaking with a 60-day comment period, to propose changes to HIPAA to prohibit health plans from using or disclosing genetic information for underwriting purposes.

The proposed rule modifies the HIPAA Privacy Rule pursuant to GINA Title 1 to clarify that genetic information is health information, and to prohibit the use and disclosure of genetic information by covered health plans for eligibility determinations, premium computations, applications of pre-existing condition exclusions, and any other activities related to the creation, renewal or replacement of a contract of health insurance or health benefits.

In combination with the new penalties for violations of the HIPAA Privacy Rule, as provided for by the American Recovery and Reinvestment Act of 2009, a use or disclosure of genetic information in violation of the HIPAA Privacy Rule could result in a fine of $100 to $50,000 or more for each violation.

The American Health Information Management Association (AHIMA) has established a Health Information Bill of Rights as a model for protecting the personal health information of the nation's 300 million-plus health care consumers.

The Health Information Bill of Rights, seven protections supported by in-depth validations, was made necessary by "repeated abuses of access, accuracy, privacy and security of the most basic rights of individuals whose trust has been betrayed and dignity compromised," said Vera Rulon, AHIMA president.

The first two protections seek to guarantee health care consumers cost-free access to their health information, even during the "course of treatment." The third protection creates an ideal for health information that is "accurate and as complete as possible."

The fourth and fifth protections target medical identity theft, calling for "the right for you or your representative(s) to know who provides, accesses and updates your health information" and "expect health care professionals and others . be held accountable for violations of all privacy and security laws, policies and procedures."

"Our sixth protection deals with a national standard for health information privacy and security - especially as we advance down the road toward a national health information exchange," said Wendy Mangin, AHIMA past president. "Last is our protection that would establish the right to an opportunity to seek private, legal recourse in the event that a breach of one's health information causes harm."

As the Standard & Poors 500 index tumbled more than 37 percent in

2008, CEO compensation barely fell, according to a recent report from the Corporate Library, an independent corporate governance and executive compensation research firm.

Median total annual compensation for the companies included in the study declined by 0.08 percent in 2008, suggesting that the link between CEO pay and performance remains very weak. The report includes data from more than 2,700 public companies, more than any other CEO pay study released so far this year.

"While these findings are historic in that we have never seen a decline in CEO compensation since we began this series of surveys in 2002, if there were ever an argument that pay is fatally divorced from performance, then this is surely it," said Senior Research Associate Paul Hodgson, co-author of the report.

The Corporate Library's 2009 CEO Pay Survey also looks at other key findings:

• The median decrease in total realized compensation was 6.38 percent, which is out of line with the economic downturn. (Total realized compensation includes the value realized on vesting of shares, option value realized, pension/non-qualified deferred compensation earnings and pension pay in the last year.)

• Approximately 75 percent of CEOs included in the study received a base salary increase in 2008, up from 73 percent in 2007.

• More CEOs saw declines in realized compensation in 2008 than in 2007 (just over 56

percent and 40 percent, respectively).

• Oracle CEO Lawrence Ellison is the only CEO to appear in the Corporate Library's list of the top 10 highest paid CEOs in both 2007 and 2008, having earned approximately $750 million in realized compensation over the period.

Health reform may have Americans divided on the best way to move forward, but broad consensus exists around one strategy for cutting costs, increasing access and improving quality: health information technology (HIT). 

A recent survey commissioned by the Career College Association and TechAmerica and conducted by Harris Interactive reveals that three of four U.S. adults believe a fully implemented HIT system will have a positive outcome for health care quality and access, while 64 percent believe it will have a positive outcome on health care costs for patients. 

There is also widespread agreement on opinions across gender, age group, educational attainment, household income and marital status. 

HIT involves applying automation to multiple aspects of care delivery, including creation and storage of medical records; point of care systems providing bedside diagnostics and testing; telemedicine for enhanced online diagnostics, treatment and education; remote monitoring for assessing chronic conditions and patient compliance; e-prescribing that eliminates handwriting mistakes and flags negative drug interactions; and the clinical and back office systems that improve efficiency and effectiveness in hospitals, ambulatory and long-term care facilities and related venues.

Though strongly supportive of HIT, a high percentage of adults expressed concerns about the availability of appropriately educated health care workers to use the new technology properly. Sixty-two percent of adults either agree or strongly agree that one of the reasons HIT is not more widely used in the U.S. is due to a lack of trained personnel. Twice as many adults indicated that there are not enough people trained to use health IT (33 percent) as those who agreed that the popularity of the HIT field is attracting adequate numbers of people for training (17 percent).

HIT could also help Americans adopt healthier lifestyles, the survey found, in addition to its contribution to health reform. Three out of five adults (61 percent) agree that people would adopt healthier behaviors if IT systems and well-trained personnel to help them use the technology were more widely available in venues such as drug stores, health clubs, recreation centers, schools and other places readily accessible to the public.

As part of National Health IT Week, HIMSS recognized recipients of the 2009 HIMSS Davies Award of Excellence at a Sept. 22 press conference at the House Triangle on Capitol Hill in Washington, D.C.

This year's honorees are:

HIMSS Organizational Davies Award

MultiCare Health System is an integrated not-for-profit organization in Tacoma, Wash., with a children's hospital, primary and urgent care clinics, home health and hospice programs serving four counties.

HIMSS Ambulatory Davies Award

Virginia Women's Center is central Virginia's largest provider of individual obstetric and gynecologic care, with 26 physicians and 12 nurse practitioners at five clinical sites. Subspecialties include urology, clinical research, mammography, bone health, nutrition counseling and mental-health counseling.

Community Health Davies Award

Two organizations, Urban Health Plan and Heart of Texas, shared this year's Community Health award. Urban Health Plan is a network of federally qualified community health centers based in the South Bronx and Queens, N.Y. Heart of Texas is a Federally Qualified Health Center, supporting the oldest family medicine residency west of the Mississippi and serving the target population of 90,200 residents of McLennan County, Texas, living at or below 200 percent of Federal Poverty Guidelines.

Public Health Davies Award

Two public health systems received the Davies Public Health Award: the Boston Public Health Commission and Denver Public Health, a division within Denver Health and Hospital Authority. HIMSS announced the recipients of these awards in August.

"The recipients of the HIMSS Davies Award are leaders in EHR implementation as they prove that technology can be leveraged to produce value and achieve patient safety and quality outcomes with a positive ROI," said David Collins, HIMSS director of health care information systems. "As the country moves closer to nationwide use of the electronic health record, these health care leaders should be considered as valuable examples and resources for EHR success."

Xerox and Affiliated Computer Services Inc. (ACS) have reached a definitive agreement for Xerox to acquire ACS in a cash and stock transaction valued at $63.11 per share or $6.4 billion as of the closing price of Xerox stock on Sept. 25.

Under the terms of the agreement, ACS shareholders will receive a total of $18.60 per share in cash plus 4.935 Xerox shares for each ACS share they own. In addition, Xerox will assume ACS's debt of $2 billion and issue $300 million of convertible preferred stock to ACS's Class B shareholder. The transaction, which has been approved by the Xerox and ACS boards of directors and ACS special committee, is expected to close in the first quarter of 2010. ACS will operate as an independent organization and initially will be branded ACS, a Xerox Company.

"By combining Xerox's strengths in document technology with ACS's expertise in managing and automating work processes, we're creating a new class of solution provider," said Ursula M. Burns, Xerox chief executive officer. "A game-changer for Xerox, acquiring ACS helps us expand our business and benefit from stronger revenue and earnings growth."

According to Forrester Research, 73 percent of the global workforce will be enterprise mobile users by 2012. This represents 187.9 million enterprise mobile users in 2009, growing to 397.1 million users in 2012. To help companies meet the increasing demand for information delivered over mobile devices such as smartphones and cell phones while avoiding the complexity of managing these devices, Verizon has announced a new managed mobility service.

Verizon Managed Mobility is managing multiple mobile devices, usage plans and applications across multiple carriers. Verizon's services are intended to help organizations address security risks associated with data residing on mobile devices and supports the creation and launch of mobile enterprise applications, while measuring and assessing the success of corporate-wide mobility programs. Recent studies indicate the use of mobile devices - including mobile phones, personal digital assistants and laptops - can increase productivity, enhance service delivery and streamline business processes and decision-making.

"Mobility in the workplace is becoming a necessity, and IT decision-makers are looking for ways to enable the modern workforce - no simple task," said Nancy Gofus, senior vice president, global business products at Verizon. "IT organizations are struggling with the magnitude of defining mobility requirements touching every part of an organization. With managed mobility, organizations can take the guesswork out of supporting mobility."

Click Forensics recently identified an unusually large spike in click fraud traffic coming from a new botnet that appears to have eluded filters at the most sophisticated search engines, publishers and ad networks.

Codenamed the "Bahama botnet" by Click Forensics, the malware distributed botnet is using coordinated methods to mask itself as a legitimate source of search advertising traffic. Click Forensics has tracked instances where the botnet's attacks have affected up to 30 percent of an advertiser's monthly search budget for a specific campaign.

"During the past four years we've monitored billions of clicks for top search engines, ad networks, publishers and advertisers. This scheme is one of the most sophisticated we've seen," said Paul Pellman, CEO of Click Forensics. "The botnet is effectively disguising the fraud it produces as 'good traffic' by altering the interval and breadth of the attacks across legions of infected machines."

Click Forensics recently found links to the malware behind the Bahama botnet in Google search results for "Facebook Fan Check virus." The malware program is similar to "scareware" or a malvertising program found in advertisements recently on NYTimes.com. In that case, The New York Times identified the fraudulent ads and alerted visitors not to click on them. Both malware programs attempt to trick users into downloading them by claiming to be antivirus fixes. However, they are really Trojan programs that enable third parties to take controls of the PCs that install them.

The Bahama botnet commits click fraud in different ways. It can generate paid clicks by using normal user behavior to transform an organic search into a paid click. It can also leverage the network of bot-infected machines to programmatically auto-generate paid clicks without human interaction. The dual nature of this botnet makes it a more powerful vehicle for committing click fraud than other kinds of click fraud botnets.

Maryland's three largest hospital systems and a large retirement community operator are building a statewide health information exchange (HIE) that could ultimately link up to a national network, and could even be operational before any federal network, according to The Baltimore Sun.

The Chesapeake Regional Information System for Our Patients (CRISP) has been approved for $10 million in state funding to start building the exchange over the next two to five years. The initiative will connect Johns Hopkins Medicine, MedStar Health and the University of Maryland Medical System, with the goal of allowing hospitals, insurance providers and health care professionals to freely and securely share information about the patients that come through their doors, the Sun reported.

"For doctors who don't have a prior record, it could be real helpful to get the discharge summary from the hospital down the street, which can bring them up to speed very quickly on a patient," David Horrocks, CRISP president, told the paper.

Horrocks also said the exchange will likely be built before any federal network is completed, but added that the goal is to make the state network compatible with the federal one, according to the Sun.

"Our goal is to stay true to those [federal] standards," Horrocks said.

Plans for increased investments in mainframe hardware and software represent a ray of light for enterprise data center managers who plan to leverage their existing mainframe deployments, according to a new survey from IDC.

The survey, which polled 300 end users, found that nearly one-half of respondents indicated they plan to increase annual spending on mainframe hardware and software. IDC's assessment of the mainframe's role in the multi-platform data center provides insight into the current state of the IBM System z mainframe platform, examines hardware characteristics and capacity, and analyzes the key workloads and use cases that will determine the fate of the mainframe in the future.

The study identifies the emergence of a blended, or hybrid, approach to computing on the IBM System z platform. "Customers are finding that new workloads, including Linux-based and Java-based workloads, can leverage the mainframe's built-in security and high levels of availability, by running them on mainframe specialty processors, such as the IFL, zIIP and zAAP processors," said Jean S. Bozman, research vice president with IDC's Enterprise Platforms Group. "This pattern of adoption is placing software licensing costs on a lower price schedule for these new workloads than if they were running natively on the IBM System z hardware platform. In this way, customers are seeing a blended approach to deploying and maintaining workloads - carrying longtime workloads forward on System z, even as they bring new workloads onto the mainframe."

The mainframe is still seen by respondents as a key element for centrally managed corporate data and high value computing workloads by providing them with a layer of highly controllable enterprise management software. Many customers reported that they can plan another wave of investments in the System z platform over the next 2-5 years, given the system's high availability, reliability, and security for mission-critical applications.

Lisa Rawlins, director of quality and performance improvement for Broward Health in Fort Lauderdale, Fla., was recently selected by the Certification Commission for Health Information Technology (CCHIT) to serve on its Health Information Exchange work group for the third year in a row. Rawlins serves as the only Health Information Exchange workgroup member from Florida.

Rawlins joined Broward Health in 2007 and is responsible for developing and managing system-wide quality initiatives and process improvement programs. She has 20 years of experience in the health care industry, and has served in various leadership roles within the health care policy-making, regulatory, payer and provider environments, in both public and private sectors. Rawlins has served on various national advisory committees regarding health care quality and health information technology.

The Certification Commission received more than 1,123 separate applications and selected 265 members for its 19 work groups. The groups will work on the rapidly transitioning existing certification qualifications for the Commission and develop new paths to certification.

"The flow of revenues from the American Recovery and Reinvestment Act of 2009 to health care providers utilizing health IT will depend greatly on meeting the certification specifications developed through CCHIT," Rawlins said. "Broward Health has made a substantial investment in its health information system and there is a tremendous interest and commitment within the health care community to fully implement health IT. These groups will give us an opportunity to deal effectively with the challenges and changes that this year will bring."

The Certification Commission for Health Information Technology (CCHIT) will proceed with its planned launch of two new certification programs on Oct. 7. In addition to an updated comprehensive electronic health record (EHR) certification program, called CCHIT Certified 2011, the organization will offer a modular certification program called Preliminary ARRA 2011 that is limited to the standards for qualifying EHR technology under the American Recovery and Reinvestment Act (ARRA).

"There is a high risk that providers would not achieve meaningful use to qualify for the ARRA incentives in 2011 and 2012 if they wait until late 2010 to implement certified EHR systems and technologies," said Mark Leavitt, MD, PhD, chair of the Commission, in a statement.

The Commission has followed and analyzed the emerging recommendations of the health information technology advisory committees to the Office of the National Coordinator, and believes there is sufficient information to offer the preliminary ARRA certification now.

Criteria and standards are expected to be published by the Department of Health and Human Services by the end of 2009, and final rules on meaningful use are expected later in the spring of 2010. If that process results in the introduction of new requirements, the Commission will offer vendors with preliminary certifications an incremental inspection at no additional fee to bring their certifications into alignment with the final rules. The Commission's certification materials, including criteria, test scripts and certification policies for both programs, will be published at www.cchit.org on Sept. 24. Applications for certification will be open online on Oct. 7.

To prepare HIT companies and developers to make their 2011 certified EHR technology available to providers sooner, CCHIT is offering a workshop in the Chicago area on Oct. 1. The purpose of the workshop, Get Certified 2011, is to orient companies and developers to the new certification process and to use the new certification program tools effectively. More information about the workshop is available here.

Security software and services spending will outpace other IT spending areas in 2010, according to a recent survey by Gartner. Security software budgets are expected to grow by approximately 4 percent in 2010, more than all other areas of infrastructure software. Security services budgets are projected to grow almost 3 percent, significantly outperforming other service areas.

In April and May of 2009, Gartner surveyed more than 1,000 IT professionals with budget responsibility worldwide to determine their budget-planning expectations for 2010.

"In the current highly uncertain economic environment, with overall IT budgets shrinking, even the modest spending increases indicated by the survey show that security spending accounts for a higher percentage of the IT budget," said Adam Hils, principal research analyst at Gartner. "Security decision makers should work to allocate limited budgets based on enterprise-specific security needs and risk assessments."

Specific areas of projected security-related software spending growth in 2010 include security information and event management (SIEM), e-mail security, URL filtering and user provisioning.

The continued strong emphasis on security extends beyond software. The survey showed that security services spending will also outpace spending in other IS service areas, with budgets expected to grow 2.74 percent in 2010. This anticipated increase is being driven by a movement towards managed security services, cloud-based e-mail/Web security solutions, and third-party compliance-related consulting and vulnerability audits and scans. 

"When evaluating and planning 2010 security budgets, organizations should work to achieve a realistic view of current spending and recognize that it may be impossible to capture all security-related spending because of organizationally diffused security budgets," said Ruggero Contu, principal research analyst at Gartner. "Businesses should also recognize that new threats or vulnerabilities may require security spending that exceeds the amounts allocated, and should consider setting aside up to 15 percent of the IT security budget to address the potential risks and impact of such unforeseen issues."

Partnering with Verizon, Maimonides Medical Center, a Brooklyn, N.Y.-based hospital system, recently worked with Verizon Connected Healthcare Solutions to conduct a comprehensive review of its network infrastructure to address complex patient data privacy requirements as mandated by the federal Health Insurance Portability and Accountability Act (HIPAA).

Verizon Connected Healthcare Solutions, a recently formed practice group drawing from expertise and resources across Verizon, delivers IT applications and professional services designed for the health care industry, including hospitals, medical providers and insurers/payers, as well as pharmaceutical and life science companies.

Verizon Connected Healthcare Solutions IT professionals reviewed Maimonides' wired and wireless network architecture to address HIPAA security requirements. Additionally, specialized penetration testing was conducted on the hospital's wireless network to help protect against rogue or unauthorized access that could compromise patient and other critical data.

Maimonides uses a wide range of Verizon wireline and wireless services to enhance the speed, security and reliability of access to critical health care data in order to help streamline delivery and access to health care services. In addition, the Maimonides-led Brooklyn Health Information Exchange (BHIX), a consortium of 10 Brooklyn-based health care organizations representing the continuum of medical care, is using the Verizon-provided Maimonides network to transform the delivery of health care services through an ongoing regional collaboration.

"Maimonides takes great pride in the progress it has made to truly transform the delivery of health care through the use of advanced information technologies," said Walter Fahey, CIO of Maimonides Medical Center. "Our long-standing collaboration with Verizon is one of the keys to our success. Working closely with Verizon, we have deployed advanced networks and integrated critical health care applications. This important work touches every area of our operations, and helps us effectively deliver health care to our patients."

Service-level agreements (SLAs) are a minor consideration in most IT departments, if they are considered at all, according to a recent survey of nearly 300 IT professionals, conducted by Stratus Technologies and the Information Technology Industry Council. This apparent indifference to SLAs comes at a time when more revenue-producing processes in more industries depend on the ability of their IT systems and applications to achieve higher levels of reliability and uptime, the survey noted.

Forty-three percent of the companies surveyed said they regularly review SLAs, while 46 percent reported that they don't review them at all. The remaining 11 percent didn't know whether they did or not.

The survey also found a pattern of high expectations, sketchy enforcement and limited executive understanding of the importance of SLAs:

· Forty-four percent of companies surveyed "hold IT accountable for defined performance metrics," 31 percent do "when something goes wrong," 19 percent don't define performance metrics and 9 percent don't do anything;

· 21 percent don't measure infrastructure performance management, and only 5 percent use client SLAs as the measurement device;

· More than half (52 percent) use unplanned downtime or a specific subset of IT systems as their barometer, but 51 percent said they don't know how much downtime costs; and

· Only 16 percent of companies surveyed have collaboration between top executives and IT managers on internal and external SLA metrics.

"When you step back from all the details, the survey reveals a huge need for executive leadership on service levels," said Peter Flynn, Stratus vice president, worldwide customer services. "Whether IT is servicing internal or external customers or both, the whole company has to be geared toward defining optimal performance, settling on the metrics to measure it, then appropriating the resources to support it. Availability is discipline, not a feature; it becomes a part of corporate culture, like quality does in the best firms."

The Office of e-Health Initiatives will support the efforts of the Health Information Partnership for Tennessee (HIP TN), the new, not-for-profit entity designed to bring together the state's local, regional and state electronic health information initiatives and resources into a collaborative partnership to improve access to health information.

Melissa Hargiss, director of the Office of e-Health Initiatives, will serve HIP TN in an ex-officio capacity, and Commissioner Dave Goetz, Tennessee Department of Finance and Administration, joins the partnership's board of directors. HIP TN's board will include 10 members from the private sector and two representatives of the public sector.

"HIP TN wants to advance the exchange of health information between providers to make sure patients receive well-coordinated care, thereby improving quality and cost efficiencies, no matter the setting or level of care," Hargiss said in a statement. "One of the key objectives on which HIP TN will focus is security and privacy for consumers and health care providers, making sure a patient's confidential information is protected and shared with providers only in a secure manner."

HIP TN representatives met recently in Nashville to finalize board of director members and to organize the various workgroups that will work with Tennessee's Department of Finance and Administration and Office of e-Health Initiatives in developing a statewide, strategic health information exchange plan.

When finalized, HIP TN will approve the plan the Office of e-Health will submit to the U.S. Health and Human Service Department's Office of National Coordinator (ONC), the federal agency with oversight of the health information technology portions of the American Recovery and Reinvestment Act (ARRA). The plan will be Tennessee's application to draw Federal stimulus funds for health information exchange.

HIP TN's work groups will help with the plan's components of governance, clinical objectives, privacy and security, technical architecture, health information technology adoption, consumer education, evaluation and financing.

The Certification Commission will be holding a Town Call web conference on Sept. 3, at 12 p.m. Central, to gather input from the vendor and developer community on the details and timing of its planned new paths to certification of electronic health record (EHR) technologies, with the goal of supporting more rapid, widespread adoption and meaningful use under the American Recovery and Reinvestment Act of 2009 (ARRA).

Information about the free Town Call is available here.

"We are concerned that providers could not achieve meaningful EHR use in 2011 if they wait until spring 2010 -- the expected date of HHS final approval of requirements -- to begin adopting this technology," said Mark Leavitt, MD, PhD, Commission chair. "CCHIT has analyzed the recommendations of the Federal HIT Advisory Committees and is preparing to offer new paths to certification this October. We invite vendors and developers to join us on a Town Call as we finalize the details of this process."

Besides updating and enhancing its current certification program for comprehensive EHRs in ambulatory, inpatient and emergency department settings, the Commission plans to launch a more limited, modular inspection program for EHR technology, focusing only on compliance with ARRA-required standards.

During the event, concepts and some details of these two programs will be discussed. Participants will be invited to submit questions and comments online, and respond to polling regarding their interest and readiness for participation in the process.

The Certification Commission is also tentatively planning training sessions to be held in Chicago on Sept. 29 and Oct. 1, to orient vendors and developers to its new programs including updated application processes, applicable certification criteria and test scripts, and other added policies. More information will be available about these training sessions following the Town Call.

The world's largest companies have for the most part failed in their effort to reduce the cost of functions such as finance, IT, human resources and procurement over the past year, exacerbating the impact of dramatic declines in revenue, profits and earnings, according to research from the Hackett Group.

Hackett's analysis of the latest financial results of nearly 200 of the 1,000 largest public companies in the world that have reported second quarter 2009 financial information, showed that only one company in four was able to manage their selling, general and administrative (SG&A) costs in line with revenue reductions over the past 12 months.

While these companies saw average revenue reductions of 23.7 percent, they were only able to cut SG&A costs by 6.7 percent. As a result, SG&A costs as a percentage of revenue for Global 1000 companies have risen over the same period, going from 12.6 percent of revenue to 15.5 percent of revenue. Hackett's research found that typical Global 1000 companies (with $26 billion in annual revenue) are losing out on up to $1 billion in annual cost savings as a result of this lack of agility.

"Agility is a competitive weapon that has become a requirement in today's marketplace, where hyper-global competition and economic uncertainty reign supreme. Companies should have been able to rapidly reduce their overall G&A costs to more closely match the revenue reductions they are seeing," said Hackett Chief Research Officer Michel Janssen. "But despite lots of tough talk about freezing discretionary spending and making across the board cuts, most companies appear to have failed in their efforts to manage their G&A cost structures. This trend has been getting worse each quarter, with the 'agility gap' growing wider."

The U.S. Department of Health and Human Services (HHS) has issued new regulations requiring health care providers, health plans and other entities covered by HIPAA to notify individuals when their health information is breached.

These "breach notification" regulations implement provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of the American Recovery and Reinvestment Act of 2009 (ARRA).

The regulations, developed by the HHS Office for Civil Rights (OCR), require health care providers and other HIPAA-covered entities to promptly notify affected individuals of a breach, as well as the HHS Secretary and the media in cases where a breach affects more than 500 individuals. Breaches affecting fewer than 500 individuals will be reported to the HHS Secretary on an annual basis. The regulations also require business associates of covered entities to notify the covered entity of breaches at or by the business associate.

"This new federal law ensures that covered entities and business associates are accountable to the Department and to individuals for proper safeguarding of the private information entrusted to their care," said Robinsue Frohboese, acting director and principal deputy director of OCR. "These protections will be a cornerstone of maintaining consumer trust as we move forward with meaningful use of electronic health records and electronic exchange of health information."

The regulations were developed after considering public comment received in response to an April 2009 request for information and after close consultation with the Federal Trade Commission (FTC), which has issued companion breach notification regulations that apply to vendors of personal health records and certain others not covered by HIPAA.

To determine when information is "unsecured" and notification is required by the HHS and FTC rules, HHS is also issuing, in the same document as the regulations, an update to its guidance specifying encryption and destruction as the technologies and methodologies that render protected health information unusable, unreadable or indecipherable to unauthorized individuals. Entities subject to the HHS and FTC regulations that secure health information as specified by the guidance through encryption or destruction are relieved from having to notify in the event of a breach of such information. This guidance will be updated annually.

The HHS interim final regulations are effective 30 days after publication in the Federal Register and include a 60-day public comment period. For more information, click here.

According to a new report from KLAS Research, 2008 saw electronic medical record (EMR) vendors sell the fewest number of new contracts in the United States and Canada in the seven years since KLAS began tracking clinical market share information.

The report, "Physicians, Nurses, and EMR Adoption: Which Solutions Are CEOs Betting On?" reflects data collected from more than 1,600 hospitals with 200-plus beds in the U.S. and Canada. While acknowledging the seven-year low in EMR sales, the report also notes that the recent past does not appear to be an indication of the future.

"The advent of new meaningful-use requirements, plus the ongoing debate around broader health care reform, has many organizations looking for a new clinical information system," said Jason Hess, KLAS general manager of clinical research and author of the new report. "During this study, KLAS identified more than 400 large hospitals that either have no EMR or are using a legacy system, and we are already aware of purchasing activity that, if the rate continues, will far exceed 2008 sales."

Despite a tough economy, Epic continued to make gains among large hospitals, capturing nearly 40 percent of new business, according to the report. Beyond the steady progress of Epic EpicCare Inpatient, Siemens Soarian Clinicals and McKesson Paragon Clinicals found some unusual wins in 2008, the report noted.

Five non-Siemens hospitals (four organizations) bought Soarian last year, despite the product's historically low computerized physician order entry (CPOE) adoption. Further, the company won three hospitals in the over 400-bed space, bucking Epic's trend of pushing vendors out of that market, KLAS reported.

Of the 12 McKesson EMR wins in hospitals with more than 200 beds, four of the organizations chose Paragon as opposed to Horizon. Those wins indicate that Paragon, one of the lowest-rated systems that KLAS followed in 2000, is now gaining significant momentum, not to mention leading performance scoring in the community hospital information system market, the research firm stated.

The KLAS report noted that, for Cerner and Eclipsys, leadership in CPOE adoption did not necessarily translate into EMR wins. Cerner has the highest number of hospitals doing CPOE, and Eclipsys has the greatest number of physicians doing CPOE, yet neither vendor was among the top three in new large-hospital EMR sales in the U.S. and Canada in 2008, according to KLAS.

Other vendors highlighted in the KLAS report include GE, Meditech, Medsphere and QuadraMed.

A new report from the State Alliance for e-Health aims to help states lead the way in using health IT and health information exchange (HIE) and guide them as they begin instituting the federal Health Information Technology for Economic and Clinical Health (HITECH) Act.

The State Alliance for e-Health, a consensus-based, executive-level body composed of governors, state legislators, attorney generals and state commissioners, was created by the National Governors' Association (NGA) Center for Best Practices in 2006 to address the role states can play in facilitating adoption of health IT and HIE.

The report, "Preparing to Implement HITECH: A State Guide for Electronic Health Information Exchange," recommends actions states should begin undertaking now to successfully implement the HITECH Act. The recommendations include: 

·        preparing or updating the state plan for HIE adoption;

·        engaging stakeholders;

·        establishing a state leadership office to manage the different phases of HIE implementation;

·        preparing state agencies to participate, implementing privacy strategies and reforms;

·        determining the HIE business model;

·        creating a communications strategy; and

·        establishing opportunities for health IT training and education.

"States already have taken the lead in modernizing the health care system by advancing the use of health IT, electronic health records, e-prescribing and electronic exchange of health information," said Vermont Gov. Jim Douglas, NGA chair and co-chair of the State Alliance. "We now have an opportunity to accelerate adoption of health IT across the states and create a truly comprehensive health care system that is effective, affordable and accountable."

Cooper University Hospital is in Camden, N.J., recently appointed Michael Sinno as vice president and CIO.

"It's an honor and humbling experience to be selected as CIO of Cooper University Hospital," Sinno said in a statement. "It's a reward in itself to be able to come to work each day doing something that I truly love."

Sinno joined Cooper in January 2002 as the hospital's networking manager. In this role, he developed a strategic plan for the hospital's data network and expanded his expertise into all technical disciplines within the IT infrastructure. That same year his position was expanded to manager of IT infrastructure. In just seven years, Sinno was promoted four times and assisted in reorganizing the infrastructure division of the IT department. The reorganization has allowed the infrastructure division to focus on emerging technologies and technology delivery, and to achieve this without compromising the availability of existing operational systems and applications. The most recent accomplishment includes fitting Cooper's new 10-story Patient Pavilion with state-of-the-art technology equipment.

"Mr. Sinno did an excellent job leading Cooper through the recent implementation of the [hospital's] electronic health record system," said John P. Sheridan, Jr., Cooper's president and CEO.

Once fully implemented, the EHR will allow for improved safety and quality in patient care by providing accurate and seamless access to the patient's chart regardless of where the patient is seen in the Cooper Health System. Additionally, the system will allow for improved collaboration between Cooper physicians and their patients by giving the patients secure and confidential online access to their electronic medical charts and allowing for two-way communication between physicians and their patients.

"There is an underlying commitment to excellence and to caring for the patient, and the patient's family, that I believe is shared across all levels and departments within the hospital," added Sinno. "We are the silent caregiver that makes sure all systems are running and patients' medical records are secure within our database."

The electronic exchange of health information between physicians, hospitals, health plans and patients has increased substantially in the last year, and is reducing the cost of care and positively impacting physicians, according to a recent survey released by the eHealth Initiative (eHI).

The organization's Sixth Annual Survey of Health Information Exchange, which included responses from 150 community-based initiatives, found that the number of health information exchanges (HIEs) that report being operational and exchanging data has increased nearly 40 percent since 2008. Fifty-seven HIEs reported being operational in 2009, up from 42 initiatives in '08, according to the survey report. Forty percent reported generating cost savings from data sharing.

Primary reported areas of cost-cutting included:

·        reduced staff time spent on handling lab and radiology results (26 operational initiatives);

·        reduced staff time spent on clerical administration and filing (24);

·        decreased dollars spent on redundant tests (17);

·        decreased cost of care for chronic care patients (11); and

·        reduced medication errors (10).

According to the survey, health information exchange has also had a positive impact on physician practices, allowing them to become more efficient without disrupting care. Operational initiatives reported that HIEs have impacted their practices in the following areas: 

·        improved access to test results and resultant efficiencies on practice (28 operational initiatives);

·        improved quality of practice life (24);

·        reduced staff time spent on handling lab and radiology results (23); and

·        reduced staff time spent on clerical administration and filing (22).

"The survey shows the potential for health information exchange to improve efficiency and reduce health care costs nationwide. We have real examples where care delivery was improved and cost savings found," said Jennifer Covich, chief operating officer and interim CEO at eHI. "The American Recovery and Reinvestment Act could significantly impact health information exchange. Now more than ever, we need to focus on what works and direct resources that way."