By Aine Cryts

John Mertz, CIO and VP of Information Services, South Nassau Community Hospital

John Mertz, CIO and VP of Information Services, South Nassau Community Hospital

Balancing the need to protect patient records from would-be data thieves while providing physicians with access to those records is always on his mind, says John Mertz, CIO and vice president of information services at South Nassau Community Hospital in Oceanside, NY.

HIMSS15, the largest health IT event in the industry, takes place in Chicago from April 12 to 15, 2015, in Chicago. Mertz is particularly interested in the sessions on data and security.

AXIS recently spoke with Mertz about the sessions he’d like to attend at HMSS15.

AXIS: What issues keep you busiest in your role as CIO?

Mertz: One of the things that’s keeping me awake at night is security. It used to be that thieves would break into banks; suddenly, a patient’s electronic health record has more value than their financial record. If you steal someone’s credit card, their account can be shut down in a few hours. If a patient’s health information is stolen, the thief can start billing Medicaid for millions of dollars.

More and more, doctors have access to patients’ records on their mobile devices. I wrestle all the time with the need to balance providing this level of access to doctors, while ensuring security.

AXIS: What are some sessions you’re particularly interested in at HIMSS15?

Mertz: I’m interested in the whole section on privacy and security. After the data breach at New York-Presbyterian Hospital that cost nearly $5 million, every healthcare CIO has started to pay attention to this issue. The first rule in healthcare is “do no harm.” Patients are giving us their personal information so that we can provide care. Physicians provide care; our job in IT is to protect patients’ data.

Another issue is our involvement in our regional health information organization (RHIO) where the whole idea is to share patient data among caregivers. By New York state law, patients have the right to say yes or no to providing access to their data. If we don’t know if we have access to all of our patients’ data, that handcuffs us. It’s certainly a struggle to figure out if our physicians are seeing complete patient records.

AXIS: Any other sessions capture your interest?

Mertz: I’m interested in the session called “Beyond Implementation: Achieving Value from Your EHR After Implementation.” This is our mantra every day: We’ve reached Meaningful Use; now let’s get Meaningful Use out of our EHR. We’ve done all of this work to get information into these systems, now we need to figure out what information we can get out of them.

As our senior vice president puts it, “Meaningful Use was the floor. That’s where we start. What’s next is bringing value to patients and doctors and nurses.”

I’m also interested in the session on “OIG Security Audits of EHR Incentive Program Participants.” We’ve got all of the documentation to prove Meaningful Use, but we don’t know what they’re going to ask for in a Department of Health and Human Services’ Office of Inspector General (OIG) audit. Several hospitals have lost Meaningful Use dollars because of these audits, so this is definitely of concern.

AXIS: How about the sessions that focus on population health?

Mertz: The whole idea now is about trying to treat the patient outside the hospital while coordinating care with the hospital. If your doctors work for you, that’s easier to achieve. How do you do that when your doctors are primary care providers out in the community and not employed by your hospital? That’s our situation at South Nassau Community Hospital.

We did a survey of the doctors in our community and found out from the 50 who responded that they’re using 40 different EHRs. How do you share data on a patient named Mary Doe who’s gone to Dr Smith for 6 months for treatment when she decides to switch to Dr Jones as her doctor? Without access to her patient records, Dr Jones doesn’t know what he’s doing. It’s difficult to figure this out among independent practitioners.

###

About John Mertz:

John Mertz is CIO and vice president of information services at South Nassau Community Hospital, which has provided high-quality healthcare to the communities of (Long Island) Nassau’s South Shore since 1928.

In this capacity, he provides the vision and leadership needed to develop and implement strategic information technology initiatives at the hospital. Mertz leads the hospital in planning and implementing enterprise information systems to support both distributed and centralized clinical and business operations.