►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
So
today,
as
part
of
our
Information
Awareness,
our
topics
are
going
to
be
being
a
consumer
in
an
EMR
world
and
IAM
are
folks
who
are
familiar
in
the
electronic
medical
records.
We
have
invested
a
two
guest
speakers-
sharon
arohi,
who
is
the
chief
information
officer
for
the
Children's
Institute
here
in
the
city
of
Pittsburgh
and
Angela
horniman,
who
is
part
of
this
cert
program
at
Carnegie,
Mellon
University,
the
software
Institute
she's,
going
to
talk
to
us
a
little
bit
today
about
employee
security.
B
Thank
you
so
much
for
inviting
me
I'm
excited
I'm,
always
excited
to
actually
do
these
kind
of
talks
and
the
one
thing
I'll
set.
The
stage
with
is
I
know
when
Christine
contacted
me.
She
said
it
was
about
awareness
and
so
and
she
had
a
whole
bunch
of
things
like
that.
She
wanted
me
to
talk
about
it.
B
So
I
hope
you
walk
away
with
an
awareness
so
that
the
next
time
you
go
to
your
family
practice
physician,
for
instance,
you
have
a
little
better
understanding
of
some
of
the
things
that
might
be
happening
behind
the
scenes
in
his
or
her
office
and
what
may
be
in
store
for
us
as
consumers
and
how
you
really
can
get
involved
as
a
as
a
consumer.
I
always
like
to
start
off
with
a
little
bit
about
myself,
I've
been
with
the
Children's
Institute
for
20
years,
the
chief
information
officer
there
that's
how
I
met
Christine.
B
She
actually
worked
for
me
several
years
ago,
was
a
fantastic
employee,
we're
located
in
squirrel
hill,
and
we
specialize
in
pediatrics
and
on
the
rehab
side
we
have
62
inpatient
beds.
We
have
several
outpatient
locations
that
you
may
have
heard
from,
but
we
also
have
two
other
specialty
areas
are
day
school
which
serves
approximately
190
students,
and
we
have
a
component
that
we
call
Project
Star
and
it
really
focuses
on
family
placement
preservation,
adoption
all
around
kids
with
special
needs.
B
B
You
may
have
seen
some
of
these
acronyms
or
even
heard
some
of
these
words,
and
you
might
be
thinking
how
do
they
actually
apply
to
me
as
they
as
the
consumer
I'm,
going
to
focus
in
on
the
ones
that
I
have
highlighted
in
yellow
the
whole
concept
of?
What
is
this
thing
that
people
are
calling
EMR
or
EHR,
and
is
there
really
a
difference?
You
might
have
heard
the
phrase
meaningful
use
that
came
into
play
really
around
2009
and
then
more
and
more
we're
starting
to
hear
about
hie
or
hio.
B
What's
that
all
about,
and
that
really
us
have
a
profound
effect
on
us
as
consumer,
so
hopefully,
at
the
end,
you'll
be
interested
enough
that
you're
going
to
even
take
a
part
as
being
a
stakeholder
here
in
Pennsylvania
and
then
a
couple
offshoots
that
have
really
helped
along
the
way,
especially
here
in
Pennsylvania,
there's
a
local
professional
society
known
as
hymns.
That
really
has
a
lot
of
the
underpinnings
of
what
we've
been
doing
from
a
healthcare
technology
perspective,
but
probably,
most
importantly
as
us,
as
Pennsylvania
taxpayers,
there's
actually
a
partnership
authority.
B
Now
that
is
run
under
the
leadership
of
the
governor
that
is
really
making
strides
for
healthcare,
especially
in
the
exchange
part
across
the
state
which
is
really
exciting.
So
let
me
just
I'm
going
to
cut
a
bee
bop
right
through
some
of
these
things
and
again
trying
to
jam
pack
a
few
things
right
into
this
presentation.
You
may
have
heard
EMR
versus
EHR
and
I
just
want
to
set
the
record
straight.
It's
okay,
to
use
them
interchangeably,
but
underlying
there
really
is
a
difference.
B
Amr
came
first
and
it
really
focused
in
on
plainly
digitizing
the
medical
chart,
so
all
that
paper
stuff
that
a
doctor
was
doing
whenever
we
became
into
the
electronic
world
and
started
thinking
about
that,
EMR
really
focused
on
those
individual
physician
practices
or
internal
to
a
hospital.
That's
how
the
EMR
was
actually
born.
We've
really
broadened
that
scope
now
to
really
entertain
electronic
health
record
and
really
that
whenever
I
say
broadened,
I
mean
outside
the
scope
of
our
individual
practices
in
terms
of
physicians,
but
now
engaging
specialists,
labs
other
organizations.
Even
through
the
continuum.
B
We
have
the
ability
now
to
have
information
from
a
pediatric
perspective
through
adulthood,
clear
to
senior
living.
So
when
you
think
about
that-
and
you
think
about
some
of
the
things
that
even
as
consumers,
that
we're
kind
of
recording
and
watching
in
our
own
health
care,
that's
what's
really
involved
or
encompassing
one
speaks
of
the
electronic
health
record,
but
again
fine
to
use
them
interchangeably,
but
a
little
bit
a
little
bit
different.
There
I
want
to
touch
on
well
what
really
started
the
whole
EMR
conversation.
B
It
really
goes
back
clear,
believe
it
or
not
to
two
thousand
four
ish
I'm
is
where
we
really
heard
it
publicly
spoken
of
first,
and
that
was
during
President
Bush's
rain
in
office.
He
was
the
one
that
created
under
his
reign.
The
office
of
the
National
Coordinator
of
health
information
technology
and
I
can
be
remember
being
at
one
of
the
hymns
conferences
when
his
wife
was
there,
and
this
was
the
introduction
first
of
smartphones
and
whenever
she
was
actually
communicating
with
her
her
physician
with
that
technology.
B
B
That's
when
it
really,
the
fire
got
lit
under
healthcare
organizations
to
really
participate
in
not
only
dis
digitizing,
their
own
medical
information,
but
really
participating
in
the
sharing
of
information
and
the
reason
I
say
it
lit
the
fire,
because
this
whole
concept
called
Meaningful
Use
really
from
a
regulatory
perspective.
Allow
monies
to
be
kind
of
doled
out
to
States
to
actually
get
that
fire
lit
and
to
engage
physicians,
to
invest
money
and
also
help
them
from
an
incentive
perspective.
B
Fit
foot
the
bill
for
for
that
investment
because
again,
EHR
technology
or
EMR
technology
is
not
cheap
changes.
The
way
some
folks
do
business,
but
it
also
I
mean
just
like
we
know
of
in
our
own
office
settings
I
mean
different.
People
have
different
amounts
of
money
that
we
can
spend
on
the
latest
and
greatest
technology
or
even
phone
systems
for
that
matter,
but
meaningful
use
allowed
that
incentive
dollar
idea
to
really
have
the
EMR
initiative
really
take
off.
B
So
you're
going
to
hear
about
that-
and
you
may
hear
about
that
even
in
the
news,
but
but
we
can
actually
kind
of
focus
back
in
on
that
I
think
was
one
of
the
primary
driving
forces
in
the
EMR
adoption
world.
These
other
things
that
I
have
up
on
the
board.
Whenever
people
were
talking
about
high
tech
or
through
the
years
when
they
started
talking
about
digitizing
or
EMR
technology,
it
was
really
about
healthcare,
reform
and
healthcare
change.
B
Thinking
that
maybe
if
we
could
get
our
act
together
in
terms
of
all
this
paper,
pushing
that
we
were
doing
could
technology
play
a
role
in
somehow
increasing
quality
and
lowering
the
cost
of
health
care.
I'm
here
to
say,
I,
don't
know
that
we
can
necessarily
say
that
today,
but
I
think
we're
on
the
path,
even
if
we
think
about
our
own
health
care.
Hopefully
it
won't
be
long
that
we
still
have
to
carry
around
all
our
medication
list
will
be
able
to
actually
have
that
shared
amongst
healthcare
organizations.
B
So
I
think
we're
on
the
right
path
stole
a
little
bit
of
work
to
do
in
terms
of
really
seeing
the
outcomes
there.
I
put
this
slide
in
the
presentation,
because
in
the
EMR
adoption
world
and
in
our
organization
in
particular,
we
took
on
not
only
because
of
the
high
tech
and
and
because
of
the
interest
in
organizationally
digitizing
our
records,
but
also
hymns
level
7.
You
might
hear
people
talk
about
that.
B
They
were
the
first
ones
that
really
came
up
with
a
kind
of
I'm,
almost
a
pyramid
kind
of
look
to
enforce
or
have
folks
start
to
take
a
look
at.
How
much
are
we
electronic
and
you
know
how
people
like
competition,
so
healthcare
organizations
aren't
any
different
from
that,
so
the
kind
of
the
race
to
get
them
to
be
the
most
digitized
was
really
something
that
was
born
out
of
the
hymns
group
and
their
level
1
through
7
kind
of
pyramid
with
level
7
being
paperless.
B
So
everybody
was
striving
for
as
soon
as
they
hear
EMR.
Let's
go
paperless,
that's
not
always
what
it
turned
out
to
be,
but
that
was
another
driving
force
in
terms
of
EMR
adoption
and
again
meaningful
use
those
things
actually
at
the
individual,
acute
care
level
or
the
hospital
level
we're
also
combined
with
internal
goals
like
productivity.
Can
we
improve
improve
the
productivity
of
our
clinicians?
Can
we
improve
patient
safety?
B
Could
we
improve
compliance
from
a
billing
perspective
and
a
documentation
perspective,
so
those
were
some
of
the
things
that
actually
drove
our
EMR
projects
along
the
way
and
I
thought
it
was
important
to
share
with
you,
because
when
you
go
to
that
physician
office,
some
of
those
times
when
the
signs
are
conversion
in
place
or
we're
learning
a
new
system.
These
are
the
things
that
are
happening
behind
the
scenes.
B
One
of
the
things
that
our
societies
that
I
mentioned
was
hymns
I,
throw
that
up
there
again,
just
because
we
throw
around
acronyms
laud
nit
that
actually
stands
for
health
information
management
system,
society
and
again
it's
it's
people
interested
in
healthcare
information
technology.
So
it's
not
just
EMR
because
they
started
way
back
in
management
engineering
days
when
they
were.
They
were
starting
to
look
at
well.
How
long
did
someone
wait
in
the
in
the
waiting
room
and
maybe
do
analytical
studies
on?
B
How
could
we
improve
that
kind
of
focus
and
they've
gotten
more
recently,
until
obviously
EMR
and
health
information
exchange?
So
that's
an
important
piece,
but,
most
importantly
in
terms
of
us
speaking
about
EMR
adoption
and
where
we
write
from
a
consumer
perspective,
they
really
led
the
way
from
a
society
perspective
with
that
that
pyramid
approach
and
striving
to
have
people
get
to
that
level.
7
where
it
was
paperless.
B
Just
a
couple
slides
about
the
meaningful
use
regulation.
Again,
I
mentioned
it.
It
really
came
into
light
around
2009
with
the
HITECH
Act
and
meaningful
use
is
really
at
around,
not
only
the
technology
but
a
set
of
standards
that
would
incentivize
folks
to
adopt
EMR
technology.
So
if
I
had
to
put
it
in
words,
I
best
said
it
using
the
definition
that
ONC
even
had
out
on
the
website
using
certified
EMR
technology,
hopefully
was
to
improve
the
quality
safety
efficiency
and
reduce
health
disparities,
engage
patients
and
families.
B
If
you
remembered
it
hasn't
been
too
long
that
we've
actually
had
these
things
called
portals,
where
you
can
actually
go
online
and
schedule
an
appointment
or
look
up
your
lab
results
again.
Really
this
EMR
technology
and
what
came
out
of
the
hi-tech
really
lit
the
fire
for
organizations
to
engage
in
those
kind
of
portals
to
be
available,
improving
care
coordination
and
population
and
public
health.
We're
really
probably,
if
I
had
to
say
at
the
tip
of
the
iceberg.
B
There
there's
so
much
data
and
you'll
hear
people
talk
about
big
data,
we're
hoping
that
all
of
the
collection
of
data
that
folks
are
gathering
is
going
to,
hopefully
lead
us
down
the
path
of
improving
population,
health
or
at
least
being
able
to
analyze
that
population
health
perspective
and
then
obviously
the
maintaining
of
privacy
and
security.
At
the
very
start
of
this
and
the
start,
people
cannot
will
probably
be
able
to
speak
to
it
even
better.
This
is
something
that
is
always
very
sensitive
myself.
Look
at
the
news.
B
Whenever
we
talk
about
you
know
the
the
breaches
that
happen
on
the
credit
card
side
or
the
social
security
number
site
in
health
care,
our
health
records,
believe
it
or
not,
or
even
more
valuable
in
some
neck
of
the
woods.
So
if,
if
we
did
not
have
standards
and
weren't
able
to
maintain
the
privacy
and
security
of
those,
none
of
this
would
be
attractive
to
any
of
us
as
consumers
or
as
technologists.
B
The
reason
I'm
going
to
show
you
these
next
two
slides,
sometimes
when
we're
engaged
with
our
physician
they've
started
to
use
computers
in
the
exam
rooms,
and
you
may
be
asking
how
come
they're
asking
specific
questions
they
didn't
delve
into
all
of
this,
or
they
were
talking
about
discrete
data
that
needed
to
be
collected.
Now
that
we're
in
this
a.m
our
world
and,
in
particular,
funder
meaningful
use
in
order
to
get
incentivizing.
B
What
I
mean
by
that
is
literally,
they
are
getting
money
to
actually
spend
on
being
able
to
foot
the
bill
for
the
implementation
of
that
EMR,
so
they
needed
to
actually
put
in
the
regulation.
What
could
we
prove
back
to
the
government
and
the
folks
that
wrote
the
regulation
in
order
to
get
the
money
that
we
were
really
meaningfully
using
the
system?
So
things
like
the
CPOE
physician
order,
entry
that
stands
for
or
recording
all
of
the
information
upfront
related
to
our
demographics
you'll
see
some
things
here.
B
So
you
might
have
seen
some
of
these
kinds
of
changes
over
the
last
couple
of
years
because
of
those
incentive
dollars
again
they're
not
going
to
say
that
out
loud,
but
behind
the
scenes
this
is
what's
happening.
There
were
also
optional
things
that,
depending
on
where
an
organism
asian
is
with
their
technology,
it
wasn't
a
requirement
that
we
fulfill
all
of
these.
But
you
again,
you
may
see
incorporating
lab
test
results
into
emrs.
For
instance,
that's
what
allowed
us
from
a
portal
perspective
to
actually
have
the
consumer
be
able
to
view
their
lab
results.
B
Prior
to
this,
they
might
not
have
been
collected.
What
we
call
discreetly,
they
might
have
just
been
enclosed
in
in
the
the
verbiage
that
the
doctor
dictated
on
the
discharge
summary
a
little
more
difficult
to
pull
that
information
out
to
actually
get
a
particular
reading
or
a
particular
lab
result.
Meaningful
use
at
least
set
the
stage
for
saying
no.
That
information
needs
to
be
stored.
Discreetly
in
the
electronic
health
record.
B
The
other
thing
that
came
along
with
meaningful
use
is
we
everybody
recognized
that
all
of
this
can't
happen
at
one
time,
so
they
came
up
with
stages.
So
the
final
document
relating
to
stage
1
meaningful
use
standards
that
had
to
be
adhered
to
really
was
published
in
2010
and
now
the
focus
there
was
really
adopting
EMR.
So
if
people
didn't
have
it,
they
were
doing
system
selections.
B
They
were
engaging
consultants
to
help
them,
select
that
and
actually
implement
that
stage
2
with,
which
is
what
we're
in
currently
right
now,
the
actual
regulation
and
the
document
behind
the
stage
two
initiatives
really
was
published
in
2012.
It
focuses
more
on
that
clinical
decision
support,
engaging
the
families
and
the
patients
and
again
we're
in
that
midst.
B
Right
now
and
stage,
3
is
still
in
the
talking
stages,
a
lot
of
formation
being
put
together
by
a
lot
of
people,
soliciting
feedback
as
to
what
we
can
actually
do
in
stage
2
or
require
health
care
facilities
to
do
in
stage
3.
The
final
publish
date
for
that
is
expected
to
be
around
2016
and
possibly
into
2017.
The
focus
in
that
stage
is
going
to
be
more
on
the
sharing
of
information.
This
hie,
then
leads
me
to
my
next
set
of
acronyms.
B
It
is
simply
the
taking
that
electronic
information
now
that
we've
digitized
and
allowing
that
electronic
movement
of
health-related
information
among
organization.
So
now
it's
just
not
about
sharing
within
you
know
a
hospital
integrated
delivery
network
that
might
have
multiple
hospitals.
Now
it's
talking
about
us
over
here
in
western
Pennsylvania,
maybe
sharing
information
with
hospitals
in
Philadelphia.
B
So
if
I'm
traveling,
for
instance,
it's
it's
again,
something
that
can
be
looked
up
in
their
hospital
relative
to
my
my
care
here
over
in
Pittsburgh,
the
couple
things
that
are
really
exciting
about
the
hio
is
because
we
live
here
in
western
Pennsylvania.
We
are
very
fortunate
not
only
because
we're
in
Pennsylvania,
but
western
Pennsylvania
has
seen
a
lot
of
activity
a
lot
of
interest
in
in
terms
of
hio
and
hie
in
particular
Pennsylvania
in
2012.
B
There
was
a
Senate
bill
that
allowed
the
partnership
authority
to
be
enacted,
and
its
mission
is
really
to
improve
health
care,
delivery
and
health
care
outcomes
in
Pennsylvania
by
enabling
the
secure
exchange
of
health
information.
So
what
does
that
really
mean
that
basically
means
that
this
Authority
is
responsible
for
the
electronic
highway?
That
is
being
built
here
in
Pennsylvania
to
allow
us
to
actually
share
information
across
the
state,
and
the
way
that's
happening
is
I
want
to
go
back
to
this
screen
here
in
western
Pennsylvania
we
have
a
health
care
information
organization
called
clinical
connect.
B
We
also
have
another
health
information
exchange,
starting
on
the
high
mark
and
Allegheny
Health
Network
side
called
tapestry,
and
this
in
this
organization,
or
this
exchange
is
allowing
organizations
that
have
made
the
investment
in
electronic
medical
record
technology
to
actually
now
share
that
information
with
other
organizations.
So,
for
instance,
your
your
family
practice.
Physician
may
already
be
engaged
in
this.
So
if
you,
if
you're
signing
the
privacy
notice,
read
some
of
the
little
finer
print,
you'll
you'll
see
that
you
might
be
signing
to
say.
B
Yes,
it's
okay
for
me
to
have
my
information
shared
with
the
hio
or
the
hie
that
that's
a
on
the
left-hand
side
of
health
care
systems,
for
instance,
that's
that
are
engaged
in
the
clinical
connect
piece,
so
Armstrong,
County,
Butler,
Health,
System,
axela
heritage
valley,
st.
Clair,
UPMC,
Washington,
all
on
the
health
care
system
side,
but
notice
here
in
the
picture.
There
are
also
independent
practice
plans
engaged.
B
So
if
you
take
your
kids
to
the
pediatric
Alliance
they're
sharing
information
with
the
exchange,
we
happen
to
be
one
of
the
folks
and
sharing
information
on
the
rehab
side
and
then
post
the
care
post,
acute
care.
The
orc,
Pennsylvania
or
the
prez
be
a
senior
care
organization
is
also
engaged
with
this
sharing.
So
hopefully
you
can
see
then
what's
happening.
B
Not
only
is
the
information
being
made
available
to
you
in
the
patient
portal,
but
now,
as
you
move
through
the
continuum
of
care,
you
don't
have
to
be
like
my
dad
and
carry
that
the
medications
and
the
surgeries
in
his
back
pocket
to
actually
remember
when
his
surgeries
were.
What
medications
he's
in
this
hie
here
in
western
Pennsylvania
is
actually
going
to
be
fed
into
the
state
highway.
That
I
spoke
of
and
I
want
to
just
throw
up
a
picture
here
for
a
minute
before
I
describe
some
of
the
history.
B
Pull
in
that
medical
record
information
from
wherever
that
may
have
been,
if
that
patient
elected,
to
participate
in
the
exchange.
So
if
you
said
no
to
that
your
information,
is
it
going
to
be
available?
But
if
you
said
yes,
that
means
your
provider
there
now
doesn't
have
to
have
you
asked
for?
Can
you
bring
along
your
medical
records,
a
copy
of
your
medical
records?
That
was
the
old
and
day
we
all
went
if
we
had
a
specialist.
B
B
The
one
other
organization
I
have
up
on
the
screen
here.
The
pae
health
initiative
I
was
heavily
involved
in
that
organization.
It
were
a
little
bit
silent
right
now,
because
the
partnership
is
really
we're
all
putting
our
ducks
into
helping
support
the
partnership
piece.
But
this
pae
health
initiative
organization
was
really
a
group.
It
was
a
non-profit
group
of
interested
people.
That
said,
hey
we're
doing
a
lot
of
stuff
electronically.
B
Can't
we
get
the
ball
rolling
in
terms
of
exchanging
information
or
making
sure
that
the
physicians
have
the
resources
to
install
and
implement
electronic
medical
records.
So
all
of
this
speaks
to
the
fact
that
I
think
we
live
in
a
really
good
state
and
we
live
a
really
in
a
really
good
part
of
the
state
in
terms
of
the
interest
and
the
support
for
these
kinds
of
initiatives.
B
This
part
here
that
I
spoke
of
in
terms
of
the
hio
piece
of
it,
though
I
think
the
really
exciting
piece
is
it's
not
just
talk.
This
is
the
year
that
it's
actually
coming
to
fruition
that
the
highway
itself
is
be
becoming
actually
alive,
so
by
December
2015
early
January
2016,
several
health
information
exchange
shins
across
the
state
clinical
connect
being
one
of
them,
but
also
on
the
eastern
side.
There's
another
health
information
exchange
called
healthcare
exchange
of
southeastern
PA,
st.
B
B
So
I
tried
to
dream
a
whole
bunch
of
stuff
from
an
awareness
perspective,
but
hopefully
you've
walked
away
with
a
little
couple.
Little
things
related
to
EMR
EHR,
maybe
meaningful
use
has
a
different
meaning
for
you.
Now.
What
the
pae
Health
Partnership
Authority
is
all
about.
The
fact
that
the
hems
group
from
a
society
perspective,
if
you're
into
IT-
and
you
want
to
get
more
involved
with
that
there's
a
professional
society
that
actually
lends
itself
to
that,
and
probably
most
importantly,
the
movement
of
the
hie
and
the
hio
activities
in
in
our
state.
B
So
you
may
be
asking
so.
How
can
I
get
involved
or
air
can
I
even
get
involved?
Being
a
healthcare
consumer
in
Pennsylvania
and
specifically
here
in
Pittsburgh
I
would
challenge
all
of
you.
If
you're
interested
there
are
several
good
websites
to
actually
go
to
in
Pennsylvania
the
authority
website.
This
pae
health
org
has
a
great
website.
A
lot
of
good
information
and
I
would
actually
encourage
you
and
challenge
you
there's
even
a
place.
B
There's
a
link
on
the
left-hand
side
that
says
stakeholder
as
taxpayers
here
in
Pennsylvania
I
encourage
you
take
a
look
at
that
become
a
stakeholder
it'll
actually
put
you
on
the
path
of
at
least
seeing
the
information
in
being
able
to
contribute.
If
you
have
an
opinion
about
where
healthcare
is
going
in
Pennsylvania,
in
particular
with
all
of
the
exchange
information,
this
organization
is
looking
for
consumers
to
become
more
involved.
So
don't
look
at
this
as
well.
B
This
is
some
IT
thing
and
if
only
if
I'm
involved
in
healthcare
or
EMR
we're
talking
about
we're
all
taxpaying
citizens,
let's
get
involved
in
western
Pennsylvania.
The
hems
organization
has
a
western
Pennsylvania
Chapter,
encourage
you.
If
you're,
if
you're
looking
down
that
pike,
you
could
get
involved
from
that
perspective
and
in
Pittsburgh
I
put
this
up
there,
because
our
organization
is
involved
in
clinical
connect
soon
will
probably
be
hearing
more
about
tapestry
and
where
the
other
hie
might
be
going
here
in
Pittsburgh
as
well,
but
clinical
connect
right
now,
you
may
be
even
involved.
B
C
B
That's
a
really
good
point,
and
actually
Pennsylvania
is
a
little
bit
behind.
There
are
some
states
that
are
actually
a
way
ahead
of
us
in
terms
of
the
health
information
exchange
it
really
had
to
do
with
where
their
state
and
where
their
government
and
where
organizations
within
the
state
wanted
to
be
involved
with
that,
but
at
the
federal
level
outside
of
the
meaningful
use
dollars,
piece
really
kind
of
lighting
the
fire.
There
is
a
health
information
exchange
called
healthy
way
and
actually
back
on
this
one
slide.
B
Whenever
I
talked
about
the,
where
Pennsylvania
was
actually
going,
I
didn't
really
allude
to
it
up,
but
up
on
the
top
here,
the
the
intention
is
at
the
state
level
to
actually
connect
to
that
interstate
exchange
and
that's
through
the
healthy
way
it
used
to
be
called
the
National
the
new
win,
but
now
it's
called
healthy
way.
So
that
would
be
what
you're.
Speaking
of
so
again,
if
we,
if
we
travel
to
California,
then
will
our
California
doctors
know
about
our
stuff
in
Pennsylvania.
Don't
have
the
exact
date
as
to
when
that's
going
to
get.
B
Can
that,
probably
sometime
after
that
2016
because
right
now,
they're
concentrating
on
Pennsylvania
health
information
exchange
connections,
starting
to
talk
a
little
bit
to
Delaware
West,
West,
Virginia
and
Ohio,
but
not
necessarily
at
that
at
that
national
level?
Now
clinical
connect,
the
one
thing
I
will
say,
is
kind
of
dipping
their
toe
into
that
water
already
because
of
our
big
veteran
population.
Part
of
healthy
way
also
includes
the
Veterans
Administration,
so
clinical
connect
is
actually
already
taking
that
that
step
to
become
connected.
So
yes,
exciting
time
across
the
nation.
Other
questions,
yes,.
D
B
It's
your
said
that
it
is
that
that's
the
correct
terminology,
but
it's
just
the
opposite.
If
you,
if
you
don't
want
it
to
be
shared,
you
have
to
sign
so
be
careful
when
you're.
Looking
at
that,
because
again
people
are
different.
People
have
different
levels
of
sensitivity
about
whether
or
not
they
want
their
information
shared.
The
one
thing,
I
didn't
actually
dwell
on.
Psychiatric
information
is
not
being
shared,
so
but
medical
information
is
really
the
crux
of
what
we're
doing
right
now.
So.
D
B
It's
a
matter
of
turning
on
a
switch
it,
because
what
ultimately
ends
up
happening
is
at
some
point
in
the
future.
You
may
decide
you
know
what
I'm
really
am
comfortable
with
this
and
now
I
actually
want
it
to
be
turned
on
so
when
they
flip
that
switch
they'll
be
able
to
see
all
of
that.
So
when
you
flip
the
switch
off,
nothing
gets
seen
until
you
actually
say
yes,
I
want
it
to
be
shared
and
then
all
of
that
history
then
becomes
available.
B
E
B
Actually,
a
really
good
question:
when
IAM
ours
first
started,
it
was
kind
of
what
you
just
described.
Every
every
vendor
was
out
there
trying
to
like
think
about
functionality
and
think
about
that,
just
in
the
confines
of
the
one
physician
practice
or
the
other
one
hospital.
Since
then,
there
are
standards.
There
are
national
standards
now
from
a
technology
perspective
and
for
meaning
to
even
participate
in
meaningful
use.
Your
EMR
has
to
be
certified,
so
there's
actually
a
body
that
certifies
your
EMR.
B
So
you
know
as
an
organization
when
you're
making
that
purchase
you
will
be
compatible
and
then
interfacing
becomes
a
different
issue.
There
is
there's
a
different
set
of
standard
hl7
standards
that
are
in
place
to
allow
that
for
transmitting
lab
information,
that
lab
information
is
transmitted,
the
same
way
or
admission
information
or
discharge
information.
There
are
national
standards
for
that
as
well.
That's
a
really
good
question.
C
I'm
Angelyn
horniman
I'm
from
cert
this
part
of
the
software
engineering
Institute
at
Carnegie,
Mellon
I,
was
asked
to
provide
a
general
security
presentation
just
to
go
over
some
as
a
reminder.
In
case
you
don't
know
some
of
the
general
security
practices
that
can
help
safeguard
your
information
and
both
your
home
and
your
business.
C
Some
of
the
topics
I'm
going
to
go
over
our
password
reuse
is
a
no
no
passwords
are
keys,
be
careful
with
your
emails
and
social
engineering
is
one
of
the
most
prevalent
ways
to
lose
your
personal
information,
such
as
credit
cards,
or
to
get
your
computers
and
networks
infected
so
starting
out
with
passwords
password
reuses
and
no
no.
Why
is
this
true
or
false?
If
someone
can
access
your
email
account,
they
can
access
some
financial
account.
Any
guesses.
C
Not
for
forty
five
percent
of
so
many
people
reuse
their
passwords
between
accounts
that,
if
one
account
whether
it's
an
email
account
or
social
media
account,
is
compromised,
as
hackers
can
guess
at
your
banks
and
use
the
same
password
and
login
information
to
access
those
accounts.
I
put
together
some
scenarios.
These
particular
scenarios
themselves
are
not
real,
but
they
all
have
elements
that
have
been
that
I
have
pulled
from
different
attacks.
That
I've
read
it
out.
C
Even
if
you
would
you
do
something
like
use
a
different
password
for
your
bank
account
if
an
attacker
can
get
into
your
email
account,
because
you
use
the
same
password
for
your
email
account
or
the
email
account
password
is
sup
account
itself
was
compromised.
Attackers
can
get
into
your
bank
account
information.
Why?
C
Because
of
the
password
reset
thing
that
are
usually
tied
back
to
your
email,
account
we've
seen
instances
where
there
have
been
attacks.
First
instance,
a
customer
loyalty
database
has
been
compromised.
Those
databases
when
you
sign
up
for
a
card
like
a
giant
eagle
advantage
card,
we're
right,
ADA,
wellness+
program
have
your
name.
Email
addresses,
often
security
question
answers.
Sometimes
they
even
have
the
passwords
that
have
not
been
encrypted
stored
directly
on
the
database.
C
If
an
attacker
can
see
this
information
and
you've
reused,
your
password
anywhere
else
there's
a
good
possibility
that
they
will
be
able
to
use
that
information
to
get
into
some
other
account.
If
one
of
those
accounts
happens
to
be
your
email
account
well,
then
they
can
do
password
resets
on
any
other
account
that
they
would
be
interested
in.
C
C
In
some
of
the
attacks
that
I've
read
about
in
a
previous
life,
I
worked
in
an
ICT
apartment.
We
were
supposed
to
lock
her
computer
screens
any
time
we
moved
away
from
our
desk.
Well,
one
day
somebody
walking
away
from
their
screen
their
computer.
It
wasn't
me
and
I
did
not
do
this,
but
one
of
my
co-workers
decided
they
were
going
to
turn
the
desktop
upside
down
and
change
the
handedness
of
the
mouse.
That's
what
I'm
a
lot
of
fix
because
trying
to
use
the
wrong
s
direction.
Mouse
upside
down
is
hard.
C
C
If
you
leave
your
password
laying
around
or
you
have
a
counseling
locked
or
they're
poorly
protected,
and
somebody
can
get
into
your
laptop
desktop
computer
or
smartphone,
what
else
can
they
manipulate?
Not
just
the
data
on
your
computer,
but
maybe
even
data
and
physical
systems
within
your
house?
Emails
are
the
most
common
way
that
attackers
get
access
to
account.
Information
access
to
network
data
or
data
that
they
shouldn't
have.
One
of
the
reasons
is
that,
even
if
people
have
virus
scanners,
my
our
scanners
don't
detect
everything.
C
C
C
One
thing
that
we
have
been
seen
a
lot
of,
especially
in
the
government
space,
is
that
emails
are
crafted
to
look
like
they
come
from
coworkers
or
conferences
or
vendors
that
you
legitimately
work
with
these
emails
will
contain
attachments
or
external
links
that
will
cause
something
to
be
downloaded
onto
your
computer.
That
may
do
something
like
log
everything
you
type
or
call
back
out
to
some
website
that
will
give
an
attacker
remote
access
to
your
computer,
I
myself
presented
at
a
conference
a
few
weeks
ago.
C
For
some
reason,
all
the
vendors
got
everybody's
email
address,
I
a
few
weeks
after
the
conference
got
an
email
from
a
vendor
about
a
product
that
had
an
attachment
in
a
link.
I
didn't
click
on
it.
I
didn't
open
it,
because
that
is
one
of
the
ways
that
a
lot
of
the
apt
actors,
the
advanced
persistent
threat
actors,
have
been
able
to
get
into
people's
networks.
They've
acted
as
vendors
or
clients
that
you
talked
to
at
a
conference
and
they've
sent
you
a
neat.
C
They
send
emails,
you
either
click
on
attachment
go
visit,
a
website
that
they
suggest
and
then
you're
infected,
something
that
the
more
general
population
might
see
would
be
not
necessarily
something
that's
infecting
their
computer.
That's
something
that's
encrypting
with
like
cryptolocker,
and
does
this
really
happen?
Yes,
if
you
google,
spearfishing
examples,
you'll
see
examples
not
only
of
the
the
cryptolocker
or
the
conference,
but
so
many
more
that
some
of
them
are
funny,
but
a
lot
of
them
are
really
scary
about
how
good
these
people
actually
are
when
it
comes
to
constructing
these
emails.
A
C
Just
talked
about
the
email
from
a
from
a
vendor,
there
was
one
instance
that
I
read
about,
and
this
really
impact
it
hit
me
how
good
these
people
are
when
they
want
to
do
social
engineering.
Somebody
had
compromised
Oh
either
our
web
web
mail
site.
They
were
sending
an
email
spoofing
the
address,
so
it
looked
like
it
came
from
one
of
the
victims.
Colleagues,
the
victim
read.
The
email
was
sort
of
worried
about
what
it
said
wasn't
sure.
So
he
hit
reply
to
ask:
is
this
illegitimate
email
thinking
it
would
go
back
to
his
colleague?
C
Well,
it
didn't
exactly
go
back
to
his
colleague.
It
went
back
to
the
attack
or
who
responded,
of
course,
it's
legitimate,
so
the
victim
down
and
clicked
on
the
attachment
opened
it
up
and
was
infected.
Unfortunately,
the
victim
didn't
actually
know
he
was
infected.
So
there
was
a
period
of
time
where
exfiltration
of
data
from
his
organization
was
occurring
from
it,
because
eventually
they
found
out
that
this
was
what
would
happen.
C
C
Both
of
those
things
are
very
good.
The
phone
call
would
be
my
first
choice
because
you
do
have
the
possibility
that
somebody
may
have
actually
compromised
the
actual
email
account,
in
which
case,
even
if
you
type
it
is
still
going
to
go
back
to
an
account
this
controlled
by
the
attacker,
and
there
have
been
a
few
instances
of
that,
though.
That's
not
that's
still,
not
very
common,
thankfully,
but
you
could
do
a
phone
call
or
if
you
have
something
like
a
chat
with
in
your
business,
skype
or
LinkedIn
or
whatever.
That
would
be
another
option.
C
C
Phones
like
the
cisco
phones,
where
your
voice
over
our
internet
instead
of
voice
over
telephone
line,
you
may
be
getting
a
call
that
has
somebody's
name
in
caller
ID,
where
it's
not
really
from
that
name
or
number.
There
have
been
instances
where
some
social
engineering
attacks
have
occurred
where
they
spoofed
an
organization's.
It
departments
number
they
call
the
they
call
a
potential
victim.
It's
not
too
hard
to
find
who
works
out
for
different
organizations.
I'm
sure
some
of
your
your
names
and
addresses
are
on
the
city
website.
C
Call
the
number
have
the
number
spoofed,
as
the
IT
department
say.
Something
is
the
matter
with
your
computer.
I
need
your
credentials
to
fix
it.
Don't
ever
give
your
credentials
to
anybody
who
asks
for
them,
especially
IT,
because
I
t
shouldn't
need
them.
If
they
can
reset
your
password,
they
shouldn't
be
asking
for
your
password.
They
actually
need
you
to
log
in.
They
should
be
coming
to
you
or
asking
you
to
come
to
them.
C
C
Back
when
I
was
an
undergrad,
there
was
a
lot
of
talk
about
social
engineering
with
Mal
people
would
compromise.
You
know
your
physical
mailbox
go,
take
out
information
back
to
the
IRS
or
maybe
stealing
credit
card
applications
to
steal
your
identity
that
leveled
off
for
a
few
years,
but
in
past
few
months,
I've
seen
an
increase
in
talking
about
this
again.
C
In
this
case,
you
may
be
getting
letters
from
the
IRS
or
some
other
perceived
organization
perceived
to
have
authority
requesting
information,
so
you
respond
to
it
and
then
people
take
the
response
out
of
your
mouth
box.
Two
things
here.
One
make
sure
if
you
get
anything,
questing
personal
information
from
someplace
legitimate
make
sure
that
you
verify
that
the
address
and
we're
phone
number
that
you're
responding
to
that
was
listed
in
the
letter
is
the
actual
one.
C
C
Again
back
when
I
was
an
undergrad
in
early
two
thousands,
this
was
a
big
thing.
People
put
in
flash
drives
that
contain
malware
out
in
a
parking
lot.
People
would
randomly
pick
it
up,
not
know
where
it
is.
Oh,
it's
a
flash
drive
free,
flash
drive,
don't
know
who
it
is
so
I
can
use
it
plug
it
in
your
infected
with
virus.
C
This
still
happens,
don't
ever
insert
any
random
USB
device
or
actually
anything
whether
it's
a
flash
drive,
even
certain
things
that
you
wouldn't
think
have
memory.
Do
you
have
memory,
so
maybe
a
keyboard,
a
mouse
be
very,
very
anything
that
you
can
plug
into
your
computer
or
CD
drives
or
DVDs.
If
you
don't
know
where
it
came
from,
you
probably
be
better
off,
not
just
tossing
in
the
garbage.
C
And
the
last
thing
I
want
to
talk
about
is
entering
secure
buildings.
Here
you
have
the
guards
at
the
door
where
we
work
at
cert.
We
have
guards
at
the
door.
I
was
reading
recently
about
a
journalist
who
want
wanted
to
see.
If
you
could
get
how
easy
it
would
be
to
get
access
to
I
think
it
was
some
sort
of
secure
city
building,
but
I'm,
not
sure,
don't,
remember
the
specifics,
so
he
randomly
chose
an
employee
stock
of
a
conversation
and
just
walked
in
the
door
following
him.
C
The
people
at
the
guard
desk
thought
that,
oh,
this
is
legitimate.
Employee
I
know
who
it
is
they're
talking.
He
must
be
with
him
left
him
at
the
journalists
left
him
at
the
stairs
went
on
his
way.
The
same
way
got
into
an
extra
secure
floor
was
able
to
walk
around
for
quite
a
while,
wasn't
actually
discovered.