April 2009 Archives

Background - Use of Electronic Health Records in U.S. Hospitals

By Administrator on April 23, 2009 4:55 PM
Report from New England Journal of Medicine on Electronic Health Records. Concludes - very low levels of adoption in U.S. hospitals suggest policymakers face obstacles to goals that depend on health information technology. A policy strategy focused on financial support, interoperability, and training of technical support staff may be necessary to spur adoption of electronic-records systems in U.S. hospitals.




ABSTRACT

Background Despite a consensus that the use of health information technology should lead to more efficient, safer, and higher-quality care, there are no reliable estimates of the prevalence of adoption of electronic health records in U.S. hospitals.

Methods We surveyed all acute care hospitals that are members of the American Hospital Association for the presence of specific electronic-record functionalities. Using a definition of electronic health records based on expert consensus, we determined the proportion of hospitals that had such systems in their clinical areas. We also examined the relationship of adoption of electronic health records to specific hospital characteristics and factors that were reported to be barriers to or facilitators of adoption.

Results On the basis of responses from 63.1% of hospitals surveyed, only 1.5% of U.S. hospitals have a comprehensive electronic-records system (i.e., present in all clinical units), and an additional 7.6% have a basic system (i.e., present in at least one clinical unit). Computerized provider-order entry for medications has been implemented in only 17% of hospitals. Larger hospitals, those located in urban areas, and teaching hospitals were more likely to have electronic-records systems. Respondents cited capital requirements and high maintenance costs as the primary barriers to implementation, although hospitals with electronic-records systems were less likely to cite these barriers than hospitals without such systems.

Conclusions The very low levels of adoption of electronic health records in U.S. hospitals suggest that policymakers face substantial obstacles to the achievement of health care performance goals that depend on health information technology. A policy strategy focused on financial support, interoperability, and training of technical support staff may be necessary to spur adoption of electronic-records systems in U.S. hospitals.

The U.S. health care system faces challenges on multiple fronts, including rising costs and inconsistent quality.1,2,3 Health information technology, especially electronic health records, has the potential to improve the efficiency and effectiveness of health care providers.4,5 Methods to speed the adoption of health information technology have received bipartisan support among U.S. policymakers, and the American Recovery and Reinvestment Act of 2009 has made the promotion of a national, interoperable health information system a priority. Despite broad consensus on the potential benefits of electronic health records and other forms of health information technology, U.S. health care providers have been slow to adopt them.6,7 Using a well-specified definition of electronic health records in a recent study, we found that only 17% of U.S. physicians use either a minimally functional or a comprehensive electronic-records system.8

Prior data on hospitals' adoption of electronic health records or key functions of electronic records (e.g., computerized provider-order entry for medications) suggest levels of adoption that range between 5%9 and 59%.10 This broad range reflects different definitions of what constitutes an electronic health record,10,11 use of convenience samples,12 and low survey response rates.13 To provide more precise estimates of adoption of electronic health records among U.S. hospitals, the Office of the National Coordinator for Health Information Technology of the Department of Health and Human Services commissioned a study to measure current levels of adoption to facilitate tracking of these levels over time.

As in our previous study,8 we identified key clinical functions to define the minimum functionalities necessary to call a system an electronic-records system in the hospital setting. We also defined an advanced configuration of functionalities that might be termed a comprehensive electronic-records system. Our survey then determined the proportion of U.S. hospitals reporting the use of electronic health records for either of these sets of functionalities. We hypothesized that large hospitals would have a higher prevalence of adoption of electronic health records than smaller hospitals. Similarly, we hypothesized that major teaching hospitals would have a higher prevalence of adoption than nonteaching hospitals and private hospitals a higher prevalence than public hospitals. Finally, to guide policymakers, we sought to identify frequently reported barriers to adoption and potential mechanisms for facilitating it.

Methods

Survey Development

We developed our survey by examining and synthesizing prior hospital-based surveys of electronic-records systems or related functionalities (e.g., computerized provider-order entry) that have been administered in the past 5 years.9,13,14 Working with experts who had led hospital-based surveys, we developed an initial draft of the instrument. To get feedback, we shared the survey with chief information officers, other hospital leaders, and survey experts. We then obtained input from a consensus panel of experts in the fields of health information technology, health services research, survey research, and health policy. Further survey modifications were approved by our expert panel. The final survey instrument was approved for use by the institutional review board of Partners HealthCare.

Survey Sample and Administration

We collaborated with the American Hospital Association (AHA) to survey all acute care general medical and surgical member hospitals. The survey was presented as an information technology supplement to the association's annual survey of members, and like the overall AHA questionnaire, was sent to the hospital's chief executive officer. Hospital chief executive officers generally assigned the most knowledgeable person in the institution (in this case, typically the chief information officer or equivalent) to complete the survey. Nonresponding hospitals received multiple telephone calls and reminder letters asking them to complete the survey. The survey was initially mailed in March 2008, and our in-field period ended in September 2008.

Survey Content

We asked respondents to report on the presence or absence of 32 clinical functionalities of an electronic-records system and on whether their hospital had fully implemented these functionalities in all major clinical units, had implemented them in one or more (but not all) major clinical units, or had not yet fully implemented them in any unit in the hospital. We asked respondents to identify whether certain factors were major or minor barriers or were not barriers to the adoption of an electronic-records system and whether specific policy changes would have a positive or negative effect on their decision to adopt such a system. The questions and response categories used are listed in the Supplementary Appendix, available with the full text of this article at NEJM.org.

Measures of Electronic-Records Use

The Institute of Medicine has developed a comprehensive list of the potential functionalities of an inpatient electronic health record,15 but there is no consensus on what functionalities constitute the essential elements necessary to define an electronic health record in the hospital setting. Therefore, we used the expert panel described earlier to help define the functionalities that constitute comprehensive and basic electronic-records systems in the hospital setting. The panel was asked to identify whether individual functionalities would be necessary to classify a hospital as having a comprehensive or basic electronic health record. With the use of a modified Delphi process, the panel reached a consensus on the 24 functions that should be present in all major clinical units of a hospital to conclude that it had a comprehensive electronic-records system.16 Similarly, the panel reached a consensus on eight functionalities that should be present in at least one major clinical unit (e.g., the intensive care unit) in order for the hospital to be classified as having a basic electronic-records system. Because the panel disagreed on the need for two additional functionalities (physicians' notes and nursing assessments) to classify a hospital as having a basic system, we developed two definitions of a basic electronic-records system, one that included functionalities for nursing assessments and physicians' notes and another that did not. We present the results with the use of both definitions.

Statistical Analysis

We compared the characteristics of respondent and nonrespondent hospitals and found modest but significant differences. We estimated the propensity to respond to the survey with the use of a logistic-regression model that included all these characteristics and used the inverse of this propensity value as a weight in all analyses.

We examined the proportion of hospitals that had each of the individual functionalities and subsequently calculated the prevalence of adoption of an electronic-records system, using three definitions of such a system: comprehensive, basic with physicians' and nurses' notes, and basic without physician and nursing notes. For all subsequent analyses, we used the definition of basic electronic health records that included clinicians' notes.

We explored bivariate relationships between key hospital characteristics (size, U.S. Census region, ownership, teaching status, urban vs. rural location, and presence or absence of markers of a high-technology institution) and adoption of a basic or comprehensive electronic-records system. We considered the use of various potential markers of a high-technology institution, including the presence of a dedicated coronary care unit, a burn unit, or a positron-emission tomographic scanner. Because the results were similar for each of these markers, we present data based on the presence or absence of only one -- a dedicated coronary care unit. We subsequently built a multivariable model to calculate levels of adoption of electronic-records systems, adjusted according to these hospital characteristics. We present the unadjusted results below and those from the multivariate models in the Supplementary Appendix.

Finally, we built logistic-regression models (adjusting for the hospital characteristics mentioned above) to assess whether the presence or absence of electronic health records was associated with respondents' reports of the existence of specific barriers and facilitators of adoption. Since the number of hospitals with comprehensive electronic-records systems was small, we combined hospitals with comprehensive systems and those with basic electronic-records systems and compared their responses with those from institutions without electronic health records. In all analyses, two-sided P values of less than 0.05 were considered to indicate statistical significance.

Results

We received responses from 3049 hospitals, or 63.1% of all acute care general hospitals that were surveyed. After excluding federal hospitals and those located outside the 50 states and the District of Columbia, we were left with 2952 institutions. There were modest differences between respondents and nonrespondents (Table 1), and all results reported below have been adjusted for potential nonresponse bias.

View this table:
[in this window]
[in a new window]
Get Slide
  		Table 1. Characteristics of Responding and Nonresponding U.S. Acute Care Hospitals, Excluding Federal Hospitals.

 
Adoption of Clinical Functionalities in Electronic Format

We found large variations in the implementation of key clinical functionalities across U.S. hospitals. Only 12% of hospitals had instituted electronic physicians' notes across all clinical units, and computerized provider-order entry for medications was reported as having been implemented across all clinical units in 17% of hospitals (Table 2). In contrast, more than 75% of hospitals reported adoption of electronic laboratory and radiologic reporting systems. A sizable number of hospitals reported having implemented several key functionalities in one or more (but not all) units, having begun such implementation, or having identified resources for the purpose of such implementation. These functionalities included physicians' notes (among 44% of the hospitals) and computerized provider-order entry (38%).

View this table:
[in this window]
[in a new window]
Get Slide
  		Table 2. Selected Electronic Functionalities and Their Level of Implementation in U.S. Hospitals.

 
Adoption of Electronic Records

The presence of certain individual functionalities was considered necessary for an electronic-records system to be defined as comprehensive or basic by our expert panel (Table 3). On the basis of these definitions, we found that 1.5% (95% confidence interval [CI], 1.1 to 2.0) of U.S. hospitals had a comprehensive electronic-records system implemented across all major clinical units and an additional 7.6% (95% CI, 6.8 to 8.1) had a basic system that included functionalities for physicians' notes and nursing assessments in at least one clinical unit. When defined without the requirement for clinical notes, a basic electronic-records system was found in 10.9% of hospitals (95% CI, 9.7 to 12.0). If we include federal hospitals run by the Veterans Health Administration (VHA), the proportion of hospitals with comprehensive electronic-records systems increases to 2.9% (95% CI, 2.3 to 3.5), the proportion with basic systems that include clinicians' notes increases to 7.9% (95% CI, 6.9 to 8.8), and the proportion with basic systems that do not include clinicians' notes increases to 11.3% (95% CI, 10.2 to 12.5).

View this table:
[in this window]
[in a new window]
Get Slide
  		Table 3. Electronic Requirements for Classification of Hospitals as Having a Comprehensive or Basic Electronic-Records System.

 
Hospitals were more likely to report having an electronic-records system if they were larger institutions, major teaching hospitals, part of a larger hospital system, or located in urban areas and if they had dedicated coronary care units (Table 4); these differences were small. We found no relationship between ownership status and level of adoption of electronic health records: the prevalence of electronic-records systems in public hospitals was similar to that in private institutions. Even when we compared for-profit with nonprofit (public and private) institutions, there were no significant differences in adoption. In multivariable analyses, each of these differences diminished further and was less consistently significant (see the Supplementary Appendix).

View this table:
[in this window]
[in a new window]
Get Slide
  		Table 4. Adoption of Comprehensive and Basic Electronic-Records Systems According to Hospital Characteristics.

 
Barriers to and Facilitators of Electronic-Records Adoption

Among hospitals without electronic-records systems, the most commonly cited barriers were inadequate capital for purchase (74%), concerns about maintenance costs (44%), resistance on the part of physicians (36%), unclear return on investment (32%), and lack of availability of staff with adequate expertise in information technology (30%) (Figure 1). Hospitals that had adopted electronic-records systems were less likely to cite four of these five concerns (all except physicians' resistance) as major barriers to adoption than were hospitals that had not adopted such systems (Figure 1).

Figure 1
View larger version (12K):
[in this window]
[in a new window]
Get Slide
  		Figure 1. Major Perceived Barriers to Adoption of Electronic Health Records (EHRs) among Hospitals with Electronic-Records Systems as Compared with Hospitals without Systems.

Hospitals with electronic-records systems include hospitals with a comprehensive electronic-records system and those with a basic electronic-records system that includes functionalities for physicians' notes and nursing assessments. P<0.01 for all comparisons except physicians' resistance (P=0.20). IT denotes information technology, and ROI return on investment.

 
Most hospitals that had adopted electronic-records systems identified financial factors as having a major positive effect on the likelihood of adoption: additional reimbursement for electronic health record use (82%) and financial incentives for adoption (75%). Other facilitators of adoption included the availability of technical support for the implementation of information technology (47%) and objective third-party evaluations of electronic health record products (35%). Hospitals with and those without electronic-records systems were equally likely to cite these factors (P>0.10 for each comparison) (Figure 2).

Figure 2
View larger version (14K):
[in this window]
[in a new window]
Get Slide
  		Figure 2. Perceived Facilitators of Adoption of Electronic-Records Systems among Hospitals with Systems as Compared with Hospitals without Systems.

Hospitals with electronic-records systems include hospitals with a comprehensive system and those with a basic system that includes functionalities for physicians' notes and nursing assessments. P>0.10 for all comparisons. EHR denotes electronic health record, and HIT health information technology.

 
Discussion

We found that less than 2% of acute care hospitals have a comprehensive electronic-records system, and that, depending on the definition used, between 8 and 12% of hospitals have a basic electronic-records system. With the use of the definition that requires the presence of functionalities for physicians' notes and nursing assessments, information systems in more than 90% of U.S. hospitals do not even meet the requirement for a basic electronic-records system.

Although levels of adoption of electronic health records were low, many functionalities that underlie electronic-records systems have been widely implemented. A sizable proportion of hospitals reported that laboratory and radiologic reports, radiologic images, medication lists, and some decision-support functions are available in electronic format. Others reported that they planned to upgrade their information systems to an electronic-records system by adding functionalities, such as computerized provider-order entry, physicians' notes, and nursing assessments. However, these functionalities are typically more difficult to implement than the others that we examined, and it remains unclear whether hospitals will be able to do so successfully.

We found high levels of decision support in the absence of a comparable prevalence of computerized provider-order entry. It is possible that respondents reporting that their hospitals have implemented electronic decision support were including in that category decision-support capabilities that are available only for electronic pharmacy systems, thereby overstating the preparedness of hospitals to provide physicians with electronic decision support for patient care.

We found somewhat higher levels of adoption among larger, urban, teaching hospitals, probably reflecting greater availability of the financial resources necessary to acquire an electronic-records system. We expected to find lower levels of adoption among public hospitals, which might be financially stressed and therefore less able to purchase these systems. Although our results do not support this hypothesis, we did not directly examine detailed indicators of the financial health of the hospitals, such as their operating margins.

In 2006, we performed a comprehensive review of the literature on hospital adoption of electronic-records systems in the United States and found that the most rigorous assessment made was for computerized provider-order entry and that its prevalence was between 5 and 10%.6,9,14 An earlier AHA survey showed a higher prevalence of computerized provider-order entry,13 but the response rate was only 19%. A Mathematica survey showed that 21% of U.S. hospitals had computerized provider-order entry and 59% had electronic clinical documentation.10 However, this survey's definition of clinical documentation allowed for the inclusion of systems that were only capable of recording demographic characteristics of patients, a definition that is likely to have inflated adoption levels, given that Medicare requires electronic reporting of demographic data. A recent analysis, based on a proprietary database with an unclear sampling frame and an unknown response rate, showed that 13% of the hospitals had implemented computerized provider-order entry, a prevalence similar to that in our study.11

Most reports of a beneficial effect of electronic-records systems involved systems capable of computerized provider-order entry with clinical-decision support.4 Our experts took a lenient approach by not requiring the presence of clinical-decision support as part of a basic electronic-records system and by requiring adoption of computerized provider-order entry in only one clinical unit. Whether a hospital that has successfully implemented computerized provider-order entry in one unit can easily implement in other units and add clinical-decision support is unclear. Furthermore, a nonuniform information system within the hospital (paper-based in some units and electronic in others) may increase clinical hazards as patients move from one unit to another. Whether the benefits of adoption of an electronic-records system in some clinical units outweigh the theoretical hazards posed by uneven adoption within the hospital requires examination.

Respondents identified financial issues as the predominant barriers to adoption, dwarfing issues such as resistance on the part of physicians. Other studies have shown that physicians' resistance, partly driven by concerns about negative effects of the use of electronic health records on clinical productivity,17 can be detrimental to adoption efforts.18 Whether our respondents, most of whom have not adopted electronic health records, underestimated the challenges of overcoming this barrier or whether physicians are becoming more receptive to adoption is unclear. Either way, obtaining the support of physicians -- often by getting the backing of clinical leaders -- can be helpful in ensuring successful adoption.19

Another potential barrier to adoption is concern about interoperability: few electronic-records systems allow for easy exchange of clinical data between hospitals or from hospitals to physicians' offices. Low levels of health information exchange in the marketplace20,21 reduce the potential value of these systems and may have a dampening effect on adoption.

From a policy perspective, our data suggest that rewarding hospitals -- especially financially vulnerable ones -- for using health information technology may play a central role in a comprehensive approach to stimulating the spread of hospital electronic-records systems. Creating incentives for increasing information-technology staff and harmonizing information-technology standards and creating disincentives for not using such technology may also be helpful approaches.

Some providers, such as the VHA, have successfully implemented electronic-records systems. VHA hospitals have used electronic health records for more than a decade with dramatic associated improvements in clinical quality.22,23 Their medical records are nearly wholly electronic, and including them in our analyses led to a doubling of our count of U.S. hospitals with a comprehensive system. Some developed countries, such as the United Kingdom and the Netherlands, have also successfully spurred adoption of health information technology, although most of their progress has been in ambulatory care. Few countries have yet to make substantial progress in the inpatient setting.24

There are limitations to our study. First, although we achieved a 63% response rate, the hospitals that did not respond to our survey were somewhat different from those that did respond. We attempted to compensate for these differences by adjusting for potential nonresponse bias, but such adjustments are imperfect. Given that nonresponding hospitals were more likely to have characteristics associated with lower levels of adoption of electronic health records, residual bias may have led us to overestimate adoption levels. Second, we focused on adoption and could not accurately gauge the actual use or effectiveness of electronic-records systems. Third, we did not ascertain whether the systems that were adopted had been independently certified (by parties such as the Certification Commission for Health Information Technology). Fourth, given low adoption levels, we had limited power to identify predictors of the adoption of comprehensive electronic-records systems as compared with basic systems. Finally, we did not ascertain whether users of electronic health records were satisfied with them.

In summary, we examined levels of electronic health record adoption in U.S. hospitals and found that very few have a comprehensive electronic system for recording clinical information and that only a small minority have even a basic system. However, many institutions have parts of an electronic-records system in place, suggesting that policy interventions could increase the prevalence of electronic health records in U.S. hospitals faster than our low adoption levels might suggest. Critical strategies for policymakers hoping to promote the adoption of electronic health records by U.S. hospitals should focus on financial support, interoperability, and training of information technology support staff.


PCI DSS in real life -- Requirement 1 Firewall

By Administrator on April 22, 2009 7:33 PM

Excerpt: Critical to the selection was choosing a vendor that best met PCI DSS (Payment Card Industry Data Security Standard) requirements. For this, ePlay turned to WatchGuard to provide the instrumental role in PCI DSS requirement 1 - Install and maintain a firewall configuration to protect cardholder data.

Editors Note:  Regulations too often become a bullet point and lose there practical effect on a project. PCI compliance is that way with self-service terminals.  Many kiosks that handle credit card data do not have firewalls installed on them either for wired or wireless access. Here is example of firewall selection.


SAN FRANCISCOApril 22 /PRNewswire/ -- RSA -- WatchGuard(R) Technologies, a global leader in extensible network security and connectivity solutions, today announced that ePlay, an innovator in the DVD rental business, has selected WatchGuard solutions to provide PCI DSS compliant firewall security, and to protect thousands of remote DVD and video game disc rental kiosks as well as ePlay's back-end data center.

"After evaluating Cisco, and other network security vendors, ePlay standardized on WatchGuard for their high security, performance, reliability and unbeatable total cost of ownership," said David Stellmack, Senior Systems Engineer at ePlay. "This is a mission-critical network comprised of remote kiosks and a data center transacting a large volume of payment card transactions. With WatchGuard in place, we can drive down costs, reduce time to market, and increase our provisioning process by twofold."

PCI DSS Compliant Protection

Critical to ePlay selection was choosing a vendor that best met PCI DSS (Payment Card Industry Data Security Standard) requirements. For this, ePlay turned to WatchGuard to provide the instrumental role in PCI DSS requirement 1 - Install and maintain a firewall configuration to protect cardholder data.

To do this, each ePlay kiosk is armed with a WatchGuard Firebox Edge appliance to provide firewall, intrusion detection/prevention services, and highly secure VPN network connectivity. For remote kiosks, such as those located outdoors, ePlay utilizes the WatchGuard 3G Extend family of wireless connectivity solutions. With it, triple-DES encrypted VPN tunnels carry payment card and other sensitive data via 3G cellular networks. This gives ePlay maximum flexibility for kiosk deployments, usage models and most importantly, strong cardholder data security.

With hundreds of remote firewall appliances to manage, and thousands more to come in the next few years, ePlay relies on WatchGuard System Manager, which provides ePlay with a PCI DSS friendly, free software solution to manage and upgrade remote WatchGuard appliances.

At the data center, a pair of WatchGuard X Peak 8500 e-series, running in high availability mode, terminates remote kiosk VPN tunnels. As required by the PCI DSS, this network of cardholder data is completely walled off and separated from ePlay's corporate network and online reservation architecture, which are protected by other WatchGuard firewall appliances.

Stellmack concludes, "I've looked at other kiosk vendors and shudder at their approach to security; I don't think they're deploying anything even close to enterprise-level security for credit card transactions. We would rather be over-secure, and WatchGuard helps provide that."

About e-Play, LLC

e-Play is a revolutionary way of marketing, delivering and purchasing DVDs and Video Games: a high-tech DVD rental platform combined with the ability to buy/sell/trade video games all in a single machine. e-Play provides the technical innovation for its units to hold thousands of discs, convert used discs into cash or credit at the retailer and perform a playability check on every disc dispensed. The machines include new releases and catalog titles and feature an interactive touch LCD screen playing trailers and interactive advertising. Founded in 2005 and headquartered inColumbus, Ohio, e-Play Makes it Easy to Find the Movies - and now, the Games - You Want.

About WatchGuard Technologies, Inc.

Since 1996, WatchGuard(R) Technologies, Inc. has been the advanced technology leader of network security solutions, providing mission-critical security to hundreds of thousands of businesses worldwide. The WatchGuard family of wired and wireless unified threat management appliances and WatchGuard SSL VPN remote access solutions provide extensible network security, unparalleled network visibility, management and control. WatchGuard products are backed by WatchGuard LiveSecurity(R) Service, an innovative support, maintenance, and education program. WatchGuard is headquartered in Seattle and has offices serving North AmericaEuropeAsia Pacific, andLatin America. To learn more, visit http://www.watchguard.com/.

User Interface & Content - Can I Use My Website?

By Administrator on April 8, 2009 3:13 PM

Web sites, self-service can play nicely together according to Jim Kruper of Kioware.  With the increasing number of devices that must be served from a website, that would seem to argue for the idea of the internet site serving as the content and interface repository. From a security and source control standpoint that makes sense (ie keep/regulate data in one place).


By Jim Kruper President of KioWare, Kiosk System Software.

31 Mar 2009

At its simplest, self-service is any application that allows the end-user to perform a task with minimal supervision of the application owner.
 
In this context, the very first Web site was a self-service solution. These early Web sites contained nothing more than static information, but it enabled a consumer sitting at home to learn about a company's products without tying up company staff. Nowadays, Web sites are infinitely more useful, and it makes sense for companies to extend that self-service utility to the public kiosk realm. But useful as Web sites are as a self-service tool, Web sites and touchscreen hardware in particular do not mix.
 
When the vast majority of Web sites were developed, the user in mind was sitting behind a standard computer complete with keyboard and mouse. Today, perhaps, those developers are designing sites for users to view on a cell phone. But the one user likely not on their minds is the one standing at a kiosk, trying to interact with the site via a touchscreen. After all, the typical user's finger is probably more than 100 times wider than the mouse pointer the Web site was designed to use. This fact alone likely makes the Web site unusable in a touchscreen environment.
 
What should be kept in mind, however, is that the touchscreen interface is not the only means by which kiosk users can interact with Web sites.
 
Touchscreens are great for presenting uncluttered and simple interfaces that don't require significant text input. When text input is required, a touchscreen application must use a virtual keyboard: a graphic representation displayed on the screen that requires a user to hunt and peck using a single finger. This can be frustrating and slow to the user but a reasonable compromise when the input is minimal.
 
But what about uses that require significant text input, such as job applications? If the goal is to maximize the number of applicants, using a touchscreen should be avoided. The caveat stands regardless of whether the form is Web-based.

 

Pairing web and kiosk

 
Most obviously, self-service devices and Web sites work well together when the content of the Web site already is aligned with the goals of the self-service project. Fitting examples include: product-ordering retail kiosks that allow users to order a product not in stock, gift registry kiosks, HR kiosks that use the company's existing 401k and benefits applications, web-banking kiosks and informational kiosks in tourist spots, churches, college campuses and company lobbies.
 
Fortunately, there are many kiosk software products that enable browser-based content to be efficiently deployed to a self-service kiosk. Kiosk software titles can provide many features, but the most important ones are those that replace the existing browser software, lock down the PC, control where a user can browse, provide alternative navigation toolbars, manage the user's session to remove any trace of users when they leave, and interface with specialized kiosk hardware.
 
There are many reasons to go the software route instead of considering other, more extreme measures.
 
CONTENT. Why re-invent the wheel if the content already exists? Especially now, ROI is paramount in determining project viability. Rewriting the display layer of an existing application can cripple the ROI of the project. A visitor center kiosk is a good example. The local tourism bureau likely already has an existing Web site with links to all the local attractions. Why recreate that content and pay for it anew?
 
INTERFACES. Why confuse the user with a different interface? For a financial institution with online banking that their clients regularly use from home, a second user interface designed for a self-service kiosk will only confuse those clients and force them to learn two different interfaces that perform the same functions.
 
OPERATIONS. Maintaining a second user interface can cause operational problems. Often the organization responsible for the company's Web site is not the same organization responsible for the self-service kiosk. With two interfaces, the business logic and Web site interface will be owned by the Web site organization. And they may not notify the kiosk organization when the business logic changes, thus breaking the self-service interface. Irate kiosk customers may be the first indication of the problem.
 
THIRD PARTIES. Applications from outside vendors can prevent the development of an alternate self-service user interface. HR self-service applications are a perfect example. Most companies deploy a third party HR solution, which they don't control, so they are severely limited in how the user interface can be modified.
 
There is a middle way between the issues above and the extreme of forgoing the application of Web content to a self-service device. Kiosk software provides a solution that is convenient for the deployer, friendly to ROI and comparatively fast to put to use.

Resource Link - Understanding credit card transaction fees

By Administrator on April 6, 2009 6:35 PM
Merchants accounts, gateways and rates. Having your kiosk process credits cards swiped locally (card present) come with regulatory standard considerations such as PCI, to  mechanical considerations (dual heads). Another consideration is how exactly do you set up a merchant account. What is a gateway?

Merchant accounts are generally your bank account and they have their rates they charge you for credit card transactions, depending on the card between 1.5 and 7 percent. Card present gets a better rate than card not present. Reward cards get charged more. There are batch fees for processing. There are per transaction fees. Couple those with the merchant account (Authorize.net or Verisign for example) and they have their set of fees. They all add up pretty quickly.

In today's environment and with the prime rate as low as it is, some might argue that the credit card companies having a wider spread than ever is having a negative effect (ie the difference between prime and rate-charged is at it's largest differential). Imagine government telling VISA and MasterCard their business.

But we digress... underlying all of this is just understanding how credit card transaction fee's work. One of the best explanations we have found is from Hospitality Upgrade. They recently ran an article entitled "Understanding e-Transactions Fees". It is recommended reading. Here is the link.

Whitepaper - Introduction to CFM or Customer Flow Management

By Administrator on April 5, 2009 4:53 PM
CFM or Customer Flow Management systems are found in more verticals/markets than any other application. Here is a technical document from Q-Matic trying to delineate a working framework of the market.

The document is written for readers with little or no prior experience of this subject. It begins with the definition of Customer Flow Management and then describes the methodology behind it to establish a common framework. It then explores some of the core elements of Customer Flow Management in more detail, e.g. the Customer Flow Management process and the main queuing principles. Finally, two case examples are used to illustrate some "real" effects of Customer Flow Management.

The publication of this white paper has a twofold objective

1) To establish a common framework in the industry
2) To increase awareness among businesses that could use Customer Flow Management to gain a competitive advantage


Compliance Resource: ETA and Electronic Transaction Compliance

By Administrator on April 3, 2009 5:46 PM
Worth noting Heartland Payment Systems and RBS Worldpay have been removed from Visa Inc.'s list of PCI compliant service providers and will have to undergo new PCI assessments and reapply for inclusion on the compliance list, according to a Visa announcement.

Visa's action came after the two companies revealed they were victimized by hackers who managed to plant malicious software in the companies' internal processing systems and steal card data from the unencrypted data stream. Heartland had been listed as under review -- but still compliant -- prior to Friday's announcement, but now Visa has removed the Princeton, N.J.-based company from its lengthy list of service providers compliant with the Payment Card Industry Data Security Standard (PCI DSS). It was unclear whether RBS also had been under review.

This was noted on the ETA Compliance Portal and it looks to be a very helpful resource. Here is some of the information.


For list of validated applications click here

The OCS DSS Quick Reference Guide is located here pci_ssc_quick_guide.pdf

The ETA Compliance portal is located at http://www.electran.org/content/view/535/211/

Going beyond current PCI security standards

By Administrator on April 2, 2009 1:20 PM

Acknowledging the need for controls that go beyond those offered by the Payment Card Industry (PCI) Data Security Standard, a senior Visa Inc. executive Thursday described two new initiatives to reduce payment card fraud being tested by the company.


One of the pilots involves Fifth Third Bank, which is testing the use of magnetic stripe technology to create unique digital fingerprints for cards, said Ellen Richey, Visa's chief enterprise risk officer. Each stripe contains unique characteristics that can be captured and used to verify the digital identity of the card, Richey said during at a security event being hosted by Visa today. The goal is to stop the creation and use of counterfeit cards based on stolen payment card data.

Another initiative, being piloted by retailer OfficeMax Inc., involves the use of a challenge-response technique at the point of sale. The project is aimed at testing the efficacy of asking consumers to respond to specific questions such as their ZIP code, the last four digits of their phone numbers, or the first three digits of their area codes, as part of the transaction approval process.

Dan Roeber, vice president and manager of merchant PCI compliance at Fifth Third, said the bank had rolled out about 1,000 card readers to retailers who have not been informed about the pilot effort. The terminals are capable of reading the magnetic stripe information and creating a "DNA picture" of the card which is then matched during the authorization process, against baseline information for that card stored by the card issuer, he said during a panel discussion at the event Thursday.

During the pilot process, baseline images or fingerprints for a card are created when it is first swiped through one of the new readers, Roeber said. But going forward, if the approach works, baseline images for each card could be created and stored during the card issuing process itself, Roeber said. "Even if somebody gets into a database and makes fraudulent cards, the DNS fingerprints are not going to match," Roeber said. "The thing I really like about this technology is that there are no key management issues," as is the case with the use of end to end encryption for protecting cardholder data.

"We are very excited about this technology," he said.

Fifth Third is one of several "acquiring banks," which are responsible for authorizing retailers to accept payment card transactions.

William Van Orman, treasurer for OfficeMax, said the retailer had rolled out its challenge-response process to about 1,000 of its stores across Illinois, Indiana and Florida. The process, which has required changes to point-of-sale systems at these locations, involves asking customers ZIP codes or other personal information after swiping a card. The responses are then matched against responses to these questions that were previously selected by the consumer.

For the pilot, the emphasis was on simply trying to understand what kind of changes needed to be made to the point-of-sale systems, and the kind of impact the new authorization process would have on merchants and consumers, Van Orman said. Customers were informed that the data was being requested for a pilot project and had the chance to opt out if they chose to, Orman said. After an initial six-month period, the pilot project has been extended by another four months at the request of Visa, he said. "Overall we think it's a successful project," he said.

Richey said that while these projects were not quite ready for broad roll-out yet, they were indicative of the kind of approaches that could be used to make stolen data useless at the point of sale.

Richey also highlighted Visa's efforts to give consumers more tools to fight fraud. One of them is a new service called the Transaction Alert system, and is currently available to Chase cardholders with Android-based smartphones, she said. The service provides real-time alerts of purchase activity on their mobile devices, which consumer can tailor using information such as whether they were online transactions, and locations where the transactions were made. The program will become available to all card issuers later this year, she said.

The other program, which is still in development, is called Targeted Acceptance and would allow consumers to set personal limits on how, where and what amounts their cards can be used for. The service is already available to commercial customers and will be rolled out to consumers as well, Richey said.

Richey said Visa was not opposed in the future to the idea of using chip and PIN technologies that are used widely in Europe. They require consumers to enter PIN numbers, instead of signing, when making credit card transactions. The approach is widely considered to be safer than purely signature-based transaction, but it would require considerable investments on the part of card issuers to make the change. Richey said today that Visa "fully" supports the technology and said it was not a matter of "if" but "when" and "how" the technology would be adopted in the U.S.

Dave Weick, CIO at McDonalds Corp., discussed during a panel a new plan to minimize threats against payment card data. He described how the fast-food giant was exploring how to completely segregate all payment card data and transactions from the rest of its internal network. Weick said McDonalds had developed a way to accept payment card transactions without letting any of that data touch any of its own internal systems, including its point-of-sale devices.

No one in the company's internal system would have access to any cardholder data, and even the portion of the network that deals with card transactions would be handled by an outside vendor, Weick said. "We are very early on in this," he said, adding that the plan was to first roll out the approach to company-owned restaurants before deploying it across all franchises.
« March 2009 | Main Index | Archives | May 2009 »


Related Ring Sites:
  GoKIS  |   ThinClient.org  |   keefner.com  |   Visi Kiosk site  |   KIOSK  |   Kis-kiosk.com  |
Resource Sites:
  Elo TouchSystems  |   Acire Inc.  |   Nextep  |   TIO Networks  |   Olea  |   Self-Service Networks  |   Meridian Kiosks  |   Provisio  |   Kioware  |
  Selling Machine Partners  |   Source Technologies  |   Seepoint  |   5Point  |   Nanonation  |   Netkey  |   KioskCom  |   Summit Research  |   NCR  |