Application to share iTunes across all computers and "stuff" in your house

I saw this on Kim Komando: Mediarover  I haven't used it, but it is free.  Might be worth a shot for those of you that have multiple iTunes players. 

Fanbox.com SpamScam leads to porno sites and spamming everyone on your email

I was recently sent an email that was from a relative.  It looked questionable.  It said:

From: Relative Name <friends@yourfanbox.com>
Date: Mon, Dec 20, 2010 at 7:59 PM
Subject: Check out my photos!
To: my email

Hi,

I set up a profile where I can post photos, connect and share.

Do me a favor and confirm our relationship here.


Thanks,
Relative Name

As you might have guessed, this is a scam. 

In Firefox, you can look at the source code of an email by opening an email, clicking on the down arrow next to reply, and clicking on "Show Original".  From there you can dissect what and what is behind the email.  In this case, I traced the sender to Ann Arbor, MI.

I don't like to include links to page unless I'm sure they are going to remain legit, so I copied this from a spam tracking site.  It gives some background on the scam. There are references to links below, but I removed them.  They don't provide any other info. 

Based on my experience with SpamScams, the email address was obtained from someone else's email, someone's address book that subscribed to Fanbox, or from Facebook. 

Spam and Scam:Fanbox.com "Welcome to FanBox" Fanbox.com, formerly known as sms.ac, is one of the most annoying and sleaziest spams and misrepresentations going right now. Here's how to stop receiving this spam. If you are receiving email list this, we urge you to forward them to the federal Trade Commission.  If they receive enough complaints, perhaps they'll get off their lazy government backsides and do something about the scum behind this scam: How to Block Fanbox Emails or Cancel Your Account Don't click on the link to cancel your account. That will only confirm to these scum that your email address is being used and ensure MORE spam. And since you never signed up for it, you haven't got an account to cancel.  They are just trying to trick you into clicking on a link and confirming your information! Instead, put fanbox.com, fanboxapps.com, and sms.ac in your junk / blocked senders, junk email or spam list in your email program (eg., Outlook junk mail list) Report these spammers to the government: To forward unwanted or deceptive spam to the Federal Trade Commission; send it to spam@uce.gov,   Also see the FTC and here to Report Porn Spam.  In California, also use caspam@doj.ca.gov. In Missouri, use spamcomplaint@ago.mo.gov. In Virginia, use cybercrime@oag.state.va.us. If you think you have been taken advantage of by a spam scam, file a complaint with the FTC online at www.ftc.gov. Complaints will help the FTC find and stop people who are using spam to defraud consumers. How their scam works: When you sign up for FanBox, it asks for your permission to email everyone in your address book. After you give them your password (DON'T do it!) it will start spamming everyone in your contact list / address book.  It will send them these stupid ":____ asked you a question" spams. We've received them here; and verified that the senders had no intention of sending them to us, or "asking" a question. They felt victimized. For detailed discussion of this scam see these links: Fanbox is the new plaxo Spamhuntress.com: sms.ac turns into fanbox/ Steve Riley: faxbox, the latest in password scams Fanbox: do not touch it Fanbox SPAM Continues the SCAM Here is an example of the spam: Welcome to the FanBox platform In this email, we'll tell you about your new FanBox account and: Why you want it How you got it How you can control or cancel it Why you want it FanBox enables millions of people to use thousands of applications provided by the best application developers from around the world. Applications that improve your life - such as: Your own @FanBox.com totally spam-free email address Automatically backs up your PC files — you can access them from any Web connection Games to entertain you for hours How you got it You were provided with a free FanBox account when you used an application called "Question It!", recommended to you by otiko. To help avoid a double-registration process, users are instantly provided with a free FanBox account if they attempt to use an application (such as "Question It!") that runs on the FanBox platform. How you can control or cancel it Visit your Web-desktop to enjoy games and applications Visit email settings to control the frequency of emails You can instantly cancel your account in one easy step We hope you enjoy FanBox as much as millions of others. Look for the "Suggest!" links all over the site to let us know what you think. We're here to serve you. Terms of Service | Privacy Policy | FanBox — 255 G Street #723, San Diego, CA 92101, USA

Lastpass "red bar error"

Those who have Lastpass installed:  If you have an error similar to the one shown in the attached file, the solution is to reinstall Lastpass from this address:  https://lastpass.com/dl.  Don't just click on the link.  Instead, right mouse button click on it and left mouse button click on Copy Link Location.  Then do a past into a clean browser address field.  Hit enter.  This will start the install.  Accept everything and at some point you will be asked if you are a new user.  If you already use LastPass, then enter your email address and the password.  Continuing on, click the button about not including existing passwords.  It will ask you to close all browsers, which you should do, and it will finish.  The error will go away. 

This problem is due to some changes in the first week in Dec upgrade coupled with an upgrade of Lastpass. 

If you need help, please let me know. 

Hijacked home pages!

I've been encountering situations where a browser comes up with unexpected home pages or, when searching, presents web sites or aggressive sales window popups, even when the browser supposedly has its popup blocker turned on.  Some things you can do to fix this:

• Go to Tools.(Internet) Options and find the place where you can enter the Home url.  In both IE and Firefox the field  is on the General Tab.  The value there may be set to the undesired web page.  Change the entry to the url (starts with http:// or https://) you want.  Click Apply and then OK.  When you exit, exit using the File.Exit option rather than clicking on the red x, just to make sure you save the option.  
• In Firefox, type about:config in the browser's address field.  You'll get a warning about making changes; click "I'll be careful."  The list you get will be a bunch of lines of settings.  Near the middle is the setting keyword.url.  The value should be your home page.  If it isn't, then right click on the value and select "modify" from the list of actions.  Type the home page you want in the field.  Close the tab.
• Also look for the setting "network.proxy.no_proxies_on;"  The value should be exactly localhost,127.0.0.1 unless you are really sophisticated in your use of the browser.  Anything else is suspicious. 
• Go to Control Panel and double left click on the "Internet Options" icon.  Find the "Connections" tab.  Left mouse click the "Lan Settings" button.  In the Automatic configuration section make sure the "Automatically detect settings" box is checked.  That should be the only box checked on that tab.

If these don't work, then you've got a problem.  Give me a call. 

A new kind of malware (spyware)

There's a new kind of malware. The last phase was malware masquerading as anti-virus programs. The new phase is malware masquerading as various kinds of utilities. For example, it might look like the useful Glary Utilities many of you have seen me use. Here is a utube video for background:

The First IT Professional- An Historic Event

Here's a video someone sent me. It's on YouTube: The First IT Professional. So many things ring true!

Facebook Malware and what to do

I recently received an unusual message/app request on my facebook page:

This is an example of Facebook malware. These work like computer malware infections. The main purpose is to steal your personal information. So... in general, I don' to any Facebook apps, though I occasionally violate the rule. I make sure that my security settings are appropriate to do this. Unfortunately, many of the apps want my email address, etc, which makes me vulnerable to real computer malware.

So... I've written a document, based on an existing document, describing how to manage this problem. It is How to Prevent Facebook Malware.

A list of security applications you should use to protect your computer

(Note: I'm going to be working on this for a while, but I'm starting it now so I won't leave something out.)
1. Use Microsoft Security Essentials for run time virus and malware protection.
2. Use HiJackThis to provide information to me about potential security or performance problems.
3. Use Malwarebytes whenever you suspect an infection.
4. Use HTTPS Everywhere to protect yourself in public places by encrypting your communication (when possible)
5. Use the Microsoft Firewall at home, when you are behind your router's firewall. If you have MS Windows 7, this is a good firewall for public places for those who aren't computer geeks. (The MS Firewall for Vista and before only protects against attacks from the outside in; it does not prevent transmission of information from the inside out, which happens when malware attempts to communicate with it's command center in cyberspace.)
6. If you are in a potential high risk place, such as a third world country or a campus, you should run a firewall. Comodo is free (just install the firewall, not the virus protection) and is the best. It's interface for controlling what it blocks and doesn't block has been overhauled from the last release, making it "usable" by the novice. But it is still not for the faint of heart. As a matter of fact, no firewall is easy to use other than Microsoft's. In general, the easier it is to use, the less effective OR more intrusive (pop ups all the time) it is.

More later.

Performance Tips

In addition to managing what programs start when you start your computer, here are other tricks to improving performance:
1. Change your power setting. Contemporary computers and operating systems can operate at different power settings. If your system has that feature under Power Options, then you can adjust for low, balanced, or high power.
2. Change your graphics settings. Windows Vista and 7 have fancy "eye candy" features that are the "default configuration." These fancy features cost a lot of processor time. Use your graphics settings to remove all the fancy features. The result will look like the old windows XP, but your system will run a lot faster.
3. Increase your virtual memory. By default, your virtual memory is set to 1.5 times your installed memory. This is probably not enough for today's applications. Use a factor of 2.0, as a minimum. (Usually you have lots of space on your hard drive to accommodate this change; however, be aware that this does permanently reserve hard drive space.)
4. If your computer has multiple cores, then you should set your operating system to use those cores. Windows Vista/7 is set to use only 1 core. You should set the Boot to recognize all the cores you have.
5. Remove unnecessary fonts. That is, don't delete them, but use a tool to sequester them.
6. Change your security program. The older McAfee and Norton products, and probably all other older security applications can completely overwhelm your computer's resources. If you insist on using one of these products, don't just renew the license; get their most recent product. 7. Don't load more security than you need. I've found many systems with multiple security programs running simultaneously. This is a no no.
8. Firewalls can be drag on internet browsing. This is a worth a number of blog entries. In short, you can turn on Microsoft Firewall at home to protect against "behind the router firewall" incursions from laptops that have become infected by being taken to a public environment.

OK, you're saying- "So you've made the list, but there's no help on how to do these things. I need more instructions!" I'll leave those instructions to following posts.

Wireless Scam- Watch your bills

What’s Happening

In short, the scam is that crooks send you a text message that says whatever but costs $9.95 or so, per message. How they get your cell phone text message address varies, but they will try a transmission. If you don’t catch it, then the next month they’ll start doing more messages. For each message, your carrier charges the $9.95.

It looks like the bill at the top of the page. Note the "Premium Messaging" line.

This is a very high priced scam. In the above bill, two messages were sent; you can see the cost.

They’ll try to keep it down, so that the costs don’t jump out at you, but they will do what they can to get as much money as they can before it is discovered.

What to Do

The main thing is to carefully examine each bill. Look at the Usage Charges section. If you see this, call your wireless company immediately or sooner. Give them the information about the messages. The operator should be able to give you instructions on how to stop the messages. It involves sending a message back to the crooked company with the word “Stop” in the text area. Do this for each message, because different companies, or the same company with a different text message address is doing it and you have to run a “Stop” for each text message address.

Ask the operator to put a “lock” on your cell phone txt capability. I know it might hurt to not get text messages, but the lock should just be for the premium messages.

I should also warn you that regular text messages can be “spam” as well. So look through every one of your text messages. If it is spam, call your cell phone company.

Unexpected Charges on ATT Bills

I read the following and, since I've been the victim of this and I know others have had the problem, I am passing it on:

A Program That Helps You Work in Office But Save to Google Docs

I use MS Office for most of my document creation. (I use OpenOffice too, but I am a beta tester for Office 2010, so I'll be sticking to MS Office for most of the year.) However, I also use Google Docs as an on-line document repository. Google docs offers a suite of web apps somewhat comparable in function to MS Office (2003), so documents can be created and edited on the web, from any computer. Documents can also be secured and shared using Google docs.

There's a free program that synchs MS Office with Google Docs, so you can create documents in MS Office and very easily add them to Google Docs. The program, OffiSync can be found here.

Tips on Helping Search Engines Find Your Site

I know that several of us "own" web sites, either for our company or for private use. Either way, you may want to improve the probability that a search by potential clients or potential readers will show your web site on the first page of the results. This post provides a list of useful information on how to make that happen. I'll continue to add to it as I find information I think might be useful.

• A page with a number of "how to" links
• Google "AdWords Keyword Tool" provides information on how often keywords are searched.
• Google Analytics, which you can add to Google websites to provide statistics on which keywords visitors used, number of visits, etc.
• Google webmaster central, provides lots of tips
• PCWorld article, provides tips and links

If you have any tips, please attach them as comments.

April 13, 2010… Be sure run Windows Update and Adobe Reader

This article describes the critical and other vulnerabilities that will be patched by Microsoft and adobe:  http://blogs.zdnet.com/security/?p=6070&tag=nl.e589.  Looking down the right side of that page, there is a discussion of the PDF vulnerabilities.  This is serious stuff. If you use Foxit Reader, which I recommend, make sure you have updated it. 

Free Email (This is primarily for AOL users)

No one need pay for email.  There are many free options and I’ll list four, along with a quick discussion of advantages and disadvantages.  For a full discussion, go to Kim Komando article on free email options and tips for migrating.

NOTE:  An email account is different than your ISP provider.  The ISP Provider is the company that provides access to the internet.  For most of us, that is AT&T (Bellsouth).  You get automatically get an email account with AT&T when you sign up with them.  However, you don’t have to use their email system.

Yahoo

If you are with AT&T you can use their web email, which is Yahoo.  It is free.  However, the web pages are loaded with ads, which slow down your computer and are a significant distraction.  Those with older computers or who have slower DSL should not use this option.

AOL

No using bellsouth/AT&T one should pay for AOL service.  It is free.  I find the desktop AOL is such a resource hog that it should never be considered.  The web based AOL is as bad or worse than Yahoo.  One of the worst features about AOL is a little technical but very important:  you can forward your email to another email provider to consolidate your email and get away from the ad overload on AOL.  How to convert from a paid AOL account to a free AOL account 

Windows Live

This is a viable alternative.  You get a live account and a hotmail.com domain.  I don’t want to go into detail, but most, if you keep windows up to date, have been hit with the option to download the Live Essentials, which comes with a client email application, Windows Live mail, the replacement for Outlook Express. 

Google

The choice between Google and its suite of products and Microsoft (Windows Live) and its suite boils down to personal preference.  Google does not have a direct competitor to Windows Live, but you can use the highly rated Thunderbird or, for that matter, Windows Live.  However, the web interface for Google mail is clean and full function.  I don’t use a email client because I access my email from many computers, and don’t want my mail in many different places.  (This is said knowing that you can always keep your email on the host, even when you manage it through an email client.  I just don’t like that.)   The clean Google interface- no ads or mess- is perfect for a DSL web interface environment. 

Questions? 

Email spammers on your computer

I've been working on one computer that reported sending spam (and worse) emails to other email addresses in the community. The sender's address seems to be from that computer. However, this may or may not be the case. I'm working with a technical group, [url]http://www.bleepingcomputer.com[/url], to understand whether or not this one computer is the source of the emails. The diagnostics I've run have indicated some problems, though not necessarily "smoking gun" indicators that this computer is the source. I've worked at fixing the problem and I'm still working on it (as you might see from my entries-aninkling- on bleepingcomputer). My best guess right now is that this computer is NOT the source of the problem.

Here's how the mass mailer works. It infects someone's computer. It sets up its own email engine. In sophisticated "bots", it even communicates with its master, say in Russia. That master may be working on its own, or it may be an exchange organization that sells the use of the infected computer to other groups. These groups then "order" emails to be sent. This is done for a fee. The master sends orders to the infected computer. The computer generates a mass mailing based on the order. When the emails are being built, the emailer will pick an email address from the list it has constructed from either address books on the computer or by logging the keyboard, and send the emails with that address as the sender and the return address. Anybody that receives the email things it is from the email address that has been inserted.

In order to defeat this thing, we have to find the computer or computers with the bots. This means looking behind the scenes at the email messages- at the email source- where, hidden away, are IP addresses and, if it is a more destructive email, email addresses and urls hidden in the message. That will give some idea of what is going on, hopefully leading to the source.

Private Browsing and Password Vaults

The bulk of my time during the last two weeks has been spent working on computers infected with dangerous spyware. The spyware comes in various names and has different techniques for infecting your computer and for making your life miserable by stealing your identity (or at least your friend’s emails). I’ll get to some of the worst in the next several blog entries. Just a very loud shot out: get your computer and ALL programs up-to-date or you WILL be a victim. By ALL I mean all Adobe applications, all security applications, all browser applications, including their helpers, all office applications, all drivers, your BIOS, etc. If you need help contact me.

This entry lists two specific ways to protect your browser AFTER you have it up-to-date.

1. The “Private Browsing” (Firefox) or “InPrivate Browsing” (MS IE). This feature is available from the "Tools" sub-menu of either browser. When you use this feature, the browser won't keep any browser history, search history, download history, web form history, cookies, or temporary internet files. However, files you download and bookmarks you make will be kept. It is important to also remember to turn off "remember password." In Firefox, for example, control for this option will be found under Tools->Options, Advanced Tab. (However, install LASTPASS first, because during the installation it will load all your browser-stored passwords and then delete them. Read on...)
   
2. Remove ALL passwords from your browser's "memory." Do this by downloading the application LASTPASS. This application stores your passwords in an encrypted format, so the passwords are "safe" and you can access your passwords from any computer by entering one password to log on to LASTPASS. Once logged in, the application will fill in your passwords automatically, bypassing keystroke loggers. If you have to enter a new password, say because you visit a site you haven't been to before, then LASTPASS will give you the opportunity to save the password in its database. Instructions on using LASTPASS are here.
   

With respect to LASTPASS, I'm sure you will question whether or not LASTPASS is a safe place to save passwords; after all, this is someone else's program. You can go to their website and read up on it to help you make the decision.

If you don't want to use LASTPASS, another option is to use a spreadsheet (EXCEL). Be sure to put a password on the spreadsheet and to encrypt it. Instructions on doing that are available in EXCEL's help.

Quicken Sunset Tactics

I opened quicken this morning and got this message: 

I have 2007.  The message says all support, including what I use daily, the download of all accounts and investment positions and prices, will cease functioning April 30.  To me that is really rotten.  The program I have works just fine- I don’t need more function.  But now the company is taking away key function- from what I bought- to force me to purchase the new version. 

The “free” program is a willmaker, not of interest to me. 

You can do a search on line for coupons to lower the price.  Amazon offered 23% off and I had a $10 coupon to use on Amazon, so I bought the program there. 

More on the Adobe Reader Malware Issue

An announcement:

Adobe today released an out-of-band security update to patch a pair of gaping holes that expose hundreds of millions of computer users to remote code execution attacks. The vulnerabilities are rated “critical” and affect Adobe Reader and Adobe Acrobat on all platforms — Windows, Mac and Linux.

Note the last 3 words! This is not just an Windows issue.

If you want help uninstalling Adobe Reader and installing Foxit Reader, let me know.

Adobe PDF Files Are a Primary Source of Maleware

Lately we’ve had a rash of malware infections in the Cliffs communities.  Yesterday I got a PDF attachment in my email that seemed unusual.  It was from someone I didn’t know and it had a name that was a number followed by the .pdf extension.  I immediately deleted it.  This morning I got the following article through one of my subscriptions.  The net:  Beware of pdf files too.  Is nothing sacred?  And… I emailed the author and he said this was a problem with Adobe Reader itself.  So use Foxit Reader.  This app is also much faster than Adobe and an order of magnitude smaller.

The Article:

From Computerworld - Just hours before Adobe is slated to deliver the latest patches for its popular PDF viewer, a security firm announced that by its counting, malicious Reader documents made up 80% of all exploits at the end of 2009.
According to ScanSafe of San Bruno, Calif., vulnerabilities in Adobe's Reader and Acrobat applications were the most frequently targeted of any software during 2009, with hackers' PDF exploits growing throughout the year.
In the first quarter of 2009, malicious PDF files made up 56% of all exploits tracked by ScanSafe. That figure climbed above 60% in the second quarter, over 70% in the third and finished at 80% in the fourth quarter.
"PDF exploits are usually the first ones attempted by attackers," said Mary Landesman, a ScanSafe senior security researcher, referring to the multi-exploit hammering that hackers typically give visitors to malicious Web sites. "Attackers are choosing PDFs for a reason. It's not random. They're establishing a preference for Reader exploits."
Landesman, the author of ScanSafe's just-published annual threat report, said that attackers' preferences for PDF exploits were clearly demonstrated by the data. Exactly why hackers choose Adobe as their prime target is tougher to divine, however.
"Perhaps they are more successful," she said. "Or maybe it's because criminal attackers are human, too. We respond when we see a lot of people going after a particular product.... We all want to go after that product, too. In the attacker arena, they might be thinking, 'Gee, all these reports of Adobe Reader zero-days, maybe I should get in on them too.'"
She also called out the popularity of Reader as a big reason why hackers have pinned a bull's-eye on Adobe. "There's the ubiquitous factor," Landesman said. "PDF use is huge."
Contributing to Adobe's problem is a major increase in vulnerabilities. Landesman's searches of the Common Vulnerabilities and Exposures (CVE) database showed a rapid climb in reported bugs harbored within Adobe's products. In 2009, 107 Abode vulnerabilities were logged into CVE, nearly double the 58 added in 2008 and almost triple the 35 reported in 2006. "There's obviously a lot of activity [by researchers] trying to flush out vulnerabilities from Adobe's software," Landesman said.
"All of these things kind of converge," she added. "I'm not trying to bash Adobe.... Attackers are like electricity, they always follow the path of least resistance. For them, it's 'Tag, you're it,' and Adobe is the one now."
Just as Adobe has done many times itself, Landesman recommended that users disable JavasScript in Reader and Acrobat and steer clear of the Reader browser plug-in.
Later today, Adobe plans to patch several critical vulnerabilities in Reader and Acrobat for Windows, Mac and Linux.
As Landesman intimated, Adobe struggled to keep up with hackers last year. In 2009, Adobe patched four PDF vulnerabilities only after they had already been exploited; 2010 hasn't started out much better, with one PDF zero-day already on the books.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com.

The Blue Screen of Death on Startup

A recent Microsoft update has been causing, on occasion, a blue screen of death when an XP or Vista computer is powered on. This is caused by a malware program already present on the compromised computer that is interacting with the update. For details on the status of the problem, see: http://blogs.zdnet.com/Bott/?p=1764&tag=nl.e589. Give me a call or email if you get a blue screen when you power on.

Update: Thursday, Feb 18. The following link provides more technical detail for those who are interested. http://blogs.zdnet.com/hardware/?p=7377&tag=nl.e589

At the bottom is a link to MS Support, which will give you help with this issue: https://consumersecuritysupport.microsoft.com Or call me.

Getting rid of those aggravating video ads

You browse to a web page and, before or after you arrive, you get one of those aggravating video-like commercials.  Not only is it intrusive, it wastes time and slows down your browser.   Aaaargh!   I found the following hint on my PCWorld feed.  It was written by Jared Newman of PCWorld:

“Here's a neat piece of Windows software called FlashMute. It installs to your system tray and can deny Flash access to your audio hardware. Just click the icon or hit Ctrl-Alt-M to switch it on and off. Note: Anti-virus programs tend to flare up when visiting FlashMute's download page. The developer says it's because FlashMute uses the same method of hooking into your browser as some types of AdWare, but it's only intercepting sound from Flash and other Web sources. Fair warning.”

Feb 2010: Many Malware Problems Occurring

I’ve encountered numerous computer problems that are being caused by virus and other bad (malware) programs. The sites from which they came, through an innocent visit or “drive-by”, or the emails that introduced them, through opening an infected attachment, have not been determined. In subsequent posts I will describe a number of them. If you are having a problem, please contact me. Specifically:

• If your computer suddenly begins to behave in unusual ways


• Especially a message pops up saying your computer is "infected" and you don't recognize the message, the colors, or there's something else suspicious.
  
• Your computer seems to be slow
  
• The browser behaves strangely, such as taking you to sites you did not expect.
  

How the US Government will change your Dr visit experience (by using IT)

[Begin My notes:

I’ve taken the following information from the web site “Healthcare IT News”. (The reason I don’t just link to the article is that the web sites can remove the article, so the link won’t work any more. If I copy it here, then I can avoid this.)

One of the primary problems associated with the adoption of EMRs (Electronic Medical Records) in the provider (Drs office) setting is that the ROI show nos payback in an acceptable time period. Though the conclusion might be legitimate, in most cases the conclusion is incorrect because the models used are too simple and include a number of unsubstantiated assumptions.

On the other hand, the government has just made the ROI calculation more difficult because it has changed regulations and is offering funding for the migration to an EMR. This will be both a carrot and stick approach that will result in most providers either completely eliminating support for Medicare or, frankly, retiring.

The following article describes criteria that providers must meet in order to receive funds from the federal government. It gives you an idea of the changes that WILL be made in your office visit experience in the next several years, if the changes haven’t already occurred. There’s a lot of jargon, as there is with anything related to the gov. Let me know if you need any translation, or google the term.[end My Notes]

Eligible Provider "Meaningful Use" Criteria

{by Jack Boudoin}

WASHINGTON – On Dec. 30, the Centers for Medicare and Medicaid Services issued a notice of proposed rulemaking that outlines provisions governing the Medicare and Medicaid EHR incentive programs, including a proposed definition for the central concept of “meaningful use” of EHR technology (see related story). In order for professionals and hospitals to be eligible to receive payments under the incentive programs, provided through the Recovery Act, they must be able to demonstrate meaningful use of a certified EHR system.

The following list of 25 Stage 1 Meaningful Use criteria for eligible providers was taken from the proposed rule: "Medicare and Medicaid Programs; Electronic Health Record Incentive Program." A second list, for eligible hospitals, is provided here. You can download the full 556-page document at http://www.federalregister.gov/OFRUpload/OFRData/2009-31217_PI.pdf

[1] Objective: Use CPOE
Measure: CPOE is used for at least 80 percent of all orders

[2] Objective: Implement drug-drug, drug-allergy, drug- formulary checks
Measure: The EP has enabled this functionality

[3] Objective: Maintain an up-to-date problem list of current and active diagnoses based on ICD-9-CM or SNOMED CT®
Measure: At least 80 percent of all unique patients seen by the EP have at least one entry or an indication of none recorded as structured data.

[4] Objective: Generate and transmit permissible prescriptions electronically (eRx).
Measure: At least 75 percent of all permissible prescriptions written by the EP are transmitted electronically using certified EHR technology.

[5] Objective: Maintain active medication list.
Measure: At least 80 percent of all unique patients seen by the EP have at least one entry (or an indication of “none” if the patient is not currently prescribed any medication) recorded as structured data.

[6] Objective: Maintain active medication allergy list.
Measure: At least 80 percent of all unique patients seen by the EP have at least one entry (or an indication of “none” if the patient has no medication allergies) recorded as structured data.

[7] Objective: Record demographics.
Measure: At least 80 percent of all unique patients seen by the EP or admitted to the eligible hospital have demographics recorded as structured data

[8] Objective: Record and chart changes in vital signs.
Measure: For at least 80 percent of all unique patients age 2 and over seen by the EP, record blood pressure and BMI; additionally, plot growth chart for children age 2 to 20.

[9] Objective: Record smoking status for patients 13 years old or older
Measure: At least 80 percent of all unique patients 13 years old or older seen by the EP “smoking status” recorded

[10] Objective: Incorporate clinical lab-test results into EHR as structured data.
Measure: At least 50 percent of all clinical lab tests results ordered by the EP or by an authorized provider of the eligible hospital during the EHR reporting period whose results are in either in a positive/negative or numerical format are incorporated in certified EHR technology as structured data.

[11] Objective: Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, and outreach.
Measure: Generate at least one report listing patients of the EP with a specific condition.

[12] Objective: Report ambulatory quality measures to CMS or the States.
Measure: For 2011, an EP would provide the aggregate numerator and denominator through attestation as discussed in section II.A.3 of this proposed rule. For 2012, an EP would electronically submit the measures are discussed in section II.A.3. of this proposed rule.

[13] Objective: Send reminders to patients per patient preference for preventive/ follow-up care
Measure: Reminder sent to at least 50 percent of all unique patients seen by the EP that are 50 and over

[14] Objective: Implement five clinical decision support rules relevant to specialty or high clinical priority, including for diagnostic test ordering, along with the ability to track compliance with those rules
Measure: Implement five clinical decision support rules relevant to the clinical quality metrics the EP is responsible for as described further in section II.A.3.

[15] Objective: Check insurance eligibility electronically from public and private payers
Measure: Insurance eligibility checked electronically for at least 80 percent of all unique patients seen by the EP

[16] Objective: Submit claims electronically to public and private payers.
Measure: At least 80 percent of all claims filed electronically by the EP.

[17] Objective: Provide patients with an electronic copy of their health information (including diagnostic test results, problem list, medication lists, and allergies) upon request
Measure: At least 80 percent of all patients who request an electronic copy of their health information are provided it within 48 hours.

[18] Objective: Provide patients with timely electronic access to their health information (including lab results, problem list, medication lists, allergies)
Measure: At least 10 percent of all unique patients seen by the EP are provided timely electronic access to their health information

[19] Objective: Provide clinical summaries to patients for each office visit.
Measure: Clinical summaries provided to patients for at least 80 percent of all office visits.

[20] Objective: Capability to exchange key clinical information (for example, problem list, medication list, allergies, and diagnostic test results), among providers of care and patient authorized entities electronically.
Measure: Performed at least one test of certified EHR technology's capacity to electronically exchange key clinical information.

[21] Objective: Perform medication reconciliation at relevant encounters and each transition of care.
Measure: Perform medication reconciliation for at least 80 percent of relevant encounters and transitions of care.

[22] Objective: Provide summary care record for each transition of care and referral.
Measure: Provide summary of care record for at least 80 percent of transitions of care and referrals.

[23] Objective: Capability to submit electronic data to immunization registries and actual submission where required and accepted.
Measure: Performed at least one test of certified EHR technology's capacity to submit electronic data to immunization registries.

[24] Objective: Capability to provide electronic syndromic surveillance data to public health agencies and actual transmission according to applicable law and practice.
Measure: Performed at least one test of certified EHR technology's capacity to provide electronic syndromic surveillance data to public health agencies (unless none of the public health agencies to which an EP or eligible hospital submits such information have the capacity to receive the information electronically).

[25] Objective: Protect electronic health information maintained using certified EHR technology through the implementation of appropriate technical capabilities.
Measure: Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308 (a)(1) and implement security updates as necessary.

Healthcare record automation

Many of you have had the experience of visiting a doctor’s office where the nurses and doctors enter your financial and perhaps medical information in “real-time” on a computer.  I want to focus on the medical part:  called the “patient visit.”  The general term for the software is EMR, or Electronic Medical Record.  I have a number of years of experience in this area and want to make myself available to you to answer any questions you might have.   And you should have questions, because the government is going to make every doctor use this technology, one way or another.  I can give both the pros and cons to various things that are happening, so send me your questions.  In the meantime, I will use this blog to post some background information on the government effort and on the technology itself.