UPMC Hospital experiences data breach

Nov 20, 2017

A data breach led to the inappropriate access of at least 1,200 Williamsport, Pa.-based UPMC Susquehanna patients' information, the hospital said in a statement Friday.

UPMC Privacy Officer David Samar said officials first learned of the breach Sept. 21 after an employee reported suspicious activity to the information technology staff.

Hospital administrators determined the information -- names, dates of birth, contact information and Social Security numbers -- was accessed through a phishing attack. Mr. Samar said officials cannot confirm if the information has been used for improper purposes.

The hospital has reportedly notified HHS and sent letters notifying affected patients. UPMC Susquehanna has also provided patients with information about how to place fraud alerts on their files with three major credit-reporting agencies and supplied patients with links to additional identity protection resources.

Officials set up a toll-free telephone line for patients to call and share their concerns.

UPMC officials have completed a comprehensive review of the incident and will update current procedures to better secure patient information, according to the notice. Those measures include additional staff education, employment screening and other best practices.

Source: Becker's Hospital Review (View full article)

Dan Corcoran | Permalink | Comments (0)

Healthcare Network Challenges

Nov 20, 2017

With digital transformation sweeping across all industries, new technologies are streamlining and enhancing lives everywhere. While this digital era symbolizes great progress for society, industries like healthcare would be wise to tread lightly amid such change. Although newfound technology often equates to higher efficiency, it is important to remember that new security concerns may also arise. With 233 healthcare-related breaches already reported in 2017 by the U.S. Department of Health and Human Services, network security is the most crucial component for healthcare organizations to consider as the transformation of the industry continues to ramp up.

Why Legacy-Oriented Architectures No Longer Fit The Build For Healthcare Networks

Today, many medical providers have networks built on legacy-oriented architectures that run a broad range of enterprise applications. While legacy EMR systems have performed positively in protecting patient records, legacy networks have not historically protected patient information flowing through networks across a variety of applications used by staff and providers.

Legacy networks, which primarily offer only border protection, do not adequately protect the enterprise applications and data existing outside of a medical records system. This type of environment is vulnerable to cyber hacks. Think back to the numerous cyberattacks on credit card information in the last few years or, more recently, Equifax's data loss. As internal applications are not protected to the same extent as EMRs, networks built on legacy technologies are not designed to defend against users on cloud applications or internal vendors, patients, customers/business partners that may occasionally gain network access.

[...]

Source: Health IT Outcomes (View full article)

Dan Corcoran | Permalink | Comments (0)

Blockchain beyond EHRs: Transforming value-based payment, precision medicine, patient-centric care

Nov 17, 2017

The considerable hype around blockchain is starting to be tempered by enterprises earning practical experience and identifying worthwhile use cases for the technology.

Most of the buzz around blockchain in healthcare has focused on EHRs, interoperability and security, but a new potential for value-based care, precision medicine and a patient-driven healthcare system are emerging as more clear and present opportunities for the distributed digital ledger technology.

While we don't expect the hope for data interoperability and security to fade away, hospital executives who want to stay abreast of what's really happening with blockchain will also need to understand these new considerations.

Blockchain and the move to value-based care

A variety of possible use-cases for blockchain are coming into focus for healthcare, ranging from clinical to financial to administrative.

"Traditional healthcare fee-for-service payment systems are overly complex and expensive from an administrative perspective. On average, payment administration accounts for about 14 percent of healthcare spending. Blockchain applications can definitely reduce the waste," said Corey Todaro, chief product officer at Hashed Health, which leads a consortium of healthcare companies focused on accelerating innovation using blockchain.

Precision medicine and a patient-driven healthcare system

Blockchain-based systems could help drive unprecedented collaboration between participants and researchers around innovation within medical research, particularly in the fields of precision or personalized medicine.

Maria Palombini, director of emerging communities and initiatives development at the IEEE Standards Association, said that blockchain can enable the patient-driven healthcare system.

"The lack of interoperability among data systems in a personal health network is a detriment on patient care," she said. "Informed patients know that data is critical to enhancing their care and safety. This is beyond safety from data hacks, this is the ability for their healthcare providers to have access to information that will help them better treat the patient."

[...]

Source: Healthcare IT News (View full article)

Dan Corcoran | Permalink | Comments (0)

Trouble Getting HIE Data in the ED? Maybe You Need a FHIR HIEdrant

Nov 17, 2017

When new patients with chest pain show up in an emergency room, physicians are often so busy that they don't take the time to go beyond what is in their own health system's EHR to search the regional or state health information exchange for relevant tests. A new SMART on FHIR app being developed at the Regenstrief Institute in Indianapolis retrieves that HIE data and integrates it in the clinical workflow in the EHR.

The team that developed the cleverly named FHIR HIEdrant won the first-place prize of $12,500 at the Pitch IT contest, a shark tank-like event held at last week's AMIA Symposium in Washington, D.C.

Matthias Kochmann, M.D., a pediatrician and clinical informatics fellow at the Regenstrief Institute, said that as the team studied this problem, they first asked ED physicians which data elements residing in the HIE would be valuable to them.

One of the problems with accessing the HIE is that involves a separate workflow outside of the usual process of reviewing patient data in their EHR, without assurance that any meaningful data will be found. "We did a time-motion study to see how often ED physicians access the HIE in order to retrieve documents," Kochmann said. "The result was that most of the time, they just do not have time. It wasn't convenient for them. They would go with the information in the chart or provided by the patient." If there is nothing in the EHR chart, then they order the tests.

The key point, he said is that the tests are sometimes invasive, expensive and take time. "Ideally, no tests would need to be repeated. The patient saves time; the health system saves money; and the physician can spent more time with the patient."

The developers sought to bring that HIE information directly into the ED physicians' workflow. They built a FHIR server connected to the Indiana HIE. "Using Smart on FHIR technology, we created a tab within the clinician's work flow. They use it to open up the FHIR HIEdrant and it then searches the HIE for the physician," Kochmann explained.

Starting Dec. 4, the FHIR HIEdrant will begin a four-month evaluation project at Indiana University Health Methodist Hospital.

If that pilot goes well, there are three ways the developers plan to branch out. One is to make the chest-pain app better with more functionality, Kochmann said. Another pathway is to try to get the app placed in the Epic and Cerner app stores. The third is to find different use cases in other hospital departments. One could be a surgery dashboard for pre-surgical clearance. Another could be pain management, which could be used in the ER, family medicine, or neurology.

The FHIR HIEdrant team is looking forward to another competition sponsored by Medstartr at the end of November in New York.

Source: Healthcare Informatics (View full article)

Dan Corcoran | Permalink | Comments (0)

Is the healthcare industry prepared to combat evolving cyber threats?

Nov 17, 2017

Technology is booming in healthcare organisations with digital transformation policies leading to increased adoption of connected medical devices, big data analytics for faster and more accurate diagnoses, and paperless systems for the easy exchange of patient information.

As technology becomes more ingrained into core healthcare offerings, there is an increased threat of cyberattacks disrupting services, stealing sensitive patient data, and putting lives at risk.

Ready for ransomware

Following the significant disruption caused to the NHS by WannaCry in May 2017, many healthcare organisations are preparing themselves for further ransomware attacks. One quarter of participating healthcare IT professionals reported that their organisation would be willing to pay a ransom in the event of a cyberattack. Of these, 85 per cent of UK respondents have a plan in place for this situation.

Dangerous operating systems

The number of connected devices on healthcare organisations' networks is exploding, with 47 per cent of the large healthcare organisations surveyed indicating that they are managing over 5,000 devices on their network.

One in five healthcare IT professionals reported that Windows XP is running on their network, which has been unsupported since April 2014. 18 per cent indicated that connected medical devices on their network are running on the unsupported operating system, leaving organisations open to exploitation through security flaws in these unpatched devices.

Patching outdated operating systems is impossible for the 7 per cent of IT professionals responding that they don't know what operating systems their medical devices are running on. Even when the operating system these devices run on is known, a quarter (26%) of large organisations either can't or don't know if they can update these systems.

Investing against the threat

85 per cent of healthcare IT professionals reported that their organisation has increased their cybersecurity spending in the past year, with 12 per cent of organisations increasing spending by over 50 per cent.

Traditional security solutions are the most popular, with anti-virus software and firewalls the solutions most invested in over the past year, at 61 per cent and 57 per cent respectively.

Half of organisation have invested in network monitoring to identify malicious activity on the network; one third have invested in DNS security solutions, which can actively disrupt DDoS attacks and data exfiltration; and 37 per cent have invested in application security to secure web applications, operating systems and software.

"The healthcare industry is facing major challenges that require it to modernise, reform and improve services to meet the needs of ever more complex, instantaneous patient demands. Digital transformation presents a massive opportunity to support the doctors and nurses who work tirelessly - but these new technologies also introduce new cyber risk that must be mitigated. It's crucial that healthcare IT professionals plan strategically about how they can manage risk within their organisation and respond to active threats to ensure the security and safety of patients and their data," said Rob Bolton, Director of Western Europe at Infoblox.

Source: Help Net Security (View full article)

Dan Corcoran | Permalink | Comments (0)

For Hospitals, Predictive Analytics Is A Necessity, Not A Luxury

Nov 17, 2017

When thinking about the business value of predictive analytics, hospitals often view it as an evolutionary technology and look for things like use cases, accuracy, cost, and return on investment. While those are all valid points to consider, a better way to look at it is to focus on what truly matters for patients and caregivers, work backwards, and explore how predictive analytics can make them better. Having worked with dozens of hospitals, I can tell you that -- when viewed from this perspective -- the answer is predictive analytics is a necessity, not a luxury. [...] The question is what truly matters to their customers (patients and caregivers) and how to significantly improve them quickly. Fundamentally, hospitals are complex service organizations, so it boils down to better planning and better execution.

Let's start with first principles: Patients want to be seen fast, treated fast and discharged fast. Caregivers want control over their schedules and more time with patients. Administrators want to deliver better care at a lower cost. For decades, the de facto focus was on process improvement. But process improvements can only go so far. Can predictive analytics do better? The simple answer is: a lot better.

Operating rooms, a key resource at a hospital -- bringing more than 60 percent of admissions and 65 percent of revenue -- are a key example. Surgeons want an operating room whenever they want and wherever they want. Today, block scheduling is so complex and slow that we simply cannot give them that flexibility in a way that meets the objectives of all stakeholders involved. Block schedule changes are cumbersome, error prone and take months to effect. How can we make it better? By using predictive analytics and data science to dig deep into utilization patterns and by creating lightweight mobile experiences that let surgeons get the block time they need with a single click. We can make block scheduling as easy as Uber so they simply push a button and get the block they want. And if we do that, everyone wins -- patients get treated faster, surgeons have better control and access, and the overall utilization (and revenue) increases. I have seen improvements of $500,000 to $1 million with this approach.

Specialty clinics like infusion centers are another example. Again, first principles: Patients want to be seen fast, and nurses and caregivers want better control of their schedules. We can make many process improvements to meet those goals, but can we do better with predictive analytics? A lot better. With predictive analytics, we can dig deep into historical appointment data and combine operational constraints to do a lot of number crunching and precisely calculate demand on a given day. We then can schedule patients in a way that flattens chair utilization. That significantly lowers wait times and leads to better schedules for nurses. Everyone wins.

Similarly, take any department at a hospital and ask what truly matters at that department? I'm willing to bet that compared to whatever plan you have in place to make them better, predictive analytics can offer a significant boost. Imaging equipment, ER, in-patient beds -- effecting improvement in almost any unit at a hospital boils down to reducing variability and better planning. Predictive analytics can significantly help with both.

There are a lot of parallels between hospitals and airports; they are there to make a journey better. Just like the air traffic control makes everything works like clockwork at airports, hospitals need an air traffic control-like functionality that predicts a patient's journey and routes the right resource to the right patient at the right time. Such a system could fundamentally improve all the things that truly matter for a patient's journey.

That may sound futuristic, but believe me, it's not. We already have the core technological pieces we need to make it work -- the cloud, sophisticated data science and machine learning, and mobile. We also don't need complicated EHR integrations or months of planning and training and things that make your IT department nervous. We can do it using lightweight data extracts and well-designed experiences that are intuitive, easy and simple. In fact, it's already happening -- dozens of hospitals are already making it happen, just like Southwest, Netflix and Amazon.

Because ultimately, people want better care at a lower cost, and there's no better way to achieve that than with predictive analytics.

Source: Health IT Outcomes (View full article)

Dan Corcoran | Permalink | Comments (0)

EHR Failure: What's A Practice To Do?

Nov 15, 2017

Physician dissatisfaction with EHRs has been well-documented in recent years, as has the growth of the EHR replacement market. In Kalorama Information's report, The State of the EMR Market in 2017, the authors estimate that approximately 15 percent of physicians are seeking EHR replacement systems in order to mitigate frustrations with awkward and non-intuitive interfaces and functionality gaps.

Ambulatory physicians are particularly driven by the desire to address new quality tracking and reporting requirements under the Medicare Access and CHIP Reauthorization Act (MACRA). A provider who fails to meet MACRA targets could face as much as a 9% reduction in Medicare reimbursements.

Along with meeting regulatory requirements, physicians want solutions that support interoperability with other systems and provide workflows that are efficient and enhance productivity.

For a practice struggling with its existing EHR, how do physicians and staff know when the time is right to walk away from their current system and seek a replacement? More importantly, what can a practice do to avoid past selection mistakes and make sure its next EHR satisfies today's needs, as well as future requirements?

Evaluate Objectively

Before a practice abandons its existing EHR, physicians and staff should not only do an objective evaluation of the system and vendor, but also consider whether users have had realistic expectations and been truly committed to the EHR's success. Practices should ask themselves if a response time of a few hours for a routine issue is sufficient reason to switch vendors, or if it's an annoyance they can live with. On the other hand, if the support staff consistently takes four days to return calls, the practice may very well want to investigate other options.

Practices should also consider whether or not they've adequately invested in training resources, especially following the implementation of new features or a turnover in staff. A practice that resists spending money for ongoing education may be equally discontent with its next EHR.

Specific Considerations

Before switching EHRs, users should take the time to verify whether or not particular issues can be fixed and/or if they can live with certain limitations. For example:

• Challenging workflows -- Physicians often complain that their EHRs are slow -- or simply don't work. The problem, however, could be that a particular EHR is not designed or adaptable to a provider's specific workflow. For example, the workflow of a primary care provider seeing 30 patients per day is very different than that of a specialist treating fewer, more complicated patients, or one seeing a mix of follow-up patients and patients requiring in-office procedures. The EHR may include all the functionality the physician needs to thoroughly document a regular office visit, yet be inefficient for documenting procedures -- or vice versa. Depending on the EHR, the documentation process may require an inefficient number of steps and reduce the number of patients the doctor can see per day. Practices should ask their vendor if the EHR supports alternate workflows that are better suited to an individual provider's needs based on specialty and patient flow.
• Lack of system enhancements -- A practice may have implemented an EHR that worked great for several years, but now the vendor is failing to keep up with the latest regulatory requirements, or with new technologies that increase efficiencies or enhance revenues. This is the situation that many providers are facing as they scramble to address MACRA requirements. Other vendors may be addressing government-mandated changes, but not offering solutions to enable interoperability with other providers, or to facilitate participation in optional revenue-enhancing programs, such as CMS's Chronic Care Management (CCM) Services.
• Technology limitations -- Practices that use one software for practice management or billing and another for EHR often face a myriad of challenges. A practice must manage two vendors on a business level, plus coordinate timing for updates to minimize the risk of "breaking" things. Full integration between disparate financial and clinical systems is increasingly rare, making the "best of breed" approach a struggle for practices trying to address today's burdensome regulatory and reporting requirements.
• Support -- No matter how great a system is a practice is going to struggle if its vendor fails to address system issues in a timely manner. A practice must evaluate its vendor's ability to deliver consistent and reliable access to knowledgeable support professionals who can communicate clearly and provide appropriate instructions and advice.

Source: Health IT Outcomes (View full article)

Dan Corcoran | Permalink | Comments (0)

When 'Best Practices' Backfire by Sarah Green Carmichael from HBR

Nov 15, 2017

Freek Vermeulen, an associate professor of strategy and entrepreneurship at the London Business School, argues that too many companies are following so-called best practices that are actually holding them back. They do it because of deep-seated industry tradition--and because it's hard to know how seemingly successful business models will hold up over the long term. That's why, he says, organizations should avoid benchmarking and instead routinely test their business practices before there's a problem. Vermeulen is the author of Breaking Bad Habits: Defy Industry Norms and Reinvigorate Your Business.

Source: HBR (Listen to the Interview)

Dan Corcoran | Permalink | Comments (0)

AT&T and Verizon team up to construct cell towers

Nov 15, 2017

The recent team up between AT&T, Verizon and Tillman Infrastructure will see the construction of multiple cell towers across the US boosting the country's overall communications infrastructure.

As part of the joint agreement, Tillman Infrastructure will build the cell towers to-suit with AT&T and Verizon as both the telecommunications firms agree to lease and co-anchor the co-located towers. Construction of the initial towers is slated to begin in Q1/2018.

Nicola Palmer, chief network officer for Verizon Wireless, said: "We continue to focus on technology innovation and investing in the latest software platforms to provide the best possible customer experience on our network. At the same time, it is imperative to reduce operating costs. We are reviewing all of our long-term contracts as they come up for renewal and we are excited to develop new vendor partners to diversify our infrastructure providers."

The two operators have been busy in other areas. AT&T announced the 5G Evolution mobile hotspot router at a time when consumers are in a hyping spree in terms of 5G. However, it is to be noted that the router has nothing to do with 5G as it is more of a 4.75G (4.5G is reserved for LTE-Advanced). The Netgear made mobile hotspot router features a 5,040mAh battery and allows as many as Wi-Fi 20 devices to connect to it.

Meanwhile, in the history of Gigabit LTE lab speeds testing Verizon, Ericsson and Qualcomm have established a new record with speeds of 1.07 Gbps. The speeds were achieved via the use of 12 simultaneous LTE streams, allowing up to a 20% rise in peak data rates in capacity, greater speed through Ericsson's radio system and TLE software and a mobile test device based on Qualcomm's Snapdragon X20 LTE modem.

Source: Telecoms (View full article)

Dan Corcoran | Permalink | Comments (0)

Data Storage and Encryption Should Top the CISO's To-Do List according to IBM's Security Intelligence

Nov 15, 2017

In today's digitized world, data storage and encryption are surely top of mind for most chief information officers (CIOs). But given the increasing regulations and privacy implications surrounding data security, these measures should also be on the chief information security officer (CISO)'s agenda.

Most organizations need to house massive amounts of data to comply with privacy regulations, enable cognitive activities, and facilitate the construction and analysis of attack patterns. At the same time, an effective data storage strategy promotes security awareness and encourages employees and users to consider best practices from both a technological and a process point of view.

To protect the organization from unauthorized employees and external threat actors seeking to destroy or otherwise corrupt enterprise data, security teams must deploy protective measures. The most common approach to safeguarding sensitive data is encryption, but it's important to consider a few technological implications before diving head-first into an encryption strategy.

Choosing the Right Data Storage and Encryption Tools

For any organization, it's important to encrypt both structured and unstructured data. Storage solutions often deliver encryption capabilities to address part of the CISO's security concerns. The key is to select the right platform to simplify security procedures and generate consistent cost savings.

Encrypting at-rest data within storage is an attractive option that many companies opt to use on 100 percent of their data. This approach is easy and relatively inexpensive to implement, since it comes standard in many storage solutions and there are no host CPU costs. Of course, hardware-based solutions, which rely on a self-encrypting hard disk or flash drive, are less likely than software-based tools to significantly impact performance. It's also worth noting that, while encrypting data at rest is an effective way to protect any drive or box that is being retired or repurposed with virtually zero impact on performance, some use cases call for this type of encryption to be combined with technologies capable of encrypting data in motion.

Defining Your Data Storage Strategy

The key to defining an appropriate data storage and encryption strategy is to understand what risks are addressed by encrypting data at rest, in motion and in transit.

Encrypting data at rest means safeguarding data housed in the storage system. This process ensures that information is protected when single disks or flash modules are misplaced or removed from the premises for repair, or the storage system is stolen, discontinued or repurposed. Less effective alternative options include employing a data erasure service to destroy all information residing on the storage system and even buying back the drives and destroying them. Disk encryption is a better method because it renders stolen or misplaced data unreadable without a decryption key.

[...]

Source: Security Intelligence (View full article)

Dan Corcoran | Permalink | Comments (0)