HITRUST starts sharing cyber risks with Homeland Security

HITRUST is the 1^st healthcare cyber threat-sharing information agency to connect with the federal government’s cyber threat sharing program. HITRUST starts sharing cyber risks with the Homeland Security.

The federal program, initiated previously this year, is the Automated Indicator Sharing Program of the Department of Homeland Security, created to gather and disseminate cyber threat information.

The DHS program enables electronic exchange of cyber risk indicators across private sector organizations, and HITRUST is the 1^st healthcare agency to link with the feds to get and submit threat information, claims CEO Daniel Nutkis.

“It was too much work; too much integration and setting up policies,” he recalls. But now, HITRUST can send out or get data within minutes, and so can its members. So far, the volume is low but will ramp up over period. Now, HITRUST starts sharing cyber risks with Homeland Security.

HITRUST provides a basic free threat-sharing platform and also has a proprietary subscription-based platform for agencies that wish to share data across defined partners—deciding who has approach and who doesn’t. That’s why HITRUST starts sharing cyber risks with Homeland Security.

Regardless of the level of information sharing in which healthcare agencies decide to participate, the distribution of data about threats still presents few hurdles, Nutkis notes. For instance, it can be difficult to understand what are great threat indicators and what aren’t.

As HITRUST starts sharing cyber risks with Homeland Security and has ramped up its threat-sharing activities among members this year, it realized how fast new cyber threats were hitting healthcare entities. For example, the organization declared in the month of June that 90% of healthcare cyber threats discovered during the past month were initially unknown threats in the industry.

Members gathering threat information frequently are seeing new kinds of sophistication of the threats, and new exploits or enhancements of known threats, specifically ransomware, in accordance to Nutkis.

HITRUST members sharing threat information among themselves can see some of the behaviors that are causing attacks, Nutkis points out. End users are yet clicking on links they should not and opening email attachments without checking the source.

As members during this year collect threat information they’ve improved performance over time by reporting threats quicker and submitting threat indications to HITRURST within minutes of detection, compared with various weeks for initial submissions.

 

Learn More about Public Health Reporting in 2016

Review the Public Health Reporting Requirements for Providers in 2016

National Health IT Week is September 26-30, 2016. CMS is sharing guidance throughout the week to help providers and industry members participate successfully in ongoing CMS health IT initiatives. Stay tuned all week for the latest news and updates from CMS.

To participate successfully in the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs in 2016, providers must be in active engagement with a public health agency. Eligible professionals (EPs) and eligible hospitals and critical access hospitals (CAHs) must submit electronic public health data using certified EHR technology (CEHRT), except where prohibited and in accordance with applicable law and practice.

2016 Public Health Reporting Requirements

The public health reporting objective for 2016 includes three measures for EPs, and four measures for eligible hospitals and CAHs. EPs must attest to any combination of two measures, and eligible hospitals and CAHs must attest to any combination of three measures.

• Measure 1: Immunization Registry Reporting


• Measure 2: Syndromic Surveillance Reporting


• Measure 3: Specialized Registry Reporting


• Measure 4: Electronic Reportable Laboratory (ELR) Results Reporting (eligible hospitals and CAHs only)

Please note: providers may report to more than one specialized registry and may count specialized registry reporting more than once to meet the required number of measures for the objective.

Exclusions and Alternate Exclusions in 2016

There are multiple exclusions for each of the public health reporting measures in 2016. For a complete list, see the Public Health Reporting specification sheets for EPs and eligible hospitals and CAHs.

Providers may claim an alternate exclusion for the Public Health Reporting measure(s) that might require the acquisition of additional technologies they did not previously have or did not intend to include in their activities for meaningful use.

Providers may claim an alternate exclusion for:

• Measure 2 - Syndromic Surveillance Reporting (EPs)


• Measure 3 - Specialized Registry Reporting (EPs and eligible hospitals and CAHs)

Centralized Repository

CMS is developing a centralized repository for public health agency and clinical data registry reporting to assist providers in finding entities that accept electronic public health data. Registries can now declare their readiness to receive electronic data by completing the Centralized Repository for Public Health Agencies and Clinical Data Registry Reporting Input Form.

Review 2016 CQM Requirements for Eligible Professionals and Hospitals

National Health IT Week is September 26-30, 2016. CMS is sharing guidance throughout the week to help providers and industry members participate successfully in ongoing CMS health IT initiatives. Stay tuned all week for the latest news and updates from CMS.

To participate successfully in the Medicare & Medicaid EHR Incentive Programs, eligible professionals, eligible hospitals, and critical access hospitals (CAHs) must submit clinical quality measures (CQMs).

2016 CQM Requirements for Eligible Professionals (EPs)

EPs must report 9 out of a possible 64 measures. At least 3 of those must cover the National Quality Strategy domains, which include:

• Patient and Family Engagement


• Patient Safety


• Care Coordination


• Population/Public Health


• Efficient Use of Healthcare Resources


• Clinical Process/Effectiveness

EPs have several options for reporting their CQMs:

1. Medicare EHR Incentive Program Reporting Options:

• Option 1: Attest to CQMs through the EHR Registration & Attestation System


• Option 2: eReport to CQMs through the Physician Quality Reporting System (PQRS) Portal

1. Options that align with Other Quality Programs:

• Option 3: Report individual CQMs through the PQRS Portal


• Option 4: Report group CQMs through the PQRS Portal


• Option 5: Report group CQMs through Pioneer ACO participation or Comprehensive Primary Care Initiative participation

1. Medicaid EHR Incentive Program Reporting Options:

• Option 6: Attest to CQMs through their State Medicaid Portal

2016 CQM Requirements for Dually Eligible Hospitals and Critical Access Hospitals (CAHs)

Dually Eligible hospitals and CAHs participating in the EHR Incentive Programs have two options for reporting CQMs:

• Option 1: Attest to 16 of 29 possible CQMs through the EHR Registration & Attestation System


• Option 2: eReport 4 CQMs through Hospital Inpatient Quality Reporting (IQR) through QualityNet Secure Portal

Note: The CQM reporting options for EPs and hospitals in 2016 are the same as the options that were available in 2015. Medicaid-only hospitals report their CQMs via their state's portal.

 

Feds issues the latest EHR contract guides

Federal agencies are expecting that two latest tools will assist the provider agencies to select, purchase and then make the best utilization of EHRs during the course of care. That’s why the Feds has issued the latest EHR contract guides for the people.

The attempts are part of an effort by the Department of Health and Human Services and the Office of the National Coordinator for Health Information Technology to equip contributors in making great purchase decisions for electronic health records.

The agencies are issuing an EHR contract guides to elaborate key concepts in EHR contracts to help providers in navigating the contractual procedure and assist in the planning and acquisition of records networks.

Furthermore, HHS and ONC are issuing a newly expanded Health IT Playbook, an online device that gives user-friendly tools, resources and guides that can assist providers to implement and use health information technology so that they can optimize their utilization of systems, specifically as providers’ transition to alternative payment models.

The data is specifically useful for smaller healthcare agencies, like physician group practices, that have still to implement EHRs or are considering swapping into latest records systems. Government data indicate that about 25% of eligible professionals have still to implement EHRs.

The guides were established to help healthcare agencies with practical tools to assist “clinicians and healthcare administrators as they navigate the purchase and use of health IT,” claims Vindell Washington, MD, recently named national coordinator for health IT. The initiatives are a response to provider appeals for clear data about choosing, contracting for and utilizing records systems, he further adds.

The EHR contract guides were released yesterday at the start of National Health IT Week.

The new contract guide is termed as EHR Contracts Untangled: Selecting Wisely, Negotiating Terms and Understanding the Fine Print. It involves contract example contract language to assist providers to achieve records systems and negotiate contract terms with vendors.

While the EHR Contract guides concentrated on the acquisition of EHR systems, the concepts and instances might translate into purchases of other types of health IT products. Beyond concentrating on contract language, the guide also looks at uncertainties like handling safety and security risks, ensuring data integrity, and managing disagreements or decisions to turn to another EHR product.

 “Purchasing procedures and contracts have a significant role in ensuring information can move freely and securely across all the devices and IT systems utilized in patient care,” states Ed Cantwell, executive director of the Center for Medical Interoperability. “This guide can assist to foster the dialogue between buyers and sellers to acquire that shared target.”

The Health IT Playbook is intended to fill a gap in enabling clinicians to utilize health IT products in the procedure of delivering patient care. ONC claims the guide:

• Recognizes and shares practices and success stories around several phases of EHR and health information technology implementation.


• Offer information about how providers can resolve key problems and challenges regarded to optimizing health information technology and tailoring it to their workflow.


• Gives particular illustrations on how laws such as the Health Information Portability and Accountability Act (HIPAA) Privacy and Security Rule motivate the exchange of electronic health data for care planning, quality measurement and betterment, and other operations.


• Serves as a central resource for health care providers and health information technology professionals when seeking direction on using the most up-to-date technologies and procedures to support patient care and assist their offices function efficiently.

 

Oklahoma HIE to utilize DrFirst to empower message security

Coordinated Care Oklahoma, a health information exchange serving contributors in the state as well as parts of Missouri, Arkansas, Texas and Kansas, will execute the Backline secure communication and collaboration tool from DrFirst to empower message security through encrypted messaging. Backline enables contributors to get or transmit information on the device of their choice to support care coordination, transfers of care and other functions. Coordinated Care Oklahoma, with a service place covering a population of 4.8 million individuals, is DrFirst’s 1^st HIE client to empower message security.

Palmetto Health, with 7 hospitals serving households of South Carolina, will deploy the eGlycemic diabetes management system from Glytec. The network will integrate with the delivery system’s Cerner Millennium EHR involving the laboratory, and boost single sign-on. Glytec’s product is Glucommander, which is a medical tool for real-time intravenous and subcutaneous insulin dosing. It utilizes evidence-based algorithms to make sure that dosing suggestions align with and continuously adjust to each sufferer’s insulin sensitivities. This enables analysis of blood glucose levels and facility-wide surveillance.

Virginia Commonwealth University Health System is live on the Enterprise Imaging Platform of Mach7. The platform involves a vendor-neutral archive and sufferer portal, and empower message security or mobile access and capturing information from mobile devices, as well as workflow devices and the viewing and sharing of imaging information.

2-hospital Wise Health System, serving the Fort Worth and Decatur regions in the state of Texas, has chosen the Allscripts Sunrise EHR system as well as the vendor’s CareInMotion population health management module. The delivery system gives inpatient and outpatient facilities at 79 sites across 8 counties.

McLeod Health, which facilitates 15 counties in South Carolina, will execute Cerner’s EHR across 7 hospitals and 90 ambulatory services. The delivery system is upgrading from its INVISION financial and Soarian clinical networks from Siemens Health Services, which Cerner acquired in the year of 2014. McLeod also will execute Cerner’s HealtheIntent population health management platform, as well as the vendor’s registry and information/data warehouse products.

 

Task force handles healthcare cybersecurity issues

A healthcare cybersecurity task force mandated by Congress is establishing a set of suggestions that it expects will assist to counter the increasing cyber threats that are putting sufferer information at risk. Task force handles and tackles key healthcare cybersecurity issues.

Established by the Department of Health and Human Services in reaction to the Cybersecurity Information Sharing Act of 2015, the task force handles the cyber crime and is charged with investigating the healthcare’s challenges in securing information from hacker attacks and to analyze what best practices/lessons can be learned from other industries in how to successfully execute safeguards.

In accordance to Theresa Meadows, co-chair of the Health Care Industry Cybersecurity Task Force and CIO of Cook Children’s Health Care System, the panel’s twenty subject matter experts are drawn from a huge variety of agencies involving contributors, payers, pharmaceutical agencies, medical device manufacturers, Information technology vendors, and government agencies.

“We’ve representation from entire segments within healthcare so that we can have well-rounded discussions,” stated Meadows. “There is also a sufferer advocate on the task force.”

Meadows claimed that the task force handles the cybersecurty and had held several public and private meetings to date and will be “wrapping up its charge” early next year, after which it will report to Congress on its findings and suggestions.

Among the places that the task force handles the healthcare cybersecurity, it will be addressing the following things in its final report:

• Reviewing issues to secure networked medical devices and other software or networks that link to an electronic health record;

• Giving the HHS Secretary with data to disseminate to healthcare industry stakeholders to make better their preparedness for, and response to, cybersecurity threats; and

• Developing a plan to make a single system for the federal government to share actionable intelligence regarding cybersecurity threats to the healthcare industry in near real-period for no fee.

“Today, there is not a great mechanism for sharing data when cybersecurity problems occur,” analyzes Meadows. “Normally what happens is we hear through word of mouth or we see it in the media, but we do not really know what the cause was and so there is no way for us to be proactive in stopping these things in our agencies.”

With the rash of latest ransomware attacks on healthcare agencies, Meadows claims that the panel will also be taking a glance at how to secure health data from these kinds of file-encrypting malware. The risk of Ransomware is within the “scope of threat that people require knowing about and how to decrease, so we’ll put together some suggestions around that,” she adds.

When it comes to the susceptibilities of networked medical devices, Meadows points out that most of the devices presently in use at healthcare services are between 5 to 10 years old. The issue with these legacy medical devices is that “10 years ago nobody was thinking about security,” she states.

As Meadows points out, compared to other industries, healthcare’s cybersecurity atmosphere is distinctive which can be restricting in terms of potential safeguards that can be put in place.

“In banking, they can lock down everything because they do not have to worry about a physician requiring access to patient data,” she remarks. “That is a normal regular occurrence and if we lock up the information then care can’t be given. If physicians do not have access to medical records or lab results, that is a big deal. They have got to have access to the information at all times.”

“We have got to search a model that works for healthcare and yet perits us to provide care—and that is the delicate balance,” she concludes. “We are in a information gathering mode right now.”

 

More incubators eager to help HIT companies

In the thirteenth Century the Venetians were famous for their qualities in glassmaking, a technology that led to establishment of mirrors, spectacles, telescopes and many other technologies now taken for granted. But making glass needed furnaces reaching 1,000 degrees, and fire in the city became a huge issue. So, the glassmakers were shifted to the nearby island of Murano. The outcome was the world’s 1^st innovation incubator, state Mike Biselli, president Catalyst HIT, and a Denver-based healthcare technology incubator opening in the year of 2018. That’s why more incubators are eager to help HIT companies.

Catalyst is working with Prime Health, which brings together innovators, contributors, entrepreneurs, corporations and foundations in the region to recognize and test latest health IT technologies.

Prime Health serves the teaming of innovators with healthcare delivery networks that seek a competitive advantage by utilizing new technologies and processes, like a smartphone/web-based system that better engages sufferers participating in a diabetes intervention program to make sure that they adhere to medication and other treatment policies.

Healthcare incubator programs are popping up or now working in dozens of huge cities across the nation to help HIT companies, in accordance to Biselli, who spoke during Health Data Management’s Value-based Care Conference in the place of Dallas.

Healthcare agencies need to re-imagine how technology can change how the industry works, Biselli asserted. Such re-imagination is not new; it already happened during the last decade. A fundamental change in how healthcare works began in the year of 2007, after the 1^st smartphone was launched, and now is the period for more re-imagination in the age of machine learning and artificial intelligence.

And there are incubators and supporting agencies ready to help HIT companies. “The present innovation boom isn’t a fad, but is real and expanding,” Biselli stated. For instance, there are more than 135 health technology companies merely in the state of Colorado. “Innovators require assisting to re-imagine healthcare. If we work together, we will establish new ideas, procedures and technology that will shape the industry for decades to come.”

At the similar time, however, innovators can assist themselves by not falling victim to common mistakes as they seek financial partners and healthcare clients, Biselli stated. These mistakes involve not knowing how to integrate with EHRs system, or not knowing what DRG, ICD-10 and an EHR are.

Other mistakes: Startups mostly fundraise too much too early, which can sink an agency if they burn through the money without hitting previous revenue targets. These early-stage agencies also require better educating themselves about how to navigate existing physician workflows and seek ways to get doctors away from having to constantly kind at a keyboard.

Mistakes aside, although, Biselli claimed that failing is part of the innovation lifecycle. “There was a lot of stuff that did not work when the Internet turned on,” he recalled. “But that is okay, you’ve to try.”

 

FDA inaugurates app competition to fight against opioid overdoses

The Food and Drug Administration OR FDA inaugurates app competition to establish a low-cost, crowd-sourced, scalable mobile phone app to assist connect opioid users who are facing an overdose with nearby carriers of the prescription drug naloxone, a proposed medication that reverse the impacts of opioid overdose.

“With an instant increment in the number of opioid overdose deaths in the United States, there is a vital requirement to harness the power of latest technologies to rapidly and efficaciously link people experiencing an overdose—or a bystander like a friend or family member—with someone who carries and can administer the life-saving medication,” stated FDA Commissioner Robert Califf, MD. That’s why FDA inaugurates app competition to fight against opioid overdoses.

The Naloxone App Competition, which is launch to the public, will be conducted by the FDA, National Institute on Drug Abuse, and Substance Abuse and Mental Health Services Administration. Judges from the FDA, NIDA and SAMHSA will determine submissions and will grant $40,000 to the entrant with the greatest evaluated score.

“Through this competition, we’re tapping public health-focused innovators to assist to bring technological resolutions to a real-world issue that is charging the U.S. thousands of lives each year,” further state Califf.

In accordance to the FDA, many of these deaths could have been ignored if individuals experiencing an overdose had instantly got naloxone to prevent or reverse the impacts of an opioid overdose. The issue, the regulatory agency asserts, is that persons carrying naloxone might not be present when an overdose appears. Although, after FDA inaugurates app competition, officials say an app could help increase the likelihood that opioid consumers, their instant personal networks and 1^st responders are capable to recognize and react to an overdose by administering naloxone.

“Mobile phone applications have been established to educate laypersons on how to identify an overdose and administer naloxone, and to link bystanders with people in requirement of other medical facilities, like CPR. To date, although, no application is present to connect carriers of naloxone with nearby opioid overdose victims,” stated Peter Lurie, MD, the FDA’s associate commissioner for public health strategy and analysis.

Those who need to enter the app competition have until the day of October 7 to register. Registrants will have approach to background resources, involving data on the opioid epidemic, the paased formulations of naloxone, the public health suggestions for the safe and suitable use of naloxone, as well as FDA instructions on mobile medical applications.

Additionally, the FDA will host an onsite code-a-thon October 19 and 20 at its proposed campus and virtually for registered entrants to establish their concepts and previous prototypes. The organization claimed that entire code will be made open-source and publicly approachable.

Participants will be needed to submit a video of a functional prototype along with a brief summary of their concept for the establishment and utilization of the app by the day of November 7.

 

Appalachian Regional is back online after cyber attack

Appalachian Regional Healthcare has ultimately completed its recovery from a major cyber attack a full twenty days after it was 1^st discovered. Now the Appalachian Regional is back online.

The attempts to acquire a recovery were complex, the chain appreciated. The timeline for resolution sustained for ten days after the eleven-hospital delivery system first declared the violation and, at the time, recommended that it would be “back up to 100% very soon.”

“At this time, entire AHR hospitals, retail pharmacies, home health and several clinics are back online,” the agency serving parts of the eastern Kentucky and southern West Virginia stated in a latest statement issued late previous week.

As it resolved the conflict, Appalachian Regional claimed that it has no reason to believe that protected health information or financial information was approached, and it thanked communities it serves for their patience. The delivery system is the greatest employer in both regions.

For much of the downtime, medication, registration, imaging and lab services were being managed manually, and sufferers were inquired to bring medications and medical history when coming to the hospital or visiting a physician.

The attack continues to be inquired, and authorities have asked Appalachian Regional to not discuss specifics of the tragedy. Now the Appalachian Regional is back online after a major cyber attack.

 

Platform makes payment & interoperability convenient

To make value-based reimbursement really work, the people must acquire interoperability at scale across payer, contributor and vendor lines, claims Amy Larsson, vice president of clinical claims management at payer vendor McKesson Health Solutions. In a latest initiative, the company has inaugurated payment & interoperability management platform, known as the Intelligence Hub.

Today, the health network sustains to be mired in an atmosphere of siloed information systems, which Larsson herself experienced previous year after suffering a herniated disk. She required searching an orthopedic specialist and known as her primary care physician and got a referral, but choosing an MRI and getting authorization was all implemented manually or by phone. The electronic records of the PCP and specialist weren’t connected and so neither had complete health records for Larsson. When she required another suggestion in another delivery system, she had to take her MRI records to the visit.

The Intelligence Hub or payment & interoperability management platform is created to make it convenient for contributors, payers and third-party vendors to link their systems across networks to electronically authorize and schedule treatment, offer clinicians demographic and specialty data about other physicians in the network, and observe the contractual obligations between contributors and payers to automatically and precisely pay claims in accordance with the contract terms that each contributor has made with his or her insurers, Larsson elaborated.

For instance, an insurer could automatically be notified that a member is getting a knee replacement, in accordance to McKesson. As claims arrive, they would be electronically parsed, processed and paid as part of a bundled payment management. If a sufferer goes to a lab for pre-admission tests, the insurer could automatically know it’s not paying for the labs deployed on fee-for-service, as the labs are the proposed part of the bundle.

“Over time, as payers accept the Intelligence Hub or payment & interoperability management, physicians will initiate to see administrative duties reduce,” she analyzes. “In summary, the aim is to take administrative waste out of the network for contributors and payers through automation, enabling higher quality, more effective care and improved results.”

Now, McKesson Health Solutions is discussing with insurers about ways to educate vendors and contributors on the latest service.

 

HHS grants $87 Million to stimulate IT adoption in health centers

The Department of Health and Human Services (HHS) on the day of Thursday declared $87 million in awards for 1,310 health centers to stimulate IT adoption in entire fifty states, the District of Columbia, Puerto Rico and the Virgin Islands.

In accordance to HHS, health IT is a proposed part of the Obama administration’s attempts to make a healthcare system that delivers better care, smarter spending and healthier individuals. The center added that this is the 1^st important investment to stimulate IT adoption since the year of 2009 directly granted to health centers to reinforce the purchase of health IT. HHS asserted that entire purchases or upgrades of electronic health record systems (EHRs) made with the funding must utilize technology notified by the Office of the National Coordinator for HIT.

“Health centers across the state are instrumental in offering high-quality, detailed primary healthcare to millions of persons,” stated HHS Secretary Sylvia Burwell. “This contribution will assist to unlock healthcare data and put it to work, making better the health results and building a better healthcare system for the American persons.”

Among other objectives, the agency claimed the funding will be utilized to stimulate IT adoption and health information technology enhancements to accelerate health centers’ transition to value-based models of care; make better the efforts to share and use data to support better decisions; and increase engagement in delivery network transformation.

Presently, the Health Center Program funded by Health Resources and Services Administration supports almost 1,400 health centers that operate over 9,800 service delivery sites. The health centers hire more than 190,000 staff members who offer care for almost 24 million sufferers.

“These awards will permit health centers to deliver higher quality of care to sufferers and spend health care dollars in a smarter way,” stated HRSA Acting Administrator Jim Macrae

The investment comes from the Affordable Care Act’s Community Health Center Fund, which was expanded with bipartisan support in the Medicare Access and CHIP Reauthorization Act (MACRA) of the 2015 year.

 

Mayo to create cancer serum biobank available to research community

The Mayo Clinic Center for Individualized Medicine is creating its Cancer/Normal Serum Biobank available to the researchers. Mayo is keenly eager to make cancer serum biobank available to research community.

Mayo attempted to extend availability of the biobank by itself but didn’t have the funds to properly market it, claims Stephen Thibodeau, PhD, director of the bio repositories program. Now, it has teamed with the iSpecimen, a human bio specimen collections vendor, to link the institution with outside research community. Now Mayo will soon make cancer serum biobank available to research community.

Serum is a proposed clear liquid, separated from clotted blood, utilized in blood typing and diagnostic tests, Thibodeau claims. Serum is very precious in the cancer research because it opens up a window into the body like waste materials, nutrients throughout the entire body, lipids, and carbohydrates “and everything required to operate the body,” he elaborates.

There will be a charge for the service but developing a profit is not a priority of the initiative, in accordance to Thibodeau. “We are attempting to capture the cost of what we are doing and not anxious about making money.”

The biobank has approximately 130,000 frozen vials of serum from over 17,000 consenting sufferers, gathered between the years of 1975 and 1990. The samples cover 85 distinctive non-tumors, malignant, malignant with no proof of disease, and benign conditions.

Under an outsourcing management, iSpecimen will handle the serum inventory and associated information through a cloud platform to match researchers to the correct samples. The platform surveys institutions for the availability of samples and connects investigators to an institution that has the desired samples. Investigators can inquire for a particular kind of serum or various different types.

 

Almost half of the cloud-based malware delivers risky ransomware

Uncertainties over the ransomware have grown considerably this year, and for great reason. A latest research finds that almost half of entire cloud-based malware delivers risky ransomware applications now.

That is the conclusion of the September Netskope Cloud Report, which looks at the prevalence of ransomware and how it prevails through cloud applications within an agency. The study discovered that 43.7% of malware discovered in enterprises cloud apps have delivered ransomware, and that 55.9% of malware-infected files discovered in cloud applications are shared publically.

To put the risk in perspective, the report claims that the typical agency has 26 pieces of malware discovered in cloud apps. Of the 43.7% that cloud-based malware deliver risky ransomware, those typically include common ransomware delivery vehicles, involving Javascript exploits and droppers, Microsoft Office macros and PDF exploits.

 “These ransomware attacks are mostly delivered through phishing and email attacks, but within cloud atmospheres, infected and encrypted files can rapidly spread to other users through cloud app sync and share functionality in what is known as the fan-out effect,” the report cautions.

The susceptibility to cloud-based malware delivers risky ransomware will merely get worse, the report warns, as agency invest more in cloud-based apps. The study discovered that on average, a typical huge agency now has 977 cloud-based applications in use, up from 935 last quarters.

Moreover, 94.7% of those applications aren’t considered “enterprise-ready” in accordance to the Netskope Cloud Confidence Index scoring system. This means “they lack primary functionalities like security, audit and certification, legal, privacy, financial viability, service-level agreement, and vulnerability remediation,” the firm pointed out.

 

Texas Health and Human Services Starts Huge department overhaul

In an attempt to make the Health and Human Services Commission more efficacious and effective, Texas leaders guided the department to change its ways. Initiating on the day of Thursday, 4,000 workers and more than 120 programs and functions will shift to the Health and Human Services Commission from 4 other health and human state agencies. Texas Health and Human Services Starts Huge department overhaul for effective outcomes.

“The shift marks the first of 2 waves of the state’s significant health agency transformation made to assist Texans to find and get services more efficiently,” Carrie Williams from HHSC claimed in a release.

After months of determining what can be improved upon, the agency declared what will change. The first being a latest website launched on the day of Sept. 1. The latest site will have a huge section committed to services related to aging, disabilities, females and children, food and fitness, child protection among others. The site is hoped to be more user friendly instead of the clunky site that it is now.

“This is a monumental attempt that is happening behind the scenes. Most persons will not notice a change, other than hopefully it is convenient for them to find what they require,” stated Executive Commissioner Charles Smith. “It is a work in progress, and we are putting the system together in a way that puts Texans first.”

The restructuring will eradicate the Department of Assistive and Rehabilitative Services and the Department of Aging and Disability Services to operate as separate agencies by the year of 2017. Selected programs from the Department of State Health Services and the Department of Family and Protective Services will fall under the instructions of HHSC. DSHS will concentrate its attempts on core public health functions, and DFPS will concentrate on prevention and protective services. This huge department overhaul will provide effective outcomes to the residents of Texas.

 

CMS to provide providers MACRA flexibility in the year of 2017

The Centers for Medicare and Medicaid Services (CSM) on the day of Thursday declared that it will provide providers various options to comply with the latest quality payment program being enforced under the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA flexibility in the year of 2017) .

In a day of September 8 blog, CMS Acting Administrator Andy Slavitt claimed that physicians could “select their pace of participation” for the 1^st performance period of the quality payment program that starts on the day of January 1.

“During the year of 2017, eligible physicians and other clinicians will have several options for participation,” wrote Slavitt. “Selecting one of these choices would make sure that you don’t get a negative payment adjustment in the year of 2019. These options and other supporting details will be explained completely in the final rule,” which he said is expected by the day of November 1.

In accordance to Slavitt, these are the 4 options available to providers MACRA flexibility in the year of 2017:

Option 1: Test the quality payment program. With this choice, as long as contributors submit some data to the quality payment program, involving data from after the day of January 1, 2017, they will ignore a negative payment adjustment. This 1^st option is made to make certain that provider systems are working and that they are prepared for broader participation in the years of 2018 and 2019.

Option 2: Participate for part of the calendar year. Contributors might select to submit quality payment program information for a decreased number of days. This means their first performance period could start later than the day of Jan. 1, 2017, and their practice could yet qualify for a minor positive payment adjustment. For instance, if they submit data for part of the calendar year for quality measures, how their practice utilizes technology and what improvement activities their practice is undertaking, they could qualify for a minor positive payment adjustment. Contributors could select from the list of quality measures and improvement activities present under the quality payment program.

Option 3: Participate for the full calendar year. Practices that are ready to go on the day of Jan. 1, 2017, might choose to submit quality payment program data for a full calendar year. This means their 1^st performance period would start on the day of Jan. 1, 2017. For instance, if they submit information for the whole year on quality measures, how their practice utilizes technology and what improvement activities their practice is undertaking, they could qualify for a modest positive payment adjustment.

Option 4: Participate in an advanced alternative payment model in the year of 2017.Rather of reporting quality information and other data, the law permits providers to participate in the quality payment program by merging an advanced alternative payment model, like Medicare Shared Savings Track 2 or 3 in 2017. If providers get enough of their Medicare payments or see enough of their Medicare sufferers through the advanced alternative payment model in the year of 2017, then they would qualify for a 5% incentive payment in 2019.

“Although you choose to participate in the year of MACRA flexibility in the year of 2017, we’ll have resources present to help you and walk you through what requires to be done,” Slavitt wrote. “And although you select to participate, your feedback will be invaluable to building this program for the long term to achieve results that matter to your sufferers.”

Responses to the CMS declaration from industry groups and lawmakers were very positive. The American Medical Association applauded the agency’s flexibility.

“By accepting this thoughtful and MACRA flexibility in the year of 2017, the Administration is motivating a victorious transition to the new law by offering physicians options for participating in MACRA,” stated AMA President Andrew Gurman, MD, in a written statement. “This approach better depicts the diversity of medical practices throughout the country.”

Gurman further added that the flexibility “will help give physicians a fair shot in the 1^st year of MACRA implementation.”

Similarly, the American Hospital Association claimed that it approved of the CMS actions.

“We are glad that CMS has reacted to feedback inquiring for greater flexibility in meeting MACRA’s aggressive timeline and reporting needs,” stated Ashley Thompson, AHA senior vice president for public policy analysis and development. “We look forward to considering the details of these choices when CMS releases a final rule.”

Rep. Michael Burgess, MD (R-Texas), chairman of the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade, claimed that he was glad to hear that CMS was going to be flexible in transitioning to the latest payment reporting needs.

Burgess stated the “declaration from CMS regarding the agency’s dedication in the implementation of MACRA flexibility in the year of 2017 is proof of the benefits of keeping Congress engaged in policy implementation,” adding that “just as this policy was carefully crafted with the input of everyone impacted by the payment policies, the implementation procedure should be conducted in the similar way.”

He stated that he is “committed to leading the charge for continued congressional oversight of MACRA implementation to make sure the simplified, streamlined requirements that permit for entire doctors to succeed.”

Healthcare a vital aim as ransomware risk widens

Holding precious information hostage with the issues of ransomware risk, cyber criminals have made a lucrative market for personal data that is even more profitable than other malware, in accordance to Federal Trade Commission Chairwoman Edith Ramirez.

Speaking at a day of September 7 FTC workshop on ransomware risk, Ramirez called it a “latest business model” for malicious task is a growing cybersecurity issue across entire industries and that no agency is immune from these types of attacks.

And the FTC chief asserts that the healthcare industry appears to be specifically susceptible to the file-encrypting malware.

“The attack or invasion on the Hollywood Presbyterian Medical Center in Southern California previously this year, the first in a string of high-profile attacks on healthcare agencies, mentions the issues that ransomware risk poses,” Ramirez informed the audience. “The perpetrators took out the hospital’s whole network for more than a week, leaving staff without approach to email and crucial patient information. The malware crippled the emergency room of hospital and other computer systems essential for sufferer care, and compelled hospital staff to log medical records with pen and paper.”

In the end time, Hollywood Presbyterian paid a ransom to the hackers of forty bitcoins, or $17,000, to restore its network operations, she stated. Ramirez also attributed a same attack in the month of March that disabled MedStar Health’s computer networks, refusing approach to email and electronic health records (EHRs) at ten hospitals in the Washington, DC place for almost 2 weeks.

She called ransomware risk “among the most troubling cyber issues” confronting the US that is “becoming immensely more pernicious” and is “escalating at an alarming amount.” Citing statistics from the Department of Justice that ransomware risks have quadrupled in the last year alone, Ramirez stated that the U.S. averages 4,000 incidents each day.

In accordance to the Federal Bureau of Investigation, ransomware risk victims in the 1^st quarter of 2016 alone paid attackers $209 million, and in the year of 2015 producers of the CryptoWall ransomware attack generated ransom of more than $300 million. “The economical motivation for ransomware attacks recommends that the risk is unlikely to go away any time soon,” added Ramirez.

Ransomware has the largest monetary value for cyber criminals, admits Craig Williams, senior technical leader and global outreach manager for Cisco Talos, a threat intelligence agency.

“It is actually put things on a financial scale that we just simply have never seen before,” said Williams. “The issue is not only that ransomware is economically appealing for adversaries, but provided that money, they are now able of employing professional development teams all over the globe to evolve and grow this capability to deploy malware at merely an astonishing rate.”

“I will sum it up in 1 word—it is scary,” Chad Wilson, director of information security at Children’s National Health System, informed the FTC workshop. “The number of attacks has actually grown remarkably over the last couple of years. There is not one specific vector that they are utilizing. They are utilizing several vectors to harm systems and various techniques to trick or social engineer doctors, administrators, and other folks to get on networks and access data.”

Nevertheless, Wilson further added that cyber hygiene and prevention “does a lot to eradicate the issue upfront, and then you’ve to contribute in incident response and containment techniques for decreasing the affect when something does happen.”

While physicians are concentrated principally on taking care of sufferers, he summarized that “now they have to learn that bad persons are after their data, and they require learning how to look after themselves—education does go a long way.”

 

AMA strengthens its interactive, geospatial mapping device

The AMA strengthens its interactive geospatial mapping device, made to recognize health professional shortage places and other related workforce trends, to now give population health information by geographic location.

Established in cooperation with the American Academy of Family Physicians Robert Graham Center and vendor HealthLandscape, AMA’s interactive Health Workforce Mapper involves a latest “Population Health Explorer” feature providing information on a variety of population health factors, involving healthcare approach and quality, health behaviors like smoking and alcohol use, demographics, as well as social environment component in which AMA strengthens its interactive and geospatial mapping device.

The AMA strengthens its interactive and geospatial mapping device which can layer data on geographic and health policy data, like hospital locations or health professional shortage places, on top of population indicators, landmarks and other topographical features. The AMA Health Workforce Mapper also can reflect the ratio of physician or non-physician clinician to populations in any provided region or nationally.

Additionally, the device can be utilized by new physicians in closing the gap in sufferer access to care by enabling households and medical students to observe where shortages exist in few medical specialties. By seeking at state, county or metropolitan area information, users can filter physicians and non-physician healthcare experts by specialty and employment setting.

“Making better the sufferer approach to quality care is a primary target of the AMA, and this mapping device will indicate physicians and healthcare experts precisely where their qualities can most benefit populations in requirement,” stated AMA President Andrew Gurman, MD, in a written statement. “Knowing where healthcare services are required most can help providers make the best decisions on where to find or expand their practices to reach patients in greatest requirement of access to care.”

Although, AMA members can analyze a comprehensive version of the mapper that involves the capability to export a customizable Excel file that ranks health workforce and demographic information by county.

To approach AMA’s Health Workforce Mapper, consumers must have Adobe Flash Player 10.0 or higher installed on their computers. The application isn’t compatible with iPhone, iPad, or Android tools.

 

98 percent of Hospitals Ignore Meaningful Use Payment Adjustments

CMS has released details about the IPPS negative payment adjustments for fiscal year 2017, claiming that the majority of hospitals have ignored them through successful meaningful use attestation. The 98 percent of hospitals ignore meaningful use payment adjustments

The 98 percent of hospitals (eligible) and critical access hospitals won’t be subjected to payment adjustments in the year of 2017 because of their successful stage 1 or stage 2 meaningful use attestations, claims the CMS (Centers for Medicare & Medicaid Services). CMS further stated that the 98 percent of hospitals ignore meaningful use payment adjustment through victorious meaningful use attestation.

In a proposed fact sheet, the federal agency explains the impending payment adjustments as a part of the Inpatient Prospective Payment System (IPPS) coming for fiscal year 2017.

Eligible hospitals and CAHs confront payment adjustments relying upon their attestation to the Medicare EHR Incentive Programs. When a hospital victoriously attests to the program, it ignores a negative payment adjustment for examples this year 98 percent of hospitals ignore meaningful use payment adjustments.  When it does not successfully attest to meaningful use, it does confront a payment adjustment.

This cycle sustains for the duration of the EHR Incentive Programs. When a hospital victoriously attests to meaningful use in the year of 2013, for instance, it neglects the payment adjustment in the year of 2015. In order to ignore the payment adjustment in the year of 2017, the hospital must attest to the program again in the year of 2015.

For fiscal year 2017, which has been evaluated by meaningful use reporting year 2015, hospitals might confront a 75 percent negative payment adjustment.

Although, as noted above, CMS saw several successful meaningful users this year, with 98 percent of eligible hospitals and CAHs completing one of the first 2 stages of the program. All of these hospitals ignored the negative payment adjustment.
The fact sheet also covered the details of hardship exceptions, which are an alternative procedure by which hospitals and CAHs may neglect the negative payment adjustment. Through hardship exceptions, hospitals and CAHs might report a significant burden they confronted during meaningful use attestation which prevented them from successfully reporting.

Hospitals and CAHs submitting a hardship exception might apply for one by the day of April 1 of the year previously to the payment adjustment year. For the 2017 payment adjustment year, for instance, hospitals and CAHs had to submit their hardship exception applications by the month of April 1, 2016.

DoD postpones initial deployment of latest EHR system

The initial rollout of the Defense Department’s latest electronic health record system from Cerner Corp. has been postponed due to the technical issues encountered during the time of testing. The DoD postpones initial deployment of latest EHR system because of certain technical errors.

DoD had decided to reach initial operational capability for the EHR system—known as Military Health System (MHS) GENESIS—by the month of December. But that schedule will be expanded by some months into next year as the department works to resolve the technical errors including the integration of Cerner’s commercial software with the legacy military health systems. So that is why the DoD postpones initial deployment of latest EHR system because of certain technical errors.

In the month of July 2015, the Pentagon granted a $4.3 billion contract award to a Leidos-Cerner team to advance the DoD’s EHR system, replacing legacy military health networks and promoting greater efficiencies by leveraging the commercial-off-the-shelf Cerner Millennium solution.

A previous EHR deployment was slated to start in the month of December at military sites in the Pacific Northwest and sustaining across all DoD services over several years. But, now those plans have been postponed or delayed.

“The modification is implemented by the aggressive schedule and problems identified during the time of testing that led to the determination that more time is required to correct these problems,” in accordance to a statement from DoD.

The delay isn’t surprising given that an audit issued earlier this season of summer by the DoD’s Office of the Inspector General summarized that the EHR program schedule was at the threat of not meeting initial needs by the end of 2016. Auditors had pointed out that “risks and potential delays included in developing and testing the interfaces required to interact with legacy systems, making sure that the system is protective against cyber attacks, and making sure that the fielded system works precisely and that users are properly trained.”

Although, at the period, Stacy Cummings, program executive officer for the Defense Healthcare Management Systems program compelled that DoD was conducting testing both prior to and during the time of deployment to make certain that its interfaces were working, adding that she was confident that it would be ready in the month of December for the 1^st installations. Now, the Pentagon has changed its tune.

“During the time of testing of the system, we recognized the requirement for more time before initial deployment to make sure that we are offering the best possible user experience to our beneficiaries and healthcare providers,” stated Cummings in a written statement.

“We’re completely supportive of our customer’s decision,” stated Melissa Lee Koskovich, senior vice president and director of communications and marketing at Leidos. “Our priority is making certain that the program’s long-term success.”

Cerner didn’t comment on the schedule delay itself. Although, a spokesperson for the EHR vendor released an optimistic statement about the future direction of the contract and the reasons behind why the DoD postpones initial deployment of latest EHR system because of certain technical errors.

“We are glad that we remain in good position for an on-time, enterprise-wide deployment and are capable to facilitate this extra configuration and testing for the initial operating capability pilot sites so that the system is performing at an optimal level when scaled across entire MHS facilities,” claimed Marlene Bentley, Cerner’s public relations program manager.

 

N.J. made incorrect Medicaid EHR incentive payments

The New Jersey (N.J) Department of Human Services made incorrect Medicaid EHR incentive payments to fifteen hospitals, in accordance to an audit by the Department of Health and Human Services’ Office of Inspector General.

The net or average rate of the erroneous payments by New Jersey totaled $2.5 million, auditors told. 10 hospitals were overpaid $2.4 million, while 5 hospitals were underpaid $137,000, which resulted in a net overpayment of almost $2.3 million. The state agency didn’t always pay EHR incentive program payments in accordance with the federal and state needs, summarizes the report.

Furthermore, the OIG discovered that New Jersey made incorrect Medicaid EHR incentive payments to 2 extra hospitals. Although, auditors confirmed that the state agency adjusted these payments after their audit time period. Moreover, New Jersey didn’t report 1 professional incentive payment to the CMS National Level Repository (NLR), a registration and verification network that consists of data on contributors participating in the Medicaid and Medicare EHR incentive programs.

“The incorrect Medicaid EHR incentive payment errors happened because the state agency’s program integrity contractor failed to recognize few mistakes and inconsistently applied this latest program’s complex needs,” claims the OIG report. “The reporting error happened because of a technical error.”

The report points out that the Government Accountability Office has recognized faulty payments as the primary risk to the EHR incentive programs.

“These programs might be at higher threat of improper payments in comparison to other programs because they’re latest and have complex needs,” assert auditors.

OIG suggested that New Jersey take the following corrective measures:

• Refund to the federal government nearly $2.3 million in net overpayments made to the fifteen hospitals.

• Adjust the fifteen hospitals’ rest over incentive payments to account for the faulty calculations (hoped to result in future cost savings of $514,107).


• Work with CMS to make sure that the 1 unreported professional incentive payment is reported to the NLR.

• Consider the calculations for other hospitals in the state that weren’t among the 33 that auditors analyzed, to evaluate whether payment adjustments are required and refund to the federal government any overpayments recognized.

mHealth Model concentrates On Initial Detection of Chronic Conditions

A Minneapolis health system is initiating a mHealth tool made to recognize the initial detection of chronic conditions of the people at the threat of diabetes or heart disease and steer them to treatment.

Fairview Health Services is making the online health risk assessments present to its 22,000-plus workers, and policies to extend the program to its sufferers and entire Minnesota households. Officials also expect to extend the telehealth service to cover more chronic conditions.

“We hope this service will make it possible for our contributors to diagnose chronic conditions sooner and to suggest immediate interventions if issues are found,” Dang Tran, MD, Vice President of Medical Practice for the Fairview Medical Group, stated in a release. “Americans are accustomed to taking commerce online, and we consider several would love to have the similar degree of access and service for meeting their healthcare requirements. This latest approach makes it much convenient to get a diagnosis for chronic diseases that are believed to be among the most prevalent and the most costly to treat.”

The digital health platform holds promise for initial detection of chronic conditions by compelling resources out to clients when and where they will utilize them, instead of waiting for them to visit their doctor or indicate the first symptoms of the disease. For instance, 8.1 million of the 29.1 million Americans with diabetes are undiagnosed, in accordance to the Centers for Disease Control and Prevention; putting them on a care management policy before they establish symptoms could secure millions of dollars in healthcare prices and make better the results later on.

Utilizing an asynchronous platform established by Zipnosis, Fairview will give an online adaptive questionnaire, approachable on iOS and Android devices that calculate the sufferer’s risk of developing diabetes or heart sickness. If required, the sufferer is issued a ZipTicket boarding pass or an instant referral to a nearby lab for diagnostic tests.

Within forty-eight hours after the labs are taken, a Parkview contributor will analyze the questionnaire and tests and release a recommendation through e-mail, along with links to educational resources. The sufferer can then schedule an appointment with his or her primary care provider, if essential.

The mHealth tool could also assist the healthcare providers reach underserved populations who do not have insurance or visit a doctor on a regular basis.

“In the future, when the program is more immensely offered, if sufferers do not have a primary care physician, this is an outstanding opportunity for us to work with them to develop a medical home,” Tran stated.